Added permission related to use of wake lock. Wakelock in sensor
HAL is used to gurantee delivery of wake up sensor events before
system go back to sleep.
Bug: 63995095
Test: QCOM and nanohub sensor hal are able to acquire wakelock
successfuly.
Change-Id: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9
Allow sensor hal to sue gralloc handle and access ion device
so that sensor direct report feature can function correctly when
HardwareBuffer shared memory is used.
Test: SensorDirectReportTest passes without setenforce 0
Change-Id: I2068f6f4a8ac15da40126892e1326e0b90a6576f
Merged-In: I2068f6f4a8ac15da40126892e1326e0b90a6576f
This reverts commit 57e9946fb7.
Bug: 62616897
Test: choosecombo 1 aosp_arm64_ab userdebug; m -j 80 The build should
not break.
Signed-off-by: Sandeep Patil <sspatil@google.com>
modprobe domain was allowed to launch vendor toolbox even if its a
coredomain. That violates the treble separation. Fix that by creating a
separate 'vendor_modprobe' domain that init is allowed to transition to
through vendor_toolbox.
Bug: 37008075
Test: Build and boot sailfish
Change-Id: Ic3331797691bb5d1fdc05a674aa4aa313e1f86b2
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 9e366a0e49)
modprobe domain was allowed to launch vendor toolbox even if its a
coredomain. That violates the treble separation. Fix that by creating a
separate 'vendor_modprobe' domain that init is allowed to transition to
through vendor_toolbox.
Bug: 37008075
Test: Build and boot sailfish
Change-Id: Ic3331797691bb5d1fdc05a674aa4aa313e1f86b2
Signed-off-by: Sandeep Patil <sspatil@google.com>
Update SE Policy to allow calls to and callbacks from Wifi Offload HAL
HIDL binderized service.
Combined cherry pick from d56aa1982d15acfc2408271138dac43f1e5dc987
and 66e27bf502
Bug: 32842314
Test: Unit tests, Mannual test to ensure Wifi can be brought up and
connected to an AP, ensure that Offload HAL service is running and that
that wificond can get the service handle by calling hwservicemanager.
Change-Id: I0fc51a4152f1891c8d88967e75d45ded115e766e
This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.
Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
permissions.
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
Added rule:
/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]-service
u:object_r:hal_configstore_default_exec:s0
Bug: 37727469
Test: Built and tested on Sailfish
Change-Id: Icf167fad1c7e601c3662f527d1e3e844ff517b58
Allow sensor hal to sue gralloc handle and access ion device
so that sensor direct report feature can function correctly when
HardwareBuffer shared memory is used.
Test: SensorDirectReportTest passes without setenforce 0
Change-Id: I2068f6f4a8ac15da40126892e1326e0b90a6576f
Adding the default label/mapping is important because:
1. Lookups of services without an selinux label should generate
a denial.
2. In permissive mode, lookups of a service without a label should be
be allowed, without the default label service manager disallows
access.
3. We can neverallow use of the default label.
Bug: 37762790
Test: Build and flash policy onto Marlin with unlabeled vendor services.
Add/find of unlabeled vendor services generate a denial.
Change-Id: I66531deedc3f9b79616f5d0681c87ed66aca5b80
(cherry picked from commit 639a2b842c)
Adding the default label/mapping is important because:
1. Lookups of services without an selinux label should generate
a denial.
2. In permissive mode, lookups of a service without a label should be
be allowed, without the default label service manager disallows
access.
3. We can neverallow use of the default label.
Bug: 37762790
Test: Build and flash policy onto Marlin with unlabeled vendor services.
Add/find of unlabeled vendor services generate a denial.
Change-Id: I66531deedc3f9b79616f5d0681c87ed66aca5b80
This is a follow-up to cbc0d2bb91 which
introduced the typos.
Test: mmm system/sepolicy -- comments only change
Bug: 37640821
Change-Id: Ibe0eda0b3ee9bbfb1e33ef98f2e81267ec580e59
