LinkerConfig generator runs from early init, so if there is any warning
/ error then logs can be only found from kernel log. To enable kernel
logging from linkerconfig, specific policy should be added.
Test: m -j && Tested from Cuttlefish
Change-Id: I6c49d7693e0334ae8550891b72bcb04e37c16d89
Allow charger to read system properties with this prefix
so that charger's behavior is controlled by runtime.
Test: run offline charging on walleye
Bug: 124118169
Change-Id: I4266b2d043a5323b4adbd1636ada46b7e08ca667
In b/73062966, we add new AID ranges for each partition that doesn't
yet have them (system, system_ext, odm, product). We also add group
and passwd files to these partitions to be able to map these AIDs into
human readable user and group names, and vice versa.
All processes should be able to read all users and groups. We divide
the ranges into non-overlapping regions for each partition and we
namespace the names with the partition name as a prefix.
Allow domain r_file_perms to
/(system|product|system_ext)/etc/(group|passwd).
Vendor and odm passwd and group files already have this access, since
/(vendor|odm)/etc/* is already domain readable.
Example contents:
blueline:/ $ cat /system/etc/passwd
system_tom::6050:6050::/:/bin/sh
blueline:/ $ cat /product/etc/passwd
product_tom::7013:7013::/:/bin/sh
Bug: 73062966
Test: tree-hugger selinux denial during boot test
Change-Id: Ib4dc31778e95e952174e1365497feaf93dca7156
http://aosp/678384 changed property format
Fixes: 137695210
Test: inject timeout and take BR see dumpstate restarted
Change-Id: Ie24e2d42e92410a935ca4c9364b476d72aa459f3
FMRadio change from system image to product image, then FMRadio
can't launch
selinux denied log:
avc: denied { open } for path="/data/asan/product/lib64/libfmjni.so"
dev="mmcblk0p35" ino=18 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
app=com.android.fmradio
solution: label data/asan/product/lib(64) to system_lib_file
Bug: 136974466
Test: launch FMRadio, it can work
Change-Id: Icdfc794cb077b81d550816d2e7779c763604e050
/metadata/ota will store critical bits necessary to reify
system and vendor partition state during an OTA. It will be accessed
primarily by first-stage init, recovery/fastbootd, and update_engine.
Bug: 136678799
Test: manual test
Change-Id: Ib78cb96ac60ca11bb27d2b2fe011482e64ba0cf8
Move wifi services out of system_server into a separate APK/process.
Changes:
a) Created sepolicy for the new wifi apk.
b) The new APK will run with network_stack uid (eventually will be moved
to the same process).
Used 'audit2allow' tool to gather list of permissions required.
Note: The existing wifi related permissions in system_server is left
behind to allow the module to be loaded into system_server or
network_stack process depending on device configuration.
Bug: 113174748
Test: Device boots up and able to make wifi connection.
Test: Tested hotspot functionality.
Test: Ran WifiManagerTest & WifiSoftApTest ACTS tests locally.
Test: Will send for wifi regression tests.
Change-Id: Id19643a235bf0c28238f2729926b893ac2025b97
(cherry-picked from c7aa90091e6bec70a31a643cc4519a9a86fb0b38)
Bug: 72472544
This reverts commit 07efe37c5f.
Reason for revert: The selinux denial is no longer reproducible.
Test: Presubmit builds
Change-Id: I79d18743171315401401c1b06b3f97d837bf500f
Sepolicy for linkerconfig generator and ld.config.txt file from
generator
Bug: 135004088
Test: m -j & tested from device
Change-Id: I2ea7653a33996dde67a84a2e7a0efa660886434a
gsid creates loop devices when it cannot use device-mapper. This can
occur when images are split into multiple files (for example, FAT32) or
when a device is unencrypted, or FBE without metadata encryption. In
addition to accessing /dev/loop-control and loop devices, it also needs
LOOP_SET_DIRECT_IO and LOOP_SET_BLOCK_SIZE to optimize writes.
Bug: 134536978
Test: gsi_tool install works on crosshatch with metadata encryption
disabled
Change-Id: I3f0aee1d0757e4b299deee74a8c1077846d56292
ircs is not specific enough. There will be multiple services in the
future with ircsmessage used specificially for message store.
Test: compile, tests
Change-Id: Ia7d57e6900c733408be26d6520aa46c512229248