Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.
Bug: 280547417
Test: TH
Change-Id: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
Merged-In: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
(cherry picked from commit 63200470b8)
Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches
Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Bug: 287069860
Test: m && flashall
Change-Id: I01fc4a31db761cb3dbb5dc93eb9e0b4d569b82f7
Add selinux rule to allow new V2 interface file alongside of V1 used up to r43p0.
The V1 entry will be removed once the r44p0 UMD update completes.
This decouples small changes from large, potentially intrusive ones in
other repositories.
Bug: 284254900
Change-Id: Ia928f871d8ea1fdbfb963cecb8fc4a99947e443e
fix build breakage:
device/google/zumapro-sepolicy/legacy/whitechapel_pro/file.te:4:ERROR 'Duplicate declaration of type' at token ';' on line 104436:
type tcpdump_vendor_data_file, file_type, data_file_type;
type updated_wifi_firmware_data_file, file_type, data_file_type;
Bug: 272725898
Change-Id: Ic17d18409c28760d172a4ee7a5beb6c90016a381
Mali driver (and codec HAL as well) require direct access to video
secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly
write blanket rules for all the scontext. So, we piggyback on
dmabuf_system_secure_heap_device to allow all scontext to be able to use
these device nodes.
This is just as secure as dmabuf_system_secure_heap_device in that case.
There is no additional security impact. An app can still use gralloc to
allocate buffers from these heaps and disallowing access to these heaps
to the intended users.
Bug: 278513588
Test: Trusting result of ag/22743596 (no zumapro device yet)
Change-Id: I2fd77e6694cdd4d1e51c9f01f4ae2b9f9670cea0
We will introduce it into gs-common
Bug: 276901078
Change-Id: I395e3ca45a3ad4aa346e56fd8746ffc70ae94107
Signed-off-by: Minchan Kim <minchan@google.com>
