Treble doesn't support U system + P vendor, so removing P (28.0)
prebuilts and compat files.
Bug: 267692547
Test: build
Change-Id: I3734a3d331ba8071d00cc196a2545773ae6a7a60
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.
Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.
Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
The mapping of UIDs to categories can only take 16 bits, yet isolated
processes start at UID 90000. Additionally, the main purpose of these
categories was to isolate app-private storage, but since isolated
processes don't have access to app-private storage anyway, removing them
doesn't hurt.
The upside is that this allows us to remove mIstrustedsubject from the
app_zygote domain, which prevents app code running in that context from
assigning itself arbitrary categories.
Bug: 157598026
Test: inspect categories of app_zygote and children; verify Chrome works
Merged-In: Idfa8625d939cf30f3683436949bb4f335851622a
Merged-In: I608a096cecffc1c1ff837611ca500a8da3cf1320
Change-Id: I608a096cecffc1c1ff837611ca500a8da3cf1320
The mapping of UIDs to categories can only take 16 bits, yet isolated
processes start at UID 90000. Additionally, the main purpose of these
categories was to isolate app-private storage, but since isolated
processes don't have access to app-private storage anyway, removing them
doesn't hurt.
The upside is that this allows us to remove mIstrustedsubject from the
app_zygote domain, which prevents app code running in that context from
assigning itself arbitrary categories.
Bug: 157598026
Test: inspect categories of app_zygote and children; verify Chrome works
Merged-In: Idfa8625d939cf30f3683436949bb4f335851622a
Merged-In: I608a096cecffc1c1ff837611ca500a8da3cf1320
Change-Id: I608a096cecffc1c1ff837611ca500a8da3cf1320
These events supersede the ion_heap_grow / ion_heap_shrink events on
4.19+ kernels.
Bug: 154302786
Test: build, run on cuttlefish with new kernel, ls -lZ /sys/kernel/tracing/events/ion/ion_stat/enable
Merged-In: I262d8c3269d4261701361ad4b1bdc322f1f03969
Change-Id: I262d8c3269d4261701361ad4b1bdc322f1f03969
These events supersede the ion_heap_grow / ion_heap_shrink events on
4.19+ kernels.
Bug: 154302786
Test: build, run on cuttlefish with new kernel, ls -lZ /sys/kernel/tracing/events/ion/ion_stat/enable
Change-Id: I262d8c3269d4261701361ad4b1bdc322f1f03969
Bug: 150130660
Test: Took a trace with Traceur and verified mm_event records
were included when the memory category was enabled.
Merged-In: I5e783fbbe91dbe330b49fb11cd7d32ac820e7a5c
Change-Id: I5e783fbbe91dbe330b49fb11cd7d32ac820e7a5c
(cherry picked from commit 45be3aa649)
Bug: 150130660
Test: Took a trace with Traceur and verified mm_event records
were included when the memory category was enabled.
Change-Id: Iea39467d0d37d12a78fbde57b8d9649fad45b652
Apps can cause selinux denials by accessing CE storage
and/or external storage. In either case, the selinux denial is
not the cause of the failure, but just a symptom that
storage isn't ready. Many apps handle the failure appropriately.
These denials are not helpful, are not the cause of a problem,
spam the logs, and cause presubmit flakes. Suppress them.
Bug: 145267097
Bug: 151188413
Test: build
Merged-In: If87b9683e5694fced96a81747b1baf85ef6b2124
Change-Id: If87b9683e5694fced96a81747b1baf85ef6b2124
Currently shell can connect to the traced_consumer_socket allowing it to
configure/start/stop and collect traces. This allows a host tool (e.g. Android Studio or
https://ui.perfetto.dev) to connect to the device via adb and collect traces. It would
be better if rather than executing shell commands the host tool could directly communicate
with the consumer socket. This is possible using adb forward:
adb forward tcp:9903 localfilesystem:/dev/socket/traced_consumer
However in this case adbd is connecting to the socket - not shell.
This CL allows adbd to connect to the socket which allows host tools to collect
traces without having to do everything though shell commands.
Note that this patch also has additional change on prebuilts in order to
backport.
Denial:
08-30 11:28:05.809 10254 10254 W adbd : type=1400 audit(0.0:1129): avc: denied { write } for name="traced_consumer" dev="tmpfs" ino=6719 scontext=u:r:adbd:s0 tcontext=u:object_r:traced_consumer_socket:s0 tclass=sock_file permissive=0
Test: Cherry pick CL to master, make, flash
adb logcat | grep denied
adb forward tcp:9903 localfilesystem:/dev/socket/traced_consumer
Bug: b/139536756
Change-Id: Ie08e687c0b06d0e1121009e8cd70319a8f907ae2
(cherry-picked from commit b56a49d979)
Due to Factory OTA client install in product partition but it also declare coredomian in
its sepolicy setting. That will let Factory OTA unable to find a property type could write system property.
But now Factory OTA have a restore NFC wake function need to write system property for communicate with bootloader.
So we need to create a new property type in system framework which could allow Factory OTA client to write system property.
Bug: 145178094
Test: Manual
Change-Id: Ic549cc939893ec67a46bf28a23ebeb9f9b81bd0b
The commit 7baf725ea6 broke OMX on O/O-MR1(/P?) vendors.
Previous to this commit, all OMX codecs had to use "mediacodec" type,
after this commit, omx codecs just had to get hal_omx_server attribute.
This commit left to the vendor the charge of adding "hal_omx_server"
attribute to mediacodec.
However this can't work on non-Q vendors.
On P vendor, versioned_plat_pub contains the appdomain <=> mediacodec
allows, so OMX isn't technically broken on those devices.
But to ensure it won't break in the future, mark 28's mediacodec as
hal_omx_server as well
This fixes broken OMX decoding on O/O-MR1 vendors, failing with the
following denial:
avc: denied { call } for comm=4E444B204D65646961436F6465635F scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:mediacodec:s0 tclass=binder permissive=0
Bug: 141186440
Change-Id: I018f8d9aabc77e7ea86ca14734b1ab2edfdf8ed1
SELinux has a separate file mmap permission in 4.14+ kernels. Add this
to dexoptanalyzer(d) in cases where it could already access files (in
particular, secondary dex files).
Addresses denials of the form:
avc: denied { map } for […] path="/data/data/[…]" […]
scontext=u:r:dexoptanalyzer:s0 tcontext=u:object_r:app_data_file:s0
(cherry picked from commit c72b7d1731)
Test: Reproduce steps in bug 138683603 on a device with a 4.14+ kernel
and check the absence of SELinux denials
Bug: 138683603
Change-Id: Ieba53eb431c0ba3914dcb5e5abdae667bd063555
This should be available in user and userdebug builds.
Bug: 137289935
Test: Alongside atrace changes, recorded a trace using Traceur and
verified that the tracepoints were included in the recorded trace in
both user and userdebug builds.
Change-Id: I6131557bdd0a298be9e75b39759599b189b9b988
Merged-In: I6131557bdd0a298be9e75b39759599b189b9b988
This should be available in user and userdebug builds.
Bug: 137289935
Test: Alongside atrace changes, recorded a trace using Traceur and
verified that the tracepoints were included in the recorded trace in
both user and userdebug builds.
Change-Id: I6131557bdd0a298be9e75b39759599b189b9b988
Required to check if migration is necessary and migrate obb contents
Bug: 136199978
Test: make
Change-Id: I23890e4eeea1da7791e25ce5c9584b1abe94f440
(cherry picked from commit 793dc8f8da)
