In microdroid, apexd activates apexes which are passed as a virtual disk
to share apexes with host Android.
Bug: 184605708
Test: apexd running in microdroid can read /dev/block/vdb2
when a disk image is passed to crosvm via --disk= option.
Change-Id: Ie27774868a0e0befb4c42cff795d1531b042654c
Use the new se_compat_cil module type to install compatibility cil
files.
Bug: 183362912
Test: Presubmit; Noop in terms of build artifact.
Change-Id: I5275e9ce524185ce2d228133763456df43834093
Installs backwards compatibility cil files.
Bug: 183362912
Test: Presubmit
Test: Add a $(ver).compat.cil under SYSTEM_EXT_PRIVATE_SEPOLICY_DIR and
verify the file is installed under /system_ext/etc/selinux/mapping/
Change-Id: I5e2c6b8dfa8df431edfe96f29daae463b130367f
These are the system_ext counterpart of $(ver).compat.cil. They would
contain device specific compat rules that compliment $(ver).compat.cil,
which are the platform specific compat rules.
Bug: 183362912
Test: Add a $(ver).compat.cil under SYSTEM_EXT_PRIVATE_SEPOLICY_DIR and
verify the file is installed under /system_ext/etc/selinux/mapping/
Change-Id: I2fb9b10bb3bcf112e33f504964fb705e3b63782b
This service will intercept all UwbManager API calls and then perform
necessary permission checks before forwarding the call to the vendor
UWB service. Adding sepolicy permissions for exposing the service that
handles all public API's.
Bug: 183904955
Test: atest android.uwb.cts.UwbManagerTest
Change-Id: Icce4d2f586926421c06e8902a91533002c380b8d
Metrics are written to /data/misc/odrefresh by odrefresh during early
boot, then native code in ART system_server initialization passes them
to statsd and deletes the metrics files. This hand-off is necessary
because statsd does not start until after odsign and odrefresh have run.
Bug: 169925964
Test: manual
Change-Id: I8054519a714907819886dd6e5e78f3b5796d0898
This reverts commit cdf7b0f374.
Reason for revert: libmemtrack now uses a memtrackproxy_service, which allows app access
Change-Id: Id3858a0b813b822fc17f77e14d46525942048066
To parse etm data for kernel and kernel modules, add below permissions
to profcollectd:
1. Get kernel start address and module addresses from /proc/kallsyms
and /proc/modules.
2. Get kernel build id from /sys/kernel/notes.
3. Read kernel module files in vendor dir.
Bug: 166559473
Test: run profcollectd.
Change-Id: I2e0b346379271fadc20e720722f7c9a687335ee2
When a bug causes us to leak a file descriptor or resource in the OTA
path, it can cause unremovable device-mapper devices. The companion CL
in this topic attempts to diagnose such problems by performing a quick
scan for things depending on an unremovable block device: mounts, loop
devices, and other device-mapper nodes.
To detect mounts it would normally be enough to scan /proc/mounts, but
with MNT_DETACH the filesystem may still be mounted but not visible to
update_engine. This is exactly what happened in b/184715543.
To scan for such cases, we look for /sys/fs/ext4/<name> or
/sys/fs/f2fs/<name> where <name> is the block device. To make this work,
we grant update_engine r_dir_perms to sysfs and sysfs_f2fs_dir. It
doesn't actually need to read the contents of any files, the presence of
the inode is good enough.
Bug: N/A
Test: manual test
Change-Id: Ib085c9c814180b360e2170135011261bbb7e35b6
Vold needs to be able to search for keystore2 and keystore2 maintenance
services, and call methods provided by those services.
Bug: 181910578
Change-Id: I6e336c3bfaabe158b850dc175b6c9a942dd717be
Allow mm_events to periodically arm the mm_events
perfetto trace config if mm_events is enabled.
Bug: 183037386
Test: boot; setprop persist.mm_events.enabled true; No avc denials
Change-Id: Ia9760001e7fb591f18e3e816a63281167a658c74
ro.board.api_level shows the current vendor api level under GRF.
It can be manually defined by setting BOARD_API_LEVEL. Unless
BOARD_API_LEVEL is defined, the ro.board.api_level property will be
defined automatically based on BOARD_SHIPPING_API_LEVEL and
PLATFORM_SDK_VERSION.
Bug: 176950752
Test: getprop ro.board.api_level
Change-Id: I03eeec8d8206abdd0565423d1b6a507d86d9b168
Individual apexes may contribute jars to BOOTCLASSPATH and friends.
Configuration for these contributions are in /apex/foo/etc/ files that
derive_classpath service reads and processes.
Bug: 180105615
Test: presubmit && DeviceBootTest
Change-Id: I61379e55f2ad55e1c65956b854e5a9b8872c61df
