Support TARGET_2ND_ARCH as the binary translation arch.
See target/board/generic_x86_arm/BoardConfig.mk and
target/product/aosp_x86_arm.mk as example for the setup.
In BoardConfig, use the TARGET_2ND_ARCH/etc. variables to set up the
binary translation arch;
Set "TARGET_TRANSLATE_2ND_ARCH := true" to tell the build system it's
not a typical 64-bit multilib configuration.
In product makefile, use "PRODUCT_PACKAGES += libfoo_<2nd_arch>" to
install the TARGET_2ND_ARCH libraries. This also pulls in any dependency
libraries.
By default we don't install any TARGET_2ND_ARCH modules, unless it's
pulled in by PRODUCT_PACKAGES.
Bug: 27526885
Change-Id: I0578e9c80da0532d2fa886a8fcdb140bbc703009
(cherry-pick from commit 277e75a488)
Use global default USE_CLANG_PLATFORM_BUILD set in core/envsetup.mk,
or user provided environment variable USE_CLANG_PLATFORM_BUILD.
BUG: 26102335
Change-Id: I7e12219a60f36bb44797bb028b4a5873a67c9210
Currently, properties that begin with "ro." are special cased to skip
over the "ro." part of the prefix before matching with entries in
property_contexts. A change to init is removing this special case and
therefore, the "ro." prefixes must be explicitly added to
property_contexts.
Bug 26425619
Change-Id: I735eb9fc208eeec284cda8d778db946eeec24192
This commit fixes the avc denied issues in the emulators:
- goldfish_setup is granted for network access
- netd dontaudit for sys_module
- qemu_prop is granted domain for get_prop
Critical issue was that SELinux denied reading the lcd_density property
by SurfaceFlinger via qemu_prop and this commit fixes it.
Change-Id: I633d96f4d2ee6659f18482a53e21f816abde2a5f
Signed-off-by: Miroslav Tisma <miroslav.tisma@imgtec.com>
These boot properties are used by android wear emulator to configure
round and chin shaped devices.
Bug: 23324757
Change-Id: I812da02d771bba0ffc63b14459c7de7cbdeed142
Addresses the following denial:
init: avc: denied { set } for property=opengles.version scontext=u:r:qemu_props:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
Bug: 25148690
Change-Id: I4b197eeabfe37e794104e4e686e9e388b5bc3e0c
https://android-review.googlesource.com/175922 removed all uses
of system_server execmem and neverallowed it. The x86 emulator policy
inappropriately includes this rule. Delete it.
Fixes the following build breakage:
libsepol.report_failure: neverallow on line 473 of external/sepolicy/system_server.te (or line 12452 of policy.conf) violated by allow system_server system_server:process { execmem };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
Change-Id: I7fbfaa0a09e8f4e8a372d2f1a64bbe58d5302204
When the toolbox domain was introduced, we allowed all domains to exec it
to avoid breakage. However, only domains that were previously allowed the
ability to exec /system files would have been able to do this prior to the
introduction of the toolbox domain. Remove the rule from domain.te and add
rules to all domains that are already allowed execute_no_trans to system_file.
Requires coordination with device-specific policy changes with the same Change-Id.
Change-Id: Ie46209f0412f9914857dc3d7c6b0917b7031aae5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Size increase taken as a precaution against recent built breakage
due to lack of space on a number of targets (e.g. x86, ARM64).
System and user-data image sizes set to match currently most common
setup for the emulator: system image: 1.25gb, user-data image 700mb.
Change-Id: I7118eb26dd78f5fa9e4f0006e15c8d47dee8e28c
This fixes the issue with the emulator "-shell" option.
Init tries to open the console which is passed through
the kernel androidboot.console property, but fails to
open it because "avc" denies it. Init only has permissions
to open console_device in rw mode. This ensures that
/dev/ttyS2 is properly labeled as console_device.
Replaced tabs with spaces.
Change-Id: I9ef94576799bb724fc22f6be54f12de10ed56768
Deal with a build failure in conflict with cl/152105
(cherrypicked from commit 1cc7735ffa)
Bug: 19608716
Change-Id: I1078046db3b159c1baf0a22435c3e777424453a1
The goldfish-setup service (essentially /system/etc/init.goldfish.sh)
executes the following commands when certain conditions are met:
setprop ro.radio.noril yes
stop ril-daemon
so as to stop the RIL daemon and emulate a WiFi-only device. Both would
fail, though, because goldfish-setup does not have the permissions to
set relevant properties.
This CL modifies the emulator's SELinux policy to grant the necessary
permissions. It is a step towards fixing the ril-daemon-keeps-getting-
killed-and-restarted problem with the new ("ranchu") emulator, which
does not support telephony emulation yet. (The other step is to have
init start goldfish-setup, which will be done in a seperate CL.)
(cherrypicked from commit 33dca8090f)
Change-Id: Ice7e7898804b7353ac4a8c49d871b1b2571d7a5f
Signed-off-by: Yu Ning <yu.ning@intel.com>
(cherrypicked from commit cccc901639)
Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
The goldfish-setup service (essentially /system/etc/init.goldfish.sh)
executes the following commands when certain conditions are met:
setprop ro.radio.noril yes
stop ril-daemon
so as to stop the RIL daemon and emulate a WiFi-only device. Both would
fail, though, because goldfish-setup does not have the permissions to
set relevant properties.
This CL modifies the emulator's SELinux policy to grant the necessary
permissions. It is a step towards fixing the ril-daemon-keeps-getting-
killed-and-restarted problem with the new ("ranchu") emulator, which
does not support telephony emulation yet. (The other step is to have
init start goldfish-setup, which will be done in a seperate CL.)
Change-Id: Ice7e7898804b7353ac4a8c49d871b1b2571d7a5f
Signed-off-by: Yu Ning <yu.ning@intel.com>
In goldfish kernel 3.10, the goldfish_tty device instantiates virtual
serial ports as /dev/ttyGF* (e.g. /dev/ttyGF0), not as /dev/ttyS* as in
goldfish kernel 3.4. However, in the emulator's SELinux security policy,
there is no specific security context assigned to /dev/ttyGF*, and the
one inherited from /dev (u:object_r:device:s0) prevents services such as
qemud and goldfish-logcat from reading and writing ttyGF*. Consequently,
qemud terminates abnormally on the classic x86_64 emulator:
init: Service 'qemud' (pid XXX) exited with status 1
Fix this issue by assigning /dev/ttyGF* the same security context as
/dev/ttyS*.
(cherrypicked from commit 4783467922)
Change-Id: Ia7394dc217bd82f566c4d1b7eda3cc8ce3ac612f
Signed-off-by: Yu Ning <yu.ning@intel.com>
In goldfish kernel 3.10, the goldfish_tty device instantiates virtual
serial ports as /dev/ttyGF* (e.g. /dev/ttyGF0), not as /dev/ttyS* as in
goldfish kernel 3.4. However, in the emulator's SELinux security policy,
there is no specific security context assigned to /dev/ttyGF*, and the
one inherited from /dev (u:object_r:device:s0) prevents services such as
qemud and goldfish-logcat from reading and writing ttyGF*. Consequently,
qemud terminates abnormally on the classic x86_64 emulator:
init: Service 'qemud' (pid XXX) exited with status 1
Fix this issue by assigning /dev/ttyGF* the same security context as
/dev/ttyS*.
Change-Id: Ia7394dc217bd82f566c4d1b7eda3cc8ce3ac612f
Signed-off-by: Yu Ning <yu.ning@intel.com>
Ying Wang