SELinux policy changes to work with https://googleplex-android-review.git.corp.google.com/c/device/google/gs101/+/14997393
This allows the NNAPI HAL to make IPC calls to the Power HAL in order to request power hints
Bug: 191241561
Test: Pushed new SEPolicy to device, verified no AVC problems when making IPC calls
Change-Id: I8209b3677bedf908901389c07304f4478d0431b0
overcommit_memory info.
This is required as part of the compilation process, likely part of
the jemalloc which was added recently.
Bug: 190790251
Test: verified on local P21 device.
Change-Id: I4d90ea92afd7beaa4c4efa6ed509d703764932a1
The label "persist_ss_file" was created for "/mnt/vendor/persist/ss(/.*)?".
But we erroneously didn't assign the label to the path.
This patch fixes the error.
Bug: 173971240
Bug: 173032298
Test: Trusty storage tests
Change-Id: I8e891ebd90ae47ab8a4aad1c2b0a3bbb734174d8
- add selinuxfs:file for AP TCP dump
- allow userdebug or eng
Bug: 188422036
Signed-off-by: Jiyoung <ji_young.bae@samsung.com>
Change-Id: I9502f9f7320ca4ee298b38e40da0ccf11adfba7f
reuse logbuffer_device group as dumpstate hal already has read perms
on this group.
Bug: 188285071
Test: adb bugreport to include a trusty section in dumpstate_board.txt
Change-Id: I623a5d450bdbe2ceef4fe460bf31bfe740d847b2
The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.
This addresses the following SE policy denial
auditd : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0
Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
In order to access the darwinn metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses. This CL adds the same_process_hal_file tag to allow this exception.
Bug: 190661153, 151063663
Test: App can load the .so and not crash after this change.
Before: No permission to access namespace.
(https://paste.googleplex.com/6602755121610752)
After: GCA doesn't crash on load.
Change-Id: I8671732184bbbe283c94d1acd3bb1ff397fe651c
Fix the following avc denial:
SELinux : avc: denied { find } for pid=1055 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0
Bug: 185893477
Test: Observe from systrace that the CPU frequency is boosted when
running fingerprint algorithm.
Change-Id: I245058b912ec2af3555154934dbe722b445181a9
Bug: 190331327
Bug: 190331548
Bug: 189895600
Bug: 190331108
Bug: 182524105
Bug: 183935302
Test: build ROM and check if the modules and sepolicy are still there
Change-Id: I40391a239a16c4fe79d58fab209dcbd1a8f25ede
