Commit graph

630 commits

Author SHA1 Message Date
Yakun Xu
c5f8e959d3 Thread: allow ot-rcp to bind a specific netif
This commit adds necessary permissions for ot-rcp to bind
to a network interface specified by its address or name.

Test: presubmit
Bug: 329188649
Change-Id: I6731df79c04eeeb2c39017b99b9c2acf315256e2
2024-05-09 17:05:04 +08:00
Kiyoung Kim
3259d12935 Mark libft2.so and libpng.so installed in /vendor/lib as sphal am: 96ba523a8d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2974851

Change-Id: I1dca4fd56c01a6a27785985341325b7e0cc2506b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-23 15:53:30 +00:00
Kiyoung Kim
96ba523a8d Mark libft2.so and libpng.so installed in /vendor/lib as sphal
libft2.so is removed from LLNDK, as it was LLNDK-private just because it is
referenced from VNDK-SPs, but it is no longer true because of VNDK
deprecation. This change adds libft2.so to have same sepolicy with other
sphal libraries, so it can be loaded from sphal libraries same as
before. Mark same to libpng.so as it is referenced from libft2.so

Bug: 326402649
Test: Barbet boot succeeded without sepolicy error
Change-Id: Id8c1194da478bd4fc02e701230fd1a3c0b3c00be
2024-02-23 05:31:59 +00:00
Xin Li
b96adcf722 Merge Android 24Q1 Release (ab/11220357)
Bug: 319669529
Merged-In: Ia3c8bcddaed44d4dd03df6d504fecb61d999cbec
Change-Id: Iefabaeb2456a31cd008f6ccb6b4e924c87dc2f65
2024-01-29 13:06:50 -08:00
Jeff Pu
6f873ffe82 Merge "Face Virtual HAL lockout support" into main 2023-12-20 14:45:23 +00:00
Jeff Pu
3c79af1f7c Face Virtual HAL lockout support
Bug: 294254230
Test: atest android.hardware.biometrics.face.FakeLockoutTrackerTest
Change-Id: If7fb024b2ab5d017f5255edf484c487f5406bb9b
2023-12-19 13:28:25 -05:00
Franklin Abreu Bueno
a3bfb1485e Bluetooth LMP Events: Add Lmp Events Hal
Bug: 281503650
Change-Id: Ie9fa616d4142c554c30e5b45b625203387edb9a7
2023-12-13 12:02:33 -08:00
Avichal Rakesh
a2a378bcc7 Allow more AIDL Camera Provider versions am: 728e475da0 am: 44d45e926a am: 15b590ef3f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2871214

Change-Id: I9327b47ead471f43a4d4bec491813eb21e2683d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-12 23:29:12 +00:00
Avichal Rakesh
728e475da0 Allow more AIDL Camera Provider versions
The current sepolicy only allows V1 of AIDL CameraProvider
services. This CL updates the regex to allow for future
versions as well.

Bug: 314912354
Test: Verified by vendor
Change-Id: I80351a8bb7c2538c4ad1e0d418ea7a718d60be05
2023-12-12 09:37:28 -08:00
Chienyuan Huang
992ee5d4f1 Merge "Add bluetooth ranging hal" into main am: 6217aedfdb am: 198beb4785 am: 29c7c5e380
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2854391

Change-Id: Ie68a60c7544fc01f912b49b8eea17a573e755c36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-11 23:13:44 +00:00
Chienyuan Huang
2e19c7632e Add bluetooth ranging hal
Bug: 310941161
Test: make
Change-Id: I9b2bc9d945b016361f44a5600c61ed2795c00622
2023-12-08 09:37:17 +00:00
Tom Huang
189abfc63b Merge "Add bluetooth finder service sepolicy" into main am: 226f837c4d am: 6089be5a1e am: cfa94ed074
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2863825

Change-Id: Ic2f9d38239fcda6b632c3fa2e3bce27806fa3af3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-07 05:50:23 +00:00
kuanyuhuang
8826540b4b Add bluetooth finder service sepolicy
Bug: 314360499
Test: atest vts_treble_vintf_vendor_test
Change-Id: Ie15b2bfcd488b215d197be685a4a7571aff639e5
2023-12-07 00:51:43 +00:00
Shikha Panwar
8c206de95d Merge "Secretkeeper/Sepolicy: Create required domains" into main am: 2838e84381 am: 67d30d0d61 am: d75c66dea0
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2719356

Change-Id: I8e1043698e68ac5d665e45bb0e7d2ee0ed6a61ca
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-21 18:56:09 +00:00
Shikha Panwar
2838e84381 Merge "Secretkeeper/Sepolicy: Create required domains" into main 2023-11-21 17:56:46 +00:00
Shikha Panwar
59c970703b Secretkeeper/Sepolicy: Create required domains
Add sepolicies rules for Secretkeeper HAL & nonsecure service
implementing the AIDL.

Test: atest VtsHalSkTargetTest & check for Selinux denials
Bug: 293429085
Change-Id: I907cf326e48e4dc180aa0d30e644416d4936ff78
2023-11-21 12:29:18 +00:00
Treehugger Robot
483383db00 Merge "Correct path of android.hidl.memory@1.0-impl.so" into main am: e0289ae802 am: 6696149be8 am: 7b6dd02fe7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2835910

Change-Id: I49dd954645dcae29307d89b0d6319abca59a3326
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-17 03:45:29 +00:00
Kiyoung Kim
6149e5238f Correct path of android.hidl.memory@1.0-impl.so
Current sepolicy expects the library located under /vendor/lib(64), but
the actual location of the library is /vendor/lib(64)/hw, as it defines
relative path 'hw'. This change corrects location of
android.hidl.memory@1.0-impl.so, so it can be labeled with
same_process_hal_file as expected.

Bug: 311298012
Test: Failing test passed over ABTD
Change-Id: Ib84dbde0742716d399f04ce8ec11a0c4f24be8b0
2023-11-17 09:41:40 +09:00
Keith Mok
8a6fbf01dc Merge "SEPolicy for AIDL MACSEC HAL" into main am: 4bd043ca67 am: e4fee01bfc am: 9b146f6f19
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2816915

Change-Id: I474e1985efd9af157ad7d20adcc1aa1e4db8f899
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-07 23:20:56 +00:00
Keith Mok
df794b4590 SEPolicy for AIDL MACSEC HAL
Bug: 254108688
Test: AIDL MACSEC HAL VTS
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fba6480fa08001a36faf524d0a6952f29d916a6b)
Change-Id: I5ccaa24c6b9600713bbc0e4c523822567b64c662
2023-11-03 21:29:48 +00:00
Hasini Gunasinghe
947cae5e99 Merge "Add sepolicy for non-secure AuthGraph impl" into main am: daa1cec849 am: ec04b243e8 am: 525cb38304
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2786255

Change-Id: I641cc4d56e480121eca1bc5a7a45988fc5ee3c8c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-01 17:16:15 +00:00
Hasini Gunasinghe
daa1cec849 Merge "Add sepolicy for non-secure AuthGraph impl" into main 2023-11-01 16:27:51 +00:00
Treehugger Robot
ccc339bd41 Merge "To allow drm_clear_key_aidl hal to access mediacodec" into main am: cbe6fed87f am: cf9bb41748 am: d8b5101721
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2799335

Change-Id: I26eb6b866d5733f3663bd238e2652e0ea9b8665d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-10-27 20:17:41 +00:00
Treehugger Robot
cbe6fed87f Merge "To allow drm_clear_key_aidl hal to access mediacodec" into main 2023-10-27 18:45:24 +00:00
David Drysdale
c4ab01baad Add sepolicy for non-secure AuthGraph impl
Bug: 284470121
Bug: 291228560
Test: hal_implementation_test
Test: VtsAidlAuthGraphSessionTest
Change-Id: I85bf9e0656bab3c96765cc15a5a983aefb6af66d
2023-10-26 02:00:43 +00:00
Arun Johnson
dae1783848 To allow drm_clear_key_aidl hal to access mediacodec
Bug: 305163559
Change-Id: Iad16fd34c0b8f7071b43ae7fc19215319c8c9d82
2023-10-23 17:10:28 +00:00
Kiyoung Kim
e45b26e1b5 Merge "Bump android.hardware.graphics.common V4->V5" into main 2023-10-17 02:34:17 +00:00
Kiyoung Kim
00182ed748 Bump android.hardware.graphics.common V4->V5
Bump android.hardware.graphics.common from V4 to V5 with same process
library label.

Bug: 291142745
Test: Cheetah boot succeeded
Ignore-AOSP-First: changes in topics with internal-first/internal-only projects
Change-Id: I09d4d1c3150105b6f9804fd3edcb012af75966b0
2023-10-17 10:26:22 +09:00
Changyeon Jo
561930c06b Update hal_evs_default policy
- Allow to access writable graphics properties.
- Allow to perform binder IPC.

Bug: 303581276
Test: m -j selinux_policy
Change-Id: I02c8ccd416172e5f6c17eff6573137dd4a8147c7
2023-10-12 20:31:07 +00:00
Wonsik Kim
a981983e70 C2 AIDL sepolicy update
Bug: 251850069
Test: presubmit
Change-Id: Ica39920472de154aa01b8e270297553aedda6782
2023-09-06 14:30:26 -07:00
Yu Shan
df5cd6fe19 Allow remoteaccess V2 and VHAL v2/v3.
Test: None
Bug: 297271235
Change-Id: Icc6dbb007c50db6d8adf492726365fdc34a60e78
2023-08-23 17:20:15 -07:00
Kangping Dong
fce4ea7adf [Thread] add missing ioctl permission for ot_rcp
Otherwise, it throws permission denied error:
```
avc:  denied  { ioctl } for  path="/dev/pts/0" dev="devpts" ino=3 ioctlcmd=0x5401 scontext=u:r:ot_rcp:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0
```

Test: locally tested that this can fix the denied issue
Bug: 296969044
Change-Id: Ica28214693794b969138212ddb3d19f0dcc34bcf
2023-08-22 07:46:35 +00:00
Devika Krishnadas
d4908949ef Merge "Add label for allocator 2 service" into main 2023-07-20 18:36:23 +00:00
Devika Krishnadas
c850a596b9 Add label for allocator 2 service
Bug: 287353739

Change-Id: Ia78237361acac4b668d87ec94746e43945f58bbf
Signed-off-by: Devika Krishnadas <kdevika@google.com>
2023-07-19 20:20:52 +00:00
Kiyoung Kim
0c3a3fd799 Label former VNDK-SP libraries in vendor as sphal
When VNDK is being deprecated, former VNDK-SP libraries should be loaded
from vendor when system process uses SP-HAL, but this currently fails
because all former VNDK-SP libraries will be marked as vendor library.
This change labels former VNDK-SP libraries installed in the vendor
partition as same labels with SP-HAL libraries so it can be loaded from
system processes.

Bug: 291673098
Test: aosp_cf boot succeded with KEEP_VNDK=false build flag.
Change-Id: I2601ae8e7acd5bbd16fdbe6cee078dfcaa1a5aa2
2023-07-19 14:13:06 +09:00
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
2023-06-30 10:56:38 +08:00
Jeff Pu
1e09f2ebf7 Allow hal_fingerprint_default to have pipe read access
Bug: 284488745
Test: atest BiometricsE2eTests:BiometricPromptAuthSuccessTest
Change-Id: Ie69193964232b1a6b97877c650182fcdcd5b2cea
2023-06-09 13:56:28 +00:00
Peiyong Lin
54229d8157 Allow graphics_config_writable_prop to be modified.
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.

Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
2023-05-04 15:56:33 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL.
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
2023-04-10 17:42:51 -07:00
Changyeon Jo
89380c19c8 Allow EVS HAL to access graphics related properties
EVS Display HAL needs to access graphics related properties to configure
a pipeline to render the contents of graphics buffers.

Bug: 274695271
Test: m -j selinux_policy
Change-Id: I97a8a3f35f7118325cff9a8ae69485c0f73fe17f
2023-03-23 22:26:42 +00:00
Alice Wang
5e94b1698c [dice] Remove all the sepolicy relating the hal service dice
As the service is not used anywhere for now and in the near future.

Bug: 268322533
Test: m
Change-Id: I0350f5e7e0d025de8069a9116662fee5ce1d5150
2023-02-24 08:34:26 +00:00
Treehugger Robot
22d25dcae4 Merge "Map AIDL Gatekeeper to same policy as HIDL version" 2023-02-14 17:48:17 +00:00
Cody Northrop
e4e43ebad8 Allow camera HAL to read EGL vendor properties
Test: TreeHugger
Bug: b/267752967
Change-Id: I174420a3ef1f0059007616b4bee3091a888b1999
2023-02-09 17:55:03 +00:00
David Drysdale
c9529ff336 Map AIDL Gatekeeper to same policy as HIDL version
Bug: 268342724
Test: VtsHalGatekeeperTargetTest
Change-Id: Ifa90247753ae558f7bdb70cb4b4e494466cc457b
2023-02-08 18:42:17 +00:00
Alistair Delva
e7fc603518 Merge "Add missing permissions for default bluetooth hal" 2023-01-18 22:16:06 +00:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Henri Chataing
9ff3423527 Add missing permissions for default bluetooth hal
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
2023-01-12 19:02:57 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
KH Shi
8ae99b5e5f Update SEPolicy for Tetheroffload AIDL
Bug: b/205762647
Test: m
Change-Id: Iaf87e8a64a4a1af20f54e3c09c31d051acf549a1
2023-01-04 11:28:47 +08:00