Add a domain for derive_sdk which is allowed to set
persist.com.android.sdkext.sdk_info, readable by all
apps (but should only be read by the BCP).
Bug: 137191822
Test: run derive_sdk, getprop persist.com.android.sdkext.sdk_info
Change-Id: I389116f45faad11fa5baa8d617dda30fb9acec7a
Based on guidance from the Mainline team, we're placing the
MediaProvider APK inside a new APEX, as this will allow us to
move MediaStore.java inside the module boundary in a future CL.
Bug: 144247087
Test: manual
Change-Id: I88f6f2e598d9611e8b92143504e4328d93671cab
It follows examples of other APEX to make file_contexts of ipsec
module as "android:path" property
Bug: 143192273
Test: atest ipsec_e2e_tests
Change-Id: Idbba1f964aad7e54077ac77250f9cfd6a6b5049e
Till now, file_contexts has been treated differently that other input
src files. Now it is tagged as `android:"path"` because it is.
Bug: 144732805
Test: m
Change-Id: I6b22a8d22417b75c5cb8cd3b2e534d67e958b074
create a single com.android.cellbroadcast apex to pack two apks
together: com.android.cellbroadcastreceiver and
com.android.cellbroadcastservice.
Bug: 135956699
Test: m com.android.cellbroadcast && adb install
com.android.cellbroadcast
Change-Id: Ib3f4447e1215f3dbff2ed019d4e15f3cea062920
com.android.ipsec will be shipped as a mainline module in APEX
format. A file_contexts is required for building an APEX.
Bug: 143905344
Test: Built and installed apex on device
Change-Id: I9f9a6190886181e9e4254ea2a984d338fda533da
We need an APEX module for permission to reliably roll back runtime
permission state, specifically, platform runtime-permissions.xml will
be moved into the data directory of this APEX and be rolled back when
PermissionController is rolled back.
Bug: 136503238
Test: build
Change-Id: Id3ade3f2f7d31f7badf456d438e01ce0eac964eb
This new apex is a VNDK APEX which is going to replace /system/lib/vndk
libraries.
Bug: 134357236
Bug: 139772411
Test: m com.android.vndk
Change-Id: I9bdda5bc7862917a196b894cc562e0351db76c52
This CL adds hand-written SELinux rules to:
- define the boringssl_self_test security domain
- label the corresponding files at type boringssl_self_test_marker
and boringssl_self_test_exec.
- define an automatic transition from init to boringssl_self_test
domains, plus appropriate access permissions.
Bug: 137267623
Test: When run together with the other changes from draft CL topic
http://aosp/q/topic:bug137267623_bsslselftest, check that:
- both /dev/boringssl/selftest/* marker files are
present after the device boots.
- Test: after the boringssl_self_test{32,64} binaries have
run, no further SELinux denials occur for processes
trying to write the marker file.
Change-Id: I77de0bccdd8c1e22c354d8ea146e363f4af7e36f
Track the removal of time zone data files from the runtime mainline module.
Bug: 132168458
Test: build / boot only
Change-Id: I67e596e4da2b23726c36866ff1648a833d2853c7
Set the bootanim_file context for files in the com.android.boootanim
apex-module.
Bug: 116821733
Test: Verify that the new boot animation is used from next boot
Change-Id: I15e7b00bb8044eee550a4490a271b05ae14587b6
Add art_apex_postinstall domain that is allowed to move
precreated AoT artifacts from /data/ota.
Bug: 125474642
Test: m
Change-Id: Id674e202737155a4ee31187f096d1dd655001fdd
Add art_apex_preinstall domain that is allowed to create AoT
artifacts in /data/ota.
Bug: 125474642
Test: m
Change-Id: Ia091d8df34c4be4f84c2052d3c333a0e36bcb036
Give apexd permission to execute sh.
Add userdebug_or_eng domains and rules for the test
APEX for pre- and post-install.
Bug: 119260955
Bug: 119261380
Test: atest apexservice_test
Change-Id: I0c4a5e35e096101a53c9d1f212d2db2e63728267
e2bc9fe9d5ac82457bc6050bf705ff43a1b05cbf in platform/art project added
the dynamic linker to the runtime APEX. Since the dynamic linker has
been labeled as 'system_linker_exec' so does the linker in the APEX.
Bug: 120266448
Test: ls -Z /apex/com.android.runtime/bin/linker
u:object_r:system_linker_exec:s0 /apex/com.android.runtime/bin/linker
Change-Id: I243b86a74d94058b3283830c32232c6584639ff3
Code in bionic / libcore will now look in the runtime
APEX module for data files.
Bug: 119293618
Bug: 119390260
Test: build / treehugger only
Change-Id: I965c763e7f0452b8ef5ffbf730733e9a41254beb
There is no real need to access the manifest.json (which is being
renamed in other CLs anyway). So remove the access to it.
Bug: 119672727
Test: m, installed on device, boots.
Change-Id: I2d82062031da36f871b2a64d97a50a6f1e6fc3dd
Gathering file contexts for all APEXes there for easier auditing.
Test: m com.android.resolv
Bug: 119527674
Change-Id: I0f06c21c77f4b537e7c7d590204569f4531b5302
Also rename `file_contexts` for the "Debug" Runtime APEX module
(containing both release and debug variants, as well as additional
tools).
Test: make com.android.runtime
Test: make com.android.runtime.release
Test: make com.android.runtime.debug
Test: art/build/apex/runtests.sh
Bug: 113373927
Change-Id: I6b917d7f5b1734aeb717932081c7b03366ef2774
It was <name>_file_context before. Changing for better readability.
Bug: 119034475
Test: m apex.test com.android.tzdata com.android.runtime
Change-Id: Ic9d6479dfed56ac474c574343a38b5f73dde3c05
For centralized development of sepolices, file_contexts files for APEXes
are all moved to under /system/seplicy.
Bug: 119034475
Bug: 113373927
Test: m apex.test com.android.tzdata com.android.runtime com.android.media
Change-Id: I9bf4874793db4dbdb75cbd759ae95f72d7281007