tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47880 commits 1 branch 0 tags 50 MiB
Commit graph

608 commits

Author SHA1 Message Date
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL. 
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
 2023-04-10 17:42:51 -07:00
Lakshman Annadorai
124be07e24 Add sepolicy rules for CpuMonitorService. 
Change-Id: Icda952c148150e4d7824e303d163996679a0f36b
Test: m
Bug: 242722241
 2023-03-27 16:29:09 +00:00
Tri Vo
4bb2d30701 Remove RemoteProvisioner and remoteprovisioning services 
Bug: 273325840
Test: keystore2_test
Change-Id: I295ccdda5a3d87b568098fdf97b0ca5923e378bf
 2023-03-14 15:45:35 -07:00
Neil Fuller
05f8ebe1db Allow timedetector_service access 4 ephemeral apps 
Allow timedetector_service access for ephemeral apps.

The service call behind currentNetworkTimeClock() moved from
AlarmManager to TimeDetector.

Before this change, alarm_service is accessible by ephemeral apps but
timedetector_service is not. After this change, timedetector_service is
accessible by ephemeral apps, unbreaking the call.

The breakage was not previously noticed because the test involved does
not run in the ephemeral case because of restrictions around what test
infra can do in the ephemeral case. A recent test refactor tests the
method in a different way, revealing the issue.

Bug: 270788539
Test: run cts -m CtsOsTestCases -t android.os.cts.SystemClockNetworkTimeTest#testCurrentNetworkTimeClock
Change-Id: Iafdfb9f13d473bcc65c4e60733e57f1d25c511ab
 2023-02-28 10:11:28 +00:00
Alice Wang
5e94b1698c [dice] Remove all the sepolicy relating the hal service dice 
As the service is not used anywhere for now and in the near future.

Bug: 268322533
Test: m
Change-Id: I0350f5e7e0d025de8069a9116662fee5ce1d5150
 2023-02-24 08:34:26 +00:00
Pedro Loureiro
58847ab171 Add SEPolicy for device config service 
A new mainline module that will have the device config logic requires a new service (device_config_updatable).

Bug: 252703257

Test: manual because logic that launches service is behind flag

Change-Id: I4ffba0c7d2afc44af8438b7d84d836e42388bd7d
 2023-02-13 09:37:12 +00:00
Brian Julian
32b0a39d27 Backports sepolicy for AltitudeService to T. 
Test: VtsHalAltitudeServiceTargetTest
Bug: 265013616
Change-Id: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
Merged-In: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
 2023-02-07 19:38:17 +00:00
Karthik Mahesh
52e5914ca4 Add sepolicy for ODP system server service. 
Bug: 236174677
Test: build
Change-Id: Ief208b795dd05ddaa406f50a5fa91f46fe52fd71
 2023-02-01 22:27:36 -08:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
KH Shi
8ae99b5e5f Update SEPolicy for Tetheroffload AIDL 
Bug: b/205762647
Test: m
Change-Id: Iaf87e8a64a4a1af20f54e3c09c31d051acf549a1
 2023-01-04 11:28:47 +08:00
Venkatarama Avadhani
5a86d5f3f3 HDMI: Refactor HDMI packages 
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.

Bug: 261729059
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
 2022-12-27 18:15:26 +05:30
Venkatarama Avadhani
0f0861af8f EARC: Add Policy for EArc Service 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
 2022-12-27 18:11:36 +05:30
Calvin Pan
f56dfeb2d4 Merge "Add grammatical_inflection service" 2022-12-15 07:38:01 +00:00
Avichal Rakesh
95ecfc2f33 Merge "cameraservice: Add selinux policy for vndk cameraservice." 2022-12-14 22:49:47 +00:00
Avichal Rakesh
0febfbd952 cameraservice: Add selinux policy for vndk cameraservice. 
This CL adds a new cameraservice type to allow vendor clients of
cameraservice to query and find the stable cameraservice
implementation.

Bug: 243593375
Test: Manually tested that cameraservice can register a vendor facing
      instance.
Change-Id: I61499406d4811c898719abcb89c51b4b8a29f4a7
 2022-12-14 20:46:43 +00:00
Calvin Pan
a9b1c2299c Add grammatical_inflection service 
This new service is exposed by system_server and available to all apps.

Bug: 259175720
Test: atest and check the log
Change-Id: I522a3baab1631589bc86fdf706af745bb6cf9f03
 2022-12-14 05:22:53 +00:00
Treehugger Robot
8cce74d7e0 Merge "sepolicy: Add Bluetooth AIDL" 2022-12-13 18:26:03 +00:00
Chris Weir
caf905ff3c Merge "SEPolicy for AIDL CAN HAL" 2022-12-09 22:09:12 +00:00
Chris Weir
eee59458c2 SEPolicy for AIDL CAN HAL 
CAN HAL moving to AIDL, SEPolicy will need to be adjusted.

Bug: 170405615
Test: AIDL CAN HAL VTS
Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
 2022-12-09 11:00:10 -08:00
Seth Moore
3accea479a Add permissions for remote_provisioning service 
Bug: 254112668
Test: manual + presubmit
Change-Id: I54d56c34ad4a8199b8aa005742faf9e1e12583c3
 2022-12-06 08:46:20 -08:00
Myles Watson
671a0c3bda sepolicy: Add Bluetooth AIDL 
Bug: 205758693
Test: manual - boot local image with Cuttlefish
Change-Id: Ic0c5408d83f8c352b72f79e9024212c7ff0c84c1
 2022-12-02 13:08:26 -08:00
Steven Moreland
c3802445d0 Merge "sepolicy for SE HAL" 2022-11-29 22:30:40 +00:00
Devin Moore
45d8baf70d Merge "Add sepolicy for new AIDL sensorservice" 2022-11-18 19:21:47 +00:00
Steven Moreland
4c6586817a sepolicy for SE HAL 
Bug: 205762050
Test: N/A
Change-Id: I76cd5ebc4d0e456a3e4f1aa22f5a932fb21f6a23
 2022-11-15 22:41:09 +00:00
Devin Moore
e714ba95ed Add sepolicy for new AIDL sensorservice 
Test: boot cuttlefish and check for avc denials
Bug: 205764765
Change-Id: Ie9d02b43250ca3c5f642b2d87d2a5b532a9b5195
 2022-11-14 17:26:24 +00:00
Sandeep Dhavale
d64fb55474 Merge "Fastboot AIDL Sepolicy changes" 2022-11-10 18:29:00 +00:00
Sandeep Dhavale
f0ea953e60 Fastboot AIDL Sepolicy changes 
Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
 2022-11-09 22:21:27 +00:00
Lakshman Annadorai
4d277b7baa Revert "Add sepolicies for CPU HAL." 
This reverts commit f4ab6c9f3c.

Reason for revert: CPU HAL is no longer required because the CPU frequency sysfs files are stable Linux Kernel interfaces and could be read directly from the framework.

Change-Id: I8e992a72e59832801fc0d8087e51efb379d0398f
 2022-11-09 16:47:07 +00:00
Lakshman Annadorai
f4ab6c9f3c Add sepolicies for CPU HAL. 
Change-Id: Ia091bf8f597a25351b5ee33b2c2afc982f175d51
Test: Ran `m; emulator; adb logcat -b all -d > logcat.txt;`
      and verified CPU HAL is running without any sepolicy violation.
Bug: 252883241
 2022-11-04 18:13:00 +00:00
Treehugger Robot
e6a43ec4c9 Merge "Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration" 2022-10-27 14:03:48 +00:00
Ricky Niu
fc1463c164 Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration 
Covers the rules needed for the default AIDL implementation.

10-26 10:22:42.408   448   448 I auditd  : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0

Bug: 218791946
Test: reboot and check if AIDL service is running.

Signed-off-by: Ricky Niu <rickyniu@google.com>
Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199
 2022-10-27 15:42:56 +08:00
Gabriel Biren
b7e21bcfe7 Merge "Add SeLinux policy for WiFi Vendor HAL AIDL service." 2022-10-25 17:03:10 +00:00
Henry Fang
0c3f615602 Merge "Allow CAS AIDL sample HAL" 2022-10-25 16:38:20 +00:00
Reema Bajwa
7e707248b2 Merge "Add app_api_service and ephemeral_app_api to credential_service selinux policy to allow regular apps and instant apps to access credential manager Test: Built & deployed locally Bug: 253155284 Feature Bug: 241268646" 2022-10-22 00:41:37 +00:00
Gabriel Biren
e310ef8163 Add SeLinux policy for WiFi Vendor HAL AIDL service. 
Bug: 205044134
Test: Manual - reboot phone and check if AIDL
      service is running.
Change-Id: I242e6ef860d2defdb0ab0a3d649b2a4e3f0de5a6
 2022-10-19 16:34:56 +00:00
Reema Bajwa
d151d63fa0 Add app_api_service and ephemeral_app_api to credential_service selinux policy to allow regular apps and instant apps to access credential manager 
Test: Built & deployed locally
Bug: 253155284
Feature Bug: 241268646

Change-Id: I6cf6738858bccfbb07f0cf2e92fcbd472b4c56ce
 2022-10-19 14:50:46 +00:00
Shraddha Basantwani
bacf949002 Allow CAS AIDL sample HAL 
Bug: 230377377, 227673974
Test: manual
Change-Id: Ied6822d8114404b85dbed56ae4806de1bfb43e54
 2022-10-12 19:42:20 +05:30
Venkatarama Avadhani
38ff3b4115 Add policies for new services HDMI and HDMICEC 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ic2c0525368218e207be236d073a3fe736151c43f
 2022-10-10 15:40:42 +05:30
Peiyong Lin
33e03e09b4 Merge "Update SEPolicy for Thermal AIDL" 2022-10-07 04:00:17 +00:00
Peiyong Lin
4a5d0f13c4 Update SEPolicy for Thermal AIDL 
Bug: b/205762943
Test: build and boot
Change-Id: I301b85dafbf8fbb1c4be388aa0291e22f4717c99
 2022-10-05 00:55:20 +00:00
Steven Moreland
07c5387324 Merge "hidl2aidl: sepolicy changes for confirmationui aidl" 2022-10-03 19:10:31 +00:00
Subrahmanyaman
745efb4ced hidl2aidl: sepolicy changes for confirmationui aidl 
Sepolicy changes for confirmationui while converting from hidl
to aidl.

Bug: b/205760172
Test: run vts -m VtsHalConfirmationUIV1_0Target
Change-Id: Ib21038fd89789755b978489f5293725b221d86c4
 2022-09-23 19:00:15 +00:00
Amos Bianchi
3189fafa2a Add sepolicy for new module. 
Bug: b/241442337
Test: TH
Change-Id: Ia58e2d4b205638509545a0a2c356cd68862beb1f
 2022-09-23 10:40:47 -07:00
Yu Shan
e799e9284c Merge "Create selinux policy for remoteaccess HAL." 2022-09-22 01:17:00 +00:00
Weilin Xu
52546635b2 Applying new IBroadcastRadio AIDL 
Update Sepolicy for AIDL broadcast radio HAL. Ignore
fuzzer default AIDL implementation for now.

Bug: 170336130
Test: m -j
Change-Id: Ie55c08c6a721de1f8dc40acc81de68565f99f7d7
 2022-09-21 23:17:20 +00:00
Steven Moreland
5043c02262 Merge "hidl2aidl: conversion of gatekeeper hidl to aidl" 2022-09-21 21:26:01 +00:00
Reema Bajwa
396d34b7c8 Merge "Add SELinux changes for Credential Manager Service in system server Test: Built & Deployed on device locally." 2022-09-21 17:34:09 +00:00
Yu Shan
05a7389aa9 Create selinux policy for remoteaccess HAL. 
Will add fuzzer once the service is implemented.

Test: Run remoteaccess HAL on gcar_emu. Verify the service is running.
Bug: 241483300
Change-Id: I01b31a88414536ddd90f9098f422ae43a48cf726
 2022-09-20 18:09:49 -07:00
Anna Zhuravleva
2864a66331 Add sepolicy for Health Connect system service. 
Add selinux policy so the healthconnect system service
can be accessed by other processes.

Bug: 246961138
Test: build
Change-Id: I37e0e7f1a2b4696b18f8876a107c509d2906e850
 2022-09-20 17:14:35 +00:00
Reema Bajwa
5b57bfaf7e Add SELinux changes for Credential Manager Service in system server 
Test: Built & Deployed on device locally.

Change-Id: I892107ed528e0ca7435aa29a0fa1e6dbf4f225c5
 2022-09-19 17:51:06 +00:00
Subrahmanyaman
1d2a3fedcc hidl2aidl: conversion of gatekeeper hidl to aidl 
Conversion of the gatekeeper hidl interface to stable aidl interface.

Bug: 205760843
Test: run vts -m VtsHalGatekeeperTarget
Change-Id: I44f554e711efadcd31de79b543f42c0afb27c23c
 2022-09-19 17:43:26 +00:00
Yixiao Luo
aa98f8a58c Merge "TV Input HAL 2.0 sepolicy" 2022-08-26 23:19:24 +00:00
Thiébaud Weksteen
c0fef5c1ae Merge "Remove wpantund and lowpan_service" 2022-08-25 23:57:20 +00:00
Yixiao Luo
e83ae791aa TV Input HAL 2.0 sepolicy 
Bug: 227673740
Test: atest VtsHalTvInputTargetTest
Change-Id: I53f6537a8f911661e368824a5a5dc5db57413980
 2022-08-25 14:31:49 -07:00
Thiébaud Weksteen
8439a1ff29 Remove wpantund and lowpan_service 
Bug: 235018188
Test: TH
Change-Id: I0e2f03ad6d17f5d9223b2c500b6c3183835ec807
 2022-08-22 14:09:01 +10:00
Steven Moreland
5c587349fd Merge "Fully prepare vendor_service removal." am: 46138cca6a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2140049

Change-Id: Ib5f07ce54608fcb325c0ba5cc1402ab25e13c3fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-01 23:35:20 +00:00
Steven Moreland
e6b2acbfc4 Fully prepare vendor_service removal. 
Removes all references to vendor_service in policy except the
definition of this type, which also needs to be removed by
clients.

We don't need this because interface type shouldn't be associated
with where they are served. We can serve HALs from anywhere if they are
implemented in software.

Bug: 237115222
Test: builds
Change-Id: If370a904af81e015e7e1f7a408c4bfde2ebff9a4
 2022-07-25 22:20:16 +00:00
Xin Li
b347e9fd52 Merge tm-dev-plus-aosp-without-vendor@8763363 
Bug: 236760014
Merged-In: I036e48530e37f7213a21b250b858a37fba3e663b
Change-Id: Ic7d4432aea1d37546d342df3e2157b9dc8207770
 2022-06-27 23:40:18 +00:00
Almaz Mingaleev
0e70ea793f Merge "Remove TZUvA feature." 2022-06-23 07:47:26 +00:00
Neil Fuller
37888b33ba Remove TZUvA feature. 
The feature was superseded by tzdata mainline module(s).

Bug: 148144561
Test: see system/timezone
Test: m selinux_policy
Change-Id: I48d445ac723ae310b8a134371342fc4c0d202300
Merged-In: I48d445ac723ae310b8a134371342fc4c0d202300
 2022-06-13 11:45:50 +00:00
Devin Moore
92c36611e3 Merge "Add permissions for new netd AIDL HAL" am: e47782171a am: ff958713a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095165

Change-Id: I7d2b464664e78b2cb32820adef2595a248203969
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 20:30:09 +00:00
Devin Moore
309a355088 Add permissions for new netd AIDL HAL 
Netd is now serving an AIDL HAL to replace the old HIDL HAL.

Bug: 205764585
Test: Boot and check for avc denials
Change-Id: I1ca5ed4ff3b79f082ea2f6d3e81f60a64ca04855
 2022-06-09 22:39:15 +00:00
Treehugger Robot
27945bccb0 Merge "Add sepolicy for IBootControl AIDL" am: 921af40c4b am: 8fbf709eb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2050816

Change-Id: Ib687153be4608959548009903420a48def7e9891
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 10:32:27 +00:00
Kelvin Zhang
187cb2c64c Add sepolicy for IBootControl AIDL 
Test: th
Bug: 227536004
Change-Id: I1206b4aae1aab904a76836c893ee583b5ce54624
 2022-06-07 16:26:19 -07:00
Treehugger Robot
3e78ff7f5d Merge "Iorapd and friends have been removed" am: f6fefa9d61 am: 74607b608e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2098987

Change-Id: I6582ca6634d76a54e73900d76b9f3534cb04c192
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-19 09:57:40 +00:00
Jeff Vander Stoep
b07c12c39d Iorapd and friends have been removed 
Remove references in sepolicy. Leave a few of the types defined since
they're public and may be used in device-specific policy.

Bug: 211461392
Test: build/boot cuttlefish
Change-Id: I615137b92b82b744628ab9b7959ae5ff28001169
 2022-05-18 12:07:39 +02:00
Xinyi Zhou
2c05b69417 Change nearby from system_api_service to app_api_service am: 791567ece6 am: 4bf6ea7727 am: 223c2b078b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2064652

Change-Id: I2dc8d8ceb3d4e5d82b81d1980579c63ca3ca5fff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-14 18:23:57 +00:00
Xinyi Zhou
791567ece6 Change nearby from system_api_service to app_api_service 
This fixes CTS tests where NearbyManager is null because of SELinux is
in enforcing mode. Detailed explanation: https://docs.google.com/document/d/1CiGn7Vg6LYwrMFvWonuK3fhNDCG5Sm4uCvefkvqpDcY/edit?usp=sharing

NearbyManager APIs are using BLUETOOTH_PRIVILEDGED permission so only System apps can use them.

Fix: 228273869
Test: -m
Change-Id: I091fbea408cea52e934cb6a3917226fb1b2adbc4
 2022-04-13 21:18:47 -07:00
Lorenzo Colitti
ce493bd00d Merge "Connectivity Native AIDL interface Sepolicy" am: bf8af42bf5 am: 5ef1893f50 am: 4d7cd06a40 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1943988

Change-Id: I330642784c6fddd6949a55156d1fa6b198425a4a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-01 22:36:20 +00:00
Lorenzo Colitti
bf8af42bf5 Merge "Connectivity Native AIDL interface Sepolicy" 2022-04-01 21:46:37 +00:00
Neha Pattan
1838513cca Merge "Sepolicy changes for adding new system service for AdServices." am: dcb324bdb3 am: e5d6614096 am: c5c329718a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2046744

Change-Id: I6f1d6ee7b30e7d6a5f26282268b4a56fa57cb873
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-01 19:33:33 +00:00
Neha Pattan
64ef8be1de Sepolicy changes for adding new system service for AdServices. 
Test: build
Bug: 216375107
Change-Id: I238ac3f8966ce05768aef17bd05217a9772cf2f3
 2022-03-28 19:26:50 +00:00
Bram Bonne
b93f26fd89 Move sdk_sandbox sepolicy to AOSP. 
Bug: 224796470
Bug: 203670791
Bug: 204989872
Bug: 211761016
Bug: 217543371
Bug: 217559719
Bug: 215105355
Bug: 220320098
Test: make, ensure device boots

Change-Id: Ia96ae5407f5a83390ce1b610da0d49264e90d7e2
Merged-In: Ib085c49f29dab47268e479fe5266490a66adaa87
Merged-In: I2215ffe74e0fa19ff936e90c08c4ebfd177e5258
Merged-In: I478c9a16032dc1f1286f5295fc080cbe574f09c9
Merged-In: Ibf478466e5d6ab0ee08fca4da3b4bae974a82db0
Merged-In: I5d519605d9fbe80c7b4c9fb6572bc72425f6e90a
Merged-In: I05d2071e023d0de8a93dcd111674f8d8102a21ce
Merged-In: I6572a7a5c46c52c9421d0e9c9fc653ddbd6de145
Merged-In: I1b6d1a778cb658bdfd930b684e4ba0640031b226
Merged-In: I9fb98e0caee75bdaaa35d11d174004505f236799
 2022-03-17 10:22:33 +01:00
Tyler Wear
691def4fd5 Connectivity Native AIDL interface Sepolicy 
Sepolicy files for new ConnectivityNative service.
This is a new service implemented in java accessible from
native code. Stable aidl is used to avoid having to manually write
the unparcling code in two different languages. A new service is
required because there is no connectivity service in the system
server that exposes a stable aidl interface.

Bug: 179733303
Change-Id: If2372712a4a8ac7b0631a2195aabc910d1a829cc
 2022-02-24 08:53:13 -08:00
Nikita Ioffe
e2da633ef7 Rename SupplementalProcess to SdkSandbox 
Ignore-AOSP-First: sepolicy is not in aosp, yet
Bug: 220320098
Test: presubmit
Change-Id: I9fb98e0caee75bdaaa35d11d174004505f236799
 2022-02-23 20:44:20 +00:00
Thiébaud Weksteen
e7d529fed6 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51 am: 71b8ad6234 am: 351e89d5d3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I7220245e469f58126ea4af0744690f907e9d2928
 2022-02-18 10:07:48 +00:00
Thiébaud Weksteen
373cf3ba8e Associate hal_service_type with all HAL services 
By default, HAL's services are not accessible by dumpstate. HIDL
implementations were silenced via a dontaudit on hwservice_manager. But
AIDL implementations will trigger a denial, unless authorized via
`dump_hal`. Mark all HAL services with a new attribute
`hal_service_type` so they can be ignored by dumpstate.

Test: m selinux_policy
Bug: 219172252
Change-Id: Ib484368fdeff814d4799792d57a238d6d6e965fd
 2022-02-16 10:49:21 +11:00
Treehugger Robot
a77159c365 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" am: 48f59f9ec2 am: 33f3804491 am: 35d788475c am: 05ef2c2c88 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978173

Change-Id: Id411487bab280f9c0e5d5f575ec8d9e3154fd447
 2022-02-10 22:06:17 +00:00
Changyeon Jo
eacb1095a8 Revert^2 "Updates sepolicy for EVS HAL" 
418f41ad13

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: Iec8fd2a1e9073bf3dc679e308407572a8fcf44d9
 2022-02-10 17:21:54 +00:00
Changyeon Jo
8c12609bce Revert^2 "Adds a sepolicy for EVS manager service" 
0137c98b90

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: I2ae2fc85a4055f2cb7d19ff70b120e7b7ff0957d
 2022-02-10 17:21:14 +00:00
Mohammed Rashidy
1ea99c86e9 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: 7f1eaf1b45 am: aa0cb606c3 am: 3bed79292e am: f1ea833625 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387

Change-Id: I8ad7455e22999359816e3e47dfcb5b95845a63e4
 2022-02-10 12:32:56 +00:00
Mohammed Rashidy
5e3beea9bc Revert "Updates sepolicy for EVS HAL" am: 418f41ad13 am: 4d67e0d02b am: a46cbab128 am: 7f9b355e86 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386

Change-Id: I6e704950a709e76c8e2c5fdb3829487a4012f887
 2022-02-10 12:32:54 +00:00
Mohammed Rashidy
0137c98b90 Revert "Adds a sepolicy for EVS manager service" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I207c261bcf2c8498d937ab02c499bf709a5f1b15
 2022-02-10 10:07:44 +00:00
Mohammed Rashidy
418f41ad13 Revert "Updates sepolicy for EVS HAL" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
 2022-02-10 10:07:44 +00:00
Treehugger Robot
47f43ab23c Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9 am: 177cf20196 am: 85c9e1cf9e am: feb9f3f2c2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009

Change-Id: I112edf374e2b96e74f786897d580d396bec33c29
 2022-02-10 08:52:51 +00:00
Changyeon Jo
a083d7a8d8 Updates sepolicy for EVS HAL 
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations

Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
 2022-02-10 01:42:59 +00:00
Changyeon Jo
5c3bc58163 Adds a sepolicy for EVS manager service 
Bug: 170401743
Bug: 216727303
Test: m -j selinux_policy and TreeHugger
Change-Id: Ie6cb3e269fc46a61b56ca93efd69fbc447da0e3d
 2022-02-10 01:42:21 +00:00
Jayant Chowdhary
58c0794156 Merge "System wide sepolicy changes for aidl camera hals." am: b00bf9d282 am: 4c51fa993e am: f3ccb9095a am: 887847beaa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831

Change-Id: If90113a972d3f96bed74db0ae65da50caff1afbf
 2022-02-09 04:04:33 +00:00
Jayant Chowdhary
e3019be3db System wide sepolicy changes for aidl camera hals. 
Bug: 196432585

Test: Camera CTS

Change-Id: I0ec0158c9cf82937d6c00841448e6e42f6ff4bb0
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
 2022-02-08 09:37:17 +00:00
Kevin Han
1c02210689 Merge "Extend visibility of hibernation service for CTS" am: 4d81dc33f8 am: 641d56be3f am: 461c5fd19d am: d9b5d64cdd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966099

Change-Id: I2af8f4ff4785dc779a4ef375e3230ad06bb77ec1
 2022-02-04 00:37:48 +00:00
Seth Moore
3f7ee1390e Add remotely provisioned key pool se policy am: a75cad0d0a am: 10ec76f621 am: 7a7ac7d5aa am: 38ed66df25 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1969539

Change-Id: If922ac778d3afbb210b284dfd167fc9212ef691f
 2022-02-04 00:00:45 +00:00
Kevin Han
4d81dc33f8 Merge "Extend visibility of hibernation service for CTS" 2022-02-03 23:43:03 +00:00
Seth Moore
a75cad0d0a Add remotely provisioned key pool se policy 
Keystore now hosts a native binder for the remotely provisioned key
pool, which is used to services such as credstore to lookup remotely
provisioned keys.

Add a new service context and include it in the keystore services.

Add a dependency on this new service for credstore. Also include a
credstore dependency on IRemotelyProvisionedComponent, as it's needed
to make use of the key pool.

Bug: 194696876
Test: CtsIdentityTestCases
Change-Id: I0fa71c5be79922a279eb1056305bbd3e8078116e
 2022-02-02 15:07:26 -08:00
Treehugger Robot
a068287a1e Merge "Adds selinux rules for ICarDisplayProxy service" am: 108fdbc5f7 am: 8a96be8df9 am: 2ac9d08d7e am: baebbb72fd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965562

Change-Id: Id6c66d646e8ee01db0250097c3cd967c2be8ecfe
 2022-01-31 22:49:41 +00:00
Treehugger Robot
108fdbc5f7 Merge "Adds selinux rules for ICarDisplayProxy service" 2022-01-31 21:52:46 +00:00
Changyeon Jo
66eba13833 Adds selinux rules for ICarDisplayProxy service 
Bug: 170401743
Test: m -j selinux_policy
Change-Id: Idf3f09d0bcf24de18d6eddb05e51991b4c5edbe8
 2022-01-31 19:40:20 +00:00
Kevin Han
4ef3178e8c Extend visibility of hibernation service for CTS 
Expand the visibility of the app hibernation service so that CTS can
actually test the APIs.

Bug: 216383448
Test: atest AppHibernationIntegrationTest
Change-Id: Ibde79c9b7e2d863a7c8f4f311ec008cd72962d45
 2022-01-28 18:48:56 -08:00
Robert Shih
5c11b33da4 Merge "Add sepolicy for DRM AIDL HAL" am: d70f0af2bf am: 0de1ba742a am: 77bf16ed0d am: 7295a03aec 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1918837

Change-Id: I116a39f718ce3d71dea6318191acd57aae8874a6
 2022-01-28 19:55:47 +00:00