Commit 2d736569e716b5c143f296ae124bcfed9630a4d2 improved the logging
in virtualization service by attempting to get the real path from
/proc/self/fd/N for various files.
However, CompOS stores its log files in a directory
(/data/misc/apexdata/...) which VS has no access to, triggering an
SELinux denial:
avc: denied { search } for name="apexdata"
scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir
Suppress this denial, since it causes no harm (we just don't log the
real path).
Bug: 264496291
Bug: 251751405
Test: composd_cmd test-compile;
see no denials
Change-Id: Ia55e593c0c0735b8f3085a964f0c789c177375f2
Based on:
cs/p:aosp-master -file:prebuilts/ get_prop.*bpf_progs_loaded_prop
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If07026b1ea5753a82401a62349c494b4cbf699b6
Split virtualizationservice policy into rules that should remain with
the global service and rules that now apply to virtmgr - a child process
of the client that runs the VM on its behalf.
The virtualizationservice domain remains responsible for:
* allocating CIDs (access to props)
* creating temporary VM directories (virtualization_data_file, chown)
* receiving tombstones from VMs
* pushing atoms to statsd
* removing memlock rlimit from virtmgr
The new virtualizationmanager domain becomes responsible for:
* executing crosvm
* creating vsock connections, handling callbacks
* preparing APEXes
* pushing ramdumps to tombstoned
* collecting stats for telemetry atoms
The `virtualizationservice_use` macro is changed to allow client domains
to transition to the virtmgr domain upon executing it as their child,
and to allow communication over UDS.
Clients are not allowed to communicate with virtualizationservice via
Binder, only virtmgr is now allowed to do that.
Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b
Before this change, system_server only has write access. We want read
access the directory so that we can check if it has the right
permissions before we write to it.
Bug: 262230400
Test: No longer see SELinux denials on that directory.
Change-Id: Ic26b2a170031c4f14423b8b1f1a8564d64f532ae
This is required during OTA. File will be removed
once OTA update is completed.
Bug: 262407519
Test: OTA on Pixel
Change-Id: I8922ebaaa89f9075fe47d2b74f61071b657850f0
Signed-off-by: Akilesh Kailash <akailash@google.com>
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.
Bug: 261729059
Test: atest vts_treble_vintf_framework_test
atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
It is started very early before linker namespaces are configured, thus
making it a bootstrap process.
Bug: 263398430
Test: watch boottime benchmark
Change-Id: I60411601a6be78f8401e43d136b567615002797c
* changes:
Allow biometrics hals to talk to the new AIDL sensorservice
Allow audio HAL to talk to the new AIDL sensorservice
Allow camera to talk to the new AIDL sensorservice
The process has the exclusive access to /dev/hw_random. It instead opens
provides a socket (/dev/prng_seeder/socket) which any process can
connect to to get random numbers.
This CL is basically a Microdroid version of aosp/2215051
Bug: 247781653
Test: same as aosp/I0a7e339115a2cf6b819730dcf5f8b189a339c57d
* Verify prng_seeder daemon is running and has the
correct label (via ps -Z)
* Verify prng_seeder socket present and has correct
label (via ls -Z)
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
(e.g. strace -f -p `pgrep prng_seeder`)
Change-Id: I3483132ead0f5d101b5b3365f78cc36d89528f0e
This is being used in libsensorndkbridge now, so permissions are
required.
Test: atest CtsCameraTestCases && adb logcat | grep avc
Bug: 205764765
Change-Id: Id416cc2f92ba82d4068376a5f4d076137aab086a
This is being used in libsensorndkbridge now, so permissions are
required.
Test: atest CtsCameraTestCases && adb logcat | grep avc
Bug: 205764765
Change-Id: I7a1569b8b4e2a21961f3950fa3947b5e20fc674b
In the other change in the same topic microdroid_manager starts to drop
the capabilities before execve'ing the payload binary.
Test: m
Bug: 243633980
Change-Id: Ia70d15db413c822b174a708dedfa5557c8abde65
Note that this HAL is meant only as a workaround until the OEMs will
switch to the AIDL audio HAL.
Test: bluejay-userdebug
Bug: 257937004
Change-Id: Id01da9606f73354a01a94aace8a8966a09038fda
Widevine provisioning was causing SELinux policy issues since we need to
provision Widevine through MediaDrm framework.
Test: presubmits
Change-Id: Ia9d070309e84599ed614bbf5ba35eed558f4d463
