Fixes the following denials:
avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0
avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0
avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0
Bug: 182525521
Test: no more denials and able to play video via ExoPlayer App
Change-Id: I21033bc78858fd407c16d2cd2df4549f97273221
Bug: 184093803
Test: boot with the permission error gone
03-31 11:11:19.447 1 1 E init : Do not have permissions to
set ...
Change-Id: Idc4023b2fa1b04ae4a4b95a2e105700e89e9dffa
Need to grant gpu_device dir search permission to be able to render UI
on cuttlefish.
Fixes: 183995046
Test: atest WirecutterTests
Change-Id: I122e541188ce659381769339e3f9e6b720441a92
Allows hwservice to see armnn nnhal.
Fixes: 183917925
Test: build, check for absence of error msg in logcat.
Test: run_nnapi_tests for darwinn
Test: CtsNNAPITestCases64 --hal_service_instance=android.hardware.neuralnetworks@1.3::IDevice/google-edgetpu --gtest_filter="TestGenerated*"
Change-Id: I9778e92d6f15e9aa74774c6a8d143969951046eb
Both services invoke InitGoogle in order to use google utilities (e.g.
file). Since InitGoogle reads the kernel info from /proc/version,
this change added the corresponding selinux rules to allow that.
Bug: 183935416
Test: tested on Oriole.
Change-Id: Icb8f3a57e249774b5fad3284413661b04ff7dae6
The EdgeTPU service libraries (libedgetpu_client.google.so and
com.google.edgetpu-V1-ndk.so) provide both the system_ext and
vendor variants. Since these need to be linked by pre-built
applications from /product/, this change labelled them as
the same_process_hal_file in order to allow the applications
to link with the vendor variant.
Bug: 184008444
Test: tested on local Oriole with GCA.
Change-Id: I8c510f51ccc1a76d14978962d72fd91f15bf7a90
- Grant access to DMA system heap for Tuscany.
- Reorder statements for more logical grouping.
- Allow access to isolated tmpfs for google3 prebuilts.
- Remove fixed denials.
Bug: 181913550
Bug: 182705901
Test: Inspected logcat, no denials from hal_camera_default
Change-Id: I9bf1ce207c3bcae1b9f9ab0f0072bb7501201451
03-29 15:18:56.425 root 1 1 E init : Do not have permissions to set 'ro.vendor.config.build_carrier' to 'europen' in property file '/vendor/build.prop': SELinux permission check failed
Bug: 183919837
Test: verified with the forrest ROM and error log gone
Change-Id: I87cc05306f9c038df779040514a879fc2b8ab929
Allow radio extension hal to forward coexistence message from modem to
bluetooth hal.
Bug: 183978772
Test: Check selinux denials
Change-Id: Idc288ce2a1fdcf380301e2d7c10ea03af520e4d0
For steadiface and eis, they needs to create debug folders and files
under /data/vendor/camera.
Bug: 183708219
Test: GCA and check debug files
Change-Id: I5b87120702278199ac4f98cfa9114be47c760433
Neuralnetworks for armnn driver needs GPU access in order to issue
OpenCL commands to GPU. Add rule that allows this.
Fixes: 183673130
Test: setenforce 1, stop and start hal, see that hal started.
Change-Id: I9be0ee4326e5e128a37f2c4df0878f8fbbea7f8d
