The mapping of UIDs to categories can only take 16 bits, yet isolated
processes start at UID 90000. Additionally, the main purpose of these
categories was to isolate app-private storage, but since isolated
processes don't have access to app-private storage anyway, removing them
doesn't hurt.
The upside is that this allows us to remove mIstrustedsubject from the
app_zygote domain, which prevents app code running in that context from
assigning itself arbitrary categories.
Bug: 157598026
Test: inspect categories of app_zygote and children; verify Chrome works
Merged-In: Idfa8625d939cf30f3683436949bb4f335851622a
Change-Id: Idfa8625d939cf30f3683436949bb4f335851622a
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Some vendor apps are using platform key for signing.
This moves them to untrusted_app domain when the system partition is
switched to a Generic System Image (GSI), because the value of
platform's seinfo in /system/etc/selinux/plat_mac_permissions.xml
has been changed.
Duplicating the device-specific platform seinfo into
/vendor/etc/selinux/vendor_mac_permissions.xml to make it
self-contained within the vendor partition.
Bug: 157141777
Test: boot the device with a GSI, then `adb shell ps -eZ | grep qtidata`
Test: ./build/make/tools/releasetools/sign_target_files_apks \
--default_key_mappings path/to/keydir \
-o out/dist/<lunch>-target_files-*.zip \
signed-tardis-target_files.zip and checks the platform seinfo in
/vendor/etc/selinux/vendor_mac_permissions.xml is replaced.
Change-Id: Ic9a79780e30f456138e4de67210cc60ac2e490d6
Keystore access was reverted a while ago in ag/10598373.
Bug: 112038744
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest
Test: atest GtsPlayFsiTestCases GtsPlayFsiHostTestCases ApkVerityTest
Change-Id: Ic170624f5a718806adf54ab12e8f4b9f17c7775b
Merged-In: Ic170624f5a718806adf54ab12e8f4b9f17c7775b
The fstab_suffix can be passed as 'androidboot.fstab_suffix=' on the
kernel command line, or as an Android DT node. It specifies an
override suffix for the fsmgr fstab search:
/odm/etc/fstab.${fstab_suffix}
/vendor/etc/fstab.${fstab_suffix}
/fstab.${fstab_suffix}
Bug: 142424832
Change-Id: I9c0acf7a5ae3cdba505460247decf2de9997cac1
Merged-In: I9c0acf7a5ae3cdba505460247decf2de9997cac1
Test: manually make sure that boot animation is resizing
when display is changed
Bug: 156448328
Merged-In: I9f754900a0b32551f656ce2097a3a41245b02218
Change-Id: I9f754900a0b32551f656ce2097a3a41245b02218
This property allows us to disable sdcardfs if it is present. The old
property ended up getting repurposed, so a new one was needed.
Mediaprovider will also need to access this to determine what actions it
needs to take.
Test: builds
Bug: 155222498
Change-Id: I66ac106613cbb374f54659601e4ba3f61eaecd2f
Merged-In: I66ac106613cbb374f54659601e4ba3f61eaecd2f
The IPv6 link-local address is used to avoid expose device to out of
network segment.
BUG: 152544169
BUG: 155198345
Test: manual test.
Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Merged-In: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Merged-In: I409aeccd31293bf0ae3be5b1dbafe5a74daaaa9d
The gpt_fdisk project was updated recently, but sepolicy was not updated
with it :) Now sgdisk can use BLKPBSZGET to detect the physical block
size. Seen on cuttlefish when adding external SD Card support to it.
avc: denied { ioctl } for comm="sgdisk" path="/dev/block/vold/disk:252,16"
dev="tmpfs" ino=8625 ioctlcmd=0x127b scontext=u:r:sgdisk:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
Bug: 156286088
Change-Id: I9f2df88ee253261b52f3022838380fbb1cab6da0
Configures SELinux to allow ActivityManagerService to start a cacheinfo
service that is responsible for dumping per-process cache state.
Bug: 153661880
Test: adb shell dumpsys cacheinfo
Test: adb bugreport
Change-Id: Id6a4bdf2a9cb6d7f076b08706e0f91d377f38603
Cherry picked from commit 996059 (rvc-dev-plus-aosp), which is
auto merged from aosp/1290960 (master).
In addition, 'prebuilts/api/30.0/public/hal_audio.te' is updated to
be consistent with 'public/hal_audio.te'.
Bug: 155306710
Test: tested with the following rules in 'vendor/hal_audio_default.te'
Test: type hal_audio_socket, domain;
Test: typeattribute hal_audio_default hal_automotive_socket_exemption;
Test: allow hal_audio_default hal_audio_socket:tcp_socket connect;
Test: m -j should compile sepolicy without complaints
Change-Id: I0b8a5f9c9d826680223dbb9204862ea46c557856
(cherry picked from commit 9960590f8d)
Lmkd should implement reinit functionality and to do so it needs to
communicate with its running instance using socket.
Bug: 155149944
Test: lmkd --reinit
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Merged-In: I81455fe187830081d88f001b4588f7607b1bd1d0
Change-Id: I81455fe187830081d88f001b4588f7607b1bd1d0
Allow the update_engine to use the gsid property and to avoid the VAB
merge when running a DSU.
Bug:147071959
Test: ota_e2etest.py
Change-Id: I4a8d179e7e71f74d0c7ad34767de1f619f134d20
Allow the update_engine to use the gsid property and to avoid the VAB
merge when running a DSU.
Bug:147071959
Test: ota_e2etest.py
Merged-In: I40220877625453198b217e788e6b3bfab8437f24
Change-Id: I40220877625453198b217e788e6b3bfab8437f24
This is needed for libmodprobe to pass module options on the kernel
commandline to kernel modules when they are loaded.
Bug: 155422904
Change-Id: I9df7e211765268815bfb9269365264f5ca468712
Merged-In: I9df7e211765268815bfb9269365264f5ca468712
This is intended to be temporary workaround until the Gboard
developers fix their app.
Addresses
avc: denied { bind } for comm="ThreadPoolForeg"
scontext=u:r:untrusted_app:s0:c166,c256,c512,c768
tcontext=u:r:untrusted_app:s0:c166,c256,c512,c768
tclass=netlink_route_socket permissive=
app=com.google.android.inputmethod.latin
Bug: 155595000
Bug: 155440523
Test: build
Change-Id: I432ac1462329efb4bc118c3967a099833e6eb813
(cherry picked from commit aeebb9a42e)
MediaPlayer cannot load a video from RRO packages.
So, add allow rules which is necessary to play the video.
Bug: b/154795779
Test: check if MediaPlayer can load a video in RRO
Change-Id: I06eed146b6e70a548b6b4f4faf56ba2bccd68140
Merged-In: I06eed146b6e70a548b6b4f4faf56ba2bccd68140
(cherry picked from commit 832a8a9389)
[already merged in master and AOSP]
Make ro.incremental.enable a vendor-specific property. Allow
system_server and vold to read this property.
Test: manual
BUG: 155212902
Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Change-Id: Id432390023de232deb4cc4d0ff3fb73904093b60
