When suspend.disable_sync_on_suspend is set init must write to
/sys/power/sync_on_suspend.
Bug: 285395636
Change-Id: Ica1b039c3192f08ec84aa07d35c2d0c61e7449c0
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 6d3e772828 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762385
Change-Id: Iacb6a5a7d103fd7125a5bdf48e2438fd3aece40e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 6d3e772828 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762385
Change-Id: I9f39e5b28001ed8307bb444b46e846b9d8767d76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 6d3e772828 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762385
Change-Id: Ib82db36340060d01bf9284135768cb4cb6744e73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I72670ee42c268dd5747c2411d25959d366dd972c
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 1b32bccc1a is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762618
Change-Id: I4eea155c28552d50ebcb312aa162dab2863e2483
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 1b32bccc1a is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762618
Change-Id: I556bbfb35c7aeb3564e63cd9ed993aae15e2baae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I72670ee42c268dd5747c2411d25959d366dd972c
am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 ffeb680417 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467
Change-Id: I719b9b0dd51bac4ac0fc513402918ca1c73dbe10
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
We are compiling regex more than 300000 times, and it's a main
bottleneck for slow sepolicy_tests. Actually we don't need to compile
regex that much; most of cases can be handled by simple string
comparison. This change introduces heuristics for optimization.
Bug: 301874100
Test: verified that return values of MatchPathPrefix are not changed.
Test: run cProfile, before and after.
Before
ncalls tottime percall cumtime percall filename:lineno(function)
21951 0.923 0.000 56.491 0.003 policy.py:33(MatchPathPrefix)
After
ncalls tottime percall cumtime percall filename:lineno(function)
21951 0.078 0.000 1.159 0.000 policy.py:40(MatchPathPrefix)
Change-Id: I1ebad586c2518e74a8ca67024df5e77d068e3ca5
This reverts commit e2bd44d48d.
Reason for revert: 2nd attempt to add the policy change
Test: m selinux_policy
Change-Id: I5b9a102879a65917d496ba2194187ddd2b4545d1
This allows package manager enables fs-verity to an APK if it is
installed with .idsig in the classic install session (non-incremental).
This is done in ag/24707249 behind a flag. This sepolicy change was
missed by mistake.
Bug: 277344944
Test: atest android.appsecurity.cts.PkgInstallSignatureVerificationTest
Change-Id: If403d84611b69ab076a808addebbd5f0738cdc68
system_server creates an ICMPv6 socket and send it to ot_daemon via ParcelFileDescriptor. ot_daemon will use that socket to send/receive ICMPv6 messages.
Here's how the socket is created in System Server:
int sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
Bug: 294486086
Security consultation bug: 296809188
Test: Verified on a cuttlefish
Change-Id: I9d479c9da01187a0e476591f447f7199ecb3a409
Currently, incidentd is allowed to read the wakeup_sources debugfs
node only if a device does not enforce debugfs restrictions. If a device
enforces debugfs restrictions, debugfs cannot be mounted on user builds,
but can be mounted on userdebug and eng builds.
Processes that need to use debugfs should therefore be able to
access it on userdebug and eng builds. So, allow incidentd to
read the wakeup sources debugfs node for userdebug and eng builds.
Bug: 300477252
Change-Id: I9bb480a0418a6d176b39753d552f409e139be178
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>
Libmemevents requires read-access to the attribute files exposed by the
memhealth driver.
Test: build
Test: no denials to /proc/memhealth/oom_victim_list from libmemevents
Bug: 244232958
Change-Id: I617c75ab874ad948af37d3e345e5202e46781f3f
Signed-off-by: Carlos Galo <carlosgalo@google.com>
