reuse logbuffer_device group as dumpstate hal already has read perms
on this group.
Bug: 188285071
Test: adb bugreport to include a trusty section in dumpstate_board.txt
Change-Id: I623a5d450bdbe2ceef4fe460bf31bfe740d847b2
The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.
This addresses the following SE policy denial
auditd : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0
Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
Fix the following avc denial:
SELinux : avc: denied { find } for pid=1055 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0
Bug: 185893477
Test: Observe from systrace that the CPU frequency is boosted when
running fingerprint algorithm.
Change-Id: I245058b912ec2af3555154934dbe722b445181a9
Bug: 190331327
Bug: 190331548
Bug: 189895600
Bug: 190331108
Bug: 182524105
Bug: 183935302
Test: build ROM and check if the modules and sepolicy are still there
Change-Id: I40391a239a16c4fe79d58fab209dcbd1a8f25ede
Bug: 189895314
Bug: 171160755
Bug: 171670122
Bug: 180858476
Test: make sure all affected devices' armnn module has the right label
Change-Id: I6ca736f156497738167ba5eea5606a0e654611b9
Test: 1. build selinux and push related files to phone
2. Use ls -Z "file" to check if selinux content of file is
expected
3. P21 camera checklist
Bug: 168654554
Change-Id: Ie757dd3e8adc151c6340e9ca662efbdf0ccb6110
displaycolor service runs in HW Composer. This change allow displaycolor
to output to dumpstate via pipe fd.
Bug: 189846843
Test: adb bugreport and check displaycolor dump in dumpstate_board.txt
Change-Id: I109db9374124caf9053a9fd7ba6159f83c372038
The GPU driver uses vframe-secure for secure allocations, so the
corresponding DMA heap file should be visible to all processes so
use the dmabuf_system_secure_heap_device type instead.
In order for this type to be used, we need to ensure that the HAL
Allocator has access to it, so update hal_graphics_allocator_default.te
Finally, since there are no longer any buffer types associated with the
vframe_heap_device type, remove it.
Bug: 182090311
Test: run cts-dev -m CtsDeqpTestCases --module-arg CtsDeqpTestCases:include-filter:dEQP-VK.protected_memory.stack.stacksize_64 and ensure secure allocations succeed
Test: Play DRM-protected video in ExoPlayer and ensure videos render correctly via MFC->DPU.
Change-Id: Id341e52322a438974d4634a4274a7be2ddb4c9fe
This is needed to allow USB HAL to create multi-config gadget
(ie. rndis + ncm).
Bug: 172793258
Test: built and booted on oriole
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifb98b23138122ad4e0aeea8dd9c93d7b3e16d3aa
As shannon-rcs has been changed from system app
to non-system app, sepolicy has to be updated.
Bug: 186135775
Bug: 189707387
Test: sanity test
Signed-off-by: jznpark <jzn.park@samsung.com>
Change-Id: I32cce90611c619494136a6b1d01b3fb48330d169
This CL adds the "mlstrustedobject" to types for files involved in the
SJTAG authentication flow, in order to address MLS-based AVC denials.
Bug: 189466122
Test: No more AVC denials when activating SJTAG in BetterBug
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Change-Id: Ieb88653830ce95751eee5cf26c26fd6302067bce
