How to disable SELinux or allow a new domain in SELinux policy in AOSP 9 build? [on hold]

I’m trying to build an AOSP 9 with a new daemon, but the SELinux isn’t allowing me. My sierra_config_ip.te has this beginning of document:

type sierra_config_ip, domain; permissive sierra_config_ip; type sierra_config_ip_exec, exec_type, file_type;  init_daemon_domain(sierra_config_ip) 

My file_contexts is:

/(vendor|system/vendor)/bin/init.config.ip      u:object_r:sierra_config_ip_exec:s0 

My init.rc is:

service sierra_config_ip /vendor/bin/init.config.ip     class main     user root     group radio cache inet misc dhcp     capabilities BLOCK_SUSPEND NET_ADMIN NET_RAW     disabled     oneshot 

But I always get the following error:

[  0% 3/56037] build out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows FAILED: out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows  /bin/bash -c "(rm -f out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows ) && (ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c      30 -o out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/policy.conf )" libsepol.report_failure: neverallow on line 1005 of system/sepolicy/public/domain.te (or line 11245 of policy.conf) violated by allow sierra_dhcpcd sierra_dhcpcd_exec:file { execute entrypoint }; libsepol.report_failure: neverallow on line 1005 of system/sepolicy/public/domain.te (or line 11245 of policy.conf) violated by allow sierra_config_ip sierra_config_ip_exec:file { execute entrypoint }; libsepol.report_failure: neverallow on line 1005 of system/sepolicy/public/domain.te (or line 11245 of policy.conf) violated by allow sierra_config_ip toolbox_exec:file { execute execute_no_trans }; libsepol.report_failure: neverallow on line 1005 of system/sepolicy/public/domain.te (or line 11245 of policy.conf) violated by allow sierra_config_ip dhcp_exec:file { execute execute_no_trans }; libsepol.report_failure: neverallow on line 1005 of system/sepolicy/public/domain.te (or line 11245 of policy.conf) violated by allow sierra_config_ip shell_exec:file { execute execute_no_trans }; libsepol.report_failure: neverallow on line 1005 of system/sepolicy/public/domain.te (or line 11245 of policy.conf) violated by allow sierra_dhcpcd toolbox_exec:file { execute execute_no_trans }; libsepol.report_failure: neverallow on line 873 of system/sepolicy/public/domain.te (or line 10996 of policy.conf) violated by allow sierra_config_ip net_data_file:dir { search }; libsepol.report_failure: neverallow on line 873 of system/sepolicy/public/domain.te (or line 10996 of policy.conf) violated by allow sierra_dhcpcd net_data_file:dir { search }; libsepol.report_failure: neverallow on line 846 of system/sepolicy/public/domain.te (or line 10945 of policy.conf) violated by allow sierra_config_ip net_data_file:file { open }; libsepol.report_failure: neverallow on line 846 of system/sepolicy/public/domain.te (or line 10945 of policy.conf) violated by allow sierra_config_ip dhcp_data_file:file { create setattr lock map unlink rename open }; libsepol.check_assertions: 10 neverallow failures occurred Error while expanding policy 

I don’t know why is not working, I followed the steps described in other topics here, like this one. Can someone help me with this?

Besides that, I tried to disable SELinux to finally be able to build Android. To do this, i put it

enforcing=0 androidboot.selinux=disabled 

in BOARD_KERNEL_CMDLINE in BoardConfig.mk but the policys are builded before and the error occurs again!

I also tried putting -sierra_config_ip in domain.te:

full_treble_only(`     # Do not allow vendor components to execute files from system     # except for the ones whitelist here.     neverallow {         domain         -coredomain         -appdomain         -vendor_executes_system_violators         -vendor_init         -evs_domain         -sierra_config_ip     } {         exec_type         -vendor_file_type         -crash_dump_exec         -netutils_wrapper_exec     }:file { entrypoint execute execute_no_trans }; ') 

But I get the following error:

system/sepolicy/public/domain.te:1005:ERROR 'unknown type sierra_config_ip' at token ';' on line 11251: #line 1005     }:file { entrypoint execute execute_no_trans }; 

Thanks in advance for any help! 🙂

Клавиатура AOSP и Google не работают без поля ввода

У меня есть небольшая проблема. Когда я открываю программу Android и показываю клавиатуру, происходит нечто странное. Я пытаюсь нажать клавиши, но они не нажимаются, вместо этого нажатие происходит в моём приложении. Если клавиатура открыта, и я нажимаю на верхнюю часть экрана, нажатие тоже не работает. Это происходит только с клавиатурой AOSP и Google. Да, я знаю, что есть приложение «Game Keyboard», но переключать клавиатуру для ввода одного слова очень неудобно, и я привык к AOSP.

На Android есть такая программа, которая называется bVNC, и её разработчики решили эту проблему, AOSP прекрасно там работает; но во всех других приложениях такая ошибка.

Помогите пожалуйста, я записал видео, как происходит эта ошибка. Мне нужно исправить это, отредактировав код в моем приложении.

https://www.dropbox.com/s/7polly7glkwdtbu/screenrecorder.20190507163356.mp4?dl=0

Is “work profile” a AOSP feature, where is it documented?

I was not able to find much documentation regarding how the “work profile” feature (or maybe it is called android-for-work) works.

It seems the feature attempts to provide two distinct user profiles (similar to multi-user “max 4 users” feature) but with the distinction that apps can be run side-by-side without logout and login (as would be the case with multi-user)

I know that some software (i.e. shelter) is using the “work-profile” feature to create some sort of sandbox for “deplorable applications” (e.g. WhatsApp that would abuse disfunct AOSP permissions system to access all contacts, though not necessary).

This questions seeks information where to find documentation and explanation how this “work profile” features works.

How do I remove/disable Google Calendar App and go back to default (AOSP) Android Calendar App?

Nobody seems to care but I do. I try to use open source versions of Apps and other software. My girlfriend has a new phone, which is Android One (8.1) (supposedly pure Android + Google). I am trying to set it up for her. On my lineage OS phone, I am using the default calendar app not the Google. Somehow, we can’t find it on her phone and the only app seems to be the Google calendar. This is bs. It used to be that one can choose between two. Any ideas, how I can get the default calendar app installed? I can’t find it anywhere?

PS: As always, people will ask “why aren’t you using Google calendar? it syncs and does this and that…” I have my own calendar server and it does the same. If I can have more privacy with little impact on convenience, I choose privacy.

My question is different than the already existing “non-cloud” local calendar. Some open source calendar apps also provide cloud integration as a feature. I just don’t want to use Google’s proprietary app.

AOSP 9.0 build process consistently failing at 87%

I’m attempting to build a copy of AOSP 9.0 for use on my Xperia XZ Premium (G1842, Maple). I am using a copy of Debian 9.6 as a build station and have been following Sony’s official AOSP build instructions for 9.0 hosted on https://developer.sony.com

However, while the vast majority of the process goes smoothly every time, I am finding it consistently fails at the step
Copying resources from program jar [/home/administrator/android/out/target/common/obj/APPS/PackageInstaller_intermediates/classes.jar]

with the error message

[ 87% 78130/89692] Target Java: out/ta...r_intermediates/classes-full-debug.jar FAILED: out/target/common/obj/APPS/Dialer_intermediates/classes-full-debug.jar ninja: build stopped: subcommand failed. 05:44:33 ninja failed with: exit status 1

I honestly couldn’t tell you why this is happening, but I know all of the AOSP build dependencies are installed, the source tree and manifests were copied properly, and everything up to this point in the process goes flawlessly. I must have tried building AOSP eight to ten times over the last few days, and while it very occassionally gets to 99% and fails with a “Java runtime: out of memory” error, it almost always stops here instead for some reason.