Commit graph

595 commits

Author SHA1 Message Date
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
2023-06-30 10:56:38 +08:00
Jeff Pu
1e09f2ebf7 Allow hal_fingerprint_default to have pipe read access
Bug: 284488745
Test: atest BiometricsE2eTests:BiometricPromptAuthSuccessTest
Change-Id: Ie69193964232b1a6b97877c650182fcdcd5b2cea
2023-06-09 13:56:28 +00:00
Peiyong Lin
54229d8157 Allow graphics_config_writable_prop to be modified.
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.

Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
2023-05-04 15:56:33 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL.
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
2023-04-10 17:42:51 -07:00
Changyeon Jo
89380c19c8 Allow EVS HAL to access graphics related properties
EVS Display HAL needs to access graphics related properties to configure
a pipeline to render the contents of graphics buffers.

Bug: 274695271
Test: m -j selinux_policy
Change-Id: I97a8a3f35f7118325cff9a8ae69485c0f73fe17f
2023-03-23 22:26:42 +00:00
Alice Wang
5e94b1698c [dice] Remove all the sepolicy relating the hal service dice
As the service is not used anywhere for now and in the near future.

Bug: 268322533
Test: m
Change-Id: I0350f5e7e0d025de8069a9116662fee5ce1d5150
2023-02-24 08:34:26 +00:00
Treehugger Robot
22d25dcae4 Merge "Map AIDL Gatekeeper to same policy as HIDL version" 2023-02-14 17:48:17 +00:00
Cody Northrop
e4e43ebad8 Allow camera HAL to read EGL vendor properties
Test: TreeHugger
Bug: b/267752967
Change-Id: I174420a3ef1f0059007616b4bee3091a888b1999
2023-02-09 17:55:03 +00:00
David Drysdale
c9529ff336 Map AIDL Gatekeeper to same policy as HIDL version
Bug: 268342724
Test: VtsHalGatekeeperTargetTest
Change-Id: Ifa90247753ae558f7bdb70cb4b4e494466cc457b
2023-02-08 18:42:17 +00:00
Alistair Delva
e7fc603518 Merge "Add missing permissions for default bluetooth hal" 2023-01-18 22:16:06 +00:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Henri Chataing
9ff3423527 Add missing permissions for default bluetooth hal
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
2023-01-12 19:02:57 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
KH Shi
8ae99b5e5f Update SEPolicy for Tetheroffload AIDL
Bug: b/205762647
Test: m
Change-Id: Iaf87e8a64a4a1af20f54e3c09c31d051acf549a1
2023-01-04 11:28:47 +08:00
Venkatarama Avadhani
5a86d5f3f3 HDMI: Refactor HDMI packages
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.

Bug: 261729059
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
2022-12-27 18:15:26 +05:30
Venkatarama Avadhani
0f0861af8f EARC: Add Policy for EArc Service
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
2022-12-27 18:11:36 +05:30
Devin Moore
e632fc098a Allow biometrics hals to talk to the new AIDL sensorservice
This is being used in libsensorndkbridge now, so permissions are
required.

Test: atest CtsCameraTestCases && adb logcat | grep avc
Bug: 205764765
Change-Id: Id416cc2f92ba82d4068376a5f4d076137aab086a
2022-12-19 19:51:55 +00:00
Devin Moore
a2765f212f Allow audio HAL to talk to the new AIDL sensorservice
This is being used in libsensorndkbridge now, so permissions are
required.

Test: m
Bug: 205764765
Change-Id: I6b0871bbcdff920d1d9dc9b66ec1236405f90fd8
2022-12-19 19:50:57 +00:00
Devin Moore
2a724dd853 Allow camera to talk to the new AIDL sensorservice
This is being used in libsensorndkbridge now, so permissions are
required.

Test: atest CtsCameraTestCases && adb logcat | grep avc
Bug: 205764765
Change-Id: I7a1569b8b4e2a21961f3950fa3947b5e20fc674b
2022-12-19 19:50:31 +00:00
Yu Shan
aa3f997dcc Merge "Allow wider remote access names." 2022-12-15 01:51:46 +00:00
Mohi Montazer
3bbdd15ece Merge "SEPolicy updates for camera HAL" 2022-12-13 20:37:59 +00:00
Mohi Montazer
ad059403ad SEPolicy updates for camera HAL
Updates SEPolicy files to give camera HAL permission to access
Android Core Experiment flags.

Example denials:
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.244  1027  1027 W 3AThreadPool:  type=1400 audit(0.0:9): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0

Bug: 259433722
Test: m
Change-Id: I11165b56d7b7e38130698cf86d9739f878580a14
2022-12-13 09:52:04 -08:00
Chris Weir
800a2c9f66 Merge "Add permissions to allow iface up/down" 2022-12-13 00:18:00 +00:00
Chris Weir
1bcbc0b667 Add permissions to allow iface up/down
I need SIOCGIFFLAGS and SIOCSIFFLAGS in order to bring up/down
interfaces with AIDL CAN HAL.

Bug: 260592449
Test: CAN HAL can bring up interfaces
Change-Id: I67edaa857cffdf3c3fc9f3b17aad5879e09c6385
2022-12-12 14:30:15 -08:00
Chris Weir
caf905ff3c Merge "SEPolicy for AIDL CAN HAL" 2022-12-09 22:09:12 +00:00
Chris Weir
eee59458c2 SEPolicy for AIDL CAN HAL
CAN HAL moving to AIDL, SEPolicy will need to be adjusted.

Bug: 170405615
Test: AIDL CAN HAL VTS
Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
2022-12-09 11:00:10 -08:00
Gabriel Biren
52b5ff67b9 Update file_contexts for WiFi Vendor HAL
AIDL service.

Bug: 205044134
Test: Manual test - check that AIDL service
      starts successfully on Cuttlefish
Change-Id: If6dbb20ca982b998485257e212aa4aa82749d23d
2022-12-05 23:53:30 +00:00
Yu Shan
96c3b41113 Allow wider remote access names.
Test: local test @v1-tcu-test-service.
Bug: 254547153
Change-Id: I82ed9e9e439913602e26042e357b5fa33338ef97
2022-11-30 17:07:49 -08:00
Steven Moreland
c3802445d0 Merge "sepolicy for SE HAL" 2022-11-29 22:30:40 +00:00
Treehugger Robot
299ee9fb24 Merge "Add IAllocator-V2" 2022-11-15 23:13:42 +00:00
Steven Moreland
4c6586817a sepolicy for SE HAL
Bug: 205762050
Test: N/A
Change-Id: I76cd5ebc4d0e456a3e4f1aa22f5a932fb21f6a23
2022-11-15 22:41:09 +00:00
Sandeep Dhavale
d64fb55474 Merge "Fastboot AIDL Sepolicy changes" 2022-11-10 18:29:00 +00:00
Sandeep Dhavale
f0ea953e60 Fastboot AIDL Sepolicy changes
Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
2022-11-09 22:21:27 +00:00
Lakshman Annadorai
4d277b7baa Revert "Add sepolicies for CPU HAL."
This reverts commit f4ab6c9f3c.

Reason for revert: CPU HAL is no longer required because the CPU frequency sysfs files are stable Linux Kernel interfaces and could be read directly from the framework.

Change-Id: I8e992a72e59832801fc0d8087e51efb379d0398f
2022-11-09 16:47:07 +00:00
Lakshman Annadorai
f4ab6c9f3c Add sepolicies for CPU HAL.
Change-Id: Ia091bf8f597a25351b5ee33b2c2afc982f175d51
Test: Ran `m; emulator; adb logcat -b all -d > logcat.txt;`
      and verified CPU HAL is running without any sepolicy violation.
Bug: 252883241
2022-11-04 18:13:00 +00:00
John Reck
5e20f62f8e Add IAllocator-V2
Test: build & boot

Change-Id: I970585e4ba593f7d72d5ff14423920b38c9d57af
2022-11-01 15:19:03 -04:00
Treehugger Robot
e6a43ec4c9 Merge "Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration" 2022-10-27 14:03:48 +00:00
Ricky Niu
fc1463c164 Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration
Covers the rules needed for the default AIDL implementation.

10-26 10:22:42.408   448   448 I auditd  : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0

Bug: 218791946
Test: reboot and check if AIDL service is running.

Signed-off-by: Ricky Niu <rickyniu@google.com>
Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199
2022-10-27 15:42:56 +08:00
Henry Fang
0c3f615602 Merge "Allow CAS AIDL sample HAL" 2022-10-25 16:38:20 +00:00
Arthur Ishiguro
3002f1afe2 Merge "Add sepolicy for default Context Hub HAL access to stats service" 2022-10-20 16:29:32 +00:00
Arthur Ishiguro
ca5474c5cf Add sepolicy for default Context Hub HAL access to stats service
Bug: 254328944
Test: Verify no selinux error through logcat
Change-Id: Iebc7e6c42a99d091dd1afcc5ff0204bd6f3c71e7
2022-10-19 16:49:01 +00:00
Treehugger Robot
4a5c2dee68 Merge "Add policies for new services HDMI and HDMICEC" 2022-10-19 02:58:03 +00:00
Steven Moreland
586703a90c Merge "servicemanager: kernel log perms" 2022-10-18 20:06:41 +00:00
Steven Moreland
5c3f315771 servicemanager: kernel log perms
Bug: 210919187
Fixes: 235390578
Test: boot (logs still only show up sometimes)
Change-Id: I16b9814260103ce550836655d0409d43b8850ea0
2022-10-17 21:30:50 +00:00
Treehugger Robot
184064cd13 Merge "Add selinux policy to register remote access HAL." 2022-10-15 03:13:07 +00:00
Shraddha Basantwani
bacf949002 Allow CAS AIDL sample HAL
Bug: 230377377, 227673974
Test: manual
Change-Id: Ied6822d8114404b85dbed56ae4806de1bfb43e54
2022-10-12 19:42:20 +05:30
Venkatarama Avadhani
38ff3b4115 Add policies for new services HDMI and HDMICEC
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ic2c0525368218e207be236d073a3fe736151c43f
2022-10-10 15:40:42 +05:30
Yu Shan
941ab0a90b Add selinux policy to register remote access HAL.
All remote access HAL needs to register itself to service manager,
so add the policy to system/sepolicy/vendor.

Test: Manually run cf_x86_64_auto, verify remote access HAL is
running.
Bug: 241483300

Change-Id: If8c1162eecfcce4792e6309ba351c498e8117687
2022-10-07 13:29:22 -07:00
Peiyong Lin
4a5d0f13c4 Update SEPolicy for Thermal AIDL
Bug: b/205762943
Test: build and boot
Change-Id: I301b85dafbf8fbb1c4be388aa0291e22f4717c99
2022-10-05 00:55:20 +00:00