This SEPolicy change allows the hal_keymint domain to add
hal_remotelyprovisionedcomponent_service to hwservice_manager.
Test: The Keymint HAL can successfully start an instance of
IRemotelyProvisionedComponent
Change-Id: I15f34daf319e8de5b656bfacb8d050950bf8f250
Allows the AIDL IStats service to be exposed via ServiceManager
Defines IStats service client domain to be used by pixelstats_vendor
Bug: 178859845
Test: Build, flash, and aidl_stats_client
Change-Id: If41e50d0182993d0b7f8501e9147e0becf526689
Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest.
Bug: b/171844725, b/168673523.
Change-Id: I8b81ec12c45566d31edcd117e41fd559df32c37d
This change adds the SEPolicy changes required to support the remote
provisioning flow. The notable additions are specifically labeling the
remote provisioning app and giving it access to find the remote
provisioning service which is added in keystore. It also requires
network access in order to communicate to the provisioning servers.
This functionality is extremely narrow to the point that it seems worth
it to define a separate domain for this app, rather than add this in to
the priv_app or platform_app permission files. Since this app also
communicates with the network, it also seems advantageous to limit its
permissions only to what is absolutely necessary to perform its
function.
Test: No denials!
Change-Id: I602c12365a575d914afc91f55e6a9b6aa2e14189
aosp/1574082 added sepolicy for a "vpnmanager" system service
which is being introduced to move code from ConnectivityService
to a new VpnManagerService.
Unfortunately that CL missed the fact that "vpn_management" is
already a service name and present in the public API since R.
Instead of adding another service name, use the existing service
name to lessen confusion. It is difficult to avoid confusion
entirely because there was already a public class called
VpnService when the VpnManager class was added to the public API
surface.
Bug: 173331190
Test: builds, boots, "dumpsys vpn_management" throws no errors
Change-Id: I4ab188ef62592aac167ba1f7b586accc882815e8
Configures sepolicy to allow for the new TracingServiceProxy system
services, and to allow Perfetto to access the service.
Bug: 175591887
Test: Validated the service started successfullyy, and invoked via CLI
Change-Id: Idb6438948a9d96063f8455544b97ef66267cde23
The system server code that backs VPN APIs such as VpnService and
VpnManager currently lives in ConnectivityService and is accessed
via IConnectivityManager.
In S, ConnectivityService is being moved to the tethering
mainline module, but the VPN code is not. So add an new
service (vpnmanager, IVpnManager, VpnManagerService) to support
these APIs.
Service implementation at http://r.android.com/1572982 . That CL
cannot be in a topic with this one because it will conflict in
master and sc-dev.
Bug: 173331190
Test: builds, boots, "dumpsys vpnmanager" throws no errors
Change-Id: Ic09c93cc454ec959a3beda2b09efa74b8db30c27
For upcoming @SystemApi DomainVerificationManager.
Test: manual, accessing new manager from test app works
Change-Id: Ic73733dce3e9152af9c6f08fb7e460fa5a01ebdf
Add selinux policy so the app hibernation system service can be accessed
by other processes/apps.
Bug: 175829330
Test: builds
Change-Id: I96ea9dd977ec007bc11560601554547749b4df03
The interaface now provided by IKeystoreAuthorization AIDL interface was
previously provided by Keystore AIDL interface.
This CL adds policy to allow Keystore2 to register
IKeystoreAuthorization aidl service and to allow service manager to
look up and connect to the service.
Bug: 159475191
Test: Needs to be tested in runtime
Change-Id: I56829a8764e0efe55efdc92b75d7a3d918a20dae
- Update policy for new system service, used for AiAi/Apps to
present data in their UI.
Bug: 173243538
Bug: 176208267
Test: manual. Can boot to home and get manager successfully.
Change-Id: Ie88c6fa7ed80c0d695daaa7a9c92e11ce0fed229
Revert "Add android.hardware.memtrack-unstable-ndk_platform"
Revert submission 1518702-memtrack-aidl
Reason for revert: Broken tests and boot time regressions
Reverted Changes:
Ic4dd70e2c:Add android.hardware.memtrack-unstable-ndk_platfor...
Iaf99d0ca4:Add stable aidl memtrack HAL to product packages
Iac54ae2ba:Add stable aidl memtrack hal to vndk list
If310210a3:libmemtrack: Add support for AIDL memtrack HAL
Ib6c634def:Memtrack HAL: Add stable AIDL implementation
I5e1d0e006:Memtrack HAL stable aidl sepolicy
Change-Id: I0c55ee100c7fd8d09a5b188a39b17c95c8a43c39
This service manager is registered by Keystore 2.0 to lookup legacy
wrapper services.
Keystore 2.0 is now written in rust. We have AIDL binding for rust but
no HIDL binding. Keystore 2.0 has to support legacy HIDL based
interfaces. So we implement the AIDL KeyMint interface in terms of the
legacy HIDL Keymaster <= V4.1 devices in C++. This wrapper is linked
into the Keystore 2.0 process but it cannot be called directly but must
be treated like a remote binder instead. However, we cannot register
these wrappers directly, because a) we are not a vendor component, and
b) it would conflict with genuine KeyMint devices on newer devices. So
Instead we register Keystore 2.0 itself as a legacy service provider.
Which it can query itself for the legacy wrappers if it does not find
a genuine KeyMint implementation to connect to.
Bug: 171351607
Test: Keystore 2.0 can register this Service and lookup legacy wrapper
services.
Change-Id: I935f23837721ce126531236f4920dba469a47be4
16d61d0383
Bug: 175345910
Bug: 171429297
Exempt-From-Owner-Approval: re-landing topic with no changes in this CL.
Change-Id: I1352c6b46b007dba3448b3c9cbdf454d7862a176
