Add a MAC check to the svc_can_register function in
service_manager. The types are defined in
external/sepolicy/service.te and the mapping from service
names is defined in external/sepolicy/service_contexts.
Currently uses the property context backend to parse the
contexts file.
Bug: 12909011
Change-Id: I5d90a614263c60571c7c70c2882e6fa929911ca5
Add profile-file option to dex2oat only if the profiler is active and
the file exists.
Bug: 12877748
Bug: 15275634
Change-Id: Icef76514c912c88311ed108f2be7a6329131f741
With new CA certificates being stored in /data/misc/user/<userid>/
existing ones need to be moved into the same place.
After this update only the owner user will have custom trusted CAs; all
other users will revert to the default set.
Change-Id: I14a4cd6048685902ad5dd3b53494b03fadc41c04
New command 'mkuser <id>' sets up a user directory in /data/misc/user/,
readable by all apps within that user and writeable by the local system
process.
Change-Id: I5ddde8c4a80f606e723bb41aa64581a0720842d5
Write string lengths as uint32_t so that their width is
the same on 32 and 64 bit processes.
Note that this fixes another bug as a side effect; getFlattenedSize
was assuming that sizeof(uint32_t) == sizeof(size_t).
Change-Id: I7b6e3993e1f1ac45c14832ce59c59e0772855a2f
To make sure the stature which pass between 32/64bit process have
same memory layout for 32/64bit.
Signed-off-by: Fengwei Yin <fengwei.yin@intel.com>
Co-Authored-by: Narayan Kamath <narayan@google.com> (Unit test only.)
Change-Id: I1bc2d12cce41ec0bc484adcaf968f274bec75c12
There was no explicit support for x86/64 architecture in EGL/GLES wrappers.
This resulted either in failures or sub-optimal implementation of the wrapper functions.
Change-Id: I20d99d7372fbf642ee4b94a05c8cb971cba29988
Signed-off-by: Wajdeczko, Michal <michal.wajdeczko@intel.com>
This ensures it's the same size in both 32 and 64 bit
processes and also brings it in line with struct
MotionEntry.
(cherry-picked from bc6001b026)
Change-Id: I28e87050478920a54132efbbb8138076ebad1409
At present, the app lib symlinks are created before setting
the package directory security context, and therefore default
to system_data_file. Upon a later restorecon_recursive,
they are relabeled to the same type as the package directory,
e.g. app_data_file. Avoid this inconsistency by setting the
package directory security context before creating the symlink
so that it inherits the same security context.
Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The gralloc API now provides a way for using lock/unlock with the Android
explicit synchronisation concept. This changes updates the GraphicBuffer class
to also expose this functionality, and updates the Surface class to make use of
in line with the dequeueBuffer/queueBuffer mechanism.
This new behaviour is dependent on GRALLOC_MODULE_API_VERSION_0_3. If the local
gralloc module does not support this then the existing synchronous lock/unlock
mechanism will be used.
Change-Id: I8c3fd9592e0c5400ac9be84450f55a77cc0bbdc5
