Add selinux policy for hdcpd. #196
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added sepolicy for USB Camera to avoid the permission issue on sepolicy 'enforcing' mode. Jira: None Test: USB Camera is working fine with 3rd party apps Signed-off-by: Muhammad Aksar <[email protected]>
Jira: None Test: None Signed-off-by: sgnanase <[email protected]>
Jira: none Test: none Signed-off-by: saranya <[email protected]>
Patch lets search for hwcomposer also work with postfix. Path is used for exports required for HWC Validation. JIRA:None Tests:compilation of hwcomposer validation works fine. Signed-off-by:Munish Bhardwaj<[email protected]>
This patch enable coredump by adding "debug-coredump: true" into mixin spec file and enable "ELF_CORE" in kernel config. Jira: Link to Jira [Default:None.] Test: Test in on KBL-NUC device, APCOREDUMP can work normally. Signed-off-by: yayongdx <[email protected]>
Jira: None Test: None Signed-off-by: sgnanase <[email protected]>
As F2FS userspace utilities are not present. This is creating issue in adoptable storage, so disabling till userspace readiness. [Need to bring in when userspace is ready] Jira: None Test: None Signed-off-by: shyjumon <[email protected]>
Revert "Enable Multitouch driver" This reverts commit 889607f.
kernel 4.14 add a new class of icmp_socket, cts test suites need the access permissions to this new class to complete their tests. Jira: None Test: The device can boot to UI and there are no obvious regressions should be found. Signed-off-by: ji, zhenlong z <[email protected]>
When the keyguard is shown with the music playing underground, systemui will do some render operations. Jira: None Test: When the keyguard is shown with the music playing underground, the screen shouldn't to flicker. Signed-off-by: ji, zhenlong z <[email protected]>
Nexus6P and Google emulator all of them are config defalut wallpaper, it can improve user experience, and avoid to the end user set the live wallpaper picker as default application. Due to the AOSP wallpaperpicker not only set wallpaper but also can set the live wallpaper. So, select the AOSP wallpaperpicker as default is the best choice. JIRA:None Tests:Long press home screen, click wallpaper, don't pop up menu. Signed-off-by: Yue, VincentX <[email protected]>
Jira: None. Test: Test it in Joule and KBL NUC. Signed-off-by: Zhou, Lihua <[email protected]> Signed-off-by: Ming Tan <[email protected]>
It is needed for build the system.img after enable AVB and A/B slot. Jira: None. Test: Test it in Joule and KBL NUC using kernelflinger. Signed-off-by: Zhou, Lihua <[email protected]> Signed-off-by: Ming Tan <[email protected]>
So if the mixins change the default partition name, need not to modify this file again. Jira: None. Test: Test it in Joule and KBL NUC, can boot to UI. Signed-off-by: tanminger <[email protected]>
In mixins, only 'call inherit-product,build/target/product/verity.mk' when use GVB. Jira: None Test: Test it Joule, can boot to UI. Signed-off-by: Ming Tan <[email protected]>
Now use mixin to generate the flash.json according configuration. Jira: None. Test: Test it in Joule and KBL NUC using kernelflinger, can boot to UI. Signed-off-by: Ming Tan <[email protected]>
Jira: None. Test: Test it in Joule and KBL NUC using kernelflinger, can boot to UI. Signed-off-by: Ming Tan <[email protected]>
Jira: None Test: None Signed-off-by: sgnanase <[email protected]>
Enables the NVMe based storage device support. Build cmd: make SPARSE_IMG=true flashfiles -j32 | tee build_logs.txt Jira: None Test: None Signed-off-by: shyjumon <[email protected]>
remove unwanted .swp file Jira: None Test: None Signed-off-by: sgnanase <[email protected]>
Jira: None Test: None Signed-off-by: sgnanase <[email protected]>
Makes search for hardware composer generic.
Due to IA don't support sensor to auto rotate, turn off auto rotate for recoverying default screen orientation. Jira: None Test: None Signed-off-by: Yue, VincentX <[email protected]>
Jira: None Test: None Signed-off-by: sgnanase <[email protected]>
To be reverted after modprobe issue is fixed Jira: None Test: None Signed-off-by: Jeevaka Prabu Badrappan <[email protected]>
This patch has to be reverted once modprobe issue is fixed Jira: None Test: None
Jira: None Test: None Signed-off-by: saranya <[email protected]>
Jira: None Test: None Signed-off-by: Aiswarya Cyriac <[email protected]>
Jira: None Test: None Signed-off-by: sgnanase <[email protected]>
This patch specifies galax7200 as TouchScreen for android-ia. Jira: None Test: None Signed-off-by: saranya <[email protected]>
There are lots of neverallow violations during the cts test, we need to remove the related rules. Tracked-On: OAM-71989 Signed-off-by: ji, zhenlong z <[email protected]>
As per VNDK rules, data files directory for vendor apps should be in vendor folder. Hence moving data dir from /data/misc to /data/vendor folder. Tracked-On: OAM-71986 Signed-off-by: ysiyer <[email protected]>
It can be used to support virto-scsi-pci device in QEMU. Tracked-On: OAM-72233 Signed-off-by: Ming Tan <[email protected]>
CTS failure due to don't support feature: FEATURE_CANT_SAVE_STATE
the feature is for supporting the R.attr.cantSaveState API( sdk28),
the cantSaveState declare that this application can't participate
in the normal state save/restore mechanism.
Test: run cts -m CtsAppTestCases \
-t
android.app.cts.ActivityManagerProcessStateTest#testCantSaveStateLaunchAndBackground
run cts -m CtsAppTestCases \
-t
android.app.cts.ActivityManagerProcessStateTest#testCantSaveStateLaunchAndSwitch
Tracked-On: OAM-71298
Signed-off-by: Wang, ArvinX <[email protected]>
thermal-daemon: Updating the data dir in initrc from misc' to 'vendor' As per VNDK rules, moving the data dir from /data/misc to /data/vendor folder. Fix cts failure in CtsAppTestCases CTS failure due to don't support feature: FEATURE_CANT_SAVE_STATE the feature is for supporting the R.attr.cantSaveState API( sdk28), the cantSaveState declare that this application can't participate in the normal state save/restore mechanism. Test: run cts -m CtsAppTestCases \ -t android.app.cts.ActivityManagerProcessStateTest#testCantSaveStateLaunchAndBackground run cts -m CtsAppTestCases \ -t android.app.cts.ActivityManagerProcessStateTest#testCantSaveStateLaunchAndSwitch Change-Id: I72121ec64bfbf14a57c5222cff4046816363c2c0 Tracked-On: OAM-71298 Tracked-On: OAM-71986 Mixin-Reviewed-On: projectceladon/device-androidia-mixins#117 Mixin-Reviewed-On: projectceladon/device-androidia-mixins#122 Signed-off-by: Wang, ArvinX <[email protected]> Signed-off-by: ysiyer <[email protected]>
Tracked-On: OAM-71946 Signed-off-by: shyjumon <[email protected]>
temp_crit for cpus set as follows for all platforms: KBL-NUC Commercial devices: 100 KBL-NUC Development devices: 100 APL-NUC Development devices: 105 Hence redefined the thermal policy as follows: KBL-NUC Commercial and Development devices: Passive limit 1: 85 C Passive limit 2: 95 C Critical limit: 99 C APL-NUC devices: Passive limit 1: 90 C Passive limit 2: 100 C Critical limit: 104 C Tracked-On: OAM-72228 Signed-off-by: ysiyer <[email protected]>
Move it to make sure TARGET_BOARD_PLATFORM getting definded before using as device.mk gets running before BoardConfig.mk Tracked-On: OAM-72181 Signed-off-by: Yan, WalterX <[email protected]>
since there is no sd card slot on Commercial KBL-NUC, use adoptable usb to test related function instead Tracked-On: https://jira01.devtools.intel.com/browse/OAM-72351 Signed-off-by: Zhiwei li [email protected]
Tracked-On: OAM-72351 Signed-off-by: Swaroop Balan <[email protected]>
Signed-off-by: Cathy Bao <[email protected]>
Tracked-On: https://jira01.devtools.intel.com/browse/OAM-71656 Signed-off-by: Cathy Bao <[email protected]>
Add sepolicy for swap Add swap mixin group Tracked-On: https://jira01.devtools.intel.com/browse/OAM-71656 Mixin-Reviewed-On: projectceladon/device-androidia-mixins#127 Mixin-Reviewed-On: projectceladon#174 Signed-off-by: Cathy Bao <[email protected]>
Tracked-On: OAM-71352, OAM-72681 Signed-off-by: tianmi.chen <[email protected]>
Tracked-On: https://jira01.devtools.intel.com/browse/OAM-72409 Signed-off-by: Zhiwei li [email protected]
Tracked-On: None Signed-off-by: swaroopb <[email protected]>
It adds socperf and socwatch kernel-modules in extra kernel modules to consider extra modules for compile and build. Tracked-On: OAM-71957 Signed-off-by: Punit Vara <[email protected]>
socwatch and socperf configuration changes for cel_apl and celadon Tracked-On: OAM-71957 Signed-off-by: Punit Vara <[email protected]>
This patch adds selinux permissions needed for init.rc to write into 'role' sysfs and set USB config. Jira: OAM-71244 Signed-off-by: saranya <[email protected]>
Jira: OAM-71244 Signed-off-by: saranya <[email protected]>
|
@swaroopbalan could you please have security guys to review this PR? |
YuanjunHuang
force-pushed
the
master
branch
2 times, most recently
from
8438010
to
013e3df
Compare
Tracked-On: OAM-73644 Signed-off-by: Huang, Yuanjun <[email protected]>
|
@ceiba1985, GFX team need add selinux setting for HDCP, could you help take a review of this PR? Thanks a lot! |
ceiba1985
suggested changes
Jan 24, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tracked-On: OAM-73644
Signed-off-by: Huang, Yuanjun [email protected]