Addresses the following denial:
init: avc: denied { set } for property=opengles.version scontext=u:r:qemu_props:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
Bug: 25148690
Change-Id: I4b197eeabfe37e794104e4e686e9e388b5bc3e0c
https://android-review.googlesource.com/175922 removed all uses
of system_server execmem and neverallowed it. The x86 emulator policy
inappropriately includes this rule. Delete it.
Fixes the following build breakage:
libsepol.report_failure: neverallow on line 473 of external/sepolicy/system_server.te (or line 12452 of policy.conf) violated by allow system_server system_server:process { execmem };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
Change-Id: I7fbfaa0a09e8f4e8a372d2f1a64bbe58d5302204
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
We don't have dm-verity enabled on eng builds, so don't waste time
generating metadata for images.
Change-Id: Ib2c8d459bb50c30dc32a4ea1fdedc152c09a3a0f
(cherry picked from commit beae6395fc)
Seems it's copied from target/product/generic_no_telephony.mk
which had duplicate local_time.default before.
(fixed in commit 567ea28838)
Change-Id: I09dcdffc14de08b3d25a5fd08364d38b2712bb08
Bug: 24171451
I missed this when I initially added ld.mc as a requirement for
core_minimal.mk. This is required for RenderScript linking on the
device.
Change-Id: Ie3ffa2454214f886c38387f45b34df2dcbebd6e6
Networking on old emulator device(a.k.a. goldfish) relies on RIL;
However, RIL is not available on ranchu device yet. For ranchu device
to have a functional networking, we need to add ethernet permission
and start dhcpcd_eth0 service on ranchu device. This CL adds ethernet
permission to both goldfish (which is harmless) and ranchu devices.
This addition was originally proposed by miroslav.tisma@imgtec.com
and the ethernet permission was only added to arm64 and mips64 after
discussion. With the ranchu device supporting more architectures,
it makes sense to allow this permission on all devices and all CPU
architectures.
related CL by miroslav.tisma@imgtec.com on AOSP:
b09fb84becf73bf2bc578ebf27910d75b79d668a
bug: 24070972
Change-Id: I81ac5d8901adee43784fe9dd45a170fb90bb824a
init.trace.rc will be renamed to atrace.rc and use the LOCAL_INIT_RC
mechanism to be included on /system appropriately.
Bug 23186545
Change-Id: Ibb86761d3e8d3c6d194ddb1220f93a71a8c6675b
When the toolbox domain was introduced, we allowed all domains to exec it
to avoid breakage. However, only domains that were previously allowed the
ability to exec /system files would have been able to do this prior to the
introduction of the toolbox domain. Remove the rule from domain.te and add
rules to all domains that are already allowed execute_no_trans to system_file.
Requires coordination with device-specific policy changes with the same Change-Id.
Change-Id: Ie46209f0412f9914857dc3d7c6b0917b7031aae5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Size increase taken as a precaution against recent built breakage
due to lack of space on a number of targets (e.g. x86, ARM64).
System and user-data image sizes set to match currently most common
setup for the emulator: system image: 1.25gb, user-data image 700mb.
Change-Id: I7118eb26dd78f5fa9e4f0006e15c8d47dee8e28c
Jeff Vander Stoep