Commit graph

851 commits

Author SHA1 Message Date
Richard Chang
6d5bb236da Merge "sepolicy: allow vendor system native boot experiments property" 2022-08-17 06:29:30 +00:00
Richard Chang
74334efa4b sepolicy: allow vendor system native boot experiments property
Grant system_server and flags_health_check permission to set the
properties that correspond to vendor system native boot experiments.

Bug: 241730607
Test: Build
Merged-In: Idc2334534c2d42a625b451cfce488d7d7a651036
Change-Id: I3e98f1b05058245cad345061d801ecd8de623109
2022-08-11 08:03:42 +00:00
Treehugger Robot
0930d82c76 Merge "Add API level 33 persistent GWP-ASan Sysprop" am: 1d538e9b22
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2147179

Change-Id: Iff91be573efa4b3b37a2256a334daa66018f35d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-03 05:11:02 +00:00
Treehugger Robot
1d538e9b22 Merge "Add API level 33 persistent GWP-ASan Sysprop" 2022-08-03 04:41:57 +00:00
Xin Li
e4d55178d5 DO NOT MERGE - Merge TP1A.220624.013
Merged-In: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a
Change-Id: Id8badc87768f66197ccaf2642f34fb2dc69e23df
2022-07-11 21:47:46 -07:00
Siarhei Vishniakou
a50b672979 Allow dumpstate to get traces in api 33.0 am: 1579b37a19
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2147164

Change-Id: I04ac37c45b645ef51d0b04f321de743db932f3cb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-08 16:05:54 +00:00
Siarhei Vishniakou
1579b37a19 Allow dumpstate to get traces in api 33.0
In order to debug the HAL getting stuck, dumpstate needs permission to
dump its traces. In this CL, we update the api 33.0 accordingly.

Bug: 237347585
Bug: 237322365
Test: m sepolicy_freeze_test
Change-Id: I5096f52358880e3c10657e5aae9ead1723cc9fa9
Merged-In: I5096f52358880e3c10657e5aae9ead1723cc9fa9
2022-07-08 06:55:44 +00:00
Jeff Vander Stoep
e1189a7aa7 Allow all Apps to Recv UDP Sockets from SystemServer
Access to this functionality is gated elsewhere e.g. by
allowing/disallowing access to the service.

Bug: 237512474
Test: IpSecManagerTest
Test: Manual with GMSCore + PPN library
Ignore-AOSP-First: It's a CP of aosp/2143512
Change-Id: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a
(cherry picked from commit 6ae09a4609)
Merged-In: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a
2022-07-08 00:19:26 +00:00
Treehugger Robot
163fb597fd Merge "crash_dump: Update prebuilts for API 33" am: 355ecc995e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2145179

Change-Id: I916144a02848d952d70b6fd25889c4d5ff48084b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-07 16:47:36 +00:00
Treehugger Robot
355ecc995e Merge "crash_dump: Update prebuilts for API 33" 2022-07-07 16:33:48 +00:00
David Brazdil
707cad8692 crash_dump: Update prebuilts for API 33
Bug: 236672526
Test: n/a
Merged-In: I49571dcfdd9c194101cc929772fa15463609fa8c
Change-Id: I49571dcfdd9c194101cc929772fa15463609fa8c
2022-07-07 15:17:20 +00:00
Ryan Savitski
e1c2d9941e Revert system app/process profileability on user builds
Please see bug for context.

This reverts commits:
* 6111f0cfc8
* bb197bba02
* 20d0aca7e6

And updates prebuilts/api/33.0 accordingly.

Bug: 217368496
Tested: redfin-user and barbet-userdebug: build+flash+boot;
        manual test of typical profiling (heap and perf);
        atest CtsPerfettoTestCases.
Change-Id: If7fcf3d5a2fdb1a48dcaf8ef8f97e8375d461e61
Merged-In: If7fcf3d5a2fdb1a48dcaf8ef8f97e8375d461e61
(cherry picked from commit babba5e83b)
(cherry picked from commit c592577fb2)
Merged-In: If7fcf3d5a2fdb1a48dcaf8ef8f97e8375d461e61
2022-07-07 03:05:00 +00:00
Thiébaud Weksteen
a089864e82 Ignore access to /sys for dumpstate
avc: denied { read } for name="stat" dev="sysfs" ino=26442
scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs:s0 tclass=file
permissive=0

Bug: 236566714
Test: TH
Change-Id: Id4e781908573607b28782fbb2da7cd553d6826fe
(cherry picked from commit 5e8a384f5a)
Merged-In: Id4e781908573607b28782fbb2da7cd553d6826fe
(cherry picked from commit 2e23fa2c99)
Merged-In: Id4e781908573607b28782fbb2da7cd553d6826fe
2022-07-07 03:04:54 +00:00
Mitch Phillips
064be20ec5 Add API level 33 persistent GWP-ASan Sysprop
Looks like this is needed for TM.

Bug: 236738714
Test: atest bionic-unit-tests && presubmit ag/19136924 PS#3
Change-Id: Ida26db898f2edaddce67ae13a5859115126a18cb
2022-07-06 16:21:52 +00:00
Treehugger Robot
dbd0da73ba Merge "Revert system app/process profileability on user builds" am: 829acbee3a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2142152

Change-Id: Idf3f36723d703f55141b97aaa0605194283d723e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-04 15:56:18 +00:00
Treehugger Robot
829acbee3a Merge "Revert system app/process profileability on user builds" 2022-07-04 15:41:08 +00:00
Treehugger Robot
06f721e8de Merge "Allow all Apps to Recv UDP Sockets from SystemServer" am: c37a39c26d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2143512

Change-Id: I214835a158c7851bb5971fe0fcf90cb1d8fb7fc2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-04 08:30:12 +00:00
Ryan Savitski
babba5e83b Revert system app/process profileability on user builds
Please see bug for context.

This reverts commits:
* 6111f0cfc8
* bb197bba02
* 20d0aca7e6

And updates prebuilts/api/33.0 accordingly.

Bug: 217368496
Tested: builds successfully (barbet-userdebug)
Change-Id: If7fcf3d5a2fdb1a48dcaf8ef8f97e8375d461e61
2022-07-01 12:41:01 +00:00
Jeff Vander Stoep
7295721417 Allow all Apps to Recv UDP Sockets from SystemServer
Access to this functionality is gated elsewhere e.g. by
allowing/disallowing access to the service.

Bug: 237512474
Test: IpSecManagerTest
Test: Manual with GMSCore + PPN library
Change-Id: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a
2022-07-01 12:41:28 +01:00
Maciej Żenczykowski
5c8461a277 much more finegrained bpf selinux privs for networking mainline am: 15715aea32
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/19039305

Change-Id: I0a8443a02956251a9d5da3bd582f711d0999fd08
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-23 11:15:50 +00:00
Treehugger Robot
18d8be2994 Merge changes I036e4853,I55e03a3c,Ic98c6fc6 am: 0235cbf4b9 am: 1999548d9d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2134419

Change-Id: I2b2f1ca424a44bad40b7748e429db57bfd1f9af1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-23 02:19:26 +00:00
Maciej Żenczykowski
b13921c3f0 much more finegrained bpf selinux privs for networking mainline
Goal is to gain a better handle on who has access to which maps
and to allow (with bpfloader changes to create in one directory
and move into the target directory) per-map selection of
selinux context, while still having reasonable defaults for stuff
pinned directly into the target location.

BPFFS (ie. /sys/fs/bpf) labelling is as follows:
  subdirectory   selinux context      mainline  usecase / usable by
  /              fs_bpf               no (*)    core operating system (ie. platform)
  /net_private   fs_bpf_net_private   yes, T+   network_stack
  /net_shared    fs_bpf_net_shared    yes, T+   network_stack & system_server
  /netd_readonly fs_bpf_netd_readonly yes, T+   network_stack & system_server & r/o to netd
  /netd_shared   fs_bpf_netd_shared   yes, T+   network_stack & system_server & netd [**]
  /tethering     fs_bpf_tethering     yes, S+   network_stack
  /vendor        fs_bpf_vendor        no, T+    vendor

* initial support for bpf was added back in P,
  but things worked differently back then with no bpfloader,
  and instead netd doing stuff by hand,
  bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q
  (and was definitely there in R)

** additionally bpf programs are accesible to netutils_wrapper
   for use by iptables xt_bpf extensions

'mainline yes' currently means shipped by the com.android.tethering apex,
but this is really another case of bad naming, as it's really
the 'networking/connectivity/tethering' apex / mainline module.
Long term the plan is to merge a few other networking mainline modules
into it (and maybe give it a saner name...).

The reason for splitting net_private vs tethering is that:
  S+ must support 4.9+ kernels and S era bpfloader v0.2+
  T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+

The kernel affects the intelligence of the in-kernel bpf verifier
and the available bpf helper functions.  Older kernels have
a tendency to reject programs that newer kernels allow.

/ && /vendor are not shipped via mainline, so only need to work
with the bpfloader that's part of the core os.

Bug: 218408035
Test: TreeHugger, manually on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4
(cherry picked from commit 15715aea32)
2022-06-22 16:07:42 -07:00
Patrick Rohr
f1c63a4e91 sepolicy: allow TUNSETLINK and TUNSETCARRIER
This is required for testing new ethernet APIs in T.

This change is not identical to the corresponding AOSP change
because it also needs to update the T prebuilts.

Test: TH
Bug: 171872016
(cherry picked from commit 02b55354bd)
(cherry picked from commit 69fa8ca6f2)
Change-Id: I036e48530e37f7213a21b250b858a37fba3e663b
2022-06-22 16:07:28 -07:00
Benedict Wong
a6471611cc Add xfrm netlink permissions for system server
This change enables xfrm netlink socket use for the system server,
and the network_stack process. This will be used by IpSecService
to configure SAs, and network stack to monitor counters & replay
bitmaps for monitoring of IPsec tunnels.

This patch updates the prebuilts, in addition to the changes to the
master source.

Bug: 233392908
Test: Compiled
(cherry picked from commit b25b4bf53f)
(cherry picked from commit 8b7c1cbd5e)
Change-Id: I55e03a3ca7793b09688f603c973c38bd2f6e7c7f
2022-06-22 16:07:16 -07:00
Patrick Rohr
7e3e7e4a41 Fix system server and network stack netlink permissions
Give system_server and network_stack the same permissions as netd.
This is needed as we are continuously moving code out of netd into
network_stack and system_server.

This change is not identical to the corresponding AOSP change
because it also needs to update the T prebuilts.

Test: TH
Bug: 233300834
(cherry picked from commit ab02397814)
(cherry picked from commit d0478822ce)
Change-Id: Ic98c6fc631ee98bef4b5451b6b52d94e673b4f3c
2022-06-22 16:06:55 -07:00
Maciej Żenczykowski
15715aea32 much more finegrained bpf selinux privs for networking mainline
Goal is to gain a better handle on who has access to which maps
and to allow (with bpfloader changes to create in one directory
and move into the target directory) per-map selection of
selinux context, while still having reasonable defaults for stuff
pinned directly into the target location.

BPFFS (ie. /sys/fs/bpf) labelling is as follows:
  subdirectory   selinux context      mainline  usecase / usable by
  /              fs_bpf               no (*)    core operating system (ie. platform)
  /net_private   fs_bpf_net_private   yes, T+   network_stack
  /net_shared    fs_bpf_net_shared    yes, T+   network_stack & system_server
  /netd_readonly fs_bpf_netd_readonly yes, T+   network_stack & system_server & r/o to netd
  /netd_shared   fs_bpf_netd_shared   yes, T+   network_stack & system_server & netd [**]
  /tethering     fs_bpf_tethering     yes, S+   network_stack
  /vendor        fs_bpf_vendor        no, T+    vendor

* initial support for bpf was added back in P,
  but things worked differently back then with no bpfloader,
  and instead netd doing stuff by hand,
  bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q
  (and was definitely there in R)

** additionally bpf programs are accesible to netutils_wrapper
   for use by iptables xt_bpf extensions

'mainline yes' currently means shipped by the com.android.tethering apex,
but this is really another case of bad naming, as it's really
the 'networking/connectivity/tethering' apex / mainline module.
Long term the plan is to merge a few other networking mainline modules
into it (and maybe give it a saner name...).

The reason for splitting net_private vs tethering is that:
  S+ must support 4.9+ kernels and S era bpfloader v0.2+
  T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+

The kernel affects the intelligence of the in-kernel bpf verifier
and the available bpf helper functions.  Older kernels have
a tendency to reject programs that newer kernels allow.

/ && /vendor are not shipped via mainline, so only need to work
with the bpfloader that's part of the core os.

Ignore-AOSP-First: will be cherrypicked from tm-dev to aosp/master

Bug: 218408035
Test: TreeHugger, manually on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4
2022-06-22 15:16:07 -07:00
Treehugger Robot
11a9ff428d Merge "Allow remote_prov_app to find mediametrics." 2022-06-22 06:14:28 +00:00
Max Bires
fcb3f81aaa Allow remote_prov_app to find mediametrics. am: f33d6752c1
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18912728

Change-Id: I339eb8ce2ee3a15f7fd088b1c3de1a9c7e3c8e01
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-15 20:59:12 +00:00
Max Bires
d1cd55f660 Allow remote_prov_app to find mediametrics.
This change allows remote_prov_app to find mediametrics. This is a
permission that all apps have. It is now needed for remote_prov_app due
to a new feature related to provisioning Widevine through the MediaDrm
framework.

Bug: 235491155
Test: no selinux denials related to remote_prov_app
Change-Id: Id3057b036486288358a9a84100fe808eb56df5fe
Merged-In: Id3057b036486288358a9a84100fe808eb56df5fe
2022-06-15 13:42:32 -07:00
Max Bires
f33d6752c1 Allow remote_prov_app to find mediametrics.
This change allows remote_prov_app to find mediametrics. This is a
permission that all apps have. It is now needed for remote_prov_app due
to a new feature related to provisioning Widevine through the MediaDrm
framework.

Ignore-AOSP-First: Need to cherry pick to TM-dev
Bug: 235491155
Test: no selinux denials related to remote_prov_app
Change-Id: Id3057b036486288358a9a84100fe808eb56df5fe
2022-06-15 15:42:23 +00:00
Steven Terrell
c402a02164 Merge "Add System Property Controlling Animators" am: 06c506940e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2118925

Change-Id: Ieee8f322c099443e6e533d8475501e55e9748511
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-08 16:11:44 +00:00
Steven Terrell
879f41c5f2 Add System Property Controlling Animators
Adding a new system property that will act as a toggle
enabling/disabling the framework changes that were submitted to prevent
leaked animators.

Bug: 233391022

Test: manual.

Merged-In: I57225feb50a3f3b4ac8c39998c47f263ae211b66
Change-Id: Ifc339efc1c3a5e19920b77d1f24bef19c39d5f44
2022-06-07 20:22:10 +00:00
Steven Terrell
399f831f56 Merge "Add System Property Controlling Animators" into tm-dev am: 6eb7171c4b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18565495

Change-Id: I0f8e5c4b1f876545c192812851b5d18c8897acfd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-07 19:57:37 +00:00
Steven Terrell
6eb7171c4b Merge "Add System Property Controlling Animators" into tm-dev 2022-06-07 19:49:48 +00:00
Patrick Rohr
69fa8ca6f2 sepolicy: allow TUNSETLINK and TUNSETCARRIER
This is required for testing new ethernet APIs in T.

This change is not identical to the corresponding AOSP change
because it also needs to update the T prebuilts.

Test: TH
Bug: 171872016
Merged-In: I1e6024d7d649be50aa2321543b289f81fcdfc483
(cherry picked from commit 02b55354bd)
Change-Id: I1d620bcd9b3d02c6acb45636bb862f40282f636d
2022-06-01 17:26:10 +09:00
Lorenzo Colitti
ee87a35010 Merge changes from topic "cherrypicker-L90100000954806085:N90400001269057103" into tm-dev
* changes:
  Add xfrm netlink permissions for system server
  Fix system server and network stack netlink permissions
2022-06-01 07:47:45 +00:00
Benedict Wong
8b7c1cbd5e Add xfrm netlink permissions for system server
This change enables xfrm netlink socket use for the system server,
and the network_stack process. This will be used by IpSecService
to configure SAs, and network stack to monitor counters & replay
bitmaps for monitoring of IPsec tunnels.

This patch updates the prebuilts, in addition to the changes to the
master source.

Bug: 233392908
Test: Compiled
Merged-In: I25539dc579f21d6288fa962d1fad9b51573f017d
(cherry picked from commit b25b4bf53f)
Change-Id: I25539dc579f21d6288fa962d1fad9b51573f017d
2022-06-01 03:10:11 +00:00
Patrick Rohr
d0478822ce Fix system server and network stack netlink permissions
Give system_server and network_stack the same permissions as netd.
This is needed as we are continuously moving code out of netd into
network_stack and system_server.

This change is not identical to the corresponding AOSP change
because it also needs to update the T prebuilts.

Test: TH
Bug: 233300834
Change-Id: I9559185081213fdeb33019733654ce95af816d99
(cherry picked from commit ab02397814)
Merged-In: I9559185081213fdeb33019733654ce95af816d99
2022-05-31 15:30:32 +09:00
Steven Terrell
bc844c5c2b Add System Property Controlling Animators
Adding a new system property that will act as a toggle
enabling/disabling the framework changes that were submitted to prevent
leaked animators.

Bug: 233391022

Test: manual.
Ignore-AOSP-First: planning to commit to tm-dev then cherry-pick over to
                   AOSP later.
Change-Id: I57225feb50a3f3b4ac8c39998c47f263ae211b66
2022-05-27 20:00:37 +00:00
Rubin Xu
8ff276e8d2 Allow Bluetooth stack to read security log sysprop
Bluetooth stack needs to read persist.logd.security and
ro.organization_owned sysprop (via __android_log_security())
to control security logging for Bluetooth events.

Bug: 232283779
Test: manual
Change-Id: Ic8162cd4a4436981a15acea6ac75079081790525
(cherry picked from commit a274858e3b)
Merged-In: Ic8162cd4a4436981a15acea6ac75079081790525
2022-05-25 21:05:02 +00:00
Sanjana Sunil
709b339420 Merge "Allow zygote to relabel sdk_sandbox_system_data_file" into tm-dev 2022-05-25 15:06:14 +00:00
Rubin Xu
6f73a02792 Merge "Allow Bluetooth stack to read security log sysprop" am: ab73c8f1c8 am: b7a8225fd8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2096793

Change-Id: Ia80bbd0c59b6cec578cc46eabc40e6a4c69c6ffe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-25 12:20:46 +00:00
Rubin Xu
b7a8225fd8 Merge "Allow Bluetooth stack to read security log sysprop" am: ab73c8f1c8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2096793

Change-Id: Iae1a538a9112569421c87de5ca082e066b6991f2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-25 12:01:57 +00:00
Rubin Xu
ab73c8f1c8 Merge "Allow Bluetooth stack to read security log sysprop" 2022-05-25 11:43:49 +00:00
Sanjana Sunil
898723d045 Allow zygote to relabel sdk_sandbox_system_data_file
To perform sdk sandbox data isolation, the zygote gets the selinux label
of SDK sandbox storage (e.g. /data/misc_{ce,de}/<user-id>/sdksandbox)
before tmpfs is mounted onto /data/misc_{ce,de} (or other volumes). It
relabels it back once bind mounting of required sandbox data is done.
This change allows for the zygote to perform these operations.

Bug: 214241165
Test: atest SdkSandboxStorageHostTest
Ignore-AOSP-First: Already merged in aosp

Change-Id: Ie8fd1f478fd12141bd6240cee96d0c3da55ba7a0
Merged-In: I28d1709ab4601f0fb1788435453ed19d023dc80b
2022-05-24 14:11:50 +00:00
Sanjana Sunil
79f75ae826 Merge "Allow zygote to relabel sdk_sandbox_system_data_file" am: 26750b9a0c am: 8f37c1b762
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101653

Change-Id: Id33dbed2e2a956c4f82054a06148ba0509cc70cb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-20 22:54:13 +00:00
Sanjana Sunil
8f37c1b762 Merge "Allow zygote to relabel sdk_sandbox_system_data_file" am: 26750b9a0c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101653

Change-Id: I0762945569e84d4a9cb6f98553c4e641812955c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-20 22:34:10 +00:00
Samiul Islam
6b309bd4e3 Merge "Create a separate label for sandbox root directory" am: 61bd67072c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2098133

Change-Id: I667c2888a2c4f82cd3a891c03b273b477ccd79d6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-20 12:48:30 +00:00
Sanjana Sunil
563016314c Allow zygote to relabel sdk_sandbox_system_data_file
To perform sdk sandbox data isolation, the zygote gets the selinux label
of SDK sandbox storage (e.g. /data/misc_{ce,de}/<user-id>/sdksandbox)
before tmpfs is mounted onto /data/misc_{ce,de} (or other volumes). It
relabels it back once bind mounting of required sandbox data is done.
This change allows for the zygote to perform these operations.

Bug: 214241165
Test: atest SdkSandboxStorageHostTest
Change-Id: I28d1709ab4601f0fb1788435453ed19d023dc80b
2022-05-20 11:24:32 +00:00
Samiul Islam
61bd67072c Merge "Create a separate label for sandbox root directory" 2022-05-20 07:21:19 +00:00