tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
28546 commits 1 branch 0 tags 50 MiB
Commit graph

5 commits

Author SHA1 Message Date
Inseob Kim
792219e48d Allow charger to read minui properties 
Failing to read minui properties causes charger crash.

Bug: N/A
Test: enter charger mode with blueline
Change-Id: Ic174cd1116edd510499836ab42675d6fabc63324
 2020-07-14 18:06:54 +09:00
Inseob Kim
8ef4792f01 Add charger related property contexts 
ro.enable_boot_charger_mode and sys.boot_from_charger_mode are moved to
new property contexts for charger props to remove exported*_prop.

Bug: 155844385
Test: boot device with ro.enable_boot_charger_mode
Change-Id: I17d195d3c9c002a42125d46a5efcdb890f1c2a5c
 2020-07-10 14:15:15 +09:00
Inseob Kim
dc1e5019d6 Rename system_radio_prop 
For whatever reason sys.usb.config* has been labeled as
system_radio_prop, which doesn't make sense. Changing context name as
usb_prop. For the same reason exported_system_radio_prop is also
renamed to usb-related names.

Bug: 71814576
Bug: 154885206
Test: m selinux_policy
Change-Id: If30bc620dbeac926a8b9bcde908357fda739a6c1
Merged-In: If30bc620dbeac926a8b9bcde908357fda739a6c1
(cherry picked from commit 44fbcdb677)
 2020-05-15 15:06:10 +09:00
Inseob Kim
55e5c9b513 Move system property rules to private 
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.

Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
 2020-03-18 16:46:04 +00:00
Alex Klyubin
f5446eb148 Vendor domains must not use Binder 
On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor
apps) are not permitted to use Binder. This commit thus:
* groups non-vendor domains using the new "coredomain" attribute,
* adds neverallow rules restricting Binder use to coredomain and
  appdomain only, and
* temporarily exempts the domains which are currently violating this
  rule from this restriction. These domains are grouped using the new
  "binder_in_vendor_violators" attribute. The attribute is needed
  because the types corresponding to violators are not exposed to the
  public policy where the neverallow rules are.

Test: mmm system/sepolicy
Test: Device boots, no new denials
Test: In Chrome, navigate to ip6.me, play a YouTube video
Test: YouTube: play a video
Test: Netflix: play a movie
Test: Google Camera: take a photo, take an HDR+ photo, record video with
      sound, record slow motion video with sound. Confirm videos play
      back fine and with sound.
Bug: 35870313
Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95
 2017-03-24 07:54:00 -07:00