Configstore HAL uses a seccomp filter which blocks the standard
path of execing crash_dump to collect crash data. Add permission
to use crash_dump's fallback mechanism.
Allowing configstore to write to the socket provided by tombstoned
required either exempting configstore from a neverallow rule, or
removing the neverallow rule entirely. Since the neverallow rule
could potentially prevent partners for doing security hardening,
it has been removed.
Bug: 64768925
Bug: 36453956
Test: killall -ABRT android.hardware.configstore@1.1-service
Results in a call stack in logcat, and tombstone in
/data/tombstones
Test: configstore runs without crashing
Test: SANITIZE_TARGET="address coverage" make vts -j64
vts-tradefedrun commandAndExit vts --skip-all-system-status-check \
-primary-abi-only --skip-preconditions -l VERBOSE --module \
VtsHalConfigstoreV1_0IfaceFuzzer
Change-Id: I1ed5265f173c760288d856adb9292c4026da43d6
This adds fine-grained policy about who can register and find which
HwBinder services in hwservicemanager.
Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
record video (slow motion and normal), and check that photos
look fine and videos play back with sound.
Test: Cast screen to a Google Cast device
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
make and install CtsMediaTestCases.apk
adb shell am instrument -e size small \
-w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Test: Adjust screen brightness via the slider in Quick Settings
Test: adb bugreport
Test: Enroll in fingerprint screen unlock, unlock screen using
fingerprint
Test: Apply OTA update:
Make some visible change, e.g., rename Settings app.
make otatools && \
make dist
Ensure device has network connectivity
ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip
Confirm the change is now live on the device
Bug: 34454312
Change-Id: Iecf74000e6c68f01299667486f3c767912c076d3
This commit marks surfaceflinger and app domain (except isolated_app)
as clients of Configstore HAL. This cleans up the policy and will make
it easier to restrict access to HwBinder services later.
Test: Play YouTube clip in YouTube app and YouTube web page in Chrome
Test: Take an HDR+ photo, a normal photo, a video, and slow motion
video in Google Camera app. Check that photos show up fine and
that videos play back with sound.
Test: Play movie using Google Play Movies
Test: Google Maps app displays the Android's correct location
Bug: 34454312
Change-Id: I0f468a4289132f4eaacfb1d13ce4e61604c2a371
