Add sdk_sandbox_next and apply it if a new input selector,
isSdkSandboxNext, is applied. This is set to true by libselinux
if a flag is set in the seInfo passed to it.
This enables some testers to test out the set of restrictions
we're planning for the next SDK version.
sdk_sandbox_next is not the final set of restrictions of the next SDK
version.
Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest
Change-Id: Ie8bad9c1b8f8eb032d13e1822689c78ad3d2c68a
Merged-In: Ie8bad9c1b8f8eb032d13e1822689c78ad3d2c68a
When ART Service is enabled, the runtime uses a different strategy to
write profiles: it first creates a temp profile file, and then moves it
to the final location, instead of mutating the file in place. This new
strategy requires the permission to create files. While apps have this
permission, unfortunately, system_server didn't. This CL fixes this
problem.
Bug: 282019264
Test: -
1. Enable boot image profiling
(https://source.android.com/docs/core/runtime/boot-image-profiles#configuring-devices)
2. Snapshot the boot image profile
(adb shell pm snapshot-profile android)
3. Dump the boot image profile
(adb shell profman --dump-only --profile-file=/data/misc/profman/android.prof)
4. See profile data for services.jar
Ignore-AOSP-First: This change requires updating the 34.0 prebuilt,
which doesn't exist on AOSP. Will cherry-pick to AOSP later.
Change-Id: Ie24a51f2d40d752164ce14725f122c73432d50c9
Revert submission 22955599-euicc_selinux_fix2
Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules
Reverted changes: /q/submissionid:22955599-euicc_selinux_fix2
Change-Id: I00cac36ac2f2a23d02c99b9ad9df57061d1ae61c
Revert submission 22899490-euicc_selinux_fix
Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules
Reverted changes: /q/submissionid:22899490-euicc_selinux_fix
Change-Id: I0c2bfe55987949ad52f62e468c84df954f39a4ad
Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/
(ag/23125728)
Bug: 281850017
Ignore-AOSP-First: Will cherry-pick to AOSP later
Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25
Rename sdk_sandbox to sdk_sandbox_34.
Additionally, Extract out parts of sdk_sandbox_34 to
sdk_sandbox_all.te that will be shared with all sdk_sandbox domains.
Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest
Change-Id: I36e0c8795148de83c81dfe12559452812aa2b25e
Merged-In: I36e0c8795148de83c81dfe12559452812aa2b25e
Context: go/videoview-local-sandbox. This change is required to
play local files in a VideoView in the SDK sandbox.
Ignore-AOSP-First: Cherrypick
Test: Manual steps described in doc
Bug: 266592086
Change-Id: I940609d5dff4fc73d0376489646488c7b96eebb8
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.
Ignore-AOSP-First: Cherry-pick
Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
(cherry picked from commit 194abd16cb)
auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.
Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest
Change-Id: Ic4ce690e82b09ed176495f3b55be6069ffc074ac
Merged-In: Ic4ce690e82b09ed176495f3b55be6069ffc074ac
SDK's data should not be accessible directly by other domains, including
system server. Added neverallow to ensure that.
Bug: b/279885689
Test: make and boot device
Change-Id: If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2
Merged-In: If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.
Ignore-AOSP-First: Cherry-pick
Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
Merged-In: I2f47c1048aad4565cb13d4289b9a018734d18c07
Test: Manually validated that GmsCore can access the properties, but not a test app.
Ignore-AOSP-First: Change is targeted at Google devices.
Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912
Bug: 280330984
Devices can select their max supported with PRODUCT_MAX_PAGE_SIZE_SUPPORTED.
This is exposed as ro.product.cpu.pagesize.max to VTS tests.
Add the required sepolicy labels for the new property.
Bug: 277360995
Test: atest -c vendor_elf_alignment_test -s <serial>
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:0a66ea359f6751741f8100a9d934ae8d2e53d120)
Merged-In: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8
Change-Id: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8
This change allows vendor init scripts to react to the MTE bootloader
override device_config. It extends the domain for runtime_native and
runtime_native_boot configs from "all apps", which is already very
permissive, to "everything".
Ignore-AOSP-First: UpsideDownCake/34 does not exist in AOSP
Bug: 239832365
Test: none
Change-Id: I66aa1492f929f43f937b4ab0780f7753c1f4b92e
Bug: 277676657
Test: make -j; atest BluetoothInstrumentationTests
Change-Id: I94f8d9d18b9c4659703edb773dd29870430e40b7
Ignore-AOSP-First: This is a cherry-pick from AOSP
Bug: 264489957
Test: flash and no related avc error
Change-Id: Ia9a6d4918aa78e6b3e7df39496d786921192c8af
Ignore-AOSP-First: master need the prebuilt upadte
Signed-off-by: Wilson Sung <wilsonsung@google.com>
When CTS test app tries to get broadcastradio_service from context, it
is considered as untrusted app by sepolicy since broadcastradio_service
is not app_api_service. Made it as app_api_service so that CTS for
broadcastradio can be ran on devices.
Bug: 262191898
Test: atest CtsBroadcastRadioTestCase
Ignore-AOSP-First: fix CTS issue
Change-Id: I0583f549eb5b781ff23f81b2073baa0390009f9e
Test: Manual. Tested on device
Bug: 265019048
Change-Id: I1d559b4398c2e91f50da48dc6d5ccbef63fb9d18
(cherry picked from commit e8a2001086)
Ignore-AOSP-First: This is a cherry-pick from AOSP
This can be used as a side channel to observe when an application
is launched.
Gate this restriction on the application's targetSdkVersion to
avoid breaking existing apps. Only apps targeting 34 and above will
see the new restriction.
Remove duplicate permissions from public/shell.te. Shell is
already appdomain, so these permissions are already granted to it.
Ignore-AOSP-First: Security fix
Bug: 231587164
Test: boot device, install/uninstall apps. Observe no new denials.
Test: Run researcher provided PoC. Observe audit messages.
Change-Id: Ic7577884e9d994618a38286a42a8047516548782
Treble doesn't support U system + P vendor, so removing P (28.0)
prebuilts and compat files.
Bug: 267692547
Test: build
Change-Id: I3734a3d331ba8071d00cc196a2545773ae6a7a60
Controls default enable or disable for binaural and transaural.
Test: see bug
Bug: 270980127
Merged-In: I190644e88a520cf13ee2b56066d5afd258460b9e
Change-Id: I190644e88a520cf13ee2b56066d5afd258460b9e
* changes:
update api=33 sepolicy prebuilts for perfetto oome heap dumps
Fix incorrect domain used in system_server.te
Sysprop for the count of active OOME tracing sessions
* changes:
update api=33 sepolicy prebuilts for perfetto profiling of system_server and sys/platform apps
tm-qpr backport: allow perfetto profiling of system_server and sys/platform apps
Controls default enable or disable for binaural and transaural.
Ignore-AOSP-First: will land in AOSP afterwards
Test: see bug
Bug: 270980127
Change-Id: I190644e88a520cf13ee2b56066d5afd258460b9e
This ioctl can be used to avoid a race condition between key
reinstallation and busy files clean up.
Test: Trigger busy file clean-up and ensure that the ioctl succeeds
Bug: 140762419
Change-Id: I153c2e7b2d5eb39e0f217c9ef8b9dceba2a5a487
(cherry picked from commit ffb9f8855a)
Ignore-AOSP-First: Prebuilts needed to be updated when cherry-picking.
This is enabled on debuggable builds only, includes
- Grant mlstrustedobject typeattribute to wm_trace_data_file
- Grant platform_app (like systemui) the write access to
wm_trace_data_file
Bug: 251513116
Test: adb shell dumpsys activity service SystemUIService \
WMShell protolog [start | stop]
Ignore-AOSP-First: cherry-pick of aosp/2397593
Merged-In: I9f77f8995e4bf671616ce6c49eeb93720e31430e
Change-Id: I9f77f8995e4bf671616ce6c49eeb93720e31430e
This is needed to prevent autosuspend when the framework is restarting
See: go/no-suspend-deadlocks
Bug: 255898234
Bug: 265513788
Bug: 266077359
Test: Check logcat for avc denials
Change-Id: I6313e28d0f2e4bc553881fcc3742dc74ca319b44
Merged-In: I6313e28d0f2e4bc553881fcc3742dc74ca319b44
This is enabled on debuggable builds only, includes
- Grant mlstrustedsubject typeattribute to wm_trace_data_file
- Grant platform_app (like systemui) the write access to
wm_trace_data_file
Bug: 251513116
Test: adb shell dumpsys activity service SystemUIService \
WMShell protolog [start | stop]
Change-Id: I9f77f8995e4bf671616ce6c49eeb93720e31430e
ro.secure and ro.debuggable system properties are not intended
to be visible via Android SDK. This change blocks untrusted
apps from reading these properties.
Test: n/a for cherry-pick
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Bug: 265874811
Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831
Merged-In: I40ac5d43da5778b5fa863b559c28e8d72961f831
Apps commonly do not handle landscape orientation cameras correctly. In
order to prevent stretching and rotation issues in these apps, this
patch adds a flag to override the behavior of these landscape cameras
to produce a portrait image instead by changing the SENSOR_ORIENTATION
reported by CameraCharacteristics and applying a 90 degree rotate and
crop.
The camera2 framework needs to be able to turn this on only for certain
devices. Hence, this patch adds a system property for it.
Test: Ran on foldable device with several camera apps to verify behavior.
Bug: 250678880
Change-Id: I13783d81f5fada71805865a840e4135580f1d876
Merged-In: I13783d81f5fada71805865a840e4135580f1d876
ro.secure and ro.debuggable system properties are not intended
to be visible via Android SDK. This change blocks untrusted
apps from reading these properties.
Test: n/a for cherry-pick
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831
Merged-In: I40ac5d43da5778b5fa863b559c28e8d72961f831
Update prebuilts and api compat for the adaptive haptics restricted
system property.
Bug: 198239103
Test: Verified functionality
Ignore-AOSP-First: Prebuilts on top of aosp/2300027
Change-Id: I2e299053cc2ebdb5d69aa8d3551e602609daaeaf
Signed-off-by: Chris Paulo <chrispaulo@google.com>
Cherry-pick note: This contains the original AOSP change plus
an addition to private/compat/32.0/32.0.ignore.cil which
does not _appear_ to be required on AOSP and future releases
but is required for tm-dev. If needed we can add this to
AOSP later.
Bug: 243933553
Test: m sepolicy_freeze_test
Change-Id: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
Merged-In: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
(cherry picked from commit 96268c6622)
(cherry picked from commit ff0cf6f2a8)
Merged-In: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
Cherry-pick note: This contains the original AOSP change plus
an addition to private/compat/32.0/32.0.ignore.cil which
does not _appear_ to be required on AOSP and future releases
but is required for tm-dev. If needed we can add this to
AOSP later.
Bug: 243933553
Test: m sepolicy_freeze_test
Change-Id: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
Merged-In: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
(cherry picked from commit 96268c6622)
For post-OTA boot, we run a userspace block device daemon to mount /system.
However if we let the daemon run while loading sepolicy, it would spam permissive audits.
Since sepolicy is still not enforced yet, we can supress these
audit messages.
Bug: 240321741
Test: Full OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I0af484f95b6a1deb41498d67de82afd3c6bb29b6
Cherry-pick note: This contains the original AOSP change plus
an addition to private/compat/32.0/32.0.ignore.cil which
does not _appear_ to be required on AOSP and future releases
but is required for tm-dev. If needed we can add this to
AOSP later.
Bug: 243933553
Test: m sepolicy_freeze_test
Change-Id: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
Merged-In: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
(cherry picked from commit 96268c6622)
The profilers cannot open files under
/data/misc/apexdata/com.android.art/dalvik-cache because they're not
allowed to search /data/misc/apexdata with the apex_module_data_file
label.
Example denial:
avc: denied { search } for name="apexdata" dev="dm-37" ino=89
scontext=u:r:traced_perf:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir permissive=0
(cherry-picked from aosp + updated prebuilts)
Tested: patched & flashed onto a TM device, then profiled system_server
Bug: 241544593
Merged-In: Ifd8b94a9ebcae09701e95f6cd6a14383209963db
Change-Id: Ifd8b94a9ebcae09701e95f6cd6a14383209963db
(cherry picked from commit 3f3e222527)
Grant system_server and flags_health_check permission to set the
properties that correspond to vendor system native boot experiments.
Ignore-AOSP-First: Will cherry-pick to aosp/2183135
Bug: 241730607
Test: Build
Change-Id: Idc2334534c2d42a625b451cfce488d7d7a651036
Grant system_server and flags_health_check permission to set the
properties that correspond to vendor system native boot experiments.
Bug: 241730607
Test: Build
Merged-In: Idc2334534c2d42a625b451cfce488d7d7a651036
Change-Id: I3e98f1b05058245cad345061d801ecd8de623109
Window manager team wants to leverage system properties for feature
flags that need to be read in ViewRootImpl and other classes preloaded
in Zygote. Appdomain is allowed to read that permission in commit
I5808bf92dbba37e9e6da5559f8e0a5fdac016bf3.
Bug: 241464028
Test: Zygote can preload persist.wm.debug.* props.
Ignore-AOSP-First: Cherry pick of aosp/2175950
Change-Id: I0c2ae63db53530c1facd8c2132f99c0d919b4ad8
Merged-In: I0c2ae63db53530c1facd8c2132f99c0d919b4ad8
Looks like this is needed for TM.
Bug: 236738714
Test: atest bionic-unit-tests && presubmit ag/19136924 PS#3
Change-Id: Ida26db898f2edaddce67ae13a5859115126a18cb
Merged-In: Ida26db898f2edaddce67ae13a5859115126a18cb
This is needed for Watchdog to be able to dump InputProcessor HAL.
Watchdog can be triggered locally for testing by patching
InputDispatcher.cpp:
void InputDispatcher::monitor() {
// Acquire and release the lock to ensure that the dispatcher has not deadlocked.
std::unique_lock _l(mLock);
+ std::this_thread::sleep_for(std::chrono::minutes(40));
mLooper->wake();
mDispatcherIsAlive.wait(_l);
Ignore-AOSP-First: under review in aosp/2152242
Bug: 237322365
Test: adb bugreport (after triggering watchdog)
Change-Id: I746df8be4faaef2a67293d6b1c0cde5fa7810de6
In order to debug the HAL getting stuck, dumpstate needs permission to
dump its traces. In this CL, we update the api 33.0 accordingly.
Bug: 237347585
Bug: 237322365
Test: m sepolicy_freeze_test
Change-Id: I5096f52358880e3c10657e5aae9ead1723cc9fa9
Merged-In: I5096f52358880e3c10657e5aae9ead1723cc9fa9
Access to this functionality is gated elsewhere e.g. by
allowing/disallowing access to the service.
Bug: 237512474
Test: IpSecManagerTest
Test: Manual with GMSCore + PPN library
Ignore-AOSP-First: It's a CP of aosp/2143512
Change-Id: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a
(cherry picked from commit 6ae09a4609)
Merged-In: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a
In order to debug the HAL getting stuck, dumpstate needs permission to
dump its traces. In this CL, we update the api 33.0 accordingly.
Ignore-AOSP-First: under review in aosp/2147164
Bug: 237347585
Bug: 237322365
Test: m sepolicy_freeze_test
Change-Id: I5096f52358880e3c10657e5aae9ead1723cc9fa9
Looks like this is needed for TM.
Bug: 236738714
Test: atest bionic-unit-tests && presubmit ag/19136924 PS#3
Change-Id: Ida26db898f2edaddce67ae13a5859115126a18cb
Please see bug for context.
This reverts commits:
* 6111f0cfc8
* bb197bba02
* 20d0aca7e6
And updates prebuilts/api/33.0 accordingly.
Bug: 217368496
Tested: redfin-user and barbet-userdebug: build+flash+boot;
manual test of typical profiling (heap and perf);
atest CtsPerfettoTestCases.
Change-Id: If7fcf3d5a2fdb1a48dcaf8ef8f97e8375d461e61
Merged-In: If7fcf3d5a2fdb1a48dcaf8ef8f97e8375d461e61
(cherry picked from commit babba5e83b)
Access to this functionality is gated elsewhere e.g. by
allowing/disallowing access to the service.
Bug: 237512474
Test: IpSecManagerTest
Test: Manual with GMSCore + PPN library
Ignore-AOSP-First: It's a CP of aosp/2143512
Change-Id: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a
Access to this functionality is gated elsewhere e.g. by
allowing/disallowing access to the service.
Bug: 237512474
Test: IpSecManagerTest
Test: Manual with GMSCore + PPN library
Change-Id: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a
Goal is to gain a better handle on who has access to which maps
and to allow (with bpfloader changes to create in one directory
and move into the target directory) per-map selection of
selinux context, while still having reasonable defaults for stuff
pinned directly into the target location.
BPFFS (ie. /sys/fs/bpf) labelling is as follows:
subdirectory selinux context mainline usecase / usable by
/ fs_bpf no (*) core operating system (ie. platform)
/net_private fs_bpf_net_private yes, T+ network_stack
/net_shared fs_bpf_net_shared yes, T+ network_stack & system_server
/netd_readonly fs_bpf_netd_readonly yes, T+ network_stack & system_server & r/o to netd
/netd_shared fs_bpf_netd_shared yes, T+ network_stack & system_server & netd [**]
/tethering fs_bpf_tethering yes, S+ network_stack
/vendor fs_bpf_vendor no, T+ vendor
* initial support for bpf was added back in P,
but things worked differently back then with no bpfloader,
and instead netd doing stuff by hand,
bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q
(and was definitely there in R)
** additionally bpf programs are accesible to netutils_wrapper
for use by iptables xt_bpf extensions
'mainline yes' currently means shipped by the com.android.tethering apex,
but this is really another case of bad naming, as it's really
the 'networking/connectivity/tethering' apex / mainline module.
Long term the plan is to merge a few other networking mainline modules
into it (and maybe give it a saner name...).
The reason for splitting net_private vs tethering is that:
S+ must support 4.9+ kernels and S era bpfloader v0.2+
T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+
The kernel affects the intelligence of the in-kernel bpf verifier
and the available bpf helper functions. Older kernels have
a tendency to reject programs that newer kernels allow.
/ && /vendor are not shipped via mainline, so only need to work
with the bpfloader that's part of the core os.
Bug: 218408035
Test: TreeHugger, manually on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4
(cherry picked from commit 15715aea32)
This is required for testing new ethernet APIs in T.
This change is not identical to the corresponding AOSP change
because it also needs to update the T prebuilts.
Test: TH
Bug: 171872016
(cherry picked from commit 02b55354bd)
(cherry picked from commit 69fa8ca6f2)
Change-Id: I036e48530e37f7213a21b250b858a37fba3e663b
This change enables xfrm netlink socket use for the system server,
and the network_stack process. This will be used by IpSecService
to configure SAs, and network stack to monitor counters & replay
bitmaps for monitoring of IPsec tunnels.
This patch updates the prebuilts, in addition to the changes to the
master source.
Bug: 233392908
Test: Compiled
(cherry picked from commit b25b4bf53f)
(cherry picked from commit 8b7c1cbd5e)
Change-Id: I55e03a3ca7793b09688f603c973c38bd2f6e7c7f
Give system_server and network_stack the same permissions as netd.
This is needed as we are continuously moving code out of netd into
network_stack and system_server.
This change is not identical to the corresponding AOSP change
because it also needs to update the T prebuilts.
Test: TH
Bug: 233300834
(cherry picked from commit ab02397814)
(cherry picked from commit d0478822ce)
Change-Id: Ic98c6fc631ee98bef4b5451b6b52d94e673b4f3c
Goal is to gain a better handle on who has access to which maps
and to allow (with bpfloader changes to create in one directory
and move into the target directory) per-map selection of
selinux context, while still having reasonable defaults for stuff
pinned directly into the target location.
BPFFS (ie. /sys/fs/bpf) labelling is as follows:
subdirectory selinux context mainline usecase / usable by
/ fs_bpf no (*) core operating system (ie. platform)
/net_private fs_bpf_net_private yes, T+ network_stack
/net_shared fs_bpf_net_shared yes, T+ network_stack & system_server
/netd_readonly fs_bpf_netd_readonly yes, T+ network_stack & system_server & r/o to netd
/netd_shared fs_bpf_netd_shared yes, T+ network_stack & system_server & netd [**]
/tethering fs_bpf_tethering yes, S+ network_stack
/vendor fs_bpf_vendor no, T+ vendor
* initial support for bpf was added back in P,
but things worked differently back then with no bpfloader,
and instead netd doing stuff by hand,
bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q
(and was definitely there in R)
** additionally bpf programs are accesible to netutils_wrapper
for use by iptables xt_bpf extensions
'mainline yes' currently means shipped by the com.android.tethering apex,
but this is really another case of bad naming, as it's really
the 'networking/connectivity/tethering' apex / mainline module.
Long term the plan is to merge a few other networking mainline modules
into it (and maybe give it a saner name...).
The reason for splitting net_private vs tethering is that:
S+ must support 4.9+ kernels and S era bpfloader v0.2+
T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+
The kernel affects the intelligence of the in-kernel bpf verifier
and the available bpf helper functions. Older kernels have
a tendency to reject programs that newer kernels allow.
/ && /vendor are not shipped via mainline, so only need to work
with the bpfloader that's part of the core os.
Ignore-AOSP-First: will be cherrypicked from tm-dev to aosp/master
Bug: 218408035
Test: TreeHugger, manually on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4
This change allows remote_prov_app to find mediametrics. This is a
permission that all apps have. It is now needed for remote_prov_app due
to a new feature related to provisioning Widevine through the MediaDrm
framework.
Bug: 235491155
Test: no selinux denials related to remote_prov_app
Change-Id: Id3057b036486288358a9a84100fe808eb56df5fe
Merged-In: Id3057b036486288358a9a84100fe808eb56df5fe
This change allows remote_prov_app to find mediametrics. This is a
permission that all apps have. It is now needed for remote_prov_app due
to a new feature related to provisioning Widevine through the MediaDrm
framework.
Ignore-AOSP-First: Need to cherry pick to TM-dev
Bug: 235491155
Test: no selinux denials related to remote_prov_app
Change-Id: Id3057b036486288358a9a84100fe808eb56df5fe
Adding a new system property that will act as a toggle
enabling/disabling the framework changes that were submitted to prevent
leaked animators.
Bug: 233391022
Test: manual.
Merged-In: I57225feb50a3f3b4ac8c39998c47f263ae211b66
Change-Id: Ifc339efc1c3a5e19920b77d1f24bef19c39d5f44
This is required for testing new ethernet APIs in T.
This change is not identical to the corresponding AOSP change
because it also needs to update the T prebuilts.
Test: TH
Bug: 171872016
Merged-In: I1e6024d7d649be50aa2321543b289f81fcdfc483
(cherry picked from commit 02b55354bd)
Change-Id: I1d620bcd9b3d02c6acb45636bb862f40282f636d
This change enables xfrm netlink socket use for the system server,
and the network_stack process. This will be used by IpSecService
to configure SAs, and network stack to monitor counters & replay
bitmaps for monitoring of IPsec tunnels.
This patch updates the prebuilts, in addition to the changes to the
master source.
Bug: 233392908
Test: Compiled
Merged-In: I25539dc579f21d6288fa962d1fad9b51573f017d
(cherry picked from commit b25b4bf53f)
Change-Id: I25539dc579f21d6288fa962d1fad9b51573f017d
Give system_server and network_stack the same permissions as netd.
This is needed as we are continuously moving code out of netd into
network_stack and system_server.
This change is not identical to the corresponding AOSP change
because it also needs to update the T prebuilts.
Test: TH
Bug: 233300834
Change-Id: I9559185081213fdeb33019733654ce95af816d99
(cherry picked from commit ab02397814)
Merged-In: I9559185081213fdeb33019733654ce95af816d99
Adding a new system property that will act as a toggle
enabling/disabling the framework changes that were submitted to prevent
leaked animators.
Bug: 233391022
Test: manual.
Ignore-AOSP-First: planning to commit to tm-dev then cherry-pick over to
AOSP later.
Change-Id: I57225feb50a3f3b4ac8c39998c47f263ae211b66
Bluetooth stack needs to read persist.logd.security and
ro.organization_owned sysprop (via __android_log_security())
to control security logging for Bluetooth events.
Bug: 232283779
Test: manual
Change-Id: Ic8162cd4a4436981a15acea6ac75079081790525
(cherry picked from commit a274858e3b)
Merged-In: Ic8162cd4a4436981a15acea6ac75079081790525
