Commit graph

5 commits

Author SHA1 Message Date
Connor O'Brien
12443b7a51 Add permissions for hal_boot
The service running the boot control HAL needs the permissions
provided by the boot_control_hal attribute. update_engine and
update_verifier still also need these permissions in order
to successfully call the new HAL in pass-through mode, but also
need permission to call the new service.

Bug: 31864052
Test: Built and confirmed no permission denials.
Change-Id: I2a6fdd5cf79b9e461d7cc14bd5b7abd6481ed911
Signed-off-by: Connor O'Brien <connoro@google.com>
2016-11-21 10:09:40 -08:00
Connor O'Brien
394ed93d90 Revert "Move boot_control_hal attribute to hal_boot domain"
This reverts commit 1f3294659d.

Bug: 32973182
Change-Id: Ic0277b38b0249710a4f1fc362e777f3880ff096b
2016-11-18 02:43:03 +00:00
Alex Deymo
1f3294659d Move boot_control_hal attribute to hal_boot domain
Grant boot_control_hal permissions to the hal_boot service;
update_engine and update_verifier can call that service rather
than using those permissions themselves.

Bug: 31864052
Test: `bootctl set-active-boot-slot 1`
Change-Id: I5188bc32e7933d4a0f5135b3246df119d3523d69
2016-11-15 15:12:41 -08:00
Connor O'Brien
b24e69dca8 Allow update_verifier to use boot HIDL HAL
Test: Flashed device and verified no update_verifier permission denials
Change-Id: I5de063c202aefef399645b153f68ff7909989eba
Signed-off-by: Connor O'Brien <connoro@google.com>
2016-11-09 11:16:16 -08:00
dcashman
cc39f63773 Split general policy into public and private components.
Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
2016-10-06 13:09:06 -07:00
Renamed from update_verifier.te (Browse further)