Allow sepolicy rules for hang_guard to
send signal to process, write into kmsg,
look through proc and write into sysrq.
Change-Id: Ia707097a5e4867377138df7948f50441f560bdd6
As diag team use diag hal instead of /dev/diag, need add sepolicy to access diag hal for factory tool.
Change-Id: I151fda397d4b54d340e367a202bc43ac117fa9df
CRs-Fixed: 2744148
Add DSP HAL manager related attributes and policies. Allow untrusted
shell apps and APKs to be a client of the DSP HAL server. Mark the
DSP HAL interface library as same process HAL.
Change-Id: I7b2e5c716c6191d480d26d39a3adf188dc3aefb3
Move sysmonapp domain applications to tests folders
under legacy and qva. Also extend the sepolicy rules
to respective platform signed ones.
Change-Id: I6923d59300a94c1a9c63c9d3fc32050bb86f9271
to avoid naming colision with system types we are adding vendor_ prefix for all vendor defined types.
Change-Id: I1396f2c6d9576af3c3755096bb1e69d254b6db4e
As part of making USTA (Sensor android test application) as
installable, we split the app into 2 parts. One Acts as only UI,
another one acts as service which interacts with sensors native
via JNI. Both the apps are placed in system/app path only.
Change-Id: I58df425bebef96b9d6515179e9581eed03571ad6
As part of CTS testing its expected no denails should be seen
from dumpstate domain during testing so addressing generic
permission issue.
test :testNoBugreportDenials
Change-Id: Ic60a49e6330c42aa99280af8e6913af140e981e5
As part of CTS testing its expected no denails should be seen
from dumpstate domain during testing so addressing generic
permission issue.
test :testNoBugreportDenials
Change-Id: I27178e6b4180d53cd5f6574bf71fe54819b10454
WFD requires revision in its SEAndroid policies due
to an OS upgrade and design re-architecture to conform
to system-wide mandates.
Change-Id: I5a9adc280cefab73d8c467379b74951fc3a88e71
For debugging watchdog issues in system_server, system_server
needs read access to binder-state file. Access to generic debugfs has
been removed for all processes except init, vendor_init & dumpstate.
This CL labels /sys/kernel/debug/binder/state file and allows
system_server, dumpstate, vendor_init & init, 'r_file_perms' access
to the same file.
The label and the associated access permissions only apply to
userdebug builds.
Change-Id: I159e39bcd05d699454797f8b1d1c17c810c99cb1
