Made hal_dumpstate_impl to use vendor executables as per treble guidelines
Test: Bugreport and verified radio logs included and no new denials
Bug: 62291820
Change-Id: I4f9f46cd76600e4b083ee6de5c52d495cc17729b
net_raw was added to make IMS registration work in enforced mode
Currently ims is in permissive mode so any denials will not block
the functionality or lab testing
This change will enable QC to catch denials and fix in their prebuilts
Test: Basic telephony sanity
Bug: 37652052
Change-Id: I942a267464b83f60ef6274e47f1ae6a493230c1f
Add profile to support hifi capture from USB
Test: test playback and capture with and without USB headset
Change-Id: I43a21961eaa64ff27614978ebc53a1d9ca3dbf26
Move vendor policy to vendor and add a place for system extensions.
Also add such an extension: a labeling of the qti.ims.ext service.
Bug: 38151691
Bug: 62041272
Test: Policy binary identical before and after, except plat_service_contexts
has new service added.
Change-Id: Ie4e8527649787dcf2391b326daa80cf1c9bd9d2f
libgptutils should include its own dependencies.
Also removed libsparse since it's not needed anymore.
Test: mma in update_engine
Change-Id: I2c2c77bf7409590a3d5f622225d2ed794004311f
Enable the oemlock-bridge to provide access to
a reserved region in misc used by bootctl and the
vendor bootloader.
Test: oemlock hal integration tests work with oemlock-bridge and the
oemlock hal service running.
Bug: 62052545
Change-Id: I19c311917ccb95846e2136e858f2b862fe5390bb
debug_suspend wasn't being properly labeled in file_contexts, moving it
to genfs_contexts fixes this issue.
Bug: 62219388
Test: init can write to debug_suspend
Change-Id: Iea30051da9b18a7e4f35ad1600b3ced1f7625c23
Enable Wi-Fi Aware feature support and system service.
Bug: 37674519
Test: unit tests, integration test suite
This reverts commit 7cef570f79.
Change-Id: I045ad95fac178cbdda3c0343fde7c6c76bcd1ffc
This change will be reverted after all cnd denials
are fixed as part of b38253858
Currently all QC propriatery modules are going through a major
re-architecture so keeping this in permissive mode will help
unblock the lab conformance test.
The current denials which will be ignored with this change
cnd : type=1400 audit(0.0:453): avc: denied { net_raw } for
capability=13 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability
permissive=1
cnd : type=1400 audit(0.0:455): avc: denied { dac_override } for
capability=1 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability
permissive=1
cnd : type=1400 audit(0.0:456): avc: denied { read write } for
name="wake_lock" dev="sysfs" ino=18727 scontext=u:r:cnd:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file permissive=1
cnd : type=1400 audit(0.0:457): avc: denied { open } for
path="/sys/power/wake_lock" dev="sysfs" ino=18727 scontext=u:r:cnd:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file permissive=1
cnd : type=1400 audit(0.0:458): avc: denied { block_suspend } for
capability=36 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability2
permissive=1
Change-Id: I9c0a7a38a0b61f3819f90f0178ab16e59da9e65f
