This service will intercept all UwbManager API calls and then perform
necessary permission checks before forwarding the call to the vendor
UWB service. Adding sepolicy permissions for exposing the service that
handles all public API's.
Bug: 183904955
Test: atest android.uwb.cts.UwbManagerTest
Change-Id: Icce4d2f586926421c06e8902a91533002c380b8d
Now that keystore2 is a VNDK stable interface, we need to remove the
legacy unqualified interface from the keystore service context.
Test: Compile, boot, and ensure no SELinux violations for keystore2 service
Change-Id: I770c08eae9690b0dc0e2bae86c9ef72f9540d2f4
Address any denials in the log - currently just adding
the virtualization service.
Bug: 183583115
Test: ps -AZ | grep virtmanager
u: r:virtmanager:s0 virtmanager 2453 1 10930880 4544 0 0 S virtmanager
Change-Id: Ie034dcc3b1dbee610c591220358065b8508d81cf
IKeystoreService is a VINTF stability interface, and keystore2 is now
using this interface correctly from Rust.
Test: m && adb shell start keystore2
Bug: 179907868
Change-Id: I3b583df2fac7e6bca7c1875efb7650f9ea0a548c
The policies allow system server to register a pac_proxy_service.
Bug: 177035719
Test: FrameworksNetTests
Change-Id: Idf64dc6e491f5bce66dcab2dbf15823c8d0c2403
This SEPolicy change allows the hal_keymint domain to add
hal_remotelyprovisionedcomponent_service to hwservice_manager.
Test: The Keymint HAL can successfully start an instance of
IRemotelyProvisionedComponent
Change-Id: I15f34daf319e8de5b656bfacb8d050950bf8f250
Allows the AIDL IStats service to be exposed via ServiceManager
Defines IStats service client domain to be used by pixelstats_vendor
Bug: 178859845
Test: Build, flash, and aidl_stats_client
Change-Id: If41e50d0182993d0b7f8501e9147e0becf526689
Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest.
Bug: b/171844725, b/168673523.
Change-Id: I8b81ec12c45566d31edcd117e41fd559df32c37d
This change adds the SEPolicy changes required to support the remote
provisioning flow. The notable additions are specifically labeling the
remote provisioning app and giving it access to find the remote
provisioning service which is added in keystore. It also requires
network access in order to communicate to the provisioning servers.
This functionality is extremely narrow to the point that it seems worth
it to define a separate domain for this app, rather than add this in to
the priv_app or platform_app permission files. Since this app also
communicates with the network, it also seems advantageous to limit its
permissions only to what is absolutely necessary to perform its
function.
Test: No denials!
Change-Id: I602c12365a575d914afc91f55e6a9b6aa2e14189
aosp/1574082 added sepolicy for a "vpnmanager" system service
which is being introduced to move code from ConnectivityService
to a new VpnManagerService.
Unfortunately that CL missed the fact that "vpn_management" is
already a service name and present in the public API since R.
Instead of adding another service name, use the existing service
name to lessen confusion. It is difficult to avoid confusion
entirely because there was already a public class called
VpnService when the VpnManager class was added to the public API
surface.
Bug: 173331190
Test: builds, boots, "dumpsys vpn_management" throws no errors
Change-Id: I4ab188ef62592aac167ba1f7b586accc882815e8
Configures sepolicy to allow for the new TracingServiceProxy system
services, and to allow Perfetto to access the service.
Bug: 175591887
Test: Validated the service started successfullyy, and invoked via CLI
Change-Id: Idb6438948a9d96063f8455544b97ef66267cde23
The system server code that backs VPN APIs such as VpnService and
VpnManager currently lives in ConnectivityService and is accessed
via IConnectivityManager.
In S, ConnectivityService is being moved to the tethering
mainline module, but the VPN code is not. So add an new
service (vpnmanager, IVpnManager, VpnManagerService) to support
these APIs.
Service implementation at http://r.android.com/1572982 . That CL
cannot be in a topic with this one because it will conflict in
master and sc-dev.
Bug: 173331190
Test: builds, boots, "dumpsys vpnmanager" throws no errors
Change-Id: Ic09c93cc454ec959a3beda2b09efa74b8db30c27
For upcoming @SystemApi DomainVerificationManager.
Test: manual, accessing new manager from test app works
Change-Id: Ic73733dce3e9152af9c6f08fb7e460fa5a01ebdf
Add selinux policy so the app hibernation system service can be accessed
by other processes/apps.
Bug: 175829330
Test: builds
Change-Id: I96ea9dd977ec007bc11560601554547749b4df03
The interaface now provided by IKeystoreAuthorization AIDL interface was
previously provided by Keystore AIDL interface.
This CL adds policy to allow Keystore2 to register
IKeystoreAuthorization aidl service and to allow service manager to
look up and connect to the service.
Bug: 159475191
Test: Needs to be tested in runtime
Change-Id: I56829a8764e0efe55efdc92b75d7a3d918a20dae
- Update policy for new system service, used for AiAi/Apps to
present data in their UI.
Bug: 173243538
Bug: 176208267
Test: manual. Can boot to home and get manager successfully.
Change-Id: Ie88c6fa7ed80c0d695daaa7a9c92e11ce0fed229
