Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
Changes from the reverted cl aosp/2812455:
- The AIDL service type has been renamed from avf_* to hal_* to be
consistent with the others.
- The new AIDL service type, hal_remotelyprovisionedcomponent_avf_service,
for the IRPC/avf service, has been set up with the server/client model
for AIDL Hal. The virtualizationservice is declared as server and
RKPD is declared as client to access the service instead of raw
service permission setup as in the reverted cl. This is aligned
with the AIDL Hal configuration recommendation.
- Since the existing type for IRPC hal_remotelyprovisionedcomponent is
already associated with keymint server/client and has specific
permission requirements, and some of the keymint clients might not
need the AVF Hal. We decided to create a new AIDL service type
instead of reusing the exisiting keymint service type.
Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Bug: 312427637
Bug: 310744536
Bug: 299257581
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: Id37764b5f98e3c30c0c63601560697cf1c02c0ad
Convert vibrator_control to a framework service (fwk_vibrator_control_service) in system_server.
Bug: 305961689
Test: N/A
Change-Id: I5f3aba2c58a3166593a11034a8d21dfd12311c2e
Add sepolicies rules for Secretkeeper HAL & nonsecure service
implementing the AIDL.
Test: atest VtsHalSkTargetTest & check for Selinux denials
Bug: 293429085
Change-Id: I907cf326e48e4dc180aa0d30e644416d4936ff78
This reverts commit 76a62dfb3e.
Reason for revert: Relanding with virtual_camera flag disabled to prevent test failures before rc entry is added for the service (which needs to be done after this cl is submitted to prevent boot test failing due to selinux denials).
Test: https://android-build.corp.google.com/builds/abtd/run/L11500030000350228
Change-Id: Ie621f89610b173918bb4c0b6eb1f35547f56f6b7
Using Join with the fully fledged input path as string
breaks setting a custom $OUT_DIR
Test: export OUT_DIR=`pwd`/out_custom && m nothing
Change-Id: Ie5043c0eb8e5f854be0d0d318008ea24f3d94c09
and consitently name service and process as "virtual_camera" (with
underscore)
Test: Cts VirtalCameraTest
Bug: 270352264
Change-Id: I2c6c0c03aab47aa1795cbda19af25e6661a0bf4a
Netd stop supporting mdns service. After aosp/2825952, EVERY interface
in mdns binder service return binder::Status::EX_UNSUPPORTED_OPERATION
directly. Fuzz on this service becomes pointless. We are also going to
delete the entire service later.
Bug: 298594687
Test: Build
Change-Id: I166e26dcfc08737fe25748e7f94774334f8d5e57
This adds two macros which can be used in te files and contexts files.
* is_flag_enabled(flag_name, codes)
* is_flag_disabled(flag_name, codes)
Also flag-guarding requires to process input files before any
validations. Property contexts test and seapp contexts test are
modified a little to handle that.
Bug: 306563735
Test: build with manual guarding
Change-Id: Ia1c6d00b7aab0da3901c19f16d553153aace018c
This will be used to guard sepolicy changes. Also this adds default
modules for se_policy_conf and contexts modules.
Bug: 306563735
Test: build
Change-Id: I9b3460aaca07d325e0f83a1e2bf0e57caa498101
Sorting algorithm of fc_sort is not perfect and often causes unexpected
behaviors. We are moving from fc_sort to manual ordering of platform
file_contexts files.
In addition, this sets remove_comment as true by default, as fc_sort has
been removing comments / empty lines.
Bug: 299839280
Test: TH
Change-Id: Ic8a02b64fc70481234467a470506580d2e6efd94
Revert submission 2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ
Reason for revert: This change relands the topic
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
The SELinux denial has been fixed in system/sepolicy
Reverted changes: /q/submissionid:2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ
Bug: 308596709
Bug: 274881098
Change-Id: Ib23ac4680b0f37b760bff043e1f42ce61a58c3e2
security_state service manages security state (e.g. SPL) information across partitions, modules, etc.
Bug: 307819014
Test: Manual
Change-Id: I4ebcd8431c11b41f7e210947b32cf64c2adf3901
If file_contexts_test is given a test_data attribute, it will use
`checkfc -t` to validate the file_context against it, instead of using
the policy. Both options are mutually exclusive.
Bug: 299839280
Test: m
Change-Id: I3f541e0d0bb5d03ed146e27d67bc811cda3164b1
Keep the type of context and decides on the flags within
GenerateAndroidBuildActions. This is a no-op but will help supporting
other options for checkfc.
Bug: 299839280
Test: mm
Change-Id: I3a6f9db9d890e0a0ccb3eca37c01b2977fa2e2d1
A parallel implementation of certain VDM APIs that need to
be exposed to native framework code.
Similar to package_native_service.
Not meant to be used directly by apps but should still be
available in the client process via the corresponding native
manager (e.g. SensorManager).
Starting the service: ag/24955732
Testing the service: ag/24955733
Bug: 303535376
Change-Id: I90bb4837438de5cb964d0b560585b085cc8eabef
Test: manual
