| 0d1f7d29f72a80ecc6d135b2cbad17e6a53dfbec |
|
09-May-2017 |
Martijn Coenen <maco@google.com> |
Grant CAP_SYS_NICE to processes that need it.
New binder kernel changes extend the areas where
binder will set real-time scheduling priorities
on threads; to make sure the driver can correctly
determine whether a process is allowed to run
at real-time priority or not, add the capability
to the services that need it.
Bug: 37293077
Test: processes run at real-time prio on incoming
real-time binder calls.
Change-Id: Ia4b3e5ecb1f5e18e7272bdaaad5c31a856719633
/system/sepolicy/public/hal_bluetooth.te
|
| 53656c1742c126c92df178ee143dec5dcf93c88a |
|
14-Apr-2017 |
Alex Klyubin <klyubin@google.com> |
Restrict access to hwservicemanager
This adds fine-grained policy about who can register and find which
HwBinder services in hwservicemanager.
Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
record video (slow motion and normal), and check that photos
look fine and videos play back with sound.
Test: Cast screen to a Google Cast device
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
make and install CtsMediaTestCases.apk
adb shell am instrument -e size small \
-w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Test: Adjust screen brightness via the slider in Quick Settings
Test: adb bugreport
Test: Enroll in fingerprint screen unlock, unlock screen using
fingerprint
Test: Apply OTA update:
Make some visible change, e.g., rename Settings app.
make otatools && \
make dist
Ensure device has network connectivity
ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip
Confirm the change is now live on the device
Bug: 34454312
(cherry picked from commit 632bc494f199d9d85c37c1751667fe41f4b094cb)
Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3
Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
/system/sepolicy/public/hal_bluetooth.te
|
| 1317b4ca23db18b039e30a3f42df2c2ccc13027a |
|
29-Mar-2017 |
Myles Watson <mylesgw@google.com> |
Disallow HAL access to Bluetooth data files
Devices that store their BT MAC address in /data/misc/bluedroid/ need
to find another place for that file.
Bug: 36602160
Test: Restart Bluetooth, check for selinux denials/files in /data/misc
Change-Id: Ib8d610f201a8c35f95b464c24857c6639205bc66
/system/sepolicy/public/hal_bluetooth.te
|
| 20b8d6b9a67fdced44773ee2f616ef7c55b2f011 |
|
22-Feb-2017 |
Myles Watson <mylesgw@google.com> |
Allow the Bluetooth HAL to toggle rfkill
Bug: 35657600
Test: user build of Marlin starts with BT
Change-Id: Ic2380da66467b9b1c385da7d7fa10fddf4c7fae1
/system/sepolicy/public/hal_bluetooth.te
|
| 168435fe0368f60ed693043e63fcb3370a95c8b8 |
|
17-Feb-2017 |
Alex Klyubin <klyubin@google.com> |
Switch Bluetooth HAL policy to _client/_server
This switches Bluetooth HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Bluetooth HAL.
Domains which are clients of Bluetooth HAL, such as bluetooth domain,
are granted rules targeting hal_bluetooth only when the Bluetooth HAL
runs in passthrough mode (i.e., inside the client's process). When the
HAL runs in binderized mode (i.e., in another process/domain, with
clients talking to the HAL over HwBinder IPC), rules targeting
hal_bluetooth are not granted to client domains.
Domains which offer a binderized implementation of Bluetooth HAL, such
as hal_bluetooth_default domain, are always granted rules targeting
hal_bluetooth.
Test: Toggle Bluetooth off and on
Test: Pair with another Android, and transfer a file to that Android
over Bluetooth
Test: Pair with a Bluetooth speaker, play music through that
speaker over Bluetooth
Test: Add bluetooth_hidl_hal_test to device.mk, build & add to device,
adb shell stop,
adb shell /data/nativetest64/bluetooth_hidl_hal_test/bluetooth_hidl_hal_test
Bug: 34170079
Change-Id: I05c3ccf1e98cbbc1450a81bb1000c4fb75eb8a83
/system/sepolicy/public/hal_bluetooth.te
|
| 6e3a5d005366cc3f785bd8fee7c2eb6d4173d939 |
|
08-Feb-2017 |
Andre Eisenbach <eisenbach@google.com> |
Bluetooth: Enable /proc access for vendor library low power control
Bug: 35097918
Test: manual
Change-Id: I84a1eaae99ebd04f0f8a6990b2f85ed7f2e11182
/system/sepolicy/public/hal_bluetooth.te
|
| a25192262b7bde0d480910b9662027c8617cccba |
|
18-Jan-2017 |
Steven Moreland <smoreland@google.com> |
haldomain: add hwbinder_use
All hals need to use hwbinder.
Test: no additional denials
Bug: 34180936
Change-Id: Ie92cdbd79fc75062c4afa4cda53cb57ccde7e370
/system/sepolicy/public/hal_bluetooth.te
|
| be27f92a3e3a8ece1d5819e3cfd9a4cb2c47c96e |
|
12-Oct-2016 |
Andre Eisenbach <eisenbach@google.com> |
Add selinux policy for Bluetooth HAL
Bug: 31972505
Test: VTS test passes, Bluetooth starts/stops
Change-Id: Ic068c9fca7c50e63c5b6e3d86a2ee6cc53207e08
/system/sepolicy/public/hal_bluetooth.te
|