The bootchart problem need the selinux policy fix.
But it is missing API 32
Bug: 218729155
Test: Build
Change-Id: Ia011f8bcd52403980c2a6751bb612dd5b770e130
This is a port of If44653f436d4e5dcbd040af24f03b09ae8e7ac05 which
made this change to prebuilts/api/31.0/private/mediatranscoding.te.
This is required to pass CTS test.
Test: run cts -m CtsMediaTranscodingTestCases -t android.media.mediatranscoding.cts.MediaTranscodingManagerTest#testAddingClientUids
Bug: 207821225
Bug: 213141904
Change-Id: Iefe9f326572976e230eeeec74e612b6e20b31887
Should system_server kill zygote on crashes, it will attempt to kill any
process in the same process group. This ensures that no untracked
children are left.
Bug: 216097542
Test: m selinux_policy
Change-Id: Ie16074f76e351d80d9f17be930a731f923f99835
(cherry picked from commit 6390b3f090)
Ignore-AOSP-First: backport with update to prebuilts
This allows MediaProvider call certain MediaCodec APIs
Also update prebuilts for API 32.
Test: atest TranscodeTest
Bug: 190422448
Merged-In: Ied609152e6a9ba6d17b70db325ca33f1cb345eb8
Change-Id: Ied609152e6a9ba6d17b70db325ca33f1cb345eb8
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.
Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.
Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.
Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
Credit to Himanshu Agrawal <quic_hagraw@quicinc.com> for this fix.
Like we do with cgroup_v2, we set attribute permission to cgroup
as well.
This is the same fix as
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1927857/
but it applies it to the prebuilts for api 32.0.
Test: On a Go device, which uses cgroup instead of cgroup_v2
Bug: 211037424, 211514318
Change-Id: Ib57c94d72d50317619aa513e9f784582e0c45862
Credit to Himanshu Agrawal <quic_hagraw@quicinc.com> for this fix.
Like we do with cgroup_v2, we set attribute permission to cgroup
as well.
Test: On a Go device, which uses cgroup instead of cgroup_v2
Bug: 211037424
Change-Id: I5d58c9f549d205f1a8bdce6c5fba1cc833f2b492
Merged-In: I5d58c9f549d205f1a8bdce6c5fba1cc833f2b492
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.
Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
Steps taken to produce the mapping files:
1. Add prebuilts/api/32.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-v2-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/32.0/vendor_sepolicy.cil
as an empty file.
When adding plat_pub_versioned.cil, leave only type and typeattribute
statements, removing the other statements: allow, neverallow, role, etc.
2. Add new file private/compat/32.0/32.0.cil by doing the following:
- copy /system/etc/selinux/mapping/32.0.cil from sc-v2-dev
aosp_arm64-eng device to private/compat/32.0/32.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 32 sepolicy.
Find all such types using treble_sepolicy_tests_32.0 test.
- for all these types figure out where to map them by looking at
31.0.[ignore.]cil files and add approprite entries to 32.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_32.0 and installs
32.0.cil mapping file onto the device.
Bug: 206330997
Test: m treble_sepolicy_tests_32.0
Test: m 32.0_compat_test
Test: m selinux_policy
Change-Id: I8b2991e64e2f531ce12db7aaacad955e4e8ed687
Add badge for gsm.operator.iso-country and gsm.sim.operator.iso-country.
Test: Manual test
Bug: 205807505
Ignore-AOSP-First: already merged in AOSP; this is a reland
Change-Id: If4f399cd97b2297094ef9431450f29e0a91e5300
Merged-In: If4f399cd97b2297094ef9431450f29e0a91e5300
system_ext_userdebug_plat_sepolicy.cil is a copy of
userdebug_plat_sepolicy.cil (debug_ramdisk) that's installed in the
system_ext partition.
The build rule is gated by a BoardConfig variable, so products other
than GSI cannot accidentally install this module.
*Unclean cherry-pick* prebuilts/api/32.0/private/file_contexts is
updated in this change, which is not in the original change.
Bug: 188067818
Test: Flash RQ2A.201207.001 bramble-user with debug ramdisk & flash
gsi_arm64-user from master, device can boot and `adb root` works
Change-Id: I43adc6adad5e08dcc8e106d18fdacef962310883
Merged-In: I43adc6adad5e08dcc8e106d18fdacef962310883
(cherry picked from commit 814f3deb94)
Steps taken to produce the mapping files:
1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.
Bug: 189161483
Bug: 207344718
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
Merged-In: I6264b9cf77b80543dfea93157b45b864157e2b14
(cherry picked from commit 4f20ff73ee)
Access denial of Apexd would cause runtime abort and the
bootchart is not working on Android 12:
...
F nativeloader: Error finding namespace of apex: no namespace called com_android_art
F zygote64: runtime.cc:669] Runtime aborting...
F zygote64: runtime.cc:669] Dumping all threads without mutator lock held
F zygote64: runtime.cc:669] All threads:
F zygote64: runtime.cc:669] DALVIK THREADS (1):
F zygote64: runtime.cc:669] "main" prio=10 tid=1 Runnable (still starting up)
F zygote64: runtime.cc:669] | group="" sCount=0 ucsCount=0 flags=0 obj=0x0 self=0xb4000072de0f4010
...
Bug: 205880718
Test: bootchart test.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Change-Id: Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353
Remove these SELinux attributes since the apexd and init SELinux policies
no longer rely on these attributes.
The only difference between a previous version of this patch and the
current patch is that the current patch moves these attributes to the
'compat' policy. See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850656.
This patch includes a revert of commit 8b2b951349 ("Restore permission
for shell to list /sys/class/block"). That commit is no longer necessary
since it was a bug fix for the introduction of the sysfs_block type.
Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd && adb -e shell dmesg | grep avc
Change-Id: Id7d32a914e48bc74da63d87ce6a09f11e323c186
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Bug: 203385941
Test: config ro.config.per_app_memcg=true && turn on the screen && leave it for 11 minutes
Change-Id: I7eac9c39f2ed0d9761852dbe2a26d54c27b72237
Bug: 185400304
Buh: 201957239
Test: mm
This CL was merged to sc-dev, but reverted due to wrong Merged-In tag.
It resulted in mismatch between sc-dev and other branches like aosp,
internal main, etc. This change needs to reland on sc-dev.
Ignore-AOSP-First: already merged in AOSP; this is a reland
(cherry picked from commit 407b21b3cd)
Change-Id: I66703249de472bc6da16b147a69803ff141c54d3
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory. There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.
Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
(cherry picked from commit ff53c4d16e)
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory. There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.
Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory. There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.
Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`
Bug: 187105270
Test: booted twice on Cuttlefish
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Add debug property name with phone id.
Bug: 194281028
Test: Build and verified there is no avc denied in the log
Change-Id: Ia7ca93a3390b2f59e894ca7ebce4cae9c0f83d28
Merged-In: Ia7ca93a3390b2f59e894ca7ebce4cae9c0f83d28
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`
Bug: 187105270
Test: booted twice on Cuttlefish
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.
Bug: 194450129
Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The init process configures swapping over zram over a loop device. An
I/O scheduler is associated with the loop device. Tests have shown that
no I/O scheduler works better than the default, mq-deadline. Hence
allow the init process to configure the loop device I/O scheduler.
Without this patch, the following SELinux denials are reported during
boot:
1 1 I auditd : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
1 1 I auditd : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
Bug: 194450129
Test: Built Android images and installed these on an Android device.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Change-Id: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.
Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The shell context can invoke app_process (ART runtime), which in turn
reads odsign_prop to determine whether we determined that the generated
artifacts are valid. Since this was denied until now, app processes
invoked through shell would fall back to JIT Zygote. This is probably
fine, but since fixing the denial is really simple (and not risky), this
option might be preferred over adding it to the bug map.
Bug: 194630189
Test: `adb shell sm` no longer generates a denial
Change-Id: Ia7c10aec53731e5fabd05f036b12e10d63878a30
The init process configures swapping over zram over a loop device. An
I/O scheduler is associated with the loop device. Tests have shown that
no I/O scheduler works better than the default, mq-deadline. Hence
allow the init process to configure the loop device I/O scheduler.
Without this patch, the following SELinux denials are reported during
boot:
1 1 I auditd : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
1 1 I auditd : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
Bug: 194450129
Test: Built Android images and installed these on an Android device.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Change-Id: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Previously vendor_sched is put under product area which will be replaced
by GSI. To solve it, move it to system/sepolicy.
Bug: 194656257
Test: build pass
Change-Id: I15801c0db0a8643cac2a2fc1f004db6fb21050dc
Merged-In: Ia0b855e3a876a58b58f79b4fba09293419797b47
Carve out a label for the property, and allow odsign to set it.
Bug: 194334176
Test: no denials
Change-Id: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
Merged-In: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
The denial occurs when system_server dynamically loads AOT artifacts at
runtime.
Sample message:
type=1400 audit(0.0:4): avc: denied { execute } for comm="system_server" path="/data/misc/apexdata/com.android.art/dalvik-cache/arm64/system@framework@com.android.location.provider.jar@classes.odex" dev="dm-37" ino=296 scontext=u:r:system_server:s0 tcontext=u:object_r:apex_art_data_file:s0 tclass=file permissive=0
Currently, system_server is only allowed to load AOT artifacts at startup. odrefresh compiles jars in SYSTEMSERVERCLASSPATH, which are supposed to be loaded by system_server at startup. However, com.android.location.provider is a special case that is not only loaded at startup, but also loaded dynamically as a shared library, causing the denial.
Therefore, this denial is currently expected. We need to compile com.android.location.provider so that its AOT artifacts can be picked up at system_server startup, but we cannot allow the artifacts to be loaded dynamically for now because further discussion about its security implications is needed. We will find a long term solution to this, tracked by b/194054685.
Test: Presubmits
Bug: 194054685
Change-Id: I3850ae022840bfe18633ed43fb666f5d88e383f6
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.
(cherry pick from change 5fcce9ded3)
Bug: 194069492
Ignore-AOSP-First: cherry pick of https://r.android.com/1771328
Test: manually apply ota, see no denials for reading property
Merged-In: I97acfc17ffd9291d1a81906c75039f01624dff0f
Change-Id: I05453570add7365e1c094d3ea316d53d7c52023a
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.
Bug: 194069492
Test: manually apply ota, see no denials for reading property
Change-Id: I97acfc17ffd9291d1a81906c75039f01624dff0f
This service was renamed in
commit 8aaf796f980f21a8acda73180a876095b960fc28
after the mapping files were originally created in
commit 4f20ff73ee.
Bug: 191304621
Test: Merge redfin_vf_s T-based system with S-based vendor.
Change-Id: I3430f13a3438c06c6cb469a35a80390f83b1c0b4
ro.lmk.filecache_min_kb property allows vendors to specify min filecache
size in KB that should be reached after thrashing is detected.
Bug: 193293513
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I927f4a1c81db3f284353fe4ab93bf454acff69b7
Merged-In: I927f4a1c81db3f284353fe4ab93bf454acff69b7
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.
Ignore-AOSP-First: Resolving merge conflicts.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e
Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e
Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e
Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
app_zygote inherits tmpfs files from zygote, and needs to be able to
stat them after fork.
Bug: 192634726
Bug: 192572973
Bug: 119800099
Test: forrest
Ignore-AOSP-First: cherry pick of https://r.android.com/1753279
Change-Id: I6ddf433dbbf4a894fcb6d35c0cb723444d360e47
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
Merged-In: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
(cherry picked from commit 61d07e7ce0)
These denials were found in the logs of a test failure that entered
recovery mode.
Recovery uses libfs_mgr which reads /proc/bootconfig.
Test: Boot device into recovery and check for "avd: denied" logs
Bug: 191904998
Bug: 191737840
Ignore-AOSP-First: Merged-In not used to allow the change in prebuilts to merge
Change-Id: I96ae514cfd68856717e143d295f2838a7d0eff14
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I2abf108f2504997b06c0269f905608d8063cb3b4
Merged-In: I2abf108f2504997b06c0269f905608d8063cb3b4
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I2abf108f2504997b06c0269f905608d8063cb3b4
Merged-In: I2abf108f2504997b06c0269f905608d8063cb3b4
This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.
I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.
Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running and the expected trace is included in the
generated bugreport.
Change-Id: I28d0b1b08baac43a53fe5a1ff0f67b788d51dc74
Merged-In: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
Fixes: 191919967
Test: triggered bug on cf by running
m dist && python3 system/update_engine/scripts/update_device.py out/dist/cf_x86_64_phone-ota-eng.dariofreni.zip
Change-Id: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
Merged-In: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
Ignore-AOSP-first: this branch is not merging aosp changes anymore.
The primary goal is to have an ashmem region shared between the main app
process in Chrome (=Browser Process) and the app zygote. It can only be
passed from the App Zygote, since there is no communication in the other
direction. Passing of the file descriptor should happen by:
(A) inheriting via fork(2)
(B) using binder IPC
Currently ashmem FDs are sufficiently allowed to be mmap(2)-ed in all
Chrome processes. The mode of mapping (read-only, read-write etc.) is
controlled by the settings of the region itself, not by sepolicy.
This change additionally allows an FD created in the app zygote to be
passed to the 'untrusted_app' domain.
Note: This change allows *any* FD, not just an ashmem one to be passed.
This is on purpose: in the future we will likely want to return to the
memfd story. Other usecases (pipes, sockets) might appear.
The app zygote preload takes the responsibility not to share
capabilities in the form of FDs unintentionally with other app
processes.
Historical note: we tried to enable this for memfd (using additional
rules), but it required a 'write' permission when sending an FD. Reasons
for that are still puzzling, and there seems to be no easy workaround
for it. Decision: use ashmem.
Bug: 184808875
Test: Manual: Build and install Chrome (trichrome_chrome_google_bundle)
from [1]. Make sure FileDescriptorAllowlist allows the FD, like
[2]. Reach a NewTabPage, click on a suggested page, observe no
errors related to binder transactions and selinux violations.
[1] A change in Chrome to create an ashmem region during app zygote
preload and pass it to the browser process:
https://crrev.com/c/2752872/29
[2] Allowlist change in review:
https://android-review.googlesource.com/c/platform/frameworks/base/+/1739393
(Alternatively: Remove gOpenFdTable checks in ForkCommon() in
com_android_internal_os_Zygote.cpp)
Change-Id: Ide085f472c8fb6ae76ab0b094319d6924552fc02
Ignore-AOSP-First: in addition to changes in AOSP, copied to prebuilts
This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.
I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.
Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running.
Change-Id: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: Ia866a9a72b6f2ea5b31de25baefd13c2fd0b9c22
Merged-In: Ia866a9a72b6f2ea5b31de25baefd13c2fd0b9c22
Add a permission to use the graphics allocator.
Bug: 191094033
Test: Build a target and run the service after enforcing selinux
Ignore-AOSP-First: aosp won't auto merge to sc-dev
Change-Id: I52b6851bb95565c92fc4774a2de1f0791e6fdd23
Align the chagnes in aosp/1729396
Bug: 189787375
Test: AppDataIsolationTests
Ignore-AOSP-First: aosp won't auto merge to sc-dev
Change-Id: Ibf915e23e7db9c333e87cad75604d8251404092e
