*_context_test / sepolicy_tests / treble_sepolicy_tests_* /
sepolicy_freeze_test files are installed on /system/etc.
By being FAKE modules, test files are not installed on target.
Additionally, we need to set up dependency from droidcore to
selinux_policy to make tests run on normal builds (m).
Bug: 133460071
Test: m & see if tests run and no test files on /system/etc
Test: m selinux_policy & see if tests run
Change-Id: Icacf004d5c1c8ec720c7cedef7bae8aa648cbe49
/system/apex/com.android.runtime is labeled as runtime_apex_dir
and init is allowed to mount on it.
When TARGET_FLATTEN_APEX is true (= ro.apex.updatable is unset or set to
false), apexd is not used to activate the built-in flattened APEXes.
Init simply bind-mounts /system/apex to /apex.
However, there is a special case here. The runtime APEX is installed as
either /system/apex/com.android.runtime.debug or
/system/apex/com.android.runtime.release, whereas it should be activated
on /apex/com.android.runtime - without the .debug or .release suffix.
To handle that case, the build system creates an empty directory
/system/apex/com.android.runtime and the .debug or .release directory
is bind-mounted to the empty directory by init at runtime.
Bug: 132413565
Test: marlin is bootable
Merged-In: I3fde5ff831429723fecd1fa5c10e44f636a63f09
Change-Id: I3fde5ff831429723fecd1fa5c10e44f636a63f09
(cherry picked from commit 99902a175b)
Steps taken to produce the mapping files:
1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.
2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.
Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I59f6251e9baa6527a358dec024e9fae62388db2b
I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:
mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec
Bug: 133196056
Test: n/a
Change-Id: I2cbe749777684146114c89e1e6fc3f07400c0ae5
am: 4cd2db897d -s ours
am skip reason: change_id Id03a658aac69b8d20fa7bb758530a4469c75cf9c with SHA1 115aafa7ab is in history
Change-Id: Iceb2da88dfbc0051e682acac49ced7551d44539f
am: 115aafa7ab -s ours
am skip reason: change_id Id03a658aac69b8d20fa7bb758530a4469c75cf9c with SHA1 d431c2bfe5 is in history
Change-Id: I68d9b145d17d69b158e0ae7dd1a1055f0b64907f
am: d0482ba4ba -s ours
am skip reason: change_id I9e5f0a9d501a6728af3f27241300b3bb5c5c2123 with SHA1 febfa8f22d is in history
Change-Id: I42e840f32da0b707d0efe8d2c90f4d4856dae40e
These lines are copied from update_engine.te, and are needed to update
dynamic partitions in recovery.
Bug: 132943965
Test: sideload OTA on cuttlefish
Change-Id: Id03a658aac69b8d20fa7bb758530a4469c75cf9c
Merged-In: Id03a658aac69b8d20fa7bb758530a4469c75cf9c
am: dcdc08cf48 -s ours
am skip reason: change_id I0ebf7f171d854b9aaf894ccb8c7a5f68f18e692b with SHA1 f7c3d19d29 is in history
Change-Id: I79d7b6af42bd35f890fb9c363a674a477f874848
The execmem capability indicates that the processes creates anonymous
executable memory, which is most commonly used for JITing functionality.
All of the healthd executable code comes from the filesystem, and
healthd does not rely on JITing or loading code from non-file based
sources, so this permission is unnecessary.
Bug: 32659667
Test: compiles and boots
Change-Id: Ifb2b68625b191cb002dbb134cace6ddd215236e8
These lines are copied from update_engine.te, and are needed to update
dynamic partitions in recovery.
Bug: 132943965
Test: sideload OTA on cuttlefish
Change-Id: Id03a658aac69b8d20fa7bb758530a4469c75cf9c