If malicious process in the host overwrites microdroid vendor image,
unexpected behavior could be happened.
Bug: 285854379
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
Change-Id: I18ce5112b75b2793c85bb59c137715beb602a5f3
The enable_rkpd property is no longer needed. This change removes the
vestigial property.
Test: Successful build
Change-Id: I810d5a21cbe01b43a37244959e21febd0880be59
Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
Changes from the reverted cl aosp/2812455:
- The AIDL service type has been renamed from avf_* to hal_* to be
consistent with the others.
- The new AIDL service type, hal_remotelyprovisionedcomponent_avf_service,
for the IRPC/avf service, has been set up with the server/client model
for AIDL Hal. The virtualizationservice is declared as server and
RKPD is declared as client to access the service instead of raw
service permission setup as in the reverted cl. This is aligned
with the AIDL Hal configuration recommendation.
- Since the existing type for IRPC hal_remotelyprovisionedcomponent is
already associated with keymint server/client and has specific
permission requirements, and some of the keymint clients might not
need the AVF Hal. We decided to create a new AIDL service type
instead of reusing the exisiting keymint service type.
Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Bug: 312427637
Bug: 310744536
Bug: 299257581
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: Id37764b5f98e3c30c0c63601560697cf1c02c0ad
vfio_handler will be active only if device assignment feature is turned
on.
Bug: 306563735
Test: microdroid tests with and without the flag
Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d
Convert vibrator_control to a framework service (fwk_vibrator_control_service) in system_server.
Bug: 305961689
Test: N/A
Change-Id: I5f3aba2c58a3166593a11034a8d21dfd12311c2e
Add sepolicies rules for Secretkeeper HAL & nonsecure service
implementing the AIDL.
Test: atest VtsHalSkTargetTest & check for Selinux denials
Bug: 293429085
Change-Id: I907cf326e48e4dc180aa0d30e644416d4936ff78
This reverts commit c6227550f7.
Reason for revert: Faulty merging paths have been removed
Change-Id: Icf56c2e977c5517af63e206a0090159e43dd71eb
Merged-In: Ie947adff00d138426d4703cbb8e7a8cd429c2272
ro.llndk.api_level shows the maxium vendor api level that the llndk
in the platform supports.
Bug: 312098788
Test: getprop ro.llndk.api_level
Change-Id: I139524724e458300a3c1430c94595e9fa25a85dd
Add property bluetooth.core.le.dsa_transport_preference containing a
list of supported HID transport protocols for IMU data over LE Audio by
order of preference:
Bug: 307588546
Test: make
Change-Id: I7aef404a2c6c8cc872efb994e328a175d5b4efd4
This reverts commit 76a62dfb3e.
Reason for revert: Relanding with virtual_camera flag disabled to prevent test failures before rc entry is added for the service (which needs to be done after this cl is submitted to prevent boot test failing due to selinux denials).
Test: https://android-build.corp.google.com/builds/abtd/run/L11500030000350228
Change-Id: Ie621f89610b173918bb4c0b6eb1f35547f56f6b7
Bug: 311515963
Test: set ro.virtual_ab.merge_delay_seconds by PRODUCT_PROPERTY_OVERRIDES in mk files and run OTA
Change-Id: Ia9bac57879670e0dbd858705bffbb8dea7d58fba
This reverts commit a41bfab758.
Reason for revert: Automerger path causing the regression is no more
Change-Id: I4c9ab6f2e18c9d8157f5667bc98fcce00e78f93d
1. declare setupwizard_mode_prop for ro.setupwizard.mode
2. that prop could be set during vendor_init, so changed prop type
Bug: 310208141
Test: boot and check if there is no sepolicy issue
Change-Id: I89246ab2c686db139cad48550b860d69a41106ff
In AVF, virtualizationmanager checks the selinux label of given disk
image for proving whether the given image is edited maliciously.
Existing one(vendor_configs_file, /vendor/etc/*) was too wide to use for this purpose.
Bug: 285854379
Test: m
Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
and consitently name service and process as "virtual_camera" (with
underscore)
Test: Cts VirtalCameraTest
Bug: 270352264
Change-Id: I2c6c0c03aab47aa1795cbda19af25e6661a0bf4a
This can be useful, for both platform and app developers, when there
are lots of SELinux violations.
The property is only read by init, so no get_prop macros are needed.
Bug: 304313777
Test: set, `for x in $(seq 100); do ls /cache; done`, observe logs
Reference: Ib5352dcf3a85836ae5544c9feeb5222c97c50ecd
Change-Id: Ib23c008ed89e078a20ae136ba97e853f699e2050
Looks like we missed this, and so non-rooted locked devices can't override the persistent sysprops. On Pixel 8 for example, we ship with 'persist.arm64.memtag.system_server=off' by default (from some droidfood carry-overs), and this can't be edited (https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html).
We should allow these advanced users to set all the MTE properties on the device that they own, and they can already control the non-persistent properties.
Change-Id: Ie495f6f9ad43146a0bfcd5bb291fca3760467370
Test: N/A
Bug: N/A
Remove a duplicate entry with its comment as the sorting logic is not
applied since commit dfa4a48b.
Bug: 299839280
Test: m selinux_policy
Change-Id: I4fa556c2ff8f114b56bba7ab32fac1d17373ef8b
Bootanimation needs access to EGL/GLES libraries. When they are in a
vendor apex, it should be able to read its mount point at least.
Bug: 205618237
Test: launch CF and check logcat # bootanimation works with EGL
Change-Id: I6f0727916dd8f69fbfc02bb33ff27c9f11ec9388
This is checked when getting the time of last successful authentication
from keystore2. The auth_service is the only expected caller.
Bug: 303839446
Test: manual
Change-Id: Idf222e69c0553a7be94206b519a95a4006e69507
Revert submission 2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ
Reason for revert: This change relands the topic
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
The SELinux denial has been fixed in system/sepolicy
Reverted changes: /q/submissionid:2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ
Bug: 308596709
Bug: 274881098
Change-Id: Ib23ac4680b0f37b760bff043e1f42ce61a58c3e2
security_state service manages security state (e.g. SPL) information across partitions, modules, etc.
Bug: 307819014
Test: Manual
Change-Id: I4ebcd8431c11b41f7e210947b32cf64c2adf3901
Create a new system property for game default frame
rate. A toggle system setting UI will set
`persist.graphics.game_default_frame_rate.enabled`
via GameMangerService in system_server.
`persist.graphics.game_default_frame_rate.enabled` == 1:
default frame rate enabled
`persist.graphics.game_default_frame_rate.enabled` == 0:
default frame rate disabled
Bug: 286084594
Test: m, flash and boots properly on Raven
Change-Id: Iae7ebf39aad6c81475ef3d289d750a818fd4ef79
Add test entries for property_service_for_system and virtual_camera.
Re-order file_contexts so that /data/vendor/tombstones/wifi and
/data/misc/perfetto-traces/bugreport are labelled correctly.
Bug: 299839280
Test: checkfc -t ./private/file_contexts ./contexts/plat_file_contexts_test pass
Change-Id: Ifb4453d02327b5cf678e6a4cd927b5df0960086b
When receiving the binder transaction errors reported by Android
applications, AMS needs a way to verify that information. Currently
Linux kernel doesn't provide such an API. Use binderfs instead until
kernel binder driver adds that functionality in the future.
Bug: 199336863
Test: send binder calls to frozen apps and check logcat
Test: take bugreport and check binder stats logs
Change-Id: I3bab3d4f35616b4a7b99d6ac6dc79fb86e7f28d4
The denial is correct, but is causing test failures. However it
appears to be harmless and VMs are operating just fine.
Suppress it until the correct policy is ready.
Bug: 306516077
Test: atest MicrodroidHostTests
Change-Id: I5d8545add4927c2521c3d4e9dc2b5bedb91c0f45
