Commit graph

9 commits

Author SHA1 Message Date
Matthias Kramm
ebcc08249b Revert "Allow hal_face to write to /data/vendor/camera_calibration/*."
This reverts commit 3a44b17897.

Reason for revert: Moved to downstream repo.

Change-Id: I7d3ad43335f71ed03e7a93bc5c96a8933785afd8
2019-06-19 20:15:50 +00:00
Matthias Kramm
3a44b17897 Allow hal_face to write to /data/vendor/camera_calibration/*.
Also, allow hal_camera to read from there.

Bug: 133792720
Change-Id: Iedec8d7325b4424d166f8e4d09182e1f29808ef2
Test: Running presubmit.
2019-06-14 05:53:59 -07:00
Joel Galenson
03ff9f91c1 Ensure taking a bugreport generates no denials.
This commit adds new SELinux permissions and neverallow rules so that
taking a bugreport does not produce any denials.

Bug: 73256908
Test: Captured bugreports on Sailfish and Walleye and verified
that there were no denials.

Merged-In: If3f2093a2b51934938e3d7e5c42036b2e2bf6de9
Change-Id: I10882e7adda0bb51bf373e0e62fda0acc8ad34eb
2018-03-05 12:23:25 -08:00
Alex Klyubin
53656c1742 Restrict access to hwservicemanager
This adds fine-grained policy about who can register and find which
HwBinder services in hwservicemanager.

Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
      record video (slow motion and normal), and check that photos
      look fine and videos play back with sound.
Test: Cast screen to a Google Cast device
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
      and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
      make and install CtsMediaTestCases.apk
      adb shell am instrument -e size small \
          -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Test: Adjust screen brightness via the slider in Quick Settings
Test: adb bugreport
Test: Enroll in fingerprint screen unlock, unlock screen using
      fingerprint
Test: Apply OTA update:
      Make some visible change, e.g., rename Settings app.
      make otatools && \
      make dist
      Ensure device has network connectivity
      ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip
      Confirm the change is now live on the device
Bug: 34454312
(cherry picked from commit 632bc494f1)
Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3
Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
2017-04-21 09:54:53 -07:00
Alex Klyubin
20c2d4e98c Remove unnecessary attributes
Test: mmm system/sepolicy
Bug: 34980020

(cherry picked from commit 3cc6a95944)

Change-Id: I64c7275551e8e27d68072e8ec38c07b539989da0
2017-04-14 09:39:19 -07:00
Sandeep Patil
2ee66e7d14 sepolicy: make exec_types in /vendor a subset of vendor_file_type
We install all default hal implementations in /vendor/bin/hw along with
a few domains that are defined in vendor policy and installed in
/vendor. These files MUST be a subset of the global 'vendor_file_type'
which is used to address *all files installed in /vendor* throughout the
policy.

Bug: 36463595
Test: Boot sailfish without any new denials

Change-Id: I3d26778f9a26f9095f49d8ecc12f2ec9d2f4cb41
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-04-11 17:20:36 +00:00
Jeff Vander Stoep
4a478c47f4 Ban vendor components access to core data types
Vendor and system components are only allowed to share files by
passing open FDs over HIDL. Ban all directory access and all file
accesses other than what can be applied to an open file:
stat/read/write/append.

This commit marks core data types as core_data_file_type and bans
access to non-core domains with an exemption for apps. A temporary
exemption is also granted to domains that currently rely on
access with TODOs and bug number for each exemption.

Bug: 34980020
Test: Build and boot Marlin. Make phone call, watch youtube video.
      No new denials observed.
Change-Id: I320dd30f9f0a5bf2f9bb218776b4bccdb529b197
2017-03-28 15:44:39 -07:00
Alex Klyubin
3a8426bf89 Switch Camera HAL policy to _client/_server
This switches Camera HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Camera HAL.

Domains which are clients of Camera HAL, such as cameraserver domain,
are granted rules targeting hal_camera only when the Camera HAL runs
in passthrough mode (i.e., inside the client's process). When the HAL
runs in binderized mode (i.e., in another process/domain, with clients
talking to the HAL over HwBinder IPC), rules targeting hal_camera are
not granted to client domains.

Domains which offer a binderized implementation of Camera HAL, such
as hal_camera_default domain, are always granted rules targeting
hal_camera.

Test: Take non-HDR photo using Google Camera app
Test: Take HDR photo using Google Camera app
Test: Record video using Google Camera app
Bug: 34170079
Change-Id: I463646cf79fede57f11ccd4ec2cbc37a4fff141e
2017-02-16 20:37:21 -08:00
Alex Klyubin
ac1a6d440c Move hal_*_default policy to vendor image
hal_*_default daemons whose policy is in common/device-agnostic policy
are provided by the vendor image (see vendor/file_contexts). Thus,
their policy should also reside in the vendor image, rather than in
the system image. This means their policy should live in the vendor
subdirectory of this project.

Test: Device boots and appears to work
Bug: 34135607
Bug: 34170079
Change-Id: I6613e43733e03d4a3d4726f849732d903e024016
2017-02-14 18:35:50 -08:00
Renamed from private/hal_camera_default.te (Browse further)