Lmkd should implement reinit functionality and to do so it needs to
communicate with its running instance using socket.
Bug: 155149944
Test: lmkd --reinit
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I81455fe187830081d88f001b4588f7607b1bd1d0
This is on the system partition and thus must be system_file_type:
neverallow check failed at out/target/product/vsoc_x86/obj_asan/ETC/userdebug_plat_sepolicy.cil_intermediates/userdebug_plat_sepolicy.cil.tmp:7703 from system/sepolicy/public/domain.te:950
(neverallow coredomain base_typeattr_272 (file (entrypoint)))
<root>
allow at out/target/product/vsoc_x86/obj_asan/ETC/userdebug_plat_sepolicy.cil_intermediates/userdebug_plat_sepolicy.cil.tmp:16250
(allow asan_extract asan_extract_exec (file (read getattr map execute open entrypoint)))
Bug: 155905226
Test: build without above neverallow error
Change-Id: I6987582fcc013c95efe7e6758d96ec089168ea9d
Enforce for priv-apps with targetSdkVersion>=31.
This is the same restriction enforced on third party apps with
targetSdkVersion>=28 in Android 9.0. See:
https://developer.android.com/about/versions/pie/android-9.0-changes-28#per-app-selinux
This change allows selinux to better enforce the application sandbox
providing better defense-in-depth for priv-apps.
In particular it prevents apps running in the priv_app domain
from sharing their private data directory by granting
world-accessible unix permissions.
Bug: 142672293
Test: Build, boot, check for denials.
Change-Id: If2953eb990fdc24aaccf29be3394a9ee1f02185c
Apps signed with the media key share a UID (except
com.android.providers.media.module). However, some
run in the priv_app selinux context, and others run in
the mediaprovider context. That's a bug. Apps which share
a UID should always share an selinux domain. Assign all apps
with the seinfo=media to the mediaprovider selinux domain.
This moves the following packages from the priv_app to the
mediaprovider domain:
com.android.providers.downloads
com.android.providers.downloads.ui
com.android.mtp
com.android.soundpicker
Bug: 154614768
Test: atest CtsDownloadManagerApi28
Change-Id: I21bf68de525fff87c3a02aa59fba3a8d86be5324
This is needed for libmodprobe to pass module options on the kernel
commandline to kernel modules when they are loaded.
Bug: 155422904
Change-Id: I9df7e211765268815bfb9269365264f5ca468712
The change was reverted due to a cause unrelated to sepolicy change.
It was submitted in https://r.android.com/1283724.
Now, submit this independent of the topic.
Bug: 138994281
Test: device boots
Change-Id: I9943abb814a8043f66545e7db5225adbd62d19d2
Revert "Make com_android_i18n namespace visible"
Revert submission 1299494-i18nApex
Reason for revert: Breaking aosp_x86-eng on aosp-master
Reverted Changes:
I30fc3735b:Move ICU from ART APEX to i18n APEX
Icb7e98b5c:Calling @IntraCoreApi from core-icu4j should not c...
Ic7de63fe3:Move core-icu4j into I18n APEX
I65b97bdba:Make com_android_i18n namespace visible
Ia4c83bc15:Move v8 and libpac into i18n APEX
I10e6d4948:Move core-icu4j into i18n APEX
I8d989cad7:Move ICU from ART APEX into i18n APEX
I72216ca12:Move ICU into i18n APEX
Ief9dace85:Add shared library into i18n APEX and add the requ...
I7d97a10ba:Move libpac into i18n APEX
I90fff9c55:Move ICU from ART APEX into i18n APEX
Change-Id: I863878038af1290611b441f7f9190494cf0851b8
Allow the update_engine to use the gsid property and to avoid the VAB
merge when running a DSU.
Bug:147071959
Test: ota_e2etest.py
Change-Id: I40220877625453198b217e788e6b3bfab8437f24
This is intended to be temporary workaround until the Gboard
developers fix their app.
Addresses
avc: denied { bind } for comm="ThreadPoolForeg"
scontext=u:r:untrusted_app:s0:c166,c256,c512,c768
tcontext=u:r:untrusted_app:s0:c166,c256,c512,c768
tclass=netlink_route_socket permissive=
app=com.google.android.inputmethod.latin
Bug: 155595000
Test: build
Change-Id: I432ac1462329efb4bc118c3967a099833e6eb813
[cherry-picking]
Make ro.incremental.enable a vendor-specific property. Allow
system_server and vold to read this property.
Test: manual
BUG: 155212902
Change-Id: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Add a neverallow to prevent coredomain from accessing entrypoint for
files other than system_file_type and postinstall_file. Add the
complementary neverallow to prevent domains other than coredomain from
accessing entrypoint for files other than vendor_file_type and
init_exec (for vendor_init).
Bug: 155124994
Test: build
Change-Id: I6e0cb7fb445b96b82e434e949b59c299aee1ad8b
Allow media transcoding service to get uid states from
activity manager for scheduling transcoding jobs.
bug: 145233472
bug: 154734285
test: mediatranscodingservice_tests (unit tests)
Change-Id: I96cfa52b323e9ae3841eca5519e9182347a5672b
MediaPlayer cannot load a video from RRO packages.
So, add allow rules which is necessary to play the video.
Bug: b/154795779
Test: check if MediaPlayer can load a video in RRO
Change-Id: I06eed146b6e70a548b6b4f4faf56ba2bccd68140
Cleaning up exported*_system_prop and moving surfaceflinger properties
to new property contexts.
Bug: 152468529
Bug: 154885206
Test: boot cf_x86 and crosshatch
Change-Id: I7f8a684e9cbabce2f55a5292d7b2283ac0716cd9
These comments were added when public/property_contexts was introduced.
The main purpose was to categorize exported properties by accessibility
from vendor. Removing the comments as these are now obsolete and makes
confusion.
Bug: 71814576
Test: N/A
Change-Id: Ibc1c8eefcd68c79b90df82d227fe03f2c09da3a3
Assigning a new context boot_status_prop for following two properties:
- sys.boot_completed
- dev.bootcomplete
Bug: 154885206
Test: boot cf_x86 and crosshatch, see no denials
Change-Id: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd
Merged-In: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd
(cherry picked from commit 2973c96055)
These events supersede the ion_heap_grow / ion_heap_shrink events on
4.19+ kernels.
Bug: 154302786
Test: build, run on cuttlefish with new kernel, ls -lZ /sys/kernel/tracing/events/ion/ion_stat/enable
Change-Id: I262d8c3269d4261701361ad4b1bdc322f1f03969
The ro.surface_flinger.* properties are using instead of configstore.
Add get_prop (domain, surfaceflinger_prop) to domain.te so that it can
be used on all systems in the same way as configstore.
Bug: 124531214
Test: read properties in java (ag/11226921)
Change-Id: Ifc8a53ea544c761d85e370e177913db91d8a33a2
This prop allows vendors to specify whether their devices
have basic eBPF compatibility (ie. Linux kernel 4.9 with P VINTF).
Make it exported_default_prop because the shared library
libbpf_android is used in a lot of places.
See: https://r.android.com/1261922
Bug: 151753987
Signed-off-by: Felix <google@ix5.org>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifd9af558d84ea1619a6af7fce81b700fdfb22b9f
All apps signed with the media key share a UID. However,
some run in the priv_app selinux context, and others run
in the mediaprovider context. That's a bug. Apps which share
a UID should always share an selinux domain. Assign all apps
with the seinfo=media to the mediaprovider selinux domain.
This moves the following packages from the priv_app to the
mediaprovider domain:
com.android.providers.downloads
com.android.providers.downloads.ui
com.android.mtp
com.android.soundpicker
Bug: 154614768
Test: atest CtsDownloadManagerApi28
Change-Id: I6f96142ef03101568abed670a0e32f952515a590
