tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
40637 commits 1 branch 0 tags 50 MiB
Commit graph

587 commits

Author SHA1 Message Date
Cody Northrop
e4e43ebad8 Allow camera HAL to read EGL vendor properties 
Test: TreeHugger
Bug: b/267752967
Change-Id: I174420a3ef1f0059007616b4bee3091a888b1999
 2023-02-09 17:55:03 +00:00
Alistair Delva
e7fc603518 Merge "Add missing permissions for default bluetooth hal" 2023-01-18 22:16:06 +00:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Henri Chataing
9ff3423527 Add missing permissions for default bluetooth hal 
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
 2023-01-12 19:02:57 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
KH Shi
8ae99b5e5f Update SEPolicy for Tetheroffload AIDL 
Bug: b/205762647
Test: m
Change-Id: Iaf87e8a64a4a1af20f54e3c09c31d051acf549a1
 2023-01-04 11:28:47 +08:00
Venkatarama Avadhani
5a86d5f3f3 HDMI: Refactor HDMI packages 
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.

Bug: 261729059
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
 2022-12-27 18:15:26 +05:30
Venkatarama Avadhani
0f0861af8f EARC: Add Policy for EArc Service 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
 2022-12-27 18:11:36 +05:30
Devin Moore
e632fc098a Allow biometrics hals to talk to the new AIDL sensorservice 
This is being used in libsensorndkbridge now, so permissions are
required.

Test: atest CtsCameraTestCases && adb logcat | grep avc
Bug: 205764765
Change-Id: Id416cc2f92ba82d4068376a5f4d076137aab086a
 2022-12-19 19:51:55 +00:00
Devin Moore
a2765f212f Allow audio HAL to talk to the new AIDL sensorservice 
This is being used in libsensorndkbridge now, so permissions are
required.

Test: m
Bug: 205764765
Change-Id: I6b0871bbcdff920d1d9dc9b66ec1236405f90fd8
 2022-12-19 19:50:57 +00:00
Devin Moore
2a724dd853 Allow camera to talk to the new AIDL sensorservice 
This is being used in libsensorndkbridge now, so permissions are
required.

Test: atest CtsCameraTestCases && adb logcat | grep avc
Bug: 205764765
Change-Id: I7a1569b8b4e2a21961f3950fa3947b5e20fc674b
 2022-12-19 19:50:31 +00:00
Yu Shan
aa3f997dcc Merge "Allow wider remote access names." 2022-12-15 01:51:46 +00:00
Mohi Montazer
3bbdd15ece Merge "SEPolicy updates for camera HAL" 2022-12-13 20:37:59 +00:00
Mohi Montazer
ad059403ad SEPolicy updates for camera HAL 
Updates SEPolicy files to give camera HAL permission to access
Android Core Experiment flags.

Example denials:
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.244  1027  1027 W 3AThreadPool:  type=1400 audit(0.0:9): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0

Bug: 259433722
Test: m
Change-Id: I11165b56d7b7e38130698cf86d9739f878580a14
 2022-12-13 09:52:04 -08:00
Chris Weir
800a2c9f66 Merge "Add permissions to allow iface up/down" 2022-12-13 00:18:00 +00:00
Chris Weir
1bcbc0b667 Add permissions to allow iface up/down 
I need SIOCGIFFLAGS and SIOCSIFFLAGS in order to bring up/down
interfaces with AIDL CAN HAL.

Bug: 260592449
Test: CAN HAL can bring up interfaces
Change-Id: I67edaa857cffdf3c3fc9f3b17aad5879e09c6385
 2022-12-12 14:30:15 -08:00
Chris Weir
caf905ff3c Merge "SEPolicy for AIDL CAN HAL" 2022-12-09 22:09:12 +00:00
Chris Weir
eee59458c2 SEPolicy for AIDL CAN HAL 
CAN HAL moving to AIDL, SEPolicy will need to be adjusted.

Bug: 170405615
Test: AIDL CAN HAL VTS
Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
 2022-12-09 11:00:10 -08:00
Gabriel Biren
52b5ff67b9 Update file_contexts for WiFi Vendor HAL 
AIDL service.

Bug: 205044134
Test: Manual test - check that AIDL service
      starts successfully on Cuttlefish
Change-Id: If6dbb20ca982b998485257e212aa4aa82749d23d
 2022-12-05 23:53:30 +00:00
Yu Shan
96c3b41113 Allow wider remote access names. 
Test: local test @v1-tcu-test-service.
Bug: 254547153
Change-Id: I82ed9e9e439913602e26042e357b5fa33338ef97
 2022-11-30 17:07:49 -08:00
Steven Moreland
c3802445d0 Merge "sepolicy for SE HAL" 2022-11-29 22:30:40 +00:00
Treehugger Robot
299ee9fb24 Merge "Add IAllocator-V2" 2022-11-15 23:13:42 +00:00
Steven Moreland
4c6586817a sepolicy for SE HAL 
Bug: 205762050
Test: N/A
Change-Id: I76cd5ebc4d0e456a3e4f1aa22f5a932fb21f6a23
 2022-11-15 22:41:09 +00:00
Sandeep Dhavale
d64fb55474 Merge "Fastboot AIDL Sepolicy changes" 2022-11-10 18:29:00 +00:00
Sandeep Dhavale
f0ea953e60 Fastboot AIDL Sepolicy changes 
Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
 2022-11-09 22:21:27 +00:00
Lakshman Annadorai
4d277b7baa Revert "Add sepolicies for CPU HAL." 
This reverts commit f4ab6c9f3c.

Reason for revert: CPU HAL is no longer required because the CPU frequency sysfs files are stable Linux Kernel interfaces and could be read directly from the framework.

Change-Id: I8e992a72e59832801fc0d8087e51efb379d0398f
 2022-11-09 16:47:07 +00:00
Lakshman Annadorai
f4ab6c9f3c Add sepolicies for CPU HAL. 
Change-Id: Ia091bf8f597a25351b5ee33b2c2afc982f175d51
Test: Ran `m; emulator; adb logcat -b all -d > logcat.txt;`
      and verified CPU HAL is running without any sepolicy violation.
Bug: 252883241
 2022-11-04 18:13:00 +00:00
John Reck
5e20f62f8e Add IAllocator-V2 
Test: build & boot

Change-Id: I970585e4ba593f7d72d5ff14423920b38c9d57af
 2022-11-01 15:19:03 -04:00
Treehugger Robot
e6a43ec4c9 Merge "Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration" 2022-10-27 14:03:48 +00:00
Ricky Niu
fc1463c164 Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration 
Covers the rules needed for the default AIDL implementation.

10-26 10:22:42.408   448   448 I auditd  : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0

Bug: 218791946
Test: reboot and check if AIDL service is running.

Signed-off-by: Ricky Niu <rickyniu@google.com>
Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199
 2022-10-27 15:42:56 +08:00
Henry Fang
0c3f615602 Merge "Allow CAS AIDL sample HAL" 2022-10-25 16:38:20 +00:00
Arthur Ishiguro
3002f1afe2 Merge "Add sepolicy for default Context Hub HAL access to stats service" 2022-10-20 16:29:32 +00:00
Arthur Ishiguro
ca5474c5cf Add sepolicy for default Context Hub HAL access to stats service 
Bug: 254328944
Test: Verify no selinux error through logcat
Change-Id: Iebc7e6c42a99d091dd1afcc5ff0204bd6f3c71e7
 2022-10-19 16:49:01 +00:00
Treehugger Robot
4a5c2dee68 Merge "Add policies for new services HDMI and HDMICEC" 2022-10-19 02:58:03 +00:00
Steven Moreland
586703a90c Merge "servicemanager: kernel log perms" 2022-10-18 20:06:41 +00:00
Steven Moreland
5c3f315771 servicemanager: kernel log perms 
Bug: 210919187
Fixes: 235390578
Test: boot (logs still only show up sometimes)
Change-Id: I16b9814260103ce550836655d0409d43b8850ea0
 2022-10-17 21:30:50 +00:00
Treehugger Robot
184064cd13 Merge "Add selinux policy to register remote access HAL." 2022-10-15 03:13:07 +00:00
Shraddha Basantwani
bacf949002 Allow CAS AIDL sample HAL 
Bug: 230377377, 227673974
Test: manual
Change-Id: Ied6822d8114404b85dbed56ae4806de1bfb43e54
 2022-10-12 19:42:20 +05:30
Venkatarama Avadhani
38ff3b4115 Add policies for new services HDMI and HDMICEC 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ic2c0525368218e207be236d073a3fe736151c43f
 2022-10-10 15:40:42 +05:30
Yu Shan
941ab0a90b Add selinux policy to register remote access HAL. 
All remote access HAL needs to register itself to service manager,
so add the policy to system/sepolicy/vendor.

Test: Manually run cf_x86_64_auto, verify remote access HAL is
running.
Bug: 241483300

Change-Id: If8c1162eecfcce4792e6309ba351c498e8117687
 2022-10-07 13:29:22 -07:00
Peiyong Lin
4a5d0f13c4 Update SEPolicy for Thermal AIDL 
Bug: b/205762943
Test: build and boot
Change-Id: I301b85dafbf8fbb1c4be388aa0291e22f4717c99
 2022-10-05 00:55:20 +00:00
Yu Shan
e799e9284c Merge "Create selinux policy for remoteaccess HAL." 2022-09-22 01:17:00 +00:00
Weilin Xu
52546635b2 Applying new IBroadcastRadio AIDL 
Update Sepolicy for AIDL broadcast radio HAL. Ignore
fuzzer default AIDL implementation for now.

Bug: 170336130
Test: m -j
Change-Id: Ie55c08c6a721de1f8dc40acc81de68565f99f7d7
 2022-09-21 23:17:20 +00:00
Yu Shan
05a7389aa9 Create selinux policy for remoteaccess HAL. 
Will add fuzzer once the service is implemented.

Test: Run remoteaccess HAL on gcar_emu. Verify the service is running.
Bug: 241483300
Change-Id: I01b31a88414536ddd90f9098f422ae43a48cf726
 2022-09-20 18:09:49 -07:00
Yixiao Luo
e83ae791aa TV Input HAL 2.0 sepolicy 
Bug: 227673740
Test: atest VtsHalTvInputTargetTest
Change-Id: I53f6537a8f911661e368824a5a5dc5db57413980
 2022-08-25 14:31:49 -07:00
Hongguang
9515559657 Add properties to configure whether the lazy tuner is enabled. 
ro.tuner.lazyhal: system_vendor_config_prop to decide whether the lazy
tuner HAL is enabled.
tuner.server.enable: system_internal_prop to decide whether tuner server
should be enabled.

Bug: 236002754
Test: Check tuner HAL and framework behavior
Change-Id: I6a2ebced0e0261f669e7bda466f46556dedca016
 2022-08-23 07:01:05 +00:00
Shunkai Yao
3a6c68f2ba AIDL effect: Add default Effect factory implementation to platform sepolicy 
Add example implementation services: IFactory under android.hardware.audio.effect.
An audio HAL AIDL example service will register with the default implementations.

Bug: 238913361
Test: m, and flash with Pixel 6a.

Change-Id: Ib331899fd47b6b334b120e20617174d01e71ddb8
 2022-08-22 19:27:26 +00:00
Kelvin Zhang
f70d708544 Merge "Add proper permission for AIDL bootcontrol server" 2022-06-23 23:44:39 +00:00
Kelvin Zhang
65d6bf5391 Add proper permission for AIDL bootcontrol server 
Bug: 227536004
Test: th
Change-Id: I6aff2742fb23bf7e7ce8d09493f02c4be9262fd3
 2022-06-22 13:38:01 -07:00