0d1f7d29f72a80ecc6d135b2cbad17e6a53dfbec |
|
09-May-2017 |
Martijn Coenen <maco@google.com> |
Grant CAP_SYS_NICE to processes that need it. New binder kernel changes extend the areas where binder will set real-time scheduling priorities on threads; to make sure the driver can correctly determine whether a process is allowed to run at real-time priority or not, add the capability to the services that need it. Bug: 37293077 Test: processes run at real-time prio on incoming real-time binder calls. Change-Id: Ia4b3e5ecb1f5e18e7272bdaaad5c31a856719633
/system/sepolicy/public/hal_bluetooth.te
|
53656c1742c126c92df178ee143dec5dcf93c88a |
|
14-Apr-2017 |
Alex Klyubin <klyubin@google.com> |
Restrict access to hwservicemanager This adds fine-grained policy about who can register and find which HwBinder services in hwservicemanager. Test: Play movie in Netflix and Google Play Movies Test: Play video in YouTube app and YouTube web page Test: In Google Camera app, take photo (HDR+ and conventional), record video (slow motion and normal), and check that photos look fine and videos play back with sound. Test: Cast screen to a Google Cast device Test: Get location fix in Google Maps Test: Make and receive a phone call, check that sound works both ways and that disconnecting the call frome either end works fine. Test: Run RsHelloCompute RenderScript demo app Test: Run fast subset of media CTS tests: make and install CtsMediaTestCases.apk adb shell am instrument -e size small \ -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner' Test: Play music using Google Play music Test: Adjust screen brightness via the slider in Quick Settings Test: adb bugreport Test: Enroll in fingerprint screen unlock, unlock screen using fingerprint Test: Apply OTA update: Make some visible change, e.g., rename Settings app. make otatools && \ make dist Ensure device has network connectivity ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip Confirm the change is now live on the device Bug: 34454312 (cherry picked from commit 632bc494f199d9d85c37c1751667fe41f4b094cb) Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3 Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
/system/sepolicy/public/hal_bluetooth.te
|
1317b4ca23db18b039e30a3f42df2c2ccc13027a |
|
29-Mar-2017 |
Myles Watson <mylesgw@google.com> |
Disallow HAL access to Bluetooth data files Devices that store their BT MAC address in /data/misc/bluedroid/ need to find another place for that file. Bug: 36602160 Test: Restart Bluetooth, check for selinux denials/files in /data/misc Change-Id: Ib8d610f201a8c35f95b464c24857c6639205bc66
/system/sepolicy/public/hal_bluetooth.te
|
20b8d6b9a67fdced44773ee2f616ef7c55b2f011 |
|
22-Feb-2017 |
Myles Watson <mylesgw@google.com> |
Allow the Bluetooth HAL to toggle rfkill Bug: 35657600 Test: user build of Marlin starts with BT Change-Id: Ic2380da66467b9b1c385da7d7fa10fddf4c7fae1
/system/sepolicy/public/hal_bluetooth.te
|
168435fe0368f60ed693043e63fcb3370a95c8b8 |
|
17-Feb-2017 |
Alex Klyubin <klyubin@google.com> |
Switch Bluetooth HAL policy to _client/_server This switches Bluetooth HAL policy to the design which enables us to conditionally remove unnecessary rules from domains which are clients of Bluetooth HAL. Domains which are clients of Bluetooth HAL, such as bluetooth domain, are granted rules targeting hal_bluetooth only when the Bluetooth HAL runs in passthrough mode (i.e., inside the client's process). When the HAL runs in binderized mode (i.e., in another process/domain, with clients talking to the HAL over HwBinder IPC), rules targeting hal_bluetooth are not granted to client domains. Domains which offer a binderized implementation of Bluetooth HAL, such as hal_bluetooth_default domain, are always granted rules targeting hal_bluetooth. Test: Toggle Bluetooth off and on Test: Pair with another Android, and transfer a file to that Android over Bluetooth Test: Pair with a Bluetooth speaker, play music through that speaker over Bluetooth Test: Add bluetooth_hidl_hal_test to device.mk, build & add to device, adb shell stop, adb shell /data/nativetest64/bluetooth_hidl_hal_test/bluetooth_hidl_hal_test Bug: 34170079 Change-Id: I05c3ccf1e98cbbc1450a81bb1000c4fb75eb8a83
/system/sepolicy/public/hal_bluetooth.te
|
6e3a5d005366cc3f785bd8fee7c2eb6d4173d939 |
|
08-Feb-2017 |
Andre Eisenbach <eisenbach@google.com> |
Bluetooth: Enable /proc access for vendor library low power control Bug: 35097918 Test: manual Change-Id: I84a1eaae99ebd04f0f8a6990b2f85ed7f2e11182
/system/sepolicy/public/hal_bluetooth.te
|
a25192262b7bde0d480910b9662027c8617cccba |
|
18-Jan-2017 |
Steven Moreland <smoreland@google.com> |
haldomain: add hwbinder_use All hals need to use hwbinder. Test: no additional denials Bug: 34180936 Change-Id: Ie92cdbd79fc75062c4afa4cda53cb57ccde7e370
/system/sepolicy/public/hal_bluetooth.te
|
be27f92a3e3a8ece1d5819e3cfd9a4cb2c47c96e |
|
12-Oct-2016 |
Andre Eisenbach <eisenbach@google.com> |
Add selinux policy for Bluetooth HAL Bug: 31972505 Test: VTS test passes, Bluetooth starts/stops Change-Id: Ic068c9fca7c50e63c5b6e3d86a2ee6cc53207e08
/system/sepolicy/public/hal_bluetooth.te
|