Grant access to icmp_socket to netdomain. This was previously
labeled as rawip_socket which apps are allowed to use. Neverallow
all other new socket types for apps.
Kernels versions > 4.9 redefine ICMP sockets from rawip_socket
to icmp_socket. To pass neverallow tests, we need to define
which IOCTLs are allowed (and disallowed).
Note that this does not change behavior on devices with
kernel versions <=4.9. However, it is necessary (although not
sufficient) to pass CTS on kernel version 4.14.
Bug: 110520616
Test: Grant icmp_socket in net.te and build.
Change-Id: I5c7cb6867d1a4cd1554a8da0d55daa8e06daf803
This property is read by the audio service in system server to toggle camera shutter sound
enforcement on a device-specific basis.
Test: Camera shutter sound enforcement works when audio.camerasound.force is set
Bug: 110126976
Change-Id: I2720d3c699c4712d1a328f59dde0b16bbf1016f3
Like /system and /product, /product-services will contain apps that
should have the same privileges as the one in other system partitions.
Bug: 80741439
Test: successfully tested e2e on two devices, one with
/product-services partition and another with /product-services
symlinking to -> /system/product-services
Change-Id: Ieee7a9a7641a178f44bb406dbdef39ed46713899
From now on, linker will resolve dir.${section} paths of ld.config.txt.
This is added to suppress SELinux denial during resolving /postinstall.
Bug: http://b/80422611
Test: on taimen m -j, logcat | grep denied, atest on bionic/linker/tests
Change-Id: I12c2bb76d71ae84055b5026933dcaa6ef2808590
Add sepolicy entries for the new time zone detector service.
The timezonedetector_service will be called from the
telephony process.
Bug: 78217059
Test: make / booted device
Change-Id: Ib719a4bb444b2af7dd71910fb0bd12992df9d88c
There will likely be no need for platform apps
to call the timedetector_service; it was added
in error.
Bug: 78217059
Test: build / boot
Change-Id: Ie299c92a60f26fe6cb00562219e386a9f13e459f
For 4.14+ kernels, we need map permissions for vendor_config_files,
for things like kernel loaded firmware blobs, etc.
Change-Id: I8144c50b0239aedf4124569003187cc50c963080
Signed-off-by: John Stultz <john.stultz@linaro.org>
init is now a dynamic executable. So it has to be able to execute the
dynamic linker (/system/bin/linker) and shared libraries (e.g.,
/system/lib/libc.so). Furthermore, when in recovery mode, the files are
all labeled as rootfs - because the recovery ramdisk does not support
xattr, so files of type rootfs is allowed to be executed.
Do the same for kernel and ueventd because they are executing the init
executable.
Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Change-Id: Ic6225bb8e129a00771e1455e259ff28241b70396
Legacy hardware and code still depends on the ueventd helpers to
locate the firmware supported files which are on new mount path
labeled with mnt_vendot_file. For ueventd helper to work we need dir search
and read permission on this new label so moving ueventd to exempted list.
Already ueventd has the vendor_file_type read access.
Bug:110083808
Change-Id: Ia15cc39ecef9e29b4f1f684efdddbeb78b427988
If you can get or serve the hal allocator interface,
you should be a hal_allocator_client or
hal_allocator_server.
Bug: 80319537
Test: boot aosp_walleye and (sanity) take photos
Change-Id: Iea14c67c4aa56df7a74ebdb17e99b78b1d3aa105
The timedetector_service will be called from the
telephony process
Bug: 78217059
Test: build / local testing with a client
Change-Id: I25dfa4daabaa80e6b5e697ad1b1e2f7f72377702
To ensure a surprise reboot does not take the last boot reason on
face value especially if coming from more than one boot sessions ago.
We shift and clear the value from persist.sys.boot.reason to
sys.boot.reason.last and establish a correct last reboot reason in
the canonical sys.boot.reason property. As a result, the power
manager should read the canonical sys.boot.reason for a definitive
result rather than relying on the possibly incorrect values in the
persistent storage. sys.boot.reason should be a core property as
it represents the canonical boot reason API.
Test: compile
Bug: 86671991
Bug: 63736262
Change-Id: If3742c487d6c0ab69c464f056bf48c786b66a945
The shell is now available directly in the recovery ramdisk. We no
longer need to mount system.img to /system as the recovery ramdisk is
self-contained. However, there is a problem that every file in the
ramdisk is labeled as rootfs because the ramdisk does not support xattr.
This CL adds several recovery-only rules that are required to make the
recovery ramdisk self-contained. Most importantly, adbd is allowed to
domain_trans to shell. Also shell is allowe to execute files of type
rootfs. Finally, the recovery is allowed to mount on tmpfs since it now
mounts system.img to /mnt/system.
Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: `adb root && adb shell` and then
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.
Change-Id: If21b069aee63541344a5ca8939fb9a46ffef4d3e
