This will allow us to conditionally change the compiler-filter based on other properties.
Bug: 15165413
Change-Id: Iff27dc2904f4f0d7c25a684cd6ba16a597f252fd
dumpstate was not dumping any stack traces for vm processes because
it was failing the string compare for /system/bin/app_process.
64-bit devices use app_process32 and app_process64 instead of
app_process, and zygote64 alongside zygote. Change the string
matching to be prefix matching.
Change-Id: I6970e1b1fedfcd601f8db6af62852422fcb71d59
Add SELinux MAC for the list and find functionality
to service_manager. By default the list action uses
the service_manager_type attribute as its target
object.
Change-Id: I7630f21a9f3232ae3d6d8b9a1119230b40899aef
Remove the hardcoded tuples of UIDs and the services that
each is allowed to register. We will rely only on permissions
from SELinux.
Change-Id: I1c44555a6e274814282398865b30ee938f40dabb
This requires a companion package manager change to prune
each instruction specific dex cache individually.
bug: 15677279
Change-Id: I5891981512bde20e49bff65b1842c28886f2b177
Profiling information leaks data about how people interact
with apps, so we don't want the data to be available
to other apps. Only the app and system_server need access.
Don't create the /data/dalvik-cache/profiles directory. init.rc
does it for us now.
Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
Add a MAC check to the svc_can_register function in
service_manager. The types are defined in
external/sepolicy/service.te and the mapping from service
names is defined in external/sepolicy/service_contexts.
Currently uses the property context backend to parse the
contexts file.
Bug: 12909011
Change-Id: I5d90a614263c60571c7c70c2882e6fa929911ca5
Add profile-file option to dex2oat only if the profiler is active and
the file exists.
Bug: 12877748
Bug: 15275634
Change-Id: Icef76514c912c88311ed108f2be7a6329131f741
With new CA certificates being stored in /data/misc/user/<userid>/
existing ones need to be moved into the same place.
After this update only the owner user will have custom trusted CAs; all
other users will revert to the default set.
Change-Id: I14a4cd6048685902ad5dd3b53494b03fadc41c04
New command 'mkuser <id>' sets up a user directory in /data/misc/user/,
readable by all apps within that user and writeable by the local system
process.
Change-Id: I5ddde8c4a80f606e723bb41aa64581a0720842d5
At present, the app lib symlinks are created before setting
the package directory security context, and therefore default
to system_data_file. Upon a later restorecon_recursive,
they are relabeled to the same type as the package directory,
e.g. app_data_file. Avoid this inconsistency by setting the
package directory security context before creating the symlink
so that it inherits the same security context.
Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The instruction-set is used to construct the dalvik cache
path and is also passed down to dex2oat.
(cherry picked from commit 791781bfb8)
Change-Id: I43396b16f6eaecacf0fb7d052526fc5a239167ac
It's wrong to just concatenate the apk_path and .odex.
The bug prevents the prebuilt odex being used since Kitkat.
The patch is copied from the code of JellyBean.
Change-Id: I0ce8a877e3df8ae1ab9a0e3aeeef2d5253efc223
This is required so that it will be assigned the correct SELinux
security context on first creation by installd.
Bug: 13927667
Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Changes above with PMS and below with libselinux
have resulted in a few changes to the restorecon data
api. This change is needed in order to support the new
way to issue a recursive restorecon of certain
/data/data directories.
The restorecondata function has also been modified to
find all users on the device for a given package name
(argument to the function) and to issue a separate
recursive restorecon call for each.
Change-Id: Ie440cba2c96f0907458086348197e1506d31c1b6
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Otherwise we can't readily see log messages from libselinux calls
made by installd.
Change-Id: I319b30c181470468fe19dd5fbe9251ef03f1163b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Implement new restorecondata function which will allow
the relabeling of /data/data and /data/user directories.
This is needed in the case of certain OTAs. Not every
boot will apply this relabeling however. Consult change
I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 for
clarification on this issue.
Change-Id: I05e8b438950ddb908e46c9168ea6ee601e6d674f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>