tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33762 commits 1 branch 0 tags 50 MiB
Commit graph

6 commits

Author SHA1 Message Date
ChengYou Ho
553afe7242 Add sepolicy for oemlock aidl HAL 
Bug: 176107318
Change-Id: I26f8926401b15136f0aca79b3d5964ab3b59fbdd
 2021-01-11 05:57:17 +00:00
Steven Moreland
9234e00daf hal_attribute_hwservice_client drop '_client' 
Since this attribute just associates a hal_attribute
with a given hwservice in the standard way.

Bug: 80319537
Test: boot + sanity + test for denials
Change-Id: I545de165515387317e6920ce8f5e8c491f9ab24e
 2018-06-06 09:30:18 -07:00
Steven Moreland
343e24a1be hal_attribute_hwservice_client += add_hwservice 
For sanity, this makes 'hal_attribute_hwservice_client'
be associated with a specific hwservice thus making things
consistent.

After this change, only configstore, hal_allocator, and the
fwk_* services are inconsistent with all other HALs.

Bug: 80319537
Test: boot device, sanity tests, check for denials
Change-Id: Ibffc65c9567a429e07a3dc4dd41117738459dc2a
 2018-06-06 09:25:52 -07:00
Steven Moreland
8fc7981885 Find hal_foo_hwservice -> you are hal_foo_client. 
Before, it was possible to access a hwservice without declaring
that you were a client.

This introduces the following macro:
hal_attribute_hwservice_client(hal_foo, hal_foo_hwservice)

which makes sure the above implication holds using a neverallow rule.

Bug: 80319537
Test: boot + sanity
Change-Id: Iededae68f14f0f3bd412c1205aa3b650a54d55c6
 2018-05-30 16:46:57 -07:00
Andrew Scull
475954dad5 Add missing sepolicies for OemLock HAL. 
Bug: 38232801
Test: Build

Change-Id: Iccc16430e7502bb317f95bb2a5e2f021d8239a00
 2017-05-31 15:22:05 +01:00
Andrew Scull
0e9b22078b SELinux policies for the OEM lock HAL. 
Bug: 34766843
Change-Id: I5be615d818ecf999fec6514ce9b89ff6a7f13cd6
Fix: 38232801
Test: Build and boot
Merged-In: Ice78aedfdbe82477a84252499a76dad37887fe6b
 2017-05-12 15:37:39 +01:00