remove mediacodec_samsung sepolicy in legacy path since we will include it from gs-common.
Bug: 318793681
Test: build pass, camera record, youtube
Change-Id: Idc0e19348d1e113e95305279aebbbaf82c79d730
The XHCI driver in kernel will write debugging information to DebugFS on
some USB host operations (for example: plugging in a USB headphone). We
are not using those information right now.
Bug: 311088739
Test: No error when plugging a USB headphone in.
Change-Id: If7c511f4466959d819f2672ae8f82a8a8dae83e4
Contexthub (CHRE) team is removing the chre daemon and incorporating
its functionalities into the next gen HAL. This CL copied the
permissions we received in whitechapel/vendor/google/chre.te to
hal_contexthub.te to enable the same set of permissions on gs101.
Bug: 247124878
Test: launch the hal process on oriole and verify it can perform
required operations such as loading nanoapps holding wakelocks,
query nanoapps, etc.
Change-Id: I8ce6b4f7f411e50cf454bb5f1286f73d4d46aced
The MDS will be signed with platform key and become a platform app. To
make the selinux rules for modem_diagnostic_app work, need to set it to
platform app in app context.
Bug: 287683516
Test: Tested with both dev key or platform key signed MDS apps and the selinux rules works.
Change-Id: If890f7caaac33e5ddc6c02cc8084654a10cea416
Bug: 305120274
Test: Compile pass. Flash the build to WHI devices and no sensor
related avc denied log.
Change-Id: I56174a24d159968c01d1572e84f4bcdd7930a709
Signed-off-by: Rick Chen <rickctchen@google.com>
1. Move rls_service context from vndservice_contexts to
service_contexts.
2. Allow binder calls from rlsservice to servicemanager
3. Change rls_service type from vndservice_manager_type to
service_manager_type.
Bug: 301520085
Test: GCA
Change-Id: I7badfe2ddb73b13884b54d2c8972e1921af6ea38
The i2c-7/7-0043 label is shared with both i2c-7/i2c-cs40l25a and
i2c-7/i2c-cs40l26a nodes. To make it clear that these all are related,
let's move i2c-7/i2c-cs40l26a to gs101-sepolicy and have all the gs101
vibrator policy labels together.
Bug: 302549624
Bug: 291606723
Test: Verify i2c nodes on r4
Fixes: ccdd975a88d0 ("Update the cs40l26a i2c device node sepolicy labeling")
Change-Id: I2950a2c064e31e300d07f124cf1a7bfc00ae58c3
This change needs to be merged with the corresponding kernel change that
sets the i2c bus aliases correctly to match the existing v5.10 bus
probe ordering.
To verify the sepolicy labeling doesn't change, run the below commands
and diff the stdout on builds with and without the changes. For extra
credit, verify the nodes are labeled the same when upgrading the kernel
to v6.1 (with the correct i2c aliases to match the existing policy):
acpm_bus_array=("acpm_mfd_bus@17500000" "acpm_mfd_bus@17510000")
for bus in ${acpm_bus_array[@]}; do
adb shell ls -ZR /sys/devices/platform/${bus}/i2c-*;
done
bus_array=("10960000" "10970000" "10d50000" "10900000")
for bus in ${bus_array[@]}; do
adb shell ls -ZR /sys/devices/platform/${bus}.hsi2c/i2c-*;
done
Test: verify on r4
Bug: 291606723
Change-Id: Ifbfc53fbeb39a47cda4263fc706f11af6675d90e
This change needs to be merged with the corresponding kernel change that
sets the i2c bus aliases correctly to match the existing v5.10 bus
probe ordering.
To verify the sepolicy labeling doesn't change, run the below commands
and diff the stdout on builds with and without the changes. For extra
credit, verify the nodes are labeled the same when upgrading the kernel
to v6.1 (with the correct i2c aliases to match the existing policy):
acpm_bus_array=("acpm_mfd_bus@17500000" "acpm_mfd_bus@17510000")
for bus in ${acpm_bus_array[@]}; do
adb shell ls -ZR /sys/devices/platform/${bus}/i2c-*;
done
bus_array=("10960000" "10970000" "10d50000" "10900000")
for bus in ${bus_array[@]}; do
adb shell ls -ZR /sys/devices/platform/${bus}.hsi2c/i2c-*;
done
Test: verify on r4
Bug: 291606723
Change-Id: Id5b9021cdbf4b9d3578d5e9ee655463ab62dcd12
Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.
Bug: 280547417
Test: build bluejay and boot test
Change-Id: I48441749de4eb1de90ce5a307b1d47ae3cb9592d
As part of Treble, enforce that vendor's seapp_contexts can't label apps
using coredomains. Apps installed to system/system_ext/product should be
labeled with platform side sepolicy.
This change marks violating domains that need to be fixed.
Bug: 296512193
Test: build oriole and see build log
Change-Id: I7d5b91014362a64f3d66b3913d4d1bc773d922c8
Grant access to USB sysfs attributes.
Bug: 285199434
Test: no audit log in logcat after command execution
Change-Id: Ic9c61cb5153e06eb9db15f4451a4e6769d688431
Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.
Bug: 280547417
Test: TH
Change-Id: I68d6564ca9e5ba77d3562b6c73b32cd1713001f7
libdmabufheap is former VNDK-SP library, and will be marked as sp-hal
sepolicy label by default. Current definition on gs-101 creates conflict
with generic sepolicy update. This change removes label on libdmabufheap
from gs101 and move it to generic sepolicy.
Bug: 291673098
Test: N/A
Change-Id: Ida23dc71e9794aa86e8b50ed927dc6b5fa57ea91
Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches
Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Bug: 287069860
Test: m && flashall
Change-Id: Icf52453dc2a0a4d60958b8fe76509f385ac6fae2
