Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / services / Car / a0213697d0a03e71e8e6e9a880bb7c27c8d0d9e3
commita0213697d0a03e71e8e6e9a880bb7c27c8d0d9e3[log] [tgz]
authorGrace Cheng <gracemc@google.com>Wed Jul 31 13:31:33 2019 -0700
committerGrace Cheng <gracemc@google.com>Mon Aug 05 20:28:04 2019 +0000
tree7cb5735975333626654e9698f2d745e30c6c3329
parentd23910c838fbb3da05ef03e30fbdf9ee7cc1db7b [diff]
Adds sepolicy for Google VHAL.

Bug: b/138677476

Test: Runs google VHAL emulator. The emulator is able to open socket.

Fixed denials:
avc: denied { connectto } for comm="vehicle@2.0-ser" path="/dev/socket/fwmarkd" scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket permissive=1
avc: denied { write } for comm="vehicle@2.0-ser" name="fwmarkd" dev="tmpfs" ino=2517 scontext=u:r:hal_vehicle_default:s0 tcontext=u:object_r:fwmarkd_socket:s0 tclass=sock_file permissive=1
avc: denied { accept } for comm="android.hardwar" lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { bind } for comm="android.hardwar" scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { connectto } for path="/dev/socket/fwmarkd" scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket permissive=1
avc: denied { create } for comm="android.hardwar" scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { listen } for comm="android.hardwar" lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { node_bind } for comm="android.hardwar" src=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:object_r:node:s0 tclass=tcp_socket permissive=1
avc: denied { write } for name="fwmarkd" dev="tmpfs" ino=2517 scontext=u:r:hal_vehicle_default:s0 tcontext=u:object_r:fwmarkd_socket:s0 tclass=sock_file permissive=1
avc: denied { accept } for comm="vehicle@2.0-ser" lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { accept } for lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { read } for comm="vehicle@2.0-ser" path="socket:[2844]" dev="sockfs" ino=2844 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { read } for path="socket:[2844]" dev="sockfs" ino=2844 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1

Change-Id: Ia94276f09706c9059fa5bd9b3145af3885adb9ae
(cherry picked from commit 326e51a99e1512c9654a4d00332f40f6369e9b48)
1 file changed
tree: 7cb5735975333626654e9698f2d745e30c6c3329
  1. car-bugreportd/
  2. car-default-input-service/
  3. car-lib/
  4. car-maps-placeholder/
  5. car-systemtest-lib/
  6. car-test-lib/
  7. car-usb-handler/
  8. car_product/
  9. EncryptionRunner/
  10. evs/
  11. FrameworkPackageStubs/
  12. obd2-lib/
  13. procfs-inspector/
  14. service/
  15. tests/
  16. tools/
  17. user/
  18. vehicle-hal-support-lib/
  19. .clang-format
  20. .gitignore
  21. Android.mk
  22. CleanSpec.mk
  23. OWNERS
  24. PREUPLOAD.cfg
  25. README.md
README.md

Native (C++) code format is required to be compatible with .clang-format file. Run

git clang-format --style=file --extension='h,cpp,cc' HEAD~

Note that clang-format is not desirable for Android java files. Therefore the command line above is limited to specific extensions.