Zhanglong Xia
b2d1fbb7b2
Add sepolicy rules for Thread Network HAL
...
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
2023-06-30 10:56:38 +08:00
Jeff Pu
1e09f2ebf7
Allow hal_fingerprint_default to have pipe read access
...
Bug: 284488745
Test: atest BiometricsE2eTests:BiometricPromptAuthSuccessTest
Change-Id: Ie69193964232b1a6b97877c650182fcdcd5b2cea
2023-06-09 13:56:28 +00:00
Peiyong Lin
54229d8157
Allow graphics_config_writable_prop to be modified.
...
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.
Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
2023-05-04 15:56:33 +00:00
Yu Shan
9eb72464b5
Define sepolicy for ivn HAL.
...
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
2023-04-10 17:42:51 -07:00
Changyeon Jo
89380c19c8
Allow EVS HAL to access graphics related properties
...
EVS Display HAL needs to access graphics related properties to configure
a pipeline to render the contents of graphics buffers.
Bug: 274695271
Test: m -j selinux_policy
Change-Id: I97a8a3f35f7118325cff9a8ae69485c0f73fe17f
2023-03-23 22:26:42 +00:00
Alice Wang
5e94b1698c
[dice] Remove all the sepolicy relating the hal service dice
...
As the service is not used anywhere for now and in the near future.
Bug: 268322533
Test: m
Change-Id: I0350f5e7e0d025de8069a9116662fee5ce1d5150
2023-02-24 08:34:26 +00:00
Treehugger Robot
22d25dcae4
Merge "Map AIDL Gatekeeper to same policy as HIDL version"
2023-02-14 17:48:17 +00:00
Cody Northrop
e4e43ebad8
Allow camera HAL to read EGL vendor properties
...
Test: TreeHugger
Bug: b/267752967
Change-Id: I174420a3ef1f0059007616b4bee3091a888b1999
2023-02-09 17:55:03 +00:00
David Drysdale
c9529ff336
Map AIDL Gatekeeper to same policy as HIDL version
...
Bug: 268342724
Test: VtsHalGatekeeperTargetTest
Change-Id: Ifa90247753ae558f7bdb70cb4b4e494466cc457b
2023-02-08 18:42:17 +00:00
Alistair Delva
e7fc603518
Merge "Add missing permissions for default bluetooth hal"
2023-01-18 22:16:06 +00:00
Lorenzo Colitti
b8194ca7fb
Merge "Update SEPolicy for Tetheroffload AIDL"
2023-01-18 00:04:51 +00:00
Henri Chataing
9ff3423527
Add missing permissions for default bluetooth hal
...
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
2023-01-12 19:02:57 +00:00
Nathalie Le Clair
98e20da831
Merge "HDMI: Refactor HDMI packages"
2023-01-10 17:05:17 +00:00
Treehugger Robot
6baccc1d8e
Merge "EARC: Add Policy for EArc Service"
2023-01-04 03:30:47 +00:00
KH Shi
8ae99b5e5f
Update SEPolicy for Tetheroffload AIDL
...
Bug: b/205762647
Test: m
Change-Id: Iaf87e8a64a4a1af20f54e3c09c31d051acf549a1
2023-01-04 11:28:47 +08:00
Venkatarama Avadhani
5a86d5f3f3
HDMI: Refactor HDMI packages
...
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.
Bug: 261729059
Test: atest vts_treble_vintf_framework_test
atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
2022-12-27 18:15:26 +05:30
Venkatarama Avadhani
0f0861af8f
EARC: Add Policy for EArc Service
...
Test: atest vts_treble_vintf_framework_test
atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
2022-12-27 18:11:36 +05:30
Devin Moore
e632fc098a
Allow biometrics hals to talk to the new AIDL sensorservice
...
This is being used in libsensorndkbridge now, so permissions are
required.
Test: atest CtsCameraTestCases && adb logcat | grep avc
Bug: 205764765
Change-Id: Id416cc2f92ba82d4068376a5f4d076137aab086a
2022-12-19 19:51:55 +00:00
Devin Moore
a2765f212f
Allow audio HAL to talk to the new AIDL sensorservice
...
This is being used in libsensorndkbridge now, so permissions are
required.
Test: m
Bug: 205764765
Change-Id: I6b0871bbcdff920d1d9dc9b66ec1236405f90fd8
2022-12-19 19:50:57 +00:00
Devin Moore
2a724dd853
Allow camera to talk to the new AIDL sensorservice
...
This is being used in libsensorndkbridge now, so permissions are
required.
Test: atest CtsCameraTestCases && adb logcat | grep avc
Bug: 205764765
Change-Id: I7a1569b8b4e2a21961f3950fa3947b5e20fc674b
2022-12-19 19:50:31 +00:00
Yu Shan
aa3f997dcc
Merge "Allow wider remote access names."
2022-12-15 01:51:46 +00:00
Mohi Montazer
3bbdd15ece
Merge "SEPolicy updates for camera HAL"
2022-12-13 20:37:59 +00:00
Mohi Montazer
ad059403ad
SEPolicy updates for camera HAL
...
Updates SEPolicy files to give camera HAL permission to access
Android Core Experiment flags.
Example denials:
11-30 13:08:33.172 1027 1027 W binder:1027_3: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.172 1027 1027 W binder:1027_3: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.244 1027 1027 W 3AThreadPool: type=1400 audit(0.0:9): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
Bug: 259433722
Test: m
Change-Id: I11165b56d7b7e38130698cf86d9739f878580a14
2022-12-13 09:52:04 -08:00
Chris Weir
800a2c9f66
Merge "Add permissions to allow iface up/down"
2022-12-13 00:18:00 +00:00
Chris Weir
1bcbc0b667
Add permissions to allow iface up/down
...
I need SIOCGIFFLAGS and SIOCSIFFLAGS in order to bring up/down
interfaces with AIDL CAN HAL.
Bug: 260592449
Test: CAN HAL can bring up interfaces
Change-Id: I67edaa857cffdf3c3fc9f3b17aad5879e09c6385
2022-12-12 14:30:15 -08:00
Chris Weir
caf905ff3c
Merge "SEPolicy for AIDL CAN HAL"
2022-12-09 22:09:12 +00:00
Chris Weir
eee59458c2
SEPolicy for AIDL CAN HAL
...
CAN HAL moving to AIDL, SEPolicy will need to be adjusted.
Bug: 170405615
Test: AIDL CAN HAL VTS
Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
2022-12-09 11:00:10 -08:00
Gabriel Biren
52b5ff67b9
Update file_contexts for WiFi Vendor HAL
...
AIDL service.
Bug: 205044134
Test: Manual test - check that AIDL service
starts successfully on Cuttlefish
Change-Id: If6dbb20ca982b998485257e212aa4aa82749d23d
2022-12-05 23:53:30 +00:00
Yu Shan
96c3b41113
Allow wider remote access names.
...
Test: local test @v1-tcu-test-service.
Bug: 254547153
Change-Id: I82ed9e9e439913602e26042e357b5fa33338ef97
2022-11-30 17:07:49 -08:00
Steven Moreland
c3802445d0
Merge "sepolicy for SE HAL"
2022-11-29 22:30:40 +00:00
Treehugger Robot
299ee9fb24
Merge "Add IAllocator-V2"
2022-11-15 23:13:42 +00:00
Steven Moreland
4c6586817a
sepolicy for SE HAL
...
Bug: 205762050
Test: N/A
Change-Id: I76cd5ebc4d0e456a3e4f1aa22f5a932fb21f6a23
2022-11-15 22:41:09 +00:00
Sandeep Dhavale
d64fb55474
Merge "Fastboot AIDL Sepolicy changes"
2022-11-10 18:29:00 +00:00
Sandeep Dhavale
f0ea953e60
Fastboot AIDL Sepolicy changes
...
Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
2022-11-09 22:21:27 +00:00
Lakshman Annadorai
4d277b7baa
Revert "Add sepolicies for CPU HAL."
...
This reverts commit f4ab6c9f3c
.
Reason for revert: CPU HAL is no longer required because the CPU frequency sysfs files are stable Linux Kernel interfaces and could be read directly from the framework.
Change-Id: I8e992a72e59832801fc0d8087e51efb379d0398f
2022-11-09 16:47:07 +00:00
Lakshman Annadorai
f4ab6c9f3c
Add sepolicies for CPU HAL.
...
Change-Id: Ia091bf8f597a25351b5ee33b2c2afc982f175d51
Test: Ran `m; emulator; adb logcat -b all -d > logcat.txt;`
and verified CPU HAL is running without any sepolicy violation.
Bug: 252883241
2022-11-04 18:13:00 +00:00
John Reck
5e20f62f8e
Add IAllocator-V2
...
Test: build & boot
Change-Id: I970585e4ba593f7d72d5ff14423920b38c9d57af
2022-11-01 15:19:03 -04:00
Treehugger Robot
e6a43ec4c9
Merge "Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration"
2022-10-27 14:03:48 +00:00
Ricky Niu
fc1463c164
Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration
...
Covers the rules needed for the default AIDL implementation.
10-26 10:22:42.408 448 448 I auditd : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0
Bug: 218791946
Test: reboot and check if AIDL service is running.
Signed-off-by: Ricky Niu <rickyniu@google.com>
Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199
2022-10-27 15:42:56 +08:00
Henry Fang
0c3f615602
Merge "Allow CAS AIDL sample HAL"
2022-10-25 16:38:20 +00:00
Arthur Ishiguro
3002f1afe2
Merge "Add sepolicy for default Context Hub HAL access to stats service"
2022-10-20 16:29:32 +00:00
Arthur Ishiguro
ca5474c5cf
Add sepolicy for default Context Hub HAL access to stats service
...
Bug: 254328944
Test: Verify no selinux error through logcat
Change-Id: Iebc7e6c42a99d091dd1afcc5ff0204bd6f3c71e7
2022-10-19 16:49:01 +00:00
Treehugger Robot
4a5c2dee68
Merge "Add policies for new services HDMI and HDMICEC"
2022-10-19 02:58:03 +00:00
Steven Moreland
586703a90c
Merge "servicemanager: kernel log perms"
2022-10-18 20:06:41 +00:00
Steven Moreland
5c3f315771
servicemanager: kernel log perms
...
Bug: 210919187
Fixes: 235390578
Test: boot (logs still only show up sometimes)
Change-Id: I16b9814260103ce550836655d0409d43b8850ea0
2022-10-17 21:30:50 +00:00
Treehugger Robot
184064cd13
Merge "Add selinux policy to register remote access HAL."
2022-10-15 03:13:07 +00:00
Shraddha Basantwani
bacf949002
Allow CAS AIDL sample HAL
...
Bug: 230377377, 227673974
Test: manual
Change-Id: Ied6822d8114404b85dbed56ae4806de1bfb43e54
2022-10-12 19:42:20 +05:30
Venkatarama Avadhani
38ff3b4115
Add policies for new services HDMI and HDMICEC
...
Test: atest vts_treble_vintf_framework_test
atest vts_treble_vintf_vendor_test
Change-Id: Ic2c0525368218e207be236d073a3fe736151c43f
2022-10-10 15:40:42 +05:30
Yu Shan
941ab0a90b
Add selinux policy to register remote access HAL.
...
All remote access HAL needs to register itself to service manager,
so add the policy to system/sepolicy/vendor.
Test: Manually run cf_x86_64_auto, verify remote access HAL is
running.
Bug: 241483300
Change-Id: If8c1162eecfcce4792e6309ba351c498e8117687
2022-10-07 13:29:22 -07:00
Peiyong Lin
4a5d0f13c4
Update SEPolicy for Thermal AIDL
...
Bug: b/205762943
Test: build and boot
Change-Id: I301b85dafbf8fbb1c4be388aa0291e22f4717c99
2022-10-05 00:55:20 +00:00