Commit graph

7204 commits

Author SHA1 Message Date
Treehugger Robot
6003019fa8 Merge "Move mtectrl to private" 2022-01-26 09:30:59 +00:00
Inseob Kim
3bd63cc206 Move mtectrl to private
Because mtectrl is a system internal domain, and we don't need to expose
the type to vendor.

Test: build and boot
Change-Id: Idb5c4a4c6f175e338722971944bf08ba99835476
2022-01-26 08:59:55 +09:00
Etienne Ruffieux
0a19dbdcd3 Merge "Added new context declaration for Bluetooth configs" 2022-01-25 14:00:08 +00:00
Treehugger Robot
d9befdb685 Merge "Add use_bionic_libs macro" 2022-01-25 04:37:07 +00:00
Paul Hu
415a2f9b58 Merge "Add sepolicy for mdns service" 2022-01-25 02:35:42 +00:00
Etienne Ruffieux
bde2fc6c48 Added new context declaration for Bluetooth configs
As we need to create new sysprops for Bluetooth mainline
configs, we need to have a property context available to
vendors and be able to access configs from other packages.

Tag: #feature
Bug: 211570675
Test: Added overlays and logs
Change-Id: If9c61f251578b61c070619069519e0aa563a9573
2022-01-25 01:18:05 +00:00
Jiyong Park
16c1ae3a3d Add use_bionic_libs macro
... to dedupe rules for allowing access to bootstrap bionic libraries.

Bug: N/A
Test: m
Change-Id: I575487416a356c22f5f06f1713032f11d979d7d4
2022-01-25 09:47:56 +09:00
Hunsuk Choi
7938201cbb Combining hal_radio_*_service into hal_radio_service
Test: build and flash
Bug: 198331673
Change-Id: Id5d699ffc77f708e2144ffea6d2a6805822e7f50
2022-01-24 19:42:42 +00:00
paulhu
70b0a77ee0 Add sepolicy for mdns service
mdns service is a subset of netd-provided services, so it gets
the same treatment as netd_service or dnsresolver_service

Bug: 209894875
Test: built, flashed, booted
Change-Id: I33de769c4fff41e816792a34015a70f89e4b8a8c
2022-01-25 00:50:21 +08:00
George Chang
95113bbbed Merge "Add hal_nfc_service" 2022-01-22 01:46:41 +00:00
Sharon Su
0cd7ba7617 Merge "Change in SELinux Policy for wallpaper effects generation API. Test: presubmit tests" 2022-01-22 00:06:00 +00:00
Treehugger Robot
c23930818d Merge "Add sepolicy for IInputProcessor HAL" 2022-01-21 22:45:52 +00:00
Florian Mayer
06337c4260 Merge "Add policy for command line tool to control MTE boot state." 2022-01-21 18:11:00 +00:00
Sharon Su
cedde105ae Change in SELinux Policy for wallpaper effects generation API.
Test: presubmit tests

Change-Id: I02f9545376534d1570cfa270dfe15c9df6f81d47
2022-01-21 09:28:49 +00:00
Badhri Jagan Sridharan
001b47c547 Merge "Add selinux rules for android.hardware.usb.IUsb AIDL migration" 2022-01-21 05:33:33 +00:00
Treehugger Robot
8d149e3294 Merge "Make NearbyManager available as System API." 2022-01-21 01:18:27 +00:00
Siarhei Vishniakou
c655bece6a Add sepolicy for IInputProcessor HAL
This sepolicy is needed so that the vendor can launch a new HAL process,
and then this HAL process could join the servicemanager as an impl for
IInputProcessor. This HAL will be used to contain the previous impl of
InputClassifier and also new features that we are going to add.

Bug: 210158587
Test: use together with a HAL implementation, make sure HAL runs
Change-Id: I476c215ad622ea18b4ce5cba9c07ae3257a65817
2022-01-20 23:40:05 +00:00
Badhri Jagan Sridharan
c887ea3965 Add selinux rules for android.hardware.usb.IUsb AIDL migration
Covers the rules needed for the default AIDL implementation.

Bug: 200993386
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ib152d12686e225e3c1074295a70c624a5115e9bd
2022-01-20 23:03:26 +00:00
Florian Mayer
23173455ab Add policy for command line tool to control MTE boot state.
Bug: 206895651

Change-Id: I2e84193668dcdf24bde1c7e12b3cfd8a03954a16
2022-01-20 17:30:09 +00:00
Eric Lin
3d482ca579 Make NearbyManager available as System API.
As the Fastpair in Mainline Module design, we intend to let OEM to:
* Support Fast Pair initial pairing by setting up its own server to
  sync and serve certified Fast Pair devices’ metadata.
* Support Fast Pair subsequent pairing by associating already
  paired Fast Pair devices to OEM’s accounts.
We also want to migrate GMS Fast Pair to use this mainline
implementation in the future and let our test signed with "platform"
can access to the NearbyManager.
Therefore, we need to make NearbyManager available as System API.

Bug: 214495869
Test: build, flash, boot, check "nearby_service" available for "privileged apps"
Change-Id: Icda959a33ba61eb39a3b584fc3b7a8b340fba11e
2022-01-20 07:54:36 +00:00
George Chang
0ddfebb4e1 Add hal_nfc_service
Bug: 204868826
Test: atest VtsAidlHalNfcTargetTest
Change-Id: If01d1d0a74f5c787805d3744772d40a7aa7db9cb
2022-01-20 03:48:57 +00:00
John Reck
22903f0435 Add IAllocator stable-aidl
Test: Builds & boots; no sepolicy errors logged
Bug: 193558894
Change-Id: I11e162310548b67addc032ccc0d499cbf391e7f9
2022-01-18 19:40:26 -05:00
Gabriel Biren
8f86dd4eef Merge "Add supplicant service to the dumpstate exceptions and dontaudit lists." 2022-01-18 18:15:46 +00:00
Gabriel Biren
3d0529483b Add supplicant service to the dumpstate
exceptions and dontaudit lists.

wpa_supplicant does not have a dump() method, so
dumpstate shouldn't need to access this HAL.

Bug: 213616004
Test: Treehugger tests
Change-Id: I5a0d80725434b56c9663948c3727faea9fb38db6
2022-01-14 17:17:31 +00:00
Nikita Ioffe
269e7cfc51 Move allow rules from public/app.te to private/app.te
Allow rules in public/*.te can only reference types defined in
public/*.te files. This can be quite cumbersome in cases a rule needs to
be updated to reference a type that is only defined in private/*.te.

This change moves all the allow rules from public/app.te to
private/app.te to make it possible to reference private types in the
allow rules.

Bug: 211761016
Test: m
Test: presubmit
Change-Id: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
Merged-In: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
2022-01-13 22:56:14 +00:00
Jeremy Meyer
0f72360b2f Merge "Add resources_manager_service" 2022-01-12 20:41:28 +00:00
Maurice Lam
2e38cfa2f7 Make virtual_device_service accessible from CTS
This is safe because methods in VirtualDeviceManager are guarded by
the internal|role permission CREATE_VIRTUAL_DEVICE, and all subseuqent
methods can only be called on the returned binder.

Fixes: 209527778
Test: Manual
Change-Id: I60a5cf76eec1e45803cf09ab4924331f7c12ced4
2022-01-11 13:21:14 -08:00
Jeremy Meyer
d8a3c2b156 Add resources_manager_service
Test: manual, calling the service with `adb shell cmd` works
Bug: 206615535
Change-Id: I8d3b945f6abff352991446e5d88e5a535a7f9ccf
2022-01-10 23:03:42 +00:00
Michael Rosenfeld
5425c870f9 Allow the shell to disable charging.
Bug: 204184680
Test: manual and through instrumentation
Change-Id: I1fe9b35d51140eccba9c05c956875c512de447b1
2022-01-10 10:36:01 -08:00
Xinyi Zhou
e9857ab5cf Allow system app to find NearbyManager
Bug: 189954300
Test: -build, flash, boot
Change-Id: Ia21b10213311b0639f320b559e78963d562f30a3
2022-01-05 11:57:44 -08:00
Treehugger Robot
96c5222c94 Merge "Make surface_flinger_native_boot_prop a system_restricted_prop for ADPF" 2021-12-28 00:54:22 +00:00
Matt Buckley
964c68b02d Make surface_flinger_native_boot_prop a system_restricted_prop for ADPF
Test: manual
Bug: b/195990840
Change-Id: Icb758c48a1faa8901a1d2c2c442451c42fc3b5b1
2021-12-27 18:24:12 +00:00
Devin Moore
4f85138c08 Merge "Add policy for new AIDL IR hal" 2021-12-22 21:44:17 +00:00
Hui Wu
c66fb7aefc Merge "Changes in SELinux Policy for cloudsearch API" 2021-12-17 03:04:08 +00:00
Devin Moore
978b9e5d1c Add policy for new AIDL IR hal
IR interface is converted to AIDL and this contains the necessary
permissions for the default service to serve the interface.

Test: atest VtsHalIrTargetTest hal_implementation_test
Test: check for permission issues after tests
Bug: 205000342
Change-Id: I8d9d81d957bf6ef3c6d815ce089549f8f5337555
2021-12-16 20:24:27 +00:00
Hui Wu
f3e29c7066 Changes in SELinux Policy for cloudsearch API
Bug: 210528288
Test: Presubmit Tests

Change-Id: I344d28a95bf7d466620fced9cc85b50bbfcd1947
2021-12-16 19:31:53 +00:00
Treehugger Robot
ac9f469ff0 Merge "Add rule for new gesture_prop." 2021-12-15 05:03:42 +00:00
Super Liu
078141a921 Add rule for new gesture_prop.
Bug: 209713977
Bug: 193467627
Test: local build and manual check.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: Ib1d2d6dcc7d6ddc6243c806a883d9252d7c081af
2021-12-15 09:32:01 +08:00
Treehugger Robot
885bc3ca66 Merge "Add hal_vehicle_service for AIDL VHAL service." 2021-12-11 00:49:12 +00:00
Joanne Chung
eed1918f7f Add rule for new system service
Update policy for new system service, used for Apps to present the
toolbar UI.

Bug: 190030331
Bug: 205822301
Test: manual. Can boot to home and get manager successfully.

Change-Id: Iee88681a93ae272a90896ccd2a6b64c26c809e82
2021-12-10 13:30:55 +08:00
Treehugger Robot
0ce3e70c84 Merge "Add charger_vendor type" 2021-12-10 02:16:55 +00:00
Chris Weir
b7ed015cd8 Merge "Give Netlink Interceptor route_socket perms" 2021-12-09 01:52:32 +00:00
Yu Shan
78be3081e7 Add hal_vehicle_service for AIDL VHAL service.
Add selinux policy for AIDL Vehicel HAL service.
This CL mostly follows https://android-review.googlesource.com/c/platform/system/sepolicy/+/1541205/.

Test: Manually test on emulator, verify AIDL VHAL service is up and
accessible by client.
Bug: 209718034

Change-Id: Icad92e357dacea681b8539f6ebe6110a8ca8b357
2021-12-07 22:23:50 -08:00
Yifan Hong
035ce4b7f4 Add charger_vendor type
This is the context when health HAL runs in offline
charging mode.

This has the same permissions as the health HAL, but
is also able to do charger specific things.

Also restrict neverallow rules in charger_type.

Test: manual in offline charging mode
Bug: 203246116
Change-Id: I6034853c113dff95b26461153501ad0528d10279
2021-12-07 16:24:23 -08:00
Yifan Hong
adc0f709b6 recovery/fastbootd: allow to talk to health HAL.
- Allow to use binder.
- Allow to talk to health HAL.

Test: manual in recovery
Test: fastboot getvar battery-voltage
Bug: 177269435
Change-Id: Ic3b1619ac34a10cb6007b8e011a01841343e9e8b
2021-12-07 16:22:53 -08:00
Yifan Hong
259491ba0b servicemanager: allow to read VINTF files in recovery.
Test: manual
Bug: 206888109
Change-Id: I2b7f0f33c27beb0d4401d1d697fdc58e7c62986f
2021-12-07 16:22:53 -08:00
Yifan Hong
d725f8acaf Merge "recovery: allow to talk to health HAL." 2021-12-07 18:18:07 +00:00
Treehugger Robot
f5646ff42b Merge "Add logd.ready" 2021-12-02 03:34:00 +00:00
Kedar Chitnis
bb0315bab9 Merge "Update sepolicy to add dumpstate device service for AIDL HAL" 2021-12-01 12:16:33 +00:00
Chris Weir
7129b929e3 Give Netlink Interceptor route_socket perms
VTS for Netlink Interceptor needs access to netlink_route_socket, and
other services routing traffic to Netlink Interceptor may as well.

Bug: 201467304
Test: VtsHalNetlinkInterceptorV1_0Test
Change-Id: Ic52e54f1eec7175154d2e89e307740071b1ba168
2021-12-01 04:08:19 +00:00