If malicious process in the host overwrites microdroid vendor image,
unexpected behavior could be happened.
Bug: 285854379
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
Change-Id: I18ce5112b75b2793c85bb59c137715beb602a5f3
The enable_rkpd property is no longer needed. This change removes the
vestigial property.
Test: Successful build
Change-Id: I810d5a21cbe01b43a37244959e21febd0880be59
Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
Changes from the reverted cl aosp/2812455:
- The AIDL service type has been renamed from avf_* to hal_* to be
consistent with the others.
- The new AIDL service type, hal_remotelyprovisionedcomponent_avf_service,
for the IRPC/avf service, has been set up with the server/client model
for AIDL Hal. The virtualizationservice is declared as server and
RKPD is declared as client to access the service instead of raw
service permission setup as in the reverted cl. This is aligned
with the AIDL Hal configuration recommendation.
- Since the existing type for IRPC hal_remotelyprovisionedcomponent is
already associated with keymint server/client and has specific
permission requirements, and some of the keymint clients might not
need the AVF Hal. We decided to create a new AIDL service type
instead of reusing the exisiting keymint service type.
Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Bug: 312427637
Bug: 310744536
Bug: 299257581
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: Id37764b5f98e3c30c0c63601560697cf1c02c0ad
vfio_handler will be active only if device assignment feature is turned
on.
Bug: 306563735
Test: microdroid tests with and without the flag
Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d
Convert vibrator_control to a framework service (fwk_vibrator_control_service) in system_server.
Bug: 305961689
Test: N/A
Change-Id: I5f3aba2c58a3166593a11034a8d21dfd12311c2e
This makes the service available for CTS tests (specifically NotificationManagerZenTest).
Test: m -j
Bug: 308673540
Change-Id: I45917abd0c0dd3f2c5365b2780ac3ab5e28f2580
Add sepolicies rules for Secretkeeper HAL & nonsecure service
implementing the AIDL.
Test: atest VtsHalSkTargetTest & check for Selinux denials
Bug: 293429085
Change-Id: I907cf326e48e4dc180aa0d30e644416d4936ff78
This reverts commit c6227550f7.
Reason for revert: Faulty merging paths have been removed
Change-Id: Icf56c2e977c5517af63e206a0090159e43dd71eb
Merged-In: Ie947adff00d138426d4703cbb8e7a8cd429c2272
ro.llndk.api_level shows the maxium vendor api level that the llndk
in the platform supports.
Bug: 312098788
Test: getprop ro.llndk.api_level
Change-Id: I139524724e458300a3c1430c94595e9fa25a85dd
Add property bluetooth.core.le.dsa_transport_preference containing a
list of supported HID transport protocols for IMU data over LE Audio by
order of preference:
Bug: 307588546
Test: make
Change-Id: I7aef404a2c6c8cc872efb994e328a175d5b4efd4
This reverts commit 76a62dfb3e.
Reason for revert: Relanding with virtual_camera flag disabled to prevent test failures before rc entry is added for the service (which needs to be done after this cl is submitted to prevent boot test failing due to selinux denials).
Test: https://android-build.corp.google.com/builds/abtd/run/L11500030000350228
Change-Id: Ie621f89610b173918bb4c0b6eb1f35547f56f6b7
Bug: 311515963
Test: set ro.virtual_ab.merge_delay_seconds by PRODUCT_PROPERTY_OVERRIDES in mk files and run OTA
Change-Id: Ia9bac57879670e0dbd858705bffbb8dea7d58fba
This reverts commit a41bfab758.
Reason for revert: Automerger path causing the regression is no more
Change-Id: I4c9ab6f2e18c9d8157f5667bc98fcce00e78f93d
We should wrap the parameter because it will contain multiple lines of
codes which can probably contain comma.
Bug: 306563735
Test: build and see sepolicy output
Change-Id: I2f56f0a1ec2d5b14570fb9c5bb178d488bc023c9
Current sepolicy expects the library located under /vendor/lib(64), but
the actual location of the library is /vendor/lib(64)/hw, as it defines
relative path 'hw'. This change corrects location of
android.hidl.memory@1.0-impl.so, so it can be labeled with
same_process_hal_file as expected.
Bug: 311298012
Test: Failing test passed over ABTD
Change-Id: Ib84dbde0742716d399f04ce8ec11a0c4f24be8b0
Using Join with the fully fledged input path as string
breaks setting a custom $OUT_DIR
Test: export OUT_DIR=`pwd`/out_custom && m nothing
Change-Id: Ie5043c0eb8e5f854be0d0d318008ea24f3d94c09
1. declare setupwizard_mode_prop for ro.setupwizard.mode
2. that prop could be set during vendor_init, so changed prop type
Bug: 310208141
Test: boot and check if there is no sepolicy issue
Change-Id: I89246ab2c686db139cad48550b860d69a41106ff
In AVF, virtualizationmanager checks the selinux label of given disk
image for proving whether the given image is edited maliciously.
Existing one(vendor_configs_file, /vendor/etc/*) was too wide to use for this purpose.
Bug: 285854379
Test: m
Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
