This reverts commit 34240604aa.
Reason for revert: Droidcop: Potential culprit for Bug149218822- verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Change-Id: Iaba9f6e9125ac456a5787b1fcbb67d68c91c5f42
system_vendor_config_prop defines a property contexts which can only be
set from vendor_init. It is one of the mostly used patterns of system
properties. This migrates some properties to help readability and
security.
Bug: 148125056
Test: system/sepolicy/build_policies.sh
Change-Id: I6b53ef520331b32417ad59f4daa04bdfc077f682
This adds the type and permissions for dumping and appending prereboot
information.
Bug: 145203410
Test: Didn't see denials while dumping and appending prereboot info.
Change-Id: Ic08408b9bebc3648a7668ed8475f96a5302635fa
This properties are used to compute UserspaceRebootAtom and are going to
be written by system_server. Also removed now unused
userspace_reboot_prop.
Test: builds
Bug: 148767783
Change-Id: Iee44b4ca9f5d3913ac71b2ac6959c232f060f0ed
This binder call is needed because we want to migrate
libstatspull to use StatsManagerService instead of Statsd
The binder call to statsd can be removed after the migration.
Test: m -j
Bug: 148641240
Change-Id: Id1387a2cbe74ba8d84f4973c6e4d17c5e0b88009
Add a new entry for use_content_detection_for_refresh_rate that will
eventually replace the deprecated use_smart_90_for_video
Change-Id: Iffe83fe0c7620f661228452495a02922f9662406
Test: play video and observe refresh rate
There are a lot of properties which is meant to be set once by
vendor_init. Most of them are configuration properties from vendor. This
introduces a macro to define such properties, which can help readability
and better security than using plain system_public_prop.
Bug: 148125056
Test: manual
Change-Id: I8b68e635d42119bafd1d22cba7957f583822ac7b
Run SELinuxHostTest whenever a change is made.
Filtering the tests to the ones that check that priv-apps are running in
their own domains.
Bug: 143172058
Test: Running "atest" in system/sepolicy runs SELinuxHostTest
Change-Id: If17642400129e97eb3bf2f631e784f92826adb9a
The public platform version no longer can be a codename, it is
always the most recently released platform. A new build property
and API provides either the offical version or the current codename
as appropriate. This will avoid breaking apps that look at the
platform version while development is under a codename.
Bug: 143175463
Test: manual
(cherry picked from commit afa84c96ac)
Merged-In: I257ca42672e4712841c90b0608202c846bda628c
Change-Id: If8c91986afe682902787145dae4c0a3b9a2aa8d1
The binder's methods are protected by signature
permissions (LOG_COMPAT_CHANGE, READ_COMPAT_CHANGE_CONFIG and
OVERRIDE_COMPAT_CHANGE_CONFIG).
This is a re-landing of https://r.android.com/1210143, which was
reverted due to http://b/142942524. The actual fix was done in
http://ag/10234812.
Bug: 142650523
Test: atest PlatformCompatGatingTest
Change-Id: Ibddac8933ea58d44457a5d80b540347e796ebe71
Dumpstate runs 'df', which in turn tries to get attributes on all
mounted filesystems. We don't care much for stats on /mnt/user, since
it's simply a mapping of /data. /mnt/installer is simply a bind mount of
/mnt/user, and we don't need to show that in df either.
Bug: 148761246
Test: atest
CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ie71b9cde08eb08bd3a7a3e2659ea71c61ca5ab3b
adbd started calling shutdown and waiting for EOF before closing
sockets in commit 74b7ec72, because closing a TCP socket while you have
pending data to read is specified to send a TCP RST to the other end,
which can result in data that we've written into the socket to be
prematurely thrown away on the other end. Not being able to do so on a
Unix domain socket is benign, aside from the denial showing up in the
log.
Fixes the following selinux denial when installing a package:
avc: denied { shutdown } for scontext=u:r:adbd:s0 tcontext=u:r:shell:s0 tclass=unix_stream_socket permissive=0
Test: manual
Change-Id: I266092a8323ac02bfe96738a8f4a8021f3a10387
This fixes a bug where a directory's label was removed, causing it to
be unlabeled, and we crashed on trying to set its encryption policy.
Fixes: 148923156
Test: Successfully update from build with the deleted label.
Change-Id: I69c3707e3e66d9e44a22b0783d3016c8ddab6b8f
This binder call is needed because we want to migrate
libstatspull to use StatsManagerService instead of Statsd
The binder call to statsd can be removed after the migration.
Test: m -j
Bug: 148641240
Change-Id: If6cf7eb77aa229751c44e5291d49f05177dbb8dd
