Due to newrestriction priv_app can't access cgroup.
And priv_app is client of hal_perf, so had to remove it.
Change-Id: Idb17f438e06bdd71df235072eec4973556ce09d0
Add permissions needed for clients to use the
vendor framework detection library module. All
native clients using the framework detection
module must use the macro for their domain.
The existing permission needs are empty
(already part of domain) but added placeholder
to allow any underlying mechanism changes that
may require new permissions.
Change-Id: I88de640608e673a77a357afce11af8cb4d01e2d9
As part of treble system /core services are not allowed to
set vendor property .
if Property defined is part of system image then it can be set
or get by core/system services provided we define the property
as extended_core_property_type. So adding this to the property
that are added by vendor and used by core/system services.
Change-Id: I7ad8bc562be09126c082fc54f52499f5138fea5b
Add console labeling for JTAG console device. Debug builds only
as not expecting console via JTAG in a commercial configuration.
Fix generic/vendor/test policy pickup.
Change-Id: I03257ad59f7b4f41680da3942606dd40c147bcbf
sdd node was labeled as ssd_Device for some target but ssd_block_device for other.
So making it unique across all target.
Change-Id: I1248585c0c6ab33fbc9daaa8d0ab8d6299ec2fb8
As part of new AOSP restriction all the domains which are working
from system partation should have "system_file_type" attribute
else will lead to compile time failure .
For reading / setting any property we should be using
following macros .
set_prop( domain, property_label)
get_prop( domain, property_label)
So addressing these as part of new requirments .
Change-Id: Ie7a9c72994f3a1a62f8cf70d40a3a56d494a1726
domain.te already had given access to
r_dir_file({domain - isolated_app}, sysfs_soc);
r_dir_file({domain - isolated_app}, sysfs_esoc);
r_dir_file({domain - isolated_app}, sysfs_ssr);
r_dir_file({domain - isolated_app}, sysfs_thermal);
so removing all the duplicate rules covering this
Change-Id: Ic74a8c62a81567dbe5bfc69f691bc2239565ba5f
As part of new AOSP restriction all the domains which are working
from system partation should have "system_file_type" attribute
else will lead to compile time failure .
For reading / setting any property we should be using
following macros .
set_prop( domain, property_label)
get_prop( domain, property_label)
So addressing these as part of new requirments .
Change-Id: I6ef373404640f285a57484024665a42f615ce863
Adding the label to services/daemon which was not getting started due to
incorrect label and add the sepolicy rules to get the target to boot
in enfrocing mode.
Change-Id: I12fc4bfe38153cd51fb2d9b869f05a06c9d2c61f
Cdsprpcd domain listens to L3 clock requests from CDSP and votes
for CPU L3 frequency via sysfs_devfreq_l3cdsp node. The change
allows init shell to modify l3-cdsp governor to userspace
facilitating Cdsprpcd daemon in voting for L3 clock on SDM710.
Change-Id: Icf8c4a3e6ff282e0204317a33dd79d1fa67bd804
Add a domain with necessary permissions for sysmonapp applications
signed using the certificate provided.
Change-Id: Id61eb7e263cf83724305eda624fb06c2df5ac555
USTA is a system app which interacts with fastRPC to communicate
to SLPI. There are changes in fastRPC to access require DAC and MAC
permissions, required only by USTA test app. Adding separate domain
for USTA app.
Change-Id: I89c1beff1c10d341e678f7ae654dc16d2c184a83
Compliance testing expected to check this property value and this
is public readable property so adding all domain read access.
Change-Id: I6bf54f8d3e36abff5d7be698b6af5517347fb733
Due to never allow for wifi_prop, vendor process cannot
access the system wifi_prop property. But in certain
scenario other process need it. Hence add a support of
same.
Change-Id: I6648e0e038888e79bee5f987bc584ad126924a66
CRs-fixed: 2293118
Init shell need to set alarm boot property to indicate that if the
boot-up is triggered by rtc alarm.
Change-Id: I0d692b1f92695b399e73021eb84bda2dda6142eb
1. Remove hal_display_config attributes and replace it with
hal_graphics_composer.
2. Provide permissions to all hal_graphics_composer client to access
hal_display_config service.
Change-Id: I6c91dbe8797d6ffe47f99e21b810f7ac72503f02
CRs-Fixed: 2287704
This change adds new graphics vendor properties and fixes
permissions to resolve sepolicy denials.
Change-Id: Ibcf25e680ccd9b56607f6520fe712a78b3f93a9d
This change is to add sepolicy rules to get create
permissions for qmux_socket.
Change-Id: Ifc9665d5451c1887a725a032807f225efefb4a10
CRs-Fixed: 2287953
"ro.build.software.version" is not getting set anymore.
Its presence in property_context is causing VNDK failure.
Remove it to fix testVendorPropertyNamespace failure.
Change-Id: Icaf8c4e1195b10712208bb5a331572ce78243560
