Instead of having hacky entry "init.svc." in vendor's sepolicy, this
adds init.svc.statsd explicitly which should be readable by CTS.
Bug: 161922998
Test: m selinux_policy
Change-Id: I3fd3bab40d2ccf2581bd7ab55894a693cdf446b2
Merged-In: I3fd3bab40d2ccf2581bd7ab55894a693cdf446b2
(cherry picked from commit 116190b004)
This is to remove exported3_default_prop. Contexts of these properties
are changed.
- ro.boot.wificountrycode
This becomes wifi_config_prop
- ro.opengles.version
This becomes graphics_config_prop. Also it's read by various domains, so
graphics_config_prop is now readable from coredomain.
- persist.config.calibration_fac
This becomes camera_calibration_prop. It's only readable by appdomain.
Bug: 155844385
Test: no denials on Pixel devices
Test: connect wifi
Change-Id: If2b6c10fa124e29d1612a8f94ae18b223849e2a9
This removes bad context names "exported*_prop". Property contexts of
following properties are changed. All properties are settable only by
vendor-init.
- ro.config.per_app_memcg
This becomes lmkd_config_prop.
- ro.zygote
This becomes dalvik_config_prop.
- ro.oem_unlock_supported
This becomes oem_unlock_prop. It's readable by system_app which includes
Settings apps.
- ro.storage_manager.enabled
This becomes storagemanagr_config_prop. It's readable by coredomain.
Various domains in coredomain seem to read it.
- sendbug.preferred.domain
This bcomes sendbug_config_prop. It's readable by appdomain.
There are still 3 more exported3_default_prop, which are going to be
tracked individually.
Bug: 155844385
Test: selinux denial check on Pixel devices
Change-Id: I340c903ca7bda98a92d0f157c65f6833ed00df05
To remove bad context names "exported*_prop"
Bug: 155844385
Test: boot and see no denials
Change-Id: Icd30be64355699618735d4012461835eca8cd651
Merged-In: Icd30be64355699618735d4012461835eca8cd651
(cherry picked from commit 37c2d4d0c9)
(cherry picked from commit 3b66e9b9f8)
vts_config_prop and vts_status_prop are added to remove exported*_prop.
ro.vts.coverage becomes vts_config_prop, and vts.native_server.on
becomes vts_status_prop.
Bug: 155844385
Test: Run some vts and then getprop, e.g. atest \
VtsHalAudioEffectV4_0TargetTest && adb shell getprop
Test: ro.vts.coverage is read without denials
Change-Id: Ic3532ef0ae7083db8d619d80e2b73249f87981ce
All files under odm_dlkm are tagged vendor_file.
All build props for odm_dlkm are mapped as build_vendor_prop.
Test: build and
`ls /odm_dlkm -lZ`
`adb shell getprop -Z | grep odm_dlkm`
Bug: 154633114
Change-Id: Ifca69d0b7a8da945910a9cb0fa907735cd866f12
We already have ro.logd. and persist.logd. as logd_prop, but not
logd. so this change adds it. New properties should be read-write by
default so logd. should be preferred to ro.logd.
Test: set logd.buffer_type appropriately.
Change-Id: I51ed19f0093a0302709116944153f37067814d08
ro.enable_boot_charger_mode and sys.boot_from_charger_mode are moved to
new property contexts for charger props to remove exported*_prop.
Bug: 155844385
Test: boot device with ro.enable_boot_charger_mode
Change-Id: I17d195d3c9c002a42125d46a5efcdb890f1c2a5c
All files under vendor_dlkm are tagged vendor_file.
All build props for vendor_dlkm are mapped as build_vendor_prop.
Test: build and
`ls /vendor_dlkm -lZ`
`adb shell getprop -Z | grep vendor_dlkm`
Bug: 154633114
Change-Id: Ie9dc26d948357767fec09aca645606310ad3425c
tombstoned.max_tombstone_coun becomes tombstone_config_prop to remove
exported*_default_prop
Bug: 155844385
Test: tombstoned is running and logcat shows no denials
Change-Id: I57bebb5766d790dc52d40a6d106f480e0e34fa4e
keyguard.no_require_sim becomes keyguard_config_prop to remove
exported*_default_prop
Bug: 155844385
Test: boot and see no denials
Change-Id: Icffa88b650a1d35d8c1cd29f89daf0644a79ddd3
To remove ambiguous context name exported_default_prop
Bug: 71814576
Test: boot and see no denials
Change-Id: I40eb92653fabc509419e07bb4bfa7301a8762352
To remove bad context names exported[23]_default_prop
Bug: 155844385
Test: m selinux_policy
Change-Id: Ic4bbc8e45d810368a96f6985c2234798e73be82d
Merged-In: Ic4bbc8e45d810368a96f6985c2234798e73be82d
(cherry picked from commit 072b01438e)
To clean up bad context name exported[23]_default_prop
Bug: 155844385
Test: m selinux_policy
Test: enter recovery mode
Change-Id: I312b6fa911a90dfc069a973c7916c67d92b7baa5
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
To remove bad context names, two contexts are added.
- telephony_config_prop
- telephony_status_prop
exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.
Exempt-From-Owner-Approval: cherry-pick
Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Test: usim works on blueline
Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
Merged-In: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
(cherry picked from commit 4d36eae8af)
ro.bootimage.build.date.* are not used anywhere.
ro.bootimage.build.fingerprint was used in the recovery mode, which has
now been switched to ro.build.fingerprint.
Bug: 117892318
Test: m
Change-Id: Ie920c5eee20baf61676b1b8b16b7f281e1dc2901
The fstab_suffix can be passed as 'androidboot.fstab_suffix=' on the
kernel command line, or as an Android DT node. It specifies an
override suffix for the fsmgr fstab search:
/odm/etc/fstab.${fstab_suffix}
/vendor/etc/fstab.${fstab_suffix}
/fstab.${fstab_suffix}
Bug: 142424832
Change-Id: I9c0acf7a5ae3cdba505460247decf2de9997cac1
1) build_odm_prop and build_vendor_prop are added
These contexts will contain world-readable properties from
/odm/build.prop and /vendor/build.prop, respectively.
2) move more properties to build_prop
Following properties are set by /system/build.prop and now assigned as
build_prop:
- ro.adb.secure
- ro.build.type
- ro.product.cpu.abi
- ro.product.cpu.abilist
- ro.product.cpu.abilist32
- ro.product.cpu.abilist64
- ro.secure
Following properties are set by init/property_service.cpp and now
assigned as build_prop:
- ro.product.brand
- ro.product.device
- ro.product.manufacturer
- ro.product.model
- ro.product.name
Bug: 71814576
Bug: 155844385
Test: boot device and see no denials
Change-Id: Idd4f81de4d2d0fc4bdec2d7ecb08bb8e078dab58
To remove bad context names "exported*_prop". Other init.svc.*
properties explicitly become system internal prop.
Bug: 155844385
Test: boot and see no denials
Change-Id: I7a3b4103a4cea77035a6e831e3b6a49a45f15a35
This property allows us to disable sdcardfs if it is present. The old
property ended up getting repurposed, so a new one was needed.
Mediaprovider will also need to access this to determine what actions it
needs to take.
Test: builds
Bug: 155222498
Change-Id: I66ac106613cbb374f54659601e4ba3f61eaecd2f
