/tmp is a volatile temporary storage location for the shell user.
As with /data/local/tmp, it is owned by shell:shell and is chmod 771.
Bug: 311263616
Change-Id: Ice0229d937989b097971d9db434d5589ac2da99a
It ferries SecretManagement messages to/from Sk. Reflect this is
sepolicies.
Test: With topic, check selinux denials
Bug: 291213394
Change-Id: Ia0d25e46232d56c59fb18f8642767bfa2d5ffab1
This reverts commit 5e1d7f1c85.
Reason for revert: retry with a fix to the failed tests
Test: atest art_standalone_oatdump_tests
Change-Id: I28872c643ba4ec07ef41b1f9be86036c592a6e4e
It ferries SecretManagement messages to/from Sk. Reflect this is
sepolicies.
Test: With topic, check selinux denials
Bug: 291213394
Change-Id: I0acc06424eb834d66a85f9d4f6b8b632d95c4190
"adb remount" runs the remount command, which needs to be able to update
bits in the super partition metadata. This change only affects
userdebug_or_eng policy.
Bug: 297923468
Test: adb-remount-test.sh
Change-Id: Ia78d4b0ea942a139c8a4070dc63a0eed218e3e18
It is effectively an oversight that bluetooth has this
but network stack does not.
This prevents the network stack process from (for example)
using timerfd_create with CLOCK_{REAL,BOOT}TIME_ALARM,
without trampolining through parts of the mainline module
which are shipped as part of the system server.
See:
https://man7.org/linux/man-pages/man2/timerfd_create.2.html
Bug: 316171727
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iba95c80f830784a587fa4df6867a99bcb96ace79
To allow Settings application to read game default
frame rate system properties, adding access to system_app
game_manager_config_prop includes
"persist.graphics.game_default_frame_rate.enabled" for
toggling the system UI toggle, which is updated in
GameManagerService. This will only be read in Settings to
determine if the toggle is on or off.
Bug: 286084594
Test: m; boot;
Change-Id: I3d5795a8a462c25eeae90aade6eaf08c06f540c3
This reverts commit 7ba4801b6e.
Reason for revert: b/315295188
Change-Id: Ib4a4d68763f68bc1cebe6528ce4b81188f35ba49
Test: build and run on Cuttlefish. Verify that isolated_app denials go away.
Virtual camera passes Surface to the app which internally uses binder
to communicate with the other side of buffer queue.
Bug: 301023410
Test: atest VirtualCameraTest
Change-Id: I3ea23532a5077c0b57a6f74c7814b9fdf69829ea
Required for nicer stacks for crashes
and ANRs, etc..
Bug: N/A
Test: adb shell am hang, check servicemanager
section no longer displays warnings now that
that it is dumped by watchdog
Change-Id: I49a93c1fec9c3219c11dc1a82440c7c2a1944010
type=1400 audit(0.0:835): avc: denied { read }
for path="/data/app/vmdl1923101285.tmp/base.apk"
dev="dm-37" ino=29684
scontext=u:r:isolated_app:s0:c512,c768
tcontext=u:object_r:apk_tmp_file:s0 tclass=file
permissive=0
Bug: 308775782
Test: Flashed to device with and without this change, confirmed that this
change allows an isolated process to read already opened staged apk file
Change-Id: I7226bae79344c3b2a5a0f59940dde6d64a8a7ea1
Cmd line: /system/bin/servicemanager
ABI: 'x86_64'
"servicemanager" sysTid=202
NOTE: Function names and BuildId information is missing for some frames due
NOTE: to unreadable libraries. For unwinds of apps, only shared libraries
NOTE: found under the lib/ directory are readable.
NOTE: On this device, run setenforce 0 to make the libraries readable.
NOTE: Unreadable libraries:
NOTE: /system/lib64/bootstrap/libc.so
#00 pc 00000000000babda /system/lib64/bootstrap/libc.so
#01 pc 0000000000017819 /system/lib64/libutils.so (android::Looper::pollAll(int, int*, int*, void**)+441) (BuildId: 2ed0ced7383d1676a37aed1236486ac3)
#02 pc 0000000000011a25 /system/bin/servicemanager (main+1157) (BuildId: 509b83cb97addfa90aaa4ad911c2a3df)
#03 pc 00000000000547a9 /system/lib64/bootstrap/libc.so
Bug: 314088872
Test: adb shell am hang and check ANRs
Change-Id: I7daf19a3afbd18aa93093fb152f9555022ece88f
This allows AccessibilityManagerService in system_server to
interact with a HID-supported Braille Display.
Bug: 303522222
Test: ls -z /dev/hidraw0
Test: plat_file_contexts_test
Test: Open FileInputStream and FileOutputStream on this device
path from AccessibilityManagerService
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:67a63cc046769759aa43cf1653f11e57c55cd1db)
Merged-In: I2982e907bd2a70c1e4e8161647d6efd65110b99c
Change-Id: I2982e907bd2a70c1e4e8161647d6efd65110b99c
