Support both 1.0 and 1.1.
Bug: 186539538
Test: run vts -m VtsHalTetheroffloadControlV1_0TargetTest
run vts -m VtsHalTetheroffloadControlV1_1TargetTest
Signed-off-by: Namkyu Kim <namkyu78.kim@samsung.com>
Change-Id: I76a26dcd22e1c8985d470a39b9aeae618f459d00
declares new device context for mfg_data_block_device
give fp HAL permission to read/write/open
give fp HAL permission to search block_device dir
Bug: 189135413
Test: sideload calibration in enforcing mode.
Change-Id: I19e0cd13fc452b42c3f35772c4bafd433dbcc8b1
The avc denials are listed in b/192208389#comment10.
Bug: 192208389
Test: Manually tested
Change-Id: Ib2e3cf498851c0c9e5e74aacc9bf391549c0ad1a
Signed-off-by: Darren Hsu <darrenhsu@google.com>
The label "persist_ss_file" was created for "/mnt/vendor/persist/ss(/.*)?".
But we erroneously didn't assign the label to the path.
This patch fixes the error.
Bug: 173971240
Bug: 173032298
Test: Trusty storage tests
Change-Id: I8e891ebd90ae47ab8a4aad1c2b0a3bbb734174d8
reuse logbuffer_device group as dumpstate hal already has read perms
on this group.
Bug: 188285071
Test: adb bugreport to include a trusty section in dumpstate_board.txt
Change-Id: I623a5d450bdbe2ceef4fe460bf31bfe740d847b2
In order to access the darwinn metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses. This CL adds the same_process_hal_file tag to allow this exception.
Bug: 190661153, 151063663
Test: App can load the .so and not crash after this change.
Before: No permission to access namespace.
(https://paste.googleplex.com/6602755121610752)
After: GCA doesn't crash on load.
Change-Id: I8671732184bbbe283c94d1acd3bb1ff397fe651c
Bug: 190331327
Bug: 190331548
Bug: 189895600
Bug: 190331108
Bug: 182524105
Bug: 183935302
Test: build ROM and check if the modules and sepolicy are still there
Change-Id: I40391a239a16c4fe79d58fab209dcbd1a8f25ede
Bug: 189895314
Bug: 171160755
Bug: 171670122
Bug: 180858476
Test: make sure all affected devices' armnn module has the right label
Change-Id: I6ca736f156497738167ba5eea5606a0e654611b9
The GPU driver uses vframe-secure for secure allocations, so the
corresponding DMA heap file should be visible to all processes so
use the dmabuf_system_secure_heap_device type instead.
In order for this type to be used, we need to ensure that the HAL
Allocator has access to it, so update hal_graphics_allocator_default.te
Finally, since there are no longer any buffer types associated with the
vframe_heap_device type, remove it.
Bug: 182090311
Test: run cts-dev -m CtsDeqpTestCases --module-arg CtsDeqpTestCases:include-filter:dEQP-VK.protected_memory.stack.stacksize_64 and ensure secure allocations succeed
Test: Play DRM-protected video in ExoPlayer and ensure videos render correctly via MFC->DPU.
Change-Id: Id341e52322a438974d4634a4274a7be2ddb4c9fe
edgetpu_service was splitted into two in previous change:
edgetpu_service and edgetpu_vendor_service, where the new
vendor service for vendor clients, and the old service keeps
serving app clients.
This change updated the SELinux policy to rename the edgetpu_service
into edgetpu_app_service to make the purpose clearer.
Bug: 188463446
Test: Oriole + GCA
Change-Id: I3a133319edc84fc02ef211934d0542575580da14
GPU nnhal needed a file update when update upgrading to 1.3 revision,
modify this so the device uses all the 1.2 rules.
Fixes: 187981206
Test: make sure hal starts
Change-Id: Ie1054fc092f1aa459cd36b6eb0f0a1a5cc032dbc
and logbuffer_btuart device node
* add sepolicy rules to let bthal can access bluetooth kernel device
nodes dev/logbuffer_btlpm and dev/logbuffer_tty16 in engineer
or user debug build
Bug: 177794127
Test: Manually
Change-Id: I5253719df82ca7ef8e64cbd3f2b0ff6d3f088edc
