Effective in 2026, to align with our trunk stable development model and ensure platform stability for the ecosystem, we will publish source code to AOSP in Q2 and Q4. For building and contributing to AOSP, we recommend utilizing android-latest-release instead of aosp-main. The android-latest-release manifest branch will always reference the most recent release pushed to AOSP. For more information, see Changes to AOSP.

SELinux policies for device tests

When atest runs device tests, atest pushes the test binary and its resources to the /data partition and executes it with adb shell. The test executable uses the shell SELinux domain; therefore, receive the SELinux policies associated to the shell domain. When the device is running in enforced SELinux mode, device tests that violate these policies fail with an SELinux error.

Notably, the shell domain does not have allow rules to:

Access files on the /vendor partition, including linking with libraries installed to the /vendor partition.
Call an arbitrary Binder interface.

If a device test needs one or both of these permissions, then you must run the test with root permissions. When adbd has root permissions, adbd uses the su SELinux domain on the device instead of the shell, which has more privileges.

To run a device test using root permissions, add the require_root: true property to the respective Soong module definition in the Android.bp file.

// file: Android.bp

rust_test {
    name: "example_rust_test_that requires root",

    // ...

    rustlibs: [
        "some-vendor-lib",
    ],
    // This example test requires root permissions, because it calls Binder
    // interfaces unavailable for the shell, and also links with a vendor
    // library.
    require_root: true,
}

SELinux policies for device tests Stay organized with collections Save and categorize content based on your preferences.

SELinux policies for device tests