mdns service is a subset of netd-provided services, so it gets
the same treatment as netd_service or dnsresolver_service
Bug: 209894875
Test: built, flashed, booted
Change-Id: I33de769c4fff41e816792a34015a70f89e4b8a8c
This sepolicy is needed so that the vendor can launch a new HAL process,
and then this HAL process could join the servicemanager as an impl for
IInputProcessor. This HAL will be used to contain the previous impl of
InputClassifier and also new features that we are going to add.
Bug: 210158587
Test: use together with a HAL implementation, make sure HAL runs
Change-Id: I476c215ad622ea18b4ce5cba9c07ae3257a65817
As the Fastpair in Mainline Module design, we intend to let OEM to:
* Support Fast Pair initial pairing by setting up its own server to
sync and serve certified Fast Pair devices’ metadata.
* Support Fast Pair subsequent pairing by associating already
paired Fast Pair devices to OEM’s accounts.
We also want to migrate GMS Fast Pair to use this mainline
implementation in the future and let our test signed with "platform"
can access to the NearbyManager.
Therefore, we need to make NearbyManager available as System API.
Bug: 214495869
Test: build, flash, boot, check "nearby_service" available for "privileged apps"
Change-Id: Icda959a33ba61eb39a3b584fc3b7a8b340fba11e
exceptions and dontaudit lists.
wpa_supplicant does not have a dump() method, so
dumpstate shouldn't need to access this HAL.
Bug: 213616004
Test: Treehugger tests
Change-Id: I5a0d80725434b56c9663948c3727faea9fb38db6
Allow rules in public/*.te can only reference types defined in
public/*.te files. This can be quite cumbersome in cases a rule needs to
be updated to reference a type that is only defined in private/*.te.
This change moves all the allow rules from public/app.te to
private/app.te to make it possible to reference private types in the
allow rules.
Bug: 211761016
Test: m
Test: presubmit
Change-Id: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
Merged-In: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
This is safe because methods in VirtualDeviceManager are guarded by
the internal|role permission CREATE_VIRTUAL_DEVICE, and all subseuqent
methods can only be called on the returned binder.
Fixes: 209527778
Test: Manual
Change-Id: I60a5cf76eec1e45803cf09ab4924331f7c12ced4
IR interface is converted to AIDL and this contains the necessary
permissions for the default service to serve the interface.
Test: atest VtsHalIrTargetTest hal_implementation_test
Test: check for permission issues after tests
Bug: 205000342
Change-Id: I8d9d81d957bf6ef3c6d815ce089549f8f5337555
Bug: 209713977
Bug: 193467627
Test: local build and manual check.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: Ib1d2d6dcc7d6ddc6243c806a883d9252d7c081af
Update policy for new system service, used for Apps to present the
toolbar UI.
Bug: 190030331
Bug: 205822301
Test: manual. Can boot to home and get manager successfully.
Change-Id: Iee88681a93ae272a90896ccd2a6b64c26c809e82
Add selinux policy for AIDL Vehicel HAL service.
This CL mostly follows https://android-review.googlesource.com/c/platform/system/sepolicy/+/1541205/.
Test: Manually test on emulator, verify AIDL VHAL service is up and
accessible by client.
Bug: 209718034
Change-Id: Icad92e357dacea681b8539f6ebe6110a8ca8b357
This is the context when health HAL runs in offline
charging mode.
This has the same permissions as the health HAL, but
is also able to do charger specific things.
Also restrict neverallow rules in charger_type.
Test: manual in offline charging mode
Bug: 203246116
Change-Id: I6034853c113dff95b26461153501ad0528d10279
- Allow to use binder.
- Allow to talk to health HAL.
Test: manual in recovery
Test: fastboot getvar battery-voltage
Bug: 177269435
Change-Id: Ic3b1619ac34a10cb6007b8e011a01841343e9e8b
VTS for Netlink Interceptor needs access to netlink_route_socket, and
other services routing traffic to Netlink Interceptor may as well.
Bug: 201467304
Test: VtsHalNetlinkInterceptorV1_0Test
Change-Id: Ic52e54f1eec7175154d2e89e307740071b1ba168
On non-A/B devices, recovery needs to check if battery
is okay before applying the update. This requires
talking to the AIDL health HAL if the device uses
AIDL health HAL.
Test: manually calling GetBatteryInfo and check for denials
Bug: 170338625
Bug: 177269435
Change-Id: Ia89353cfff023376a4176c0582312bdcab00b5e6
logd.ready is a system property that logd sets when it is ready to
serve incoming socket requests for reading and writing logs. Clients of
logd (e.g. logcat) can use this to synchronize with logd, otherwise they
may experience a crash due to the refused socket connection to logd when
they are started before logd is ready.
Bug: 206826522
Test: run microdroid. see logcat logs are shown immediately
Change-Id: Iee13485b0f4c2beda9bc8434f514c4e32e119492
- Add hal_dumpstate_service AIDL service to hal_dumpstate.te,
service.te
- Add default example hal_dumpstate service to file_contexts,
service_contexts
- Adde hal_dumpstate_service to API level 31 compatibility
ignore list (31.0.ignore.cil)
Bug: 205760700
Test: VtsHalDumpstateTargetTest, dumpstate, dumpstate_test, dumpsys
Change-Id: If49fa16ac5ab1d3a1930bb800d530cbd32c5dec1
New type added in sepolicy to restrict Vendor defined uuid mapping
config file access to SecureElement.
Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: I81d715fa5d5a72c893c529eb542ce62747afcd03
Bug: 202785178
Test: Along with rest of topic, file
/sys/fs/bpf/prog_fuse_media_fuse_media
appears on boot with fuse-bpf in kernel
Merged-In: Ibccdf177c75fef0314c86319be3f0b0f249ce59d
Change-Id: Ibccdf177c75fef0314c86319be3f0b0f249ce59d
