- Change the sepolicy name from platfrom_app to exo_app.
- Selinux avc log:
E/SELinux: avc: denied { find } for interface=vendor.google.exo_camera_injection::IExoCameraInjection sid=u:r:exo_app:s0:c248,c256,c512,c768 pid=11479 scontext=u:r:exo_app:s0:c248,c256,c512,c768 tcontext=u:object_r:hal_exo_camera_injection_hwservice:s0 tclass=hwservice_manager permissive=0
Bug: 184736718
Test: Verified exo_camera_injection provider service use cases function as expected; no denials.
Change-Id: I08887b8b6020cb7b3fb3da77cea9a1f453655bea
In original design, pixellogger was included in Pixelize mk file,
but the sepolicy are defined by the product specific te file.
These are not aligned and have dependency concern if add new sepolicy rule
in Pixelize te file.
This change remove the Pixelize rule from the device specifc te file.
And the Pixelize rule will be defined by
hardware/google/pixel-sepolicy/logger_app/logger_app.te
Bug: 159650456
Test: Pixel Logger is workable
Change-Id: If13e05b7979f7be02a728b40f8032b81f7c53e06
Missing binder configuration for dmd to return responses to modem
logging control binary, for cases when it needs to get log mask
configuration information.
Bug: 184605350
Test: Check logging works with selinux enabled.
Change-Id: Ia9a80870927fd890266f702b091343b4b4018673
check audio state for SSR usage
Test: local with enforcing mode
Bug: 184239981
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I45db556434251576a1d691f1aebf2940fff283fe
This is to fix below avc denial:
E SELinux : avc: denied { find } for pid=28954 uid=1000
name=rlsservice scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:rls_service:s0 tclass=service_manager permissive=0
The solution is similar to ag/7253836 (coral) and ag/10232101 (redbull).
Fix: 183620858
Test: adb shell setprop persist.vendor.camera.dump_range_data 1 &&
adb shell pkill -f camera, then retest camera
Change-Id: I6bb743c15ee64e3c4ecb8359126b238554aa649e
The EdgeTPU service will read properties including
"vendor.edgetpu.service.allow_unlisted_app". This change added the
related SELinux rule for it.
Bug: 182209462
Test: tested on local Oriole + GCA
Change-Id: I8e7f7975bf144593d00a305554d75a5e0200a428
Radio vendor silent logging app needs access to the vendor slog
properties in order to configure logging.
Bug: 184102091
Test: Check vendor silent logging app works.
Change-Id: I1a7c590b80d94c0b147743372ba3cd1a0817baf3
This reverts commit 7c92613185.
Reason for revert: This commit breaks camera recording
Bug: 184154831
Change-Id: Ia4286dab9c5d44c59a3b224e0e24c191eb2be84b
Fixes the following denials:
avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0
avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0
avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0
Bug: 182525521
Test: no more denials and able to play video via ExoPlayer App
Change-Id: I21033bc78858fd407c16d2cd2df4549f97273221
Bug: 184093803
Test: boot with the permission error gone
03-31 11:11:19.447 1 1 E init : Do not have permissions to
set ...
Change-Id: Idc4023b2fa1b04ae4a4b95a2e105700e89e9dffa
