system properties must not be used as a communication channel in between
system and vendor processes. However, there has been no enforcement on
this: system process could write system properties that are owned and
read by vendor processes and vice versa. Such communication should be
done over hwbinder and should be formally specified in HIDL.
Until we finish migrating the existing use cases of sysprops to HIDL,
whitelisting them in system_writes_vendor_properties_violators so that
the violators are clearly tracked.
These violators are allowed only for P, but not for Q.
Bug: 78598545
Test: m -j selinux_policy when choosecombo'ed to aosp_arm64
Change-Id: I8f66aa20bb2d926cf517d40c93f4300c4d16b04b
Non-A/B devices using AOSP OTA flow will mount /cache in the
fstab file. Without setting BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE,
/cache will be a symlink to /data/cache which introduces the
failure of `mount_all /vendor/etc/fstab.{ro.hardware}`. This is
because all devices laucned in P need to switch to "system-as-root".
This CL sets board config to create /cache directory in rootfs
(system-as-root GSI image). Note that A/B devices doesn't mount
or use /cache so leaving an empty /cache in rootfs has no harm.
Bug: 78485405
Test: Boot GSI on walleye
Change-Id: Ic260d2917cc64c9497f5f60ea11303e953e80efd
GSI Pi (for newly launched devices) need to enable this to pass
VtsTrebleSysProp.
Bug: 79395858
Test: Built aosp_{arm,arm64,x86,x86_64}. Check system/etc/prop.default
and found "ro.actionable_compatible_property.enabled=true".
aosp_x86(_64) could boot to home screen.
Change-Id: I04a4ff7c5feee7671d727c04c9d9657b63ec0912
System images of aosp_$arch are used as GSIs in P, and traditional GSI
users often need a special vbmeta image to disable verity (if AVB is
employed) befrre they flash the GSI.
"BOARD_BUILD_DISABLED_VBMETAIMAGE := true" builds such vbmeta.img
Bug: 79393905
Test: # For arch in arm, arm64, x86, x86_64, do
$ lunch aosp_$arch; m -j # found vbmeta.img under $OUT
Change-Id: I113006385991a2daab60d3c55dc03f23f1b383b8
Properties for GSI Pi are not exactly the same as those for legacy GSI.
Create a new gsi_system.prop for GSI Pi to avoid reusing legacy
treble_system.prop used by legacy GSI (aosp_$arch_a(b) products).
Bug: 78605339
Test: build and observe the system/build.prop
Change-Id: I435e33558e244009af9a91a97580fd56591ff6f3
This is needed for the system images of aosp_arm(64) products to
be used as their respective GSIs in P, and for also aosp_arm(64)
products to boot with the current GSIs.
Bug: 78255604
Test: Built and booted the following products to home screen
$ lunch aosp_arm-userdebug; m -j; emulator
$ lunch aosp_arm64-userdebug; m -j; emulator
# The system image, both userdebug and user builds, of
# aosp_arm64 could also boot to home screen and browse
# the network on a physical device.
Change-Id: I83b79fd4d4e6e522ee78c720fb8c5f6f67ee411b
Merged-In: I83b79fd4d4e6e522ee78c720fb8c5f6f67ee411b
(cherry picked from commit f71547079a)
Starting in P, all 32-bit and 64-bit architectures use 64-bit
binder interface. This is similar to ag/3576770 for x86.
Bug: 71861550
Test: the following products can boot to home screen successfully:
lunch aosp_arm-userdebug; m -j; emulator
lunch sdk_phone_armv7-userdebug; m -j; emulator
Change-Id: Ibe1f53a5798342555e2e84395a13b48d461f483d
Merged-In: Ibe1f53a5798342555e2e84395a13b48d461f483d
(cherry picked from commit 6f114c0110c466d2a117f3e531f9ea5170a121ee)
This change modifies aosp_$arch product makefiles so their
system images can be closer to their respective GSIs.
The added contents in this CL are based on treble_common*.mk.
Contents specific to GSI are in aosp_$arch.mk.
Contents common to all devices are moved to full_base.mk.
Contents related to specific device are moved to device.mk.
BoardConfig related makefiles will be changed in another CL.
Bug: 70772101
Test: The following products can boot to home screen:
$ lunch aosp_x86-userdebug; m -j; emulator
$ lunch aosp_x86_64-userdebug; m -j; emulator
$ lunch aosp_arm-userdebug; m -j; emulator
$ lunch aosp_arm64-userdebug; m -j; emulator
Change-Id: I225a13dd74b3e748cc5d1705e1a453348b01d43f
Merged-In: I225a13dd74b3e748cc5d1705e1a453348b01d43f
(cherry picked from commit 164eed2e7d)
This is needed for the system images of aosp_arm(64) products to
be used as their respective GSIs in P, and for also aosp_arm(64)
products to boot with the current GSIs.
Bug: 78255604
Test: Built and booted the following products to home screen
$ lunch aosp_arm-userdebug; m -j; emulator
$ lunch aosp_arm64-userdebug; m -j; emulator
# The system image, both userdebug and user builds, of
# aosp_arm64 could also boot to home screen and browse
# the network on a physical device.
Change-Id: I83b79fd4d4e6e522ee78c720fb8c5f6f67ee411b
This change modifies aosp_$arch product makefiles so their
system images can be closer to their respective GSIs.
The added contents in this CL are based on treble_common*.mk.
Contents specific to GSI are in aosp_$arch.mk.
Contents common to all devices are moved to full_base.mk.
Contents related to specific device are moved to device.mk.
BoardConfig related makefiles will be changed in another CL.
Bug: 70772101
Test: The following products can boot to home screen:
$ lunch aosp_x86-userdebug; m -j; emulator
$ lunch aosp_x86_64-userdebug; m -j; emulator
$ lunch aosp_arm-userdebug; m -j; emulator
$ lunch aosp_arm64-userdebug; m -j; emulator
Change-Id: I225a13dd74b3e748cc5d1705e1a453348b01d43f
Starting in P, all 32-bit and 64-bit architectures use 64-bit
binder interface. This is similar to ag/3576770 for x86.
Bug: 71861550
Test: the following products can boot to home screen successfully:
lunch aosp_arm-userdebug; m -j; emulator
lunch sdk_phone_armv7-userdebug; m -j; emulator
Change-Id: Ibe1f53a5798342555e2e84395a13b48d461f483d
This is a partial revert of I43b645658f468c23a5b9ebcfcd9d4516537db540
On at least a generic_x86 build internally:
art/build/Android.gtest.mk:121: error: overriding commands for target `Uncompressed', previously defined at art/build/Android.gtest.mk:101
Bug: 77611511
Test: none
Change-Id: I78ca65e6f0c81f09e7da848eda797b3a8f97a521
Many boards have warnings like this, saying that we defined a build
rule, but later something else came in and overrode it with something
else:
art/build/Android.gtest.mk:677: warning: overriding commands for target `test-art-target-gtest-cmdline_parser_test'
art/build/Android.gtest.mk:674: warning: ignoring old commands for target `test-art-target-gtest-cmdline_parser_test'
Beyond the obvious problem of replacing the rule with something else,
target-specific variables can be combined as well, leading to some very
strange problems.
Since so many boards still have problems like this, but we don't
currently have any global problems, add a flag so that we can mark
boards as not broken. This should prevent regressions while we clean up
the individual problems.
Once the non-broken devices number significantly more than the broken
devices, we'll switch this default. And once they're all cleaned up this
variable will become obsolete, and these warnings will always be errors.
Bug: 77611511
Test: lunch aosp_arm-eng; m nothing
Test: lunch aosp_marlin-eng; m nothing
Test: build_test on all downstream branches
Change-Id: I43b645658f468c23a5b9ebcfcd9d4516537db540
A recent change added SELinux labels to the properties used by the DHCP
software and RIL to configure the network. Unfortunately that change
didn't give RIL the permissions needed to read those properties which
broke radio networking for the emulator. Fix it by allowing radio
related code to read the properties again.
BUG: 76211046
Test: Run emulator with -feature -Wifi and verify network connectivity
Change-Id: I7663a6598e2d501ee8336b2dae5fd78ff4ff69bc
SELinux policies have become stricter, this updates the emulator SELinux
rules to accomodate these changes. It also adds rules for the new
createns command with the accompanying execns changes that are needed
to work with an updated filesystem layout.
BUG: 74514143
Test: Compile emulator images and verify that WiFi works
Change-Id: I4b58cea681a1e41b0cb7368e1c696f74ce28f871
Use the new emulator WiFi HAL. This is specified by the
BOARD_WLAN_DEVICE setting. This also requires that the wifi HAL service
is included.
BUG: 74514143
Bug: 68338427
Test: run cts -m CtsIncidentHostTestCases -t
com.android.server.cts.BatteryStatsValidationTest#testWifiDownload
Change-Id: Ib59550b6cfba1e2e8686a5c805cd6b3913e8508e
(cherry picked from commit 23073c6ee33eca56f1ae0c45615b87ec9aec712e)
(cherry picked from commit 2d51c9b2bf0774ac46837a93181c83329e6fc662)
Update SELinux permissions to work with Treble and the much stricter
SELinux rules.
BUG: 74514143
Test: Compile and manually test that WiFi is working
Change-Id: Ic0a6417fb4fed1597fee70367924e5d59f37e725
(cherry picked from commit 37d7bc2adcc4bfd4c0f03dcddf1c7fbd31e87a4f)
(cherry picked from commit 1b0158a4ab6ca4f05b4b186ec3a080c689492b58)
Add the dhcpclient and dhcpserver binary files to the makefile and
file_contexts and give them the appropriate SELinux permissions to run.
BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: Ia472ef4c86c9b6ba967c0fc7443db607aed1e485
(cherry picked from commit 917bda2587d219e35404a298c05a7179519815c1)
(cherry picked from commit 87b9f937113801b50612863cb13e6391cc1f3105)
(cherry picked from commit 760a19890ac99144f6b143015c36e7aaa3797c73)
Set the required parameters in BoardConfigs to allow WiFi to work on
remaining architectures. Also update SELinux policy needed to make WiFi
work on arm and arm64. This was not required on x86 but refused to work
on arm without these changes.
BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: Ic645ccf7249f84ae0320770b0ef7b1b6102b7b14
(cherry picked from commit 6d28bfbeefea8fe1919ff0987ae3d935d974dc6d)
(cherry picked from commit 023a7ba64bd3b189a148ad388606ca5747ea20b1)
(cherry picked from commit 9c9cefdafbae50c0e371c30bcccb98a8b7697e98)
Add required SELinux permissions to run services required for WiFi and
network namespaces. Add required executables and files required to run
WiFi services such as hostapd to create an access point and
wpa_supplicant to connect to it.
BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: I38461b878abcaae842b4656dea82792e23100174
(cherry picked from commit 21c5c3dcf91b1be71abe8618e2eb31529438e325)
(cherry picked from commit 68a36140f7a3a766b8adc16cd85c2f0c81bfb44b)
(cherry picked from commit e6dab593b8eebccb1e6311e626c8aca943ba6933)
VTS checks for ro.product.board before running. Emulator does not have
that value and causes an exception.
So let's add it to the emulator and call it goldfish_$(TARGET_ARCH).
BUG: 73741117
Test: vts-tradefed run vts, should run the tests
Change-Id: I6b00f2923bc9609d4d05c45d47ceddd2bd7be091
