The goldfish_setup shell script needs the ability to set the interface
address via ifconfig. This requires SIOCSIFADDR plus other ioctl
permissions, therefore allow the set of priv_sock_ioctls permissions.
Addresses the following denial that stops internet access via browser:
avc: denied { ioctl } for pid=712 comm="ifconfig" path="socket:[1825]"
dev="sockfs" ino=1825 ioctlcmd=8916 scontext=u:r:goldfish_setup:s0
tcontext=u:r:goldfish_setup:s0 tclass=udp_socket permissive=0
Test: With update can access internet via browser.
Change-Id: I77a52c0b72bb0ebe9451f45c346a399c1f61672d
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Following change disabled preopt for system apps when doing eng build:
4df565786a
Build: Only preopt boot images in eng builds
As a middle way between full preopt/high performance/long builds,
and no preopt/low performance/fast turnaround, preopt only the
boot image in eng builds.
I4a2692f3ce84823cd40c6b7d672fd73257739ef8
This works well for devices, but first boot on emulator takes 10+mins.
Bypass the change by forcing preopt inside the BoardConfig.
Change-Id: I58d100cd65d2a09b644a90d91261102aab31fcbb
On mips64r6 cpus, the preferred zero-emulation-overhead 32-bit arch
variant is mips32r6. Mips32r1 and mips32r2 software runs but with
frequent op-emulation traps to the kernel. Android NDK had support
for mips32r6 prebuilt binaries in release r10 but lacked STL binaries
in r11 and omits all mips32r6 prebuilts in r13.
To keep mips64 buildable using just aosp sources, switch to using the
slower mips32r2 variant as its 2nd cpu arch. This applies only to the
aosp copy of Android. Imgtec's redistribution of Android releases will
instead use mips32r6 as the 2nd cpu arch, using a privately-maintained
prebuilts/ndk that includes all needed mips32r6 libraries.
The standard 32-bit Mips build on aosp uses mips32r2 as its native ABI.
That also runs mips32r1 apps built by NDK and mips32r1 android STL
components built by NDK. Similarly, the 2nd arch for mips64r6 will
use mips32r2 itself but runs fine with mips32r1 apps and components.
Change-Id: I65c3fa9a3e5427be12955b902e6ec965de85e608
The goldfish_setup shell script needs the ability to execute
the shell script interpreter. Allow it.
Addresses the following denial:
avc: denied { getattr } for pid=1220 comm="init.goldfish.s"
path="/system/bin/sh" dev="vda" ino=442 scontext=u:r:goldfish_setup:s0
tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0
(cherrypicked from commit 501c88c029)
Bug: 28941573
Change-Id: I22d26e90f107c8d801229354a5e0513c37e6c31d
The goldfish_setup shell script needs the ability to execute
the shell script interpreter. Allow it.
Addresses the following denial:
avc: denied { getattr } for pid=1220 comm="init.goldfish.s"
path="/system/bin/sh" dev="vda" ino=442 scontext=u:r:goldfish_setup:s0
tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0
Bug: 28941573
Change-Id: I22d26e90f107c8d801229354a5e0513c37e6c31d
The current 32-bit configuration for generic x86_64 targets inherits some
variables (SSE4 support) from the 64-bit configuration, and overrides
the make variables used for other configurations (SSSE3). Ideally, these
would be using different variables, but until then, unify the
configuration for x86_64 targets so that everything is consistent.
Bug: 28694691
Change-Id: I47e67299d4c632e7491d7e73dc0fc6480ef08006
am: 94f576d
* commit '94f576d18cb61e672bcc849a324eab244dd4f3f8':
Fix emulator specific SELinux denials related to qemu.gles
Change-Id: Iba1c077238ec1c41434c87e8ac96467a081383fc
This type is never used in core policy, only by emulators.
Move the definition of this type to where it's used.
Bug: 28221393
Change-Id: I38dbc12dbe9813f323d4bcd5f07679db57b2fd4a
Support TARGET_2ND_ARCH as the binary translation arch.
See target/board/generic_x86_arm/BoardConfig.mk and
target/product/aosp_x86_arm.mk as example for the setup.
In BoardConfig, use the TARGET_2ND_ARCH/etc. variables to set up the
binary translation arch;
Set "TARGET_TRANSLATE_2ND_ARCH := true" to tell the build system it's
not a typical 64-bit multilib configuration.
In product makefile, use "PRODUCT_PACKAGES += libfoo_<2nd_arch>" to
install the TARGET_2ND_ARCH libraries. This also pulls in any dependency
libraries.
By default we don't install any TARGET_2ND_ARCH modules, unless it's
pulled in by PRODUCT_PACKAGES.
Bug: 27526885
Change-Id: I0578e9c80da0532d2fa886a8fcdb140bbc703009
(cherry-pick from commit 277e75a488)
This is to allow surfaceflinger to always load vendor provided
egl libraries first and fall back to software renderer, and then
set the qemu.gles to correct value reflecting what libraries
are actually used.
bug: 27273457
Change-Id: Ifaca31aa2e562f50baa41fd228df9836bc3b1667
Use global default USE_CLANG_PLATFORM_BUILD set in core/envsetup.mk,
or user provided environment variable USE_CLANG_PLATFORM_BUILD.
BUG: 26102335
Change-Id: I7e12219a60f36bb44797bb028b4a5873a67c9210
Currently, properties that begin with "ro." are special cased to skip
over the "ro." part of the prefix before matching with entries in
property_contexts. A change to init is removing this special case and
therefore, the "ro." prefixes must be explicitly added to
property_contexts.
Bug 26425619
Change-Id: I735eb9fc208eeec284cda8d778db946eeec24192
This commit fixes the avc denied issues in the emulators:
- goldfish_setup is granted for network access
- netd dontaudit for sys_module
- qemu_prop is granted domain for get_prop
Critical issue was that SELinux denied reading the lcd_density property
by SurfaceFlinger via qemu_prop and this commit fixes it.
Change-Id: I633d96f4d2ee6659f18482a53e21f816abde2a5f
Signed-off-by: Miroslav Tisma <miroslav.tisma@imgtec.com>
This change fixes issue b/25613506
The predefined, fixed system image partition size is failing
to fit content for NYC release MIPS64 images. This change
increases the system image size for all boards to 1.5GB
(up from 1.25GB) to make sure that the system image sizes are
uniform across all virtual boards, and fit new content.
Change-Id: Id9808ad5318cd2390fc666ac35b0f9cd32870993
bohu