Skip to content
Snippets Groups Projects
Select Git revision
  • test default
1 result
Search by author
  • Any Author
  • Admin, Lime Admin, Lime lime_admin
  • CodeLinaro CodeLinaro codelinaro
  • CodeLinaro Hoperun CodeLinaro Hoperun hoperun
  • Joshua S. (Stage) Joshua S. (Stage) joshua.sickmeyer
  • Park, Jae Woo Park, Jae Woo jaewpark
5 authors
  1. Mar 31, 2017
    • Shubang's avatar
      Add sepolicy for tv.input · c76e158c
      Shubang authored 
      Test: build, flash; adb shell lshal
Bug: 36562029
Change-Id: If8f6d8dbd99d31e6627fa4b7c1fd4faea3b75cf2
      c76e158c
  3. Mar 23, 2017
    • Martijn Coenen's avatar
      Initial sepolicy for vndservicemanager. · e7d8f4c3
      Martijn Coenen authored 
      vndservicemanager is the context manager for binder services
that are solely registered and accessed from vendor processes.

Bug: 36052864
Test: vendorservicemanager runs
Merged-In: Ifbf536932678d0ff13d019635fe6347e185ef387
Change-Id: I430f1762eb83825f6cd4be939a69d46a8ddc80ff
      e7d8f4c3
  5. Mar 22, 2017
    • Martijn Coenen's avatar
      Initial sepolicy for vndservicemanager. · cba70be7
      Martijn Coenen authored 
      vndservicemanager is the context manager for binder services
that are solely registered and accessed from vendor processes.

Bug: 36052864
Test: vendorservicemanager runs
Change-Id: Ifbf536932678d0ff13d019635fe6347e185ef387
      cba70be7
  7. Mar 21, 2017
  9. Mar 18, 2017
    • Alex Klyubin's avatar
      Switch Boot Control HAL policy to _client/_server · 09d13e73
      Alex Klyubin authored 
      This switches Boot Control HAL policy to the design which enables us
to conditionally remove unnecessary rules from domains which are
clients of Boot Control HAL.

Domains which are clients of Boot Control HAL, such as update_server,
are granted rules targeting hal_bootctl only when the Boot Control HAL
runs in passthrough mode (i.e., inside the client's process). When the
HAL runs in binderized mode (i.e., in another process/domain, with
clients talking to the HAL over HwBinder IPC), rules targeting
hal_bootctl are not granted to client domains.

Domains which offer a binderized implementation of Boot Control HAL,
such as hal_bootctl_default domain, are always granted rules targeting
hal_bootctl.

P. S. This commit removes direct access to Boot Control HAL from
system_server because system_server is not a client of this HAL. This
commit also removes bootctrl_block_device type which is no longer
used. Finally, boot_control_hal attribute is removed because it is now
covered by the hal_bootctl attribute.

Test: Device boots up, no new denials
Test: Reboot into recovery, sideload OTA update succeeds
Test: Apply OTA update via update_engine:
      1. make dist
      2. Ensure device has network connectivity
      3. ota_call.py -s <serial here> out/dist/sailfish-ota-*.zip
Bug: 34170079
Change-Id: I9c410c092069e431a3852b66c04c4d2a9f1a25cf
      09d13e73
  11. Mar 09, 2017
    • Po-Chien Hsueh's avatar
      sepolicy: Move hostapd to vendor · 9a293013
      Po-Chien Hsueh authored 
      Move hostapd to vendor/bin/ because it's only used by WIFI HAL.
This commit is for sepolicy corresponding changes.

Bug: 34236942
Bug: 34237659
Test: Hotspot works fine. Integration test.

Change-Id: I2ee165970a20f4015d5d62fc590d448e9acb92c1
      9a293013
  13. Mar 07, 2017
    • Roshan Pius's avatar
      sepolicy: Make wpa_supplicant a HIDL service · a976e64d
      Roshan Pius authored 
      Note: The existing rules allowing socket communication will be removed
once we  migrate over to HIDL completely.

(cherry-pick of 2a9595ed) 
Bug: 34603782
Test: Able to connect to wifi networks.
Test: Will be sending for full wifi integration tests
(go/wifi-test-request)
Change-Id: I9ee238fd0017ec330f6eb67ef9049211f7bd4615
      a976e64d
  15. Feb 28, 2017
  17. Feb 27, 2017
  19. Feb 24, 2017
    • Roshan Pius's avatar
      sepolicy: Make wpa_supplicant a HIDL service · 2a9595ed
      Roshan Pius authored 
      Note: The existing rules allowing socket communication will be removed
once we  migrate over to HIDL completely.

Bug: 34603782
Test: Able to connect to wifi networks.
Test: Will be sending for full wifi integration tests
(go/wifi-test-request)
Change-Id: I9ee238fd0017ec330f6eb67ef9049211f7bd4615
      2a9595ed
    • Amit Mahajan's avatar
      Move rild to vendor partition. · f7bed71a
      Amit Mahajan authored 
      Test: Basic telephony sanity
Bug: 35672432
Change-Id: I7d17cc7efda9902013c21d508cefc77baccc06a8
      f7bed71a
  21. Feb 16, 2017
    • Alex Klyubin's avatar
      Label /vendor/bin/hw on devices without vendor partition · 3001d5a3
      Alex Klyubin authored 
      SELinux labeling of filesystem files ignores symlinks. Unfortunately,
/vendor is a symlink on devices without vendor partition
(e.g., hikey). Thus, policy in directories which are used both for
devices with vendor partition and for devices without vendor partition
must be adjusted to match both /vendor and /system/vendor. It is
assumed that the /vendor symlink, if it exists at all, always points
to /system/vendor.

The alternative solution of adjusting vendor policy file labelling
rules at vendor policy build time, when the actual on-device paths are
known, was considered to make it harder to see how files are labelled
by looking solely at the source tree.

Test: Files under /vendor/bin/hw correctly labelled on sailfish,
      angler, and a device which uses the /vendor symlink.
Bug: 35431549
Change-Id: If6ccb2c9cb85b0589db03ab86de8071e15d5366f
      3001d5a3
  23. Feb 13, 2017