pmem uses a block file while access_ramoops uses a char file. Allow both for
now until we can unify on pmem.
Additionally allow the reading of vendor properties so it can read the
path to the character or block device to open.
Test: atest VtsHalRebootEscrowTargetTest
Bug: 146400078
Change-Id: Ief61534e0946480a01c635ce1672579959ec8db5
This adds rules required for apexd to perform snapshot and restore
of the new apex data directories.
See go/apex-data-directories for more information on the feature.
See the chain of CLs up to ag/10169468 for the implementation of
snapshot and restore.
Bug: 141148175
Test: atest StagedRollbackTest#testRollbackApexDataDirectories_DeSys
Test: atest StagedRollbackTest#testRollbackApexDataDirectories_DeUser
Test: atest StagedRollbackTest#testRollbackApexDataDirectories_Ce
Change-Id: I1756bbc1d80cad7cf9c2cebcee9bee6bc261728c
Looking at go/sedenials, we see this permission being used by
MediaProvider once like so:
type=1400 audit(0.0:569759): avc: granted { getattr } for comm=4173796E635461736B202331 path="/proc/config.gz" dev="proc" ino=4026532157 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:config_gz:s0 tclass=file app=com.google.android.providers.media.module
This permission should not be granted to all priv-apps now that GMS core
has been split out into its own domain. This change removes the
permission for the priv_app domain and the corresponding auditallow.
Bug: 147833123
Test: TH
Change-Id: I4f60daefcbdd4991c5d2c32330e907a03bfe6fe5
Setup SELinux to allow the world to read, and system_server to write,
properties used as indicators that we need to invalidate their respective
set of client side caches.
Test: Flashed build and tested that phone boots and does not crash
as StorageManager and UsageStatsManager operations take place.
Change-Id: Ieaacf741ecab5beb18d59945739f05e7ea26ddec
It needs to know whether B partitions should be allocated
at the second half of super.
Test: flash and see serial output
Fixes: 147363527
Change-Id: I58c57befa3ee3569c911cbdf506e919fe1d0bae4
Revert submission 1209453-aidl-lazy-presubmit
Reason for revert: b/148282665. A test has begun to fail on git_stage-aosp-master, and I need to verify whether these changes are responsible.
Reverted Changes:
Ib09a2460e: Add aidl_lazy_test to general-tests
Ib08989356: Move aidl_lazy_test_server to system_ext
I694e6ad35: Add aidl_lazy_test_server to Cuttlefish
I65db12c63: Add aidl_lazy_test to presubmit
I7ec80a280: Dynamically stop services with multiple interfaces...
Change-Id: I55f6b0f7800f348259787f62c6faa19a90f8bdcc
until we gain a better understanding of why this is breaking builds
on for example pixel3_mainline-userdebug
Test: no, but removing neverallows can't break the already broken build...
Bug: 148311635
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib4fa19317034412f9eaa789f39df2548f13178dc
As with heapprofd, it's useful to profile the platform itself on debug
builds (compared to just apps on "user" builds).
Bug: 137092007
Change-Id: I8630c20e0da9c67e4927496802a4cd9cacbeb81a
The steps involved in setting up profiling and stack unwinding are
described in detail at go/perfetto-perf-android.
To summarize the interesting case: the daemon uses cpu-wide
perf_event_open, with userspace stack and register sampling on. For each
sample, it identifies whether the process is profileable, and obtains
the FDs for /proc/[pid]/{maps,mem} using a dedicated RT signal (with the
bionic signal handler handing over the FDs over a dedicated socket). It
then uses libunwindstack to unwind & symbolize the stacks, sending the
results to the central tracing daemon (traced).
This patch covers the app profiling use-cases. Splitting out the
"profile most things on debug builds" into a separate patch for easier
review.
Most of the exceptions in domain.te & coredomain.te come from the
"vendor_file_type" allow-rule. We want a subset of that (effectively all
libraries/executables), but I believe that in practice it's hard to use
just the specific subtypes, and we're better off allowing access to all
vendor_file_type files.
Bug: 137092007
Change-Id: I4aa482cfb3f9fb2fabf02e1dff92e2b5ce121a47
Bug: 140788621
This adds keys for several planned binder caches in the system server
and in the bluetooth server. The actual cache code is not in this
tree.
Test: created a test build that contains the actual cache code and ran
some system tests. Verified that no protection issues were seen.
Change-Id: Ibaccb0c0ff8b127d14cf769ea4156f7d8b024bc1
Enforce new requirements on app with targetSdkVersion=30 including:
- No RTM_GETLINK on netlink route sockets.
Remove some of the repetitive descriptions in each untrusted_app_N.te
file, and instead refer to the description in
public/untrusted_app.te.
Bug: 141455849
Test: CtsSelinuxTargetSdkCurrentTestCases
Test: libcore.java.net.NetworkInterfaceTest#testGetNetworkInterfaces
Change-Id: I89553e48db3bc71f229c71fafeee9005703e5c0b
