Wei Wang
a3d6302c57
Allow psi monitor users to setched kernel threads
...
psi monitor sched_setscheduler(kworker->task, SCHED_FIFO, ¶m) was added into pa/1282597
Bug: 131252752
Bug: 129476847
Test: build
Change-Id: I69fdd90e4a39da8d33b417efc7ea7a0da9d9290b
2019-05-01 10:18:48 -07:00
Wei Wang
76d93f0ce8
Allow signals to power/thermal HAL from dumpstate
...
Bug: 129711808
Test: Take BR
Change-Id: Ibcb03698a6e2966f4913ddb6e674502bce4df235
2019-04-23 14:21:03 -07:00
Sudheer Shanka
5bce022dce
Remove obsolete denials tracking.
...
Bug: 118185801
Test: manual
Change-Id: Ibc4590d6e7b825124035e8f51574afbe5ae4b750
2019-04-18 17:22:19 -07:00
TreeHugger Robot
625ed86bc9
Merge "Allow system_server to schedule mediaswcodec" into qt-dev
2019-04-18 03:24:14 +00:00
Chong Zhang
6fd8d82f31
Allow system_server to schedule mediaswcodec
...
bug: 130669553
Change-Id: I49d4ef473181d2270d90a9350c5e05b8b7db76bb
(cherry-picked from https://android-review.googlesource.com/c/platform/system/sepolicy/+/946836 )
2019-04-17 20:51:51 +00:00
Nick Kralevich
6b34e64ecb
Remove isV2App
...
This selector is no longer used.
Bug: 123605817
Bug: 111314398
Test: compiles and boots
(cherry picked from commit 795add585c
2019-04-17 00:10:26 -07:00
TreeHugger Robot
f9085929fb
Merge "Allow bootstrap bionic only to init, ueventd, and apexd" into qt-dev
2019-04-15 16:39:14 +00:00
TreeHugger Robot
68f6ff2fff
Merge "Allow webview_zygote to read the /data/user/0 symlink." into qt-dev
2019-04-12 19:51:51 +00:00
TreeHugger Robot
09a652eadc
Merge "Fix package path of android/soong/android pctx" into qt-dev
2019-04-12 17:24:18 +00:00
Torne (Richard Coles)
180b243c2e
Allow webview_zygote to read the /data/user/0 symlink.
...
ART follows the /data/user/0 symlink while loading cache files, leading
to:
avc: denied { getattr } for comm="webview_zygote" path="/data/user/0"
dev="sda35" ino=1310726 scontext=u:r:webview_zygote:s0
tcontext=u:object_r:system_data_file:s0 tclass=lnk_file permissive=0
Allow this access, the same as app and app_zygote do.
Bug: 123246126
Test: DeviceBootTest.SELinuxUncheckedDenialBootTest
Change-Id: I90faa524e15a17b116a6087a779214f2c2142cc2
(cherry picked from commit d40f7fd9d5
2019-04-12 11:35:43 -04:00
Maciej Żenczykowski
f4aeb81eec
sepolicy: proper labelling of /sys/devices/virtual/net/...
...
While we're at it also label /sys/module/tcp_cubic/parameters correctly.
Before:
[40/54] BinderTest#InterfaceSetMtu: FAILED (4ms)
STACKTRACE:
system/netd/tests/binder_test.cpp:2724: Failure
Value of: status.isOk()
Actual: false
Expected: true
Remote I/O error
system/netd/tests/binder_test.cpp:2580: Failure
Expected equality of these values:
mtu
Which is: 1200
mtuSize
Which is: 1500
Summary
-------
libbpf_android_test: Passed: 9, Failed: 0, Ignored: 0
libnetdbpf_test: Passed: 11, Failed: 0, Ignored: 0
netd_integration_test: Passed: 53, Failed: 1, Ignored: 0
netd_unit_test: Passed: 179, Failed: 0, Ignored: 0
netdutils_test: Passed: 68, Failed: 0, Ignored: 0
resolv_integration_test: Passed: 67, Failed: 0, Ignored: 0
resolv_unit_test: Passed: 67, Failed: 0, Ignored: 0
1 test failed
-------------
BinderTest#InterfaceSetMtu
Test: failing test now passes
Bug: 130318253
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2f7e9824ccce9d1597a18400a9ddd74b53ded857
2019-04-11 22:25:00 +00:00
Colin Cross
37fae0520a
Fix package path of android/soong/android pctx
...
android/soong/common was renamed to android/soong/android long
ago, but the pctx package path was still "android/soong/common".
This required all users of rules defined in android/soong/android
to import "android/soong/android" and then
pctx.Import("android/soong/common").
Bug: 130298888
Test: m checkbuild
Change-Id: Ic9e8bf25e76dbd61bb1cb1d0e7d095e73c0f279b
2019-04-11 11:02:31 -07:00
Joel Galenson
99149c9fbf
Fix denial during bugreport.
...
Bug: 116711254
Test: Build.
Change-Id: Iafad9228a171796ce7ab18d60697eea396be4efa
Merged-In: I060b0d929a9d147f6327432844106d8270222d18
2019-04-11 09:41:50 -07:00
TreeHugger Robot
99a6d5317e
Merge "Let dumpstate get netd stack traces." into qt-dev
2019-04-11 08:42:15 +00:00
Jiyong Park
972d4b6473
Allow bootstrap bionic only to init, ueventd, and apexd
...
The bootstrap bionic (/system/lib/bootstrap/*) are only to the early
processes that are executed before the bionic libraries become available
via the runtime APEX. Allowing them to other processes is not needed and
sometimes causes a problem like b/123183824.
Bug: 123183824
Test: device boots to the UI
Test: atest CtsJniTestCases:android.jni.cts.JniStaticTest#test_linker_namespaces
Merged-In: Id7bba2e8ed1c9faf6aa85dbbdd89add04826b160
Change-Id: Id7bba2e8ed1c9faf6aa85dbbdd89add04826b160
(cherry picked from commit a0f998e6de
2019-04-11 13:04:19 +09:00
Nick Kralevich
c7a3140398
Add policy for /system/bin/auditctl
...
/system/bin/auditctl is executed by init to set the kernel audit
throttling rate limit. Grant the rules necessary for this to happen.
Test: compiles and boots
Test: Perform an operation which generates lots of SELinux denials,
and count how many occur before and after the time period.
Bug: 118815957
(cherry picked from commit 622ab8a2ba
2019-04-09 20:55:30 -07:00
TreeHugger Robot
61cbd0a362
Merge "Allow signals to hal_power_stats_server from dumpstate" into qt-dev
2019-04-09 22:54:04 +00:00
Tri Vo
e65658c044
Merge "ephemeral_app: restore /dev/ashmem open permissions" into qt-dev
2019-04-09 22:27:10 +00:00
TreeHugger Robot
ae58322ba7
Merge "Re-label /data/pkg_staging files as staging." into qt-dev
2019-04-09 19:58:37 +00:00
Tri Vo
0da2ecda62
ephemeral_app: restore /dev/ashmem open permissions
...
ephemeral_app domain doesn't distinguish between apps that target Q vs
ones target pre-Q. Restore ashmem permissions for older apps.
Bug: 130054503
Test: start com.nextlatam.augmentedfaces instant app
Change-Id: I490323cce96d69e561fc808426a9dfba2aeac30f
2019-04-09 11:53:53 -07:00
Benjamin Schwartz
b3ecb4e5b9
Allow signals to hal_power_stats_server from dumpstate
...
This is needed for bugreport to include ANR trace for the process.
Bug: 128878895
Test: adb bugreport
Change-Id: I92e6952b03ffb047e9fb75b0e44024f2623debb3
2019-04-09 10:25:58 -07:00
Dario Freni
b485a6ae20
Re-label /data/pkg_staging files as staging.
...
While the directory is not present anymore in Q, it has been shipped on
Q Beta 2 and the absence of such label might cause issues to devices
with pending installs which receive an OTA > Beta 2.
Bug: 130184133
Test: m
Change-Id: Ie3e77eebd2e7fd7b3a6a940d189cbc2bb386dc0e
2019-04-09 17:12:13 +01:00
Stephen Nusko
ba27ad4806
Add producer socket to the selinux perfetto domain.
...
This change allows the perfetto cmdline client to access
the (unprivileged) producer socket of traced, with the
intent of triggering finalization of already running traces
(see b/130135730). Matching change: aosp/932138
Note that:
- perfetto cmdline can already access the consumer socket
(to start tracing sessions).
- The producer socket is already exposed to most domains,
including unprivileged apps.
Bug: 130135730
Bug: 128966650
Test: manual
(cherry picked from commit cdda2dc3c9
2019-04-08 22:29:32 +01:00
Chalard Jean
18bf53fa4f
Let dumpstate get netd stack traces.
...
Test: manual
Bug: 128804277
Change-Id: Ibb3c0063f96f835edb13868b3e7a9fb9f6f94195
(cherry picked from commit a4c9f7b2c6
2019-04-05 18:09:04 +09:00
Roshan Pius
73449cee1a
Merge "wifi: Add a new property to indicate active wifi iface" am: 849ac8020d am: 09b3e95f62
...
am: 2a65fd6fd5
2019-04-03 10:48:37 -07:00
Roshan Pius
2a65fd6fd5
Merge "wifi: Add a new property to indicate active wifi iface" am: 849ac8020d
...
am: 09b3e95f62
2019-04-03 10:37:56 -07:00
Roshan Pius
09b3e95f62
Merge "wifi: Add a new property to indicate active wifi iface"
...
am: 849ac8020d
2019-04-03 10:25:35 -07:00
Treehugger Robot
849ac8020d
Merge "wifi: Add a new property to indicate active wifi iface"
2019-04-03 16:51:55 +00:00
Jiyong Park
401b639533
Remove apex_key_file am: cff95d7b5f am: 6c36a99417
...
am: c035d085ec
2019-04-03 03:29:11 -07:00
Florian Mayer
79b4296acf
Merge "Allow traced_probes to read packages.list." am: 5686c383c8 am: 2ace731692
...
am: 374dbee17e
2019-04-03 03:28:37 -07:00
Jiyong Park
c035d085ec
Remove apex_key_file am: cff95d7b5f
...
am: 6c36a99417
2019-04-03 03:24:56 -07:00
Florian Mayer
374dbee17e
Merge "Allow traced_probes to read packages.list." am: 5686c383c8
...
am: 2ace731692
2019-04-03 03:24:31 -07:00
Jiyong Park
6c36a99417
Remove apex_key_file
...
am: cff95d7b5f
2019-04-03 03:19:50 -07:00
Florian Mayer
2ace731692
Merge "Allow traced_probes to read packages.list."
...
am: 5686c383c8
2019-04-03 03:19:27 -07:00
Przemyslaw Szczepaniak
8c82a41271
Merge "NNAPI property to disable extensions use on GSI/AOSP product partition." am: d385346ada am: b97cabd363
...
am: 4431bd1422
2019-04-03 03:01:40 -07:00
Jiyong Park
cff95d7b5f
Remove apex_key_file
...
We no longer have /system/etc/security/apex/* as the public keys are all
bundled in APEXes. Removing the selinux label and policies for it.
Bug: 936942
Test: device is bootable
Change-Id: I6b6144a8d15910d1ba8584a0778244ed398dc615
2019-04-03 09:49:15 +00:00
Przemyslaw Szczepaniak
4431bd1422
Merge "NNAPI property to disable extensions use on GSI/AOSP product partition." am: d385346ada
...
am: b97cabd363
2019-04-03 02:43:27 -07:00
Treehugger Robot
5686c383c8
Merge "Allow traced_probes to read packages.list."
2019-04-03 09:28:26 +00:00
Przemyslaw Szczepaniak
b97cabd363
Merge "NNAPI property to disable extensions use on GSI/AOSP product partition."
...
am: d385346ada
2019-04-03 02:24:15 -07:00
Przemyslaw Szczepaniak
d385346ada
Merge "NNAPI property to disable extensions use on GSI/AOSP product partition."
2019-04-03 08:51:53 +00:00
Jeff Vander Stoep
c428dd80d3
Merge "Merge "Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4" into stage-aosp-master am: 37f925077d" into pi-dev-plus-aosp
...
am: 424241e18d
2019-04-02 21:22:44 -07:00
Android Build Merger (Role)
0495ea3f0a
Merge "Merge "Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4" into stage-aosp-master am: 37f925077d am: 42f419ff3b"
2019-04-03 03:59:42 +00:00
Jeff Vander Stoep
f5a4d7d1d5
Merge "Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4" into stage-aosp-master am: 37f925077d
...
am: 42f419ff3b
2019-04-02 20:59:34 -07:00
Jeff Vander Stoep
caf9374f95
Merge "Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4" into stage-aosp-master am: 37f925077d
...
am: 42f419ff3b
2019-04-02 20:59:21 -07:00
Android Build Merger (Role)
ab8a8102fa
Merge "Merge "Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4 am: 7bc1740052" into pi-dev-plus-aosp am: e2e24ece95"
2019-04-03 03:55:31 +00:00
Jeff Vander Stoep
28a4364df6
Merge "Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4 am: 7bc1740052" into pi-dev-plus-aosp
...
am: e2e24ece95
2019-04-02 20:55:21 -07:00
Jeff Vander Stoep
64c20d8328
Merge "Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4 am: 7bc1740052" into pi-dev-plus-aosp
...
am: e2e24ece95
2019-04-02 20:55:18 -07:00
Android Build Merger (Role)
aa47102881
Merge "Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4 am: 7bc1740052 am: ceeee0e4cf"
2019-04-03 03:52:55 +00:00
Jeff Vander Stoep
4a08b7db2f
Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4 am: 7bc1740052
...
am: ceeee0e4cf
2019-04-02 20:52:46 -07:00
Jeff Vander Stoep
3d23317c01
Merge "Allow execmod for apps with targetSdkVersion=26-28" am: 61f28b33a4 am: 7bc1740052
...
am: ceeee0e4cf
2019-04-02 20:52:23 -07:00
