... as this is needed for the hal to access and map
gralloc buffers on devices such as Cuttlefish. Previously,
this sepolicy is added in device specific directories but
the Cuttlefish team is looking at centralizing the sepolicy.
Bug: b/161819018
Test: `atest CtsNNAPITestCases`
Test: `atest VtsHalNeuralnetworksV1_0TargetTest`
Change-Id: Ia5b2704e2cdeedfa19d160e546d811b7d1c21aa9
Bluetooth stack needs to read persist.logd.security and
ro.organization_owned sysprop (via __android_log_security())
to control security logging for Bluetooth events.
Bug: 232283779
Test: manual
Change-Id: Ic8162cd4a4436981a15acea6ac75079081790525
As a follow-up to https://r.android.com/2078213, remove init's write
access to directories with type system_userdir_file or
media_userdir_file. This has been made possible by moving the creation
of /data/user/0 and /data/media/obb to vold.
Bug: 156305599
Change-Id: Ib9f43f2b111518833efe08e8cacd727c75b80266
All domains using libbinder need access to this new ioctl in order to
pull precise information upon failed binder operations.
Bug: 28321379
Tested: clients can now use the ioctl through libbinder
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: I8d6e5ca6b133b934855a7545cc1a9786e2c4ad65
init should use subcontext (vendor_init) for actions/services from
/{vendor, odm} partitions. However, when configs are from vendor APEXes,
init can't tell whether the APEXes are from /{vendor, odm} just by
looking at the config file paths.
Instead, init can look up /apex/apex-info-list.xml for APEXes
preinstalled paths to tell APEXes' original partition.
Bug: 232021354
Test: atest CtsBluetoothTestCases
(Cuttlefish has BT HAL APEX in /vendor)
Change-Id: I8cb5d9eb3970790499ef1eb1ee00851591a42e98
Creating a per-user encrypted directory such as /data/system_ce/0 and
the subdirectories in it too early has been a recurring bug. Typically,
individual services in system_server are to blame; system_server has
permission to create these directories, and it's easy to write
"mkdirs()" instead of "mkdir()". Such bugs are very bad, as they
prevent these directories from being encrypted, as encryption policies
can only be set on empty directories. Due to recent changes, a factory
reset is now forced in such cases, which helps detect these bugs;
however, it would be much better to prevent them in the first place.
This CL locks down the ability to create these directories to just vold
and init, or to just vold when possible. This is done by assigning new
types to the directories that contain these directories, and then only
allowing the needed domains to write to these parent directories. This
is similar to what https://r.android.com/1117297 did for /data itself.
Three new types are used instead of just one, since these directories
had three different types already (system_data_file, media_rw_data_file,
vendor_data_file), and this allows the policy to be a bit more precise.
A significant limitation is that /data/user/0 is currently being created
by init during early boot. Therefore, this CL doesn't help much for
/data/user/0, though it helps a lot for the other directories. As the
next step, I'll try to eliminate the /data/user/0 quirk. Anyway, this
CL is needed regardless of whether we're able to do that.
Test: Booted cuttlefish. Ran 'sm partition disk:253,32 private', then
created and deleted a user. Used 'ls -lZ' to check the relevant
SELinux labels on both internal and adoptable storage. Also did
similar tests on raven, with the addition of going through the
setup wizard and using an app that creates media files. No
relevant SELinux denials seen during any of this.
Bug: 156305599
Change-Id: I1fbdd180f56dd2fe4703763936f5850cef8ab0ba
Add a property to be read by system_server's AudioService that
indicates whether the spatializer effect can use head tracking.
If true, head tracking functionality will be initialized and
the corresponding APIs will be active.
Bug: 226474336
Test: atest android.media.audio.cts.SpatializerTest
Change-Id: Id8f574ecd2303034a29da58615018586b68bf55d
The compliance tests rely on this.
Bug: 230660133
Test: run MicrodroidHostTests on a user build
Merged-In: Ic061632d80285182ec2ae7d31f3527948702cf32
Change-Id: Ic061632d80285182ec2ae7d31f3527948702cf32
This only makes it difficult to run (test/demo) apps using AVF. They
have to be pre-installed on the device which is infeasible on
user-build devices.
Removing the guard so that untrusted apps can use virtualizationservice
even on user builds. Note that the use is still gated by the
MANAGE_VIRTUAL_MACHINE permission, which can be granted only by
pre-installing or explicitly via `adb shell pm grant`. So there's no
risk of 3p apps downloaded from the net having its own VM.
Bug: 231080171
Test: run MicrodroidDemoApp on a user build
Merged-In: Ie0b1b9801dd7726633f97456a38bc0ea349013db
Change-Id: Ie0b1b9801dd7726633f97456a38bc0ea349013db
Steps taken to produce the mapping files:
0. Add 33.0 prebuilts to prebuilts/api/33.0/.
1. Add the following Android.bp modules.
33.0.board.compat.map
33.0.board.compat.cil
33.0.board.ignore.map
plat_33.0.cil
system_ext_33.0.cil
product_33.0.cil
33.0.ignore.cil
system_ext_33.0.ignore.cil
product_33.0.ignore.cil
33.0.compat.cil
system_ext_33.0.compat.cil
2. Touch the following three files.
private/compat/33.0/33.0.cil
private/compat/33.0/33.0.compat.cil
private/compat/33.0/33.0.ignore.cil
3. Add 33.0 to PLATFORM_SEPOLICY_COMPAT_VERSIONS on
build/make/core/config.mk. Note that we don't update
sepolicy_major_vers to 33, but just update compat versions.
4. Run the following command.
$ source build/make/rbesetup.sh && lunch aosp_arm64-userdebug
$ m sepolicy_generate_compat
$ sepolicy_generate_compat --branch=tm-dev \
--build latest --target-version 33.0 \
--latest-version 32.0
This change also enables treble_sepolicy_tests_33.0 and installs
33.0.cil mapping file onto the device.
Test: m treble_sepolicy_tests_33.0
Test: m 33.0_compat_test
Test: m slinux_policy
Change-Id: Ie969ff0372ff1268776165cee5cb5b07d303453c