Bug: 215271971
Test: no sepolicy for hardware info
Signed-off-by: Denny cy Lee <dennycylee@google.com>
Change-Id: Ia7bfd171fe724848e9a6f0c1adab59402d2788a9
Stop using these attributes since these will be removed soon. This
commit reverts 37b5741301 ("Add the 'bdev_type' attribute to all block
device types").
Bug: 202520796
Test: Untested.
Change-Id: I00f10d1fd164b6ca01ecd5cffd2012acfc05eeca
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Add rules for sysfs_st33spi
Separate hal_secure_element_st54spi and st33spi form default
Bug: 193417907
Test: VtsHalSecureElementV1_2TargetTest,
VtsHalSecureElementV1_1TargetTest,
VtsHalSecureElementV1_0TargetTest,
CtsOmapiTestCases
Change-Id: I444af2e38fc120d173445bce48b7e4d381201a91
Bug: 195964858
Test: Paired a Sony PS4 controller and verified that it's discovered by
the dynamic sensor HAL.
Test: See details in testing done comment in
https://googleplex-android-review.git.corp.google.com/15847652 .
Change-Id: Ic0bdd711d066a9793eba305102e9a850e3973856
The following patch introduces code that iterates over all block
devices:
https://android-review.googlesource.com/c/platform/system/core/+/1783847/9
The following patch grants 'init' and 'apexd' permission to iterate over
all block devices:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947
The above SELinux policy change requires to add the 'bdev_type'
attribute to all block devices. Hence this patch.
Bug: 194450129
Bug: 196982345
Test: Built Android images that include this change and verified that neither init nor apexd triggers any SELinux access denied errors.
Change-Id: I6ce1127f199c5b33812f15fe280d86594d7d7ebf
Signed-off-by: Bart Van Assche <bvanassche@google.com>
declares new device context for mfg_data_block_device
give fp HAL permission to read/write/open
give fp HAL permission to search block_device dir
Bug: 189135413
Test: sideload calibration in enforcing mode.
Change-Id: I19e0cd13fc452b42c3f35772c4bafd433dbcc8b1
Bug: 190331327
Bug: 190331548
Bug: 189895600
Bug: 190331108
Bug: 182524105
Bug: 183935302
Test: build ROM and check if the modules and sepolicy are still there
Change-Id: I40391a239a16c4fe79d58fab209dcbd1a8f25ede
The GPU driver uses vframe-secure for secure allocations, so the
corresponding DMA heap file should be visible to all processes so
use the dmabuf_system_secure_heap_device type instead.
In order for this type to be used, we need to ensure that the HAL
Allocator has access to it, so update hal_graphics_allocator_default.te
Finally, since there are no longer any buffer types associated with the
vframe_heap_device type, remove it.
Bug: 182090311
Test: run cts-dev -m CtsDeqpTestCases --module-arg CtsDeqpTestCases:include-filter:dEQP-VK.protected_memory.stack.stacksize_64 and ensure secure allocations succeed
Test: Play DRM-protected video in ExoPlayer and ensure videos render correctly via MFC->DPU.
Change-Id: Id341e52322a438974d4634a4274a7be2ddb4c9fe
Add twoshay and touch input context library permissions
Bug: 173330899
Bug: 173330981
Test: check boot-time twoshay startup and no denials.
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
Change-Id: I68aace66f49c2af1ebfd4bde7082039f9caf3f64
Signed-off-by: Tai Kuo <taikuo@google.com>
