VintfObject will monitor for /apex directory for VINTF data.
Add permissions for service managers to read this data.
Bug: 239055387
Test: m && boot
Change-Id: I179e008dadfcb323cde58a8a460bcfa2825a7b4f
Starting with
91a9ab7c94
, calling io_uring_setup will need selinux permission to create anon
inodes.
Test: th
Bug: 244785938
Change-Id: I351983fefabe0f6fdaf9272506ea9dd24bc083a9
Revert "Add seamendc tests for sdk_sandbox in apex sepolicy"
Revert submission 2201484-sdk_sandbox
Note: this is not a clean revert, I kept the changes in aosp/2199179
and the changes to system/sepolicy/Android.mk. Those changes are already
part of internal, I do not want to put those files out of sync again.
Test: atest SeamendcHostTest
Reason for revert: b/244793900
Reverted Changes:
Ib14b14cbc:Add seamendc tests for sdk_sandbox in apex sepolic...
I27ee933da:Move allow rules of sdk_sandbox to apex policy
Change-Id: If225cdd090248e050d1f0b42f547a4b073bbafc6
Since the property is supposed to be used by vendor-side .rc file as
read-only (especially by vendor apex), it should be "system_restricted".
Also allow vendor_init to read the property.
Bug: 232172382
Test: boot cuttlefish (with vendor apex using the property)
Change-Id: I502388e550e0a3c961a51af2e2cf11335a45b992
See other cl in this topic for more information.
Bug: 198619163
Test: adb root; adb shell /system/bin/migrate_legacy_obb_data; adb logcat | grep obb shows "migrate_legacy_obb_data: No legacy obb data to migrate."
Change-Id: Ic2fb4183f80b36463f279b818e90c203e9a51422
Third attempt to roll-forward the apex_sepolicy changes from
aosp/2179294 and aosp/2170746.
I was finally able to figure out the likely root cause of the test
breakages in internal b/243971667. The related CL aosp/2199179 is making
the apex_sepolicy files mandatory for all AOSP builds.
Without the apex_sepolicy files, mixed GSI builds in internal using AOSP
as base would not implement the sdk_sandbox rules, causing breakages for
the SdkSandbox components.
Bug: 243923977
Test: atest SeamendcHostTest
Change-Id: I27ee933da6648cca8ff1f37bde388f72b4fe6ad6
New label proc_watermark_scale_factor was mistakenly added into ignore
list. Fix this by moving the mapping into correct .cil files.
Fixes: 6988677f22 ("Allow init to execute extra_free_kbytes.sh script")
Bug: 241761479
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: If12cad2ed20504d374d77a68eaba1600d2768338
This is a roll-forward of a small chunk of aosp/2170746.
The previous CL was causing test breakages (b/240731742, b/240462388,
b/240463116).
This CL is smaller than the previous one, it only moves allow rules from
the platform policy to the apex policy (I believe the error was caused
by typeattribute rules). I also ran the closest approximation I could
find to the breaking environment, and it appears the tests are passing
https://android-build.googleplex.com/builds/abtd/run/L44100000955891118https://android-build.googleplex.com/builds/abtd/run/L68000000955937148
Bug: 236691128
Test: atest SeamendcHostTest
Change-Id: I4c480041838c8c14011f099ba8295097fe9212db
ro.tuner.lazyhal: system_vendor_config_prop to decide whether the lazy
tuner HAL is enabled.
tuner.server.enable: system_internal_prop to decide whether tuner server
should be enabled.
Bug: 236002754
Test: Check tuner HAL and framework behavior
Change-Id: I6a2ebced0e0261f669e7bda466f46556dedca016
Add example implementation services: IFactory under android.hardware.audio.effect.
An audio HAL AIDL example service will register with the default implementations.
Bug: 238913361
Test: m, and flash with Pixel 6a.
Change-Id: Ib331899fd47b6b334b120e20617174d01e71ddb8
The profilers cannot open files under
/data/misc/apexdata/com.android.art/dalvik-cache because they're not
allowed to search /data/misc/apexdata with the apex_module_data_file
label.
Example denial:
avc: denied { search } for name="apexdata" dev="dm-37" ino=89
scontext=u:r:traced_perf:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir permissive=0
Tested: patched & flashed onto a TM device, then profiled system_server
Bug: 241544593
Change-Id: Ifd8b94a9ebcae09701e95f6cd6a14383209963db
srcs/android/sysprop/MemoryProperties.sysprop
This property is populated by property service from the kernel
command line parameter androidboot.ddr_size=XXXX. Vendors can set
this command line option from the bootloader.
Bug: 231718727
Test: n/a
Change-Id: I3fb8a18125081b1a30dee715831f5701964cb375
fastboot will read this prop to check if io uring is supported. Add
proper sepolicy.
Test: th
Bug: 31712568
Change-Id: I8990d8a31748534d4444a2ef25b58d629651dac7
ro.secure and ro.debuggable system properties are not intended
to be visible via Android SDK. This change blocks untrusted
apps from reading these properties.
Test: android.security.SELinuxTargetSdkTest
Bug: 193912100
Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831
