Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.
Bug: 280547417
Test: TH
Change-Id: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
Merged-In: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
(cherry picked from commit 63200470b8)
Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches
Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Bug: 287069860
Test: m && flashall
Change-Id: I01fc4a31db761cb3dbb5dc93eb9e0b4d569b82f7
Add selinux rule to allow new V2 interface file alongside of V1 used up to r43p0.
The V1 entry will be removed once the r44p0 UMD update completes.
This decouples small changes from large, potentially intrusive ones in
other repositories.
Bug: 284254900
Change-Id: Ia928f871d8ea1fdbfb963cecb8fc4a99947e443e
Revert submission 23817868-revert-23736941-tpsr-ril-property-WQVGKEVBKX
Reason for revert: The root cause is missing property definition in gs101-sepolicy. This CL can be merged safely. Verified by abtd run: https://android-build.googleplex.com/builds/abtd/run/L48900000961646046
Reverted changes: /q/submissionid:23817868-revert-23736941-tpsr-ril-property-WQVGKEVBKX
Bug: 286476107
Change-Id: I81a350f1df3c9071945e484277ed7fab5ae4c60e
RILD listens for changes to this property. If the value changes to 1, RILD will restart itself and set this property back to 0.
The TelephonyGoogle app will set this property to 1 when it receives a request from the SCONE app. Since TelephonyGoogle runs in the com.android.phone process, we also need to give the radio domain permission to set the telephony.ril.silent_reset property.
Bug: 286476107
Test: manual
Change-Id: I363b44a1a44184df05449ceb97089bb9e0211550
fix build breakage:
device/google/zumapro-sepolicy/legacy/whitechapel_pro/file.te:4:ERROR 'Duplicate declaration of type' at token ';' on line 104436:
type tcpdump_vendor_data_file, file_type, data_file_type;
type updated_wifi_firmware_data_file, file_type, data_file_type;
Bug: 272725898
Change-Id: Ic17d18409c28760d172a4ee7a5beb6c90016a381
Mali driver (and codec HAL as well) require direct access to video
secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly
write blanket rules for all the scontext. So, we piggyback on
dmabuf_system_secure_heap_device to allow all scontext to be able to use
these device nodes.
This is just as secure as dmabuf_system_secure_heap_device in that case.
There is no additional security impact. An app can still use gralloc to
allocate buffers from these heaps and disallowing access to these heaps
to the intended users.
Bug: 278513588
Test: Trusting result of ag/22743596 (no zumapro device yet)
Change-Id: I2fd77e6694cdd4d1e51c9f01f4ae2b9f9670cea0
We will introduce it into gs-common
Bug: 276901078
Change-Id: I395e3ca45a3ad4aa346e56fd8746ffc70ae94107
Signed-off-by: Minchan Kim <minchan@google.com>
