| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following properties are used in AudioService:
ro.config.alarm_vol_default
ro.config.alarm_vol_steps
ro.config.media_vol_default
ro.config.system_vol_default
ro.config.system_vol_steps
ro.config.vc_call_vol_default
Test: properties can be set from vendor with PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE := true
Change-Id: Ib90103173989fcb0723f3d8465df3cd03334cc53
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL addresses the following denial, when the system_other
partition is erased. This happens when 1) the device gets an
OTA update and 2) factory reset to wipe userdata partition.
Note that the system_other partition will be mounted under
/postinstall only in the first boot after factory reset.
Also, system_other.img is only included in the factory ROM and
is absent in the OTA package. When it is absent and userdata
is wiped, the mount will fail and triggers the following denials
when both cppreopts.sh and preloads_copy.sh access /postinstall dir.
SELinux denials to address:
avc: denied { search } for comm="find" name="postinstall" dev="dm-5"
ino=44 scontext=u:r:preloads_copy:s0
tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0
avc: denied { search } for comm="cppreopts.sh" name="postinstall" dev="dm-5"
ino=44 scontext=u:r:cppreopts:s0
tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0
Bug: 152453231
Test: fastboot erase system_other (e.g., system_b) and fastboot -w
Change-Id: Ie67f02467d5da51b0caba6e8fda56bc2c6bbc944
(cherry picked from commit 35c2f102f29a0f9d73e526f1fa6fdb163f75b48c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relax the requirement to have both seinfo and name specified for
privapps. The original reason for requiring both was because, normally,
a package can only be uniquely specified by both name and signature,
otherwise package squatting could occur. However, privapps are
pre-installed, so the concerns about the potential for package squatting
are eliminated. This change will drastically simplify sepolicy
configuration for priv-apps.
Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.permissioncontroller still runs in the
permissioncontroller_app domain.
Change-Id: I5bb2bf84b9db616c4492bd1402550821c70fdd07
(cherry picked from commit 04f771dee48ad65f823d1f2343b439b85082e0f8)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following denial:
type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="compatible" dev="sysfs" ino=28205 scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=file permissive=0
This permission is needed for ReadDefaultFstab, which searches the device tree for fstab entries. Devices that use dt-fstab may fail to find the misc block device.
Bug: 143589455
Test: manual test
Change-Id: Ied52fe9b1056d26b4dd00811c4690fa4c505fae8
(cherry picked from commit 9853c7522d3e81d10c3410b1ea272b385905072e)
|
|
|
|
|
|
|
|
|
| |
Bug: 138861550
Test: manual test
Change-Id: Ibc9a55266a2726cb8dc8550be0264db30b66109e
[adelva: Backporting to support the 'reference' default boot control HAL
implementation used on cuttlefish, but free to use on any device]
(cherry picked from commit 549e3c6d91ce214739ce52b1b807ea37f1574bb1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit dddbaaf1e8791f8fffde424aa09a6e135f973771 ("update sepolicy
for fs notification hooks") updated global macros, and added
watch, watch_mount, watch_sb, watch_with_perm, and watch_reads
to r_file_perms and r_dir_perms.
In retrospect, the commit was overly permissive and some of the
permissions shouldn't be granted by default. In particular:
1) watch_with_perm: This is only used with fanotify and requires
CAP_SYS_ADMIN. fanotify has limited use cases, including virus scanning
and hierarchical storage management. Granting this by default makes it
harder to audit and understand this powerful capability. In particular,
anti-virus file like monitoring is something which inherently conflicts
with Android app privacy guarantees and would need to be carefully
reviewed.
2) watch_mount & watch_sb: Setting a watch on a mount (FAN_MARK_MOUNT)
or superblock (FAN_MARK_FILESYSTEM) should be extremely unusual.
Granting this by default makes it harder to audit and understand.
Both "watch" and "watch_reads" are retained for now.
References:
* https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ac5656d8a4cdd93cd2c74355ed12e5617817e0e7
* https://android.googlesource.com/platform/system/sepolicy/+/dddbaaf1e8791f8fffde424aa09a6e135f973771
Bug: 151469737
Test: compiles
Change-Id: Ib74e7119853eb991e0e9828645c7f9e076b919c4
(cherry picked from commit c4ab8edf7476ac8f247e5f1b2efbe282a693be06)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update access_vectors and global_macros to account for the changes in
kernel commit
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ac5656d8a4cdd93cd2c74355ed12e5617817e0e7
This change is needed to allow Android to boot on linux-next
Bug: 151469737
Test: compiles
Change-Id: I35c59fc50fa9c94ab94399ce74d637e49d38129d
(cherry picked from dddbaaf1e8791f8fffde424aa09a6e135f973771)
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
staging/lineage-17.1_merge-android-10.0.0_r37
Android 10.0.0 Release 37 (QQ3A.200605.001)
* tag 'android-10.0.0_r37':
Ignore the denial due to vendor_misc_writer reading DT fstab.
Allow access to the "refresh_rate_switching" system property
Prevent apps from causing presubmit failures
Add property contexts for dex2oat cpu-set properties
Update Q sepolicy prebuilt
Fix: dumpstate HAL service property context
block: allow init.rc to tune max discard size
Allow adb start/stop mdnsd via ctl.start/stop
system_server: TelephonyManager reads /proc/cmdline
Conflicts:
prebuilts/api/29.0/private/system_server.te
private/system_server.te
Change-Id: Ieddbab309e6e666475e97d0b7b27c33e6804c5a4
|
| |\
| | |
| | |
| | |
| | |
| | | |
qt-qpr3-release
Change-Id: Ib923cecdadf14e40643cf0b19563671360b2a356
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This CL addresses the following denial, when vendor_misc_writer tries to
read DT fstab (i.e. device tree fstab) for /misc entry.
avc: denied { search } for comm="misc_writer" name="android" dev="sysfs" ino=17456 scontext=u:r:vendor_misc_writer:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=dir
DT fstab was used for devices shipped prior to Q, for early-mounting
partitions (e.g. /system, /vendor, /product), which has been disallowed
for Q launch devices. vendor_misc_writer is a new module added since Q,
so it doesn't need to worry about the legacy code path; in practice
there's no benefit of putting /misc entry into DT fstab either.
Bug: 134122603
Bug: 152718206
Test: Build and flash taimen with the change that enables
vendor_misc_writer. Check that it no longer gives the above denial
during boot.
Change-Id: Id2fb206706f7cd19a4cde2701e4155bfc03f01b4
|
| |\|
| | |
| | |
| | |
| | |
| | | |
qt-qpr3-release
Change-Id: Ia4da3d010c3fa0a44b6362e502f6564980444257
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bug: 147233255
Bug: 136592946
Bug: 138261472
Test: Ran with the patch applied, confirmed surface flinger can access
the system property.
Change-Id: I259a488399c5e698de384322852ea81ea1a96e7d
Merged-In: I259a488399c5e698de384322852ea81ea1a96e7d
Exempt-From-Owner-Approval: Approved internally
|
| |\|
| | |
| | |
| | |
| | |
| | | |
qt-qpr3-release
Change-Id: I30b3cf572220a2c5af68a4de570f3ef5b8c003c6
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Apps can cause selinux denials by accessing CE storage
and/or external storage. In either case, the selinux denial is
not the cause of the failure, but just a symptom that
storage isn't ready. Many apps handle the failure appropriately.
These denials are not helpful, are not the cause of a problem,
spam the logs, and cause presubmit flakes. Suppress them.
Bug: 145267097
Bug: 151188413
Test: build
Merged-In: If87b9683e5694fced96a81747b1baf85ef6b2124
Change-Id: If87b9683e5694fced96a81747b1baf85ef6b2124
|
| |\|
| | |
| | |
| | |
| | |
| | | |
qt-qpr3-release
Change-Id: I8047a251c85607b63b214c76789802605da9bfce
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
New properties are:
dalvik.vm.dex2oat-cpu-set [default compiler thread affinity]
dalvik.vm.boot-dex2oat-cpu-set [compiler thread affinity for boot]
dalvik.vm.image-dex2oat-cpu-set [thread affinity recompiling the boot image]
Bug: 141446571
Bug: 149395059
Test: Run installd tests with new properties defined in target mk file.
Change-Id: Idcbb1332aa9c18f6082b827eae0334d063644a41
(cherry picked from commit 7b2ee48cd2c751661c21b9c498a57da7ba6daf50)
|
| |\|
| | |
| | |
| | |
| | |
| | | |
qt-qpr3-release
Change-Id: Id05dd4a11e62b70de35cdda22b39dd425bbd5654
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This updates 29.0 api for dumpstate restart control property contexts
Bug: 147730517
Change-Id: I0aa7450dc0fb34de321cf8d2ba357b2ecabbcf43
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
http://aosp/678384 changed property format
Fixes: 137695210
Bug: 147730517
Test: inject timeout and take BR see dumpstate restarted
Change-Id: Ie24e2d42e92410a935ca4c9364b476d72aa459f3
Merged-In: Ie24e2d42e92410a935ca4c9364b476d72aa459f3
(cherry picked from commit 046c5104021ffc5dacb89e1d3a7299e172ad95fd)
|
| |\|
| | |
| | |
| | |
| | |
| | | |
qt-qpr3-release
Change-Id: Ia85f8afbff172433e3af6d67ae53531a2d94c57b
|
| | |\ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Init.rc requires to limit max discard to avoid long latencies.
Bug: 148209614
Change-Id: Idf3b295ac15efd5edf979ca896fdf826b9fc3c99
Merged-In: Idf3b295ac15efd5edf979ca896fdf826b9fc3c99
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
qt-qpr3-release
Change-Id: I9cbbb5de9cc86023371c135e5fe142cc17dcafd5
|
| | |\ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 128345139
Test: make selinux_policy
Change-Id: I477d6d94c16974f23f703d5f334ef108279ab3bb
Signed-off-by: Changyeon Jo <changyeon@google.com>
(cherry picked from commit cfeaa1c664afbd10c7a52e845ec4c08c9eabb525)
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
qt-qpr3-release
Change-Id: Icb6faaaafd944d39e9a3f487ac4020a0e77c4a9b
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: 124466646
Test: build
Change-Id: Ib4868826eb153543c65503bfb4d3623c4158ffae
(cherry picked from commit 29b76e2ceec2ab1e04715657a79b6544afdf09c9)
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
qt-qpr3-release
Change-Id: If0e65804d2442eaffac1488032789d1b7a6966ab
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: 128345139
Test: make selinux_policy
Change-Id: I477d6d94c16974f23f703d5f334ef108279ab3bb
Signed-off-by: Changyeon Jo <changyeon@google.com>
(cherry picked from commit cfeaa1c664afbd10c7a52e845ec4c08c9eabb525)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* These properties are used by the wifi hal and it works as expected on
devices with compatible property. However, on devices without
compatible property, these prperties are labeled as "default_prop"
because public/property_contexts is not used. Thus they can't be set
by the hal.
* To tackle the problem, label them as "wifi_prop" in
private/property_contexts which also works on devices without compatible
property. The label will be overridden later by
public/property_contexts rules if exist.
Change-Id: If8b8bd5bea64f2ea08864cc62f6dc405cb394e00
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is needed for /etc/fstab, /adb_keys and volmgr
Change-Id: I53332a57ce7879d7ba63c4ea3e27add01f5a3a90
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: If91584e58f3709c0b18eaf9ee12a0c057716f9f3
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Since we can't use contextmount_type for sdcard_posix
due to contextmount_type being read only by design we
need to declare our own attribute to bypass relabelto
neverallow. That way we can mount external ext4/f2fs
SD with sdcard_posix context and write permissions.
Test: m -j selinux_policy
Change-Id: I0dfe49cc0b34dfcce2840198843bde1272cbc61c
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow audioserver to signal audio HAL processes and
generate tombstones in case of watchdog restart.
Bug: 141528385
Test: Force watchdog and verify tombstone creation
Change-Id: I39bb4a63aa93efab68baad3890b8f49fc5f79ead
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Android 10.0.0 release 31
* tag 'android-10.0.0_r31':
Allow adb forward to traced consumer socket
Revert "Revert "Allow dumpstate to dumpsys gpu""
Revert "Allow dumpstate to dumpsys gpu"
Allow dumpstate to dumpsys gpu
Allow vendor_init to modify pm.dexopt.disable_bg_dexopt
Allow shell to unlink perfetto_traces_data_file.
Revert "Property contexts for ro.sanitize.*"
Property contexts for ro.sanitize.*
Change-Id: Icc2807a2ae3a9fa53904db23114a4d07461fa30f
|
| |\ \ \ \
| | | |/ /
| | |/| |
| | | | |
| | | | |
| | | | | |
qt-qpr2-release
Change-Id: I273fc16913682a13804adbe627adcb66e592ba7a
|
| | |\ \ \ |
|
| | | |/ /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently shell can connect to the traced_consumer_socket allowing it to
configure/start/stop and collect traces. This allows a host tool (e.g. Android Studio or
https://ui.perfetto.dev) to connect to the device via adb and collect traces. It would
be better if rather than executing shell commands the host tool could directly communicate
with the consumer socket. This is possible using adb forward:
adb forward tcp:9903 localfilesystem:/dev/socket/traced_consumer
However in this case adbd is connecting to the socket - not shell.
This CL allows adbd to connect to the socket which allows host tools to collect
traces without having to do everything though shell commands.
Note that this patch also has additional change on prebuilts in order to
backport.
Denial:
08-30 11:28:05.809 10254 10254 W adbd : type=1400 audit(0.0:1129): avc: denied { write } for name="traced_consumer" dev="tmpfs" ino=6719 scontext=u:r:adbd:s0 tcontext=u:object_r:traced_consumer_socket:s0 tclass=sock_file permissive=0
Test: Cherry pick CL to master, make, flash
adb logcat | grep denied
adb forward tcp:9903 localfilesystem:/dev/socket/traced_consumer
Bug: b/139536756
Change-Id: Ie08e687c0b06d0e1121009e8cd70319a8f907ae2
(cherry-picked from commit b56a49d979c228400abaae849e9df95d0c834f51)
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
qt-qpr2-release
Change-Id: Ibb6bb876e5f33517d6f82562648394afcaad7d25
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 6daec46264b5bfdfec6f249443133d74222d48e0.
Reason for revert: b/147458874
Bug: 132402890
Test: build passes on coral-userdebug
Change-Id: Ibcbc06e99561be424aa953e62985abb5b5864c56
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
qt-qpr2-release
Change-Id: I0a27ceac7adedd2342886ebc3efd6db7e1ddfa87
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 979f5a44bf57b6ec1217fdfeaca3bcc00b82910e.
Reason for revert: b/147458874
Change-Id: Id8a9d7e50dbd3f293e01ab6277e9e54a8ed7619d
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: 132402890
Test: adb bugreport and verify dumpsys gpu is included.
Change-Id: Ib145937889f9616a0dcdabb7b58839fb715bf6c3
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
qt-qpr2-release
Change-Id: Ic8b0b169bff0e5cfa7aac107a993e5ec1a77a6c1
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Android Auto has disabled background dexopt (b/142753051).
- The modification is in car_base.mk which is included by vendor device
file.
- So, vendor_init needs to be able to modify
pm.dexopt.disable_bg_dexopt property.
Bug: 145348176
Test: Check pm.dexopt.disable_bg_dexopt is set to true in Android Auto
device.
Cherry-Picked-From: 03b1992d0bf363e438b0fd7efca1e2a1d7249320
Change-Id: I84d19ea62f1abe1bf9206a60ca103614616e312b
|
| |\|
| | |
| | |
| | |
| | |
| | | |
qt-qpr2-release
Change-Id: I3e929988995d337c1c9ea0eff2962a52f2a24187
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bug: 141704436
Test:
blueline:/ $ ls -lZa /data/misc/perfetto-traces
total 186
drwxrwx-wx 2 root shell u:object_r:perfetto_traces_data_file:s0 3488 2019-09-30 14:12 .
drwxrwx--t 46 system misc u:object_r:system_data_file:s0 3488 2019-09-30 14:08 ..
-rw------- 1 shell shell u:object_r:perfetto_traces_data_file:s0 180467 2019-09-30 14:12 profile-shell
blueline:/ $ rm /data/misc/perfetto-traces/profile-shell
rm ro /data/misc/perfetto-traces/profile-shell (y/N):y
blueline:/ $ ls -lZa /data/misc/perfetto-traces
total 6
drwxrwx-wx 2 root shell u:object_r:perfetto_traces_data_file:s0 3488 2019-09-30 14:13 .
drwxrwx--t 46 system misc u:object_r:system_data_file:s0 3488 2019-09-30 14:08 ..
blueline:/ $
Cherry pick of c069bc134e80f86d16d7305d67e9cf44ceffbc2b
Change-Id: Ia710068c3cca53a415347fb0a7064740e500d15d
Merged-In: Ia710068c3cca53a415347fb0a7064740e500d15d
|
| |\|
| | |
| | |
| | |
| | |
| | | |
qt-qpr2-release
Change-Id: I4d0541371665dd777b050c478613dbc7ec0a7a8e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit df186a0a679cf95f8199f6ae3cda49c4a97317a0.
Reason for revert: breaks sepolicy_freeze_test
Change-Id: I3e91b590873f211863b15758b6903328e90ab869
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bug: 142430632
Bug: 142681453
Test: adb shell getprop ro.sanitize.hwaddress in hwasan build
Change-Id: I8e0fa0e6c865d18b94ffbdb6a0dddb1817adb364
Merged-In: I8e0fa0e6c865d18b94ffbdb6a0dddb1817adb364
(cherry picked from commit bc9e5f710e75531756cdc5d859dc19c1566ed9ed)
|