vendor_camera_binder_service is defined in vendor image, but this
property is required and used from the system image. This causes
Cuttlefish Hybrid Device to fail from sepolicy error. This change is to
move system-required property from vendor to product so it can be used
when vendor image is changed into generic one.
Bug: 309469924
Test: Build and boot succeeded with cheetah
Change-Id: Iea3e5be110498f759e268df8b7e5126b65b06a67
Bug: 299315760
Test: Tested with SEPolicy enforcement on and verified PCS could open
requested video stream.
Change-Id: I41af99531feb968015c46cdf67d8c2d03b243a93
Bug: 299315760
Test: Tested with SEPolicy enforcement on and verified PCS could perform
socket operations.
Change-Id: Idd9048da4bb3856666698bc0589dbc68aa74fd1a
As part of Treble, enforce that vendor's seapp_contexts can't label apps
using coredomains. Apps installed to system/system_ext/product should be
labeled with platform side sepolicy.
This change marks violating domains that need to be fixed.
Bug: 296512192
Test: build and see build log
Change-Id: I755657e538ada8807313bd0063c880264e4b79be
These are the minimum set of services that PCS needs to have access for
it to be able act as a media app and use Exoplayer for playing recorded
video files.
However, there'll be a follow up change to broaden the permissions to be
future proof and have greater flexibility as a media app, which will let
PCS to be updated via Play Store without the worry of a missing SEPolicy
config that is common among media apps.
Bug: 287069860
Test: m && flashall
Change-Id: I956219faacbc0c1b649cb638cede964480766718
- This allows us to register the CameraIdRemapper
service through servicemanager and allows PCS
to find it.
Bug: 287069860
Test: m
Change-Id: Ic7f778c4f173caa1ce389c9ad39a14433afc3133
- :* will associate the context with the individual
services, which might start in their own processes.
Bug: 280340307
Test: m
Change-Id: I0cc183ae07f18a2fc8e3c2caf960654296eeab53
Allows the Camera HAL to start a new ISP Service.
avc message:
07-31 17:08:46.990 536 536 E SELinux : avc: denied { add } for
pid=8308 uid=1000 name=com.google.pixel.camera.isp.IIspService/default
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=0
Bug: 293447476
Test: verify no avc errors and ISP Service starts
Test: atest liblyric.services_isp_service_test
Change-Id: Icbd07820d3323c09868d0249c1ef9d7f2952751e
-Add custom domain for our sysprops, of the forms
-vendor.camera.pbcs.debug.*
-persist.vendor.camera.pbcs.debug.*
-Example: vendor.camera.pbcs.debug.enable_lyricconfigprovider
-This domain will be system + vendor_init writable
-Allow PBCS to read those sysprops
We should now be able to gate our features in PBCS and merge in
successfully. For local dev, we can do:
adb root && adb shell setprop <prop> 1
Bug: 280340307
Test: android.os.SystemProperties.get() works successfully in
LyricConfigProvider for vendor.camera.pbcs.debug.* props
Change-Id: I4b151f606883c0ae32f99b5f75b70b5d4e228f1d
- Introduce service_context for ILyricConfigProvider service
- Allow adding the ILyricConfigProvider to the service manager.
- Allow HAL to find ILyricConfigProvider from servicemanager
- Allow all proceses in com.google.pixel.services:* to have the same domain as the app (vendor_pbcs_app)
-- We'll be running services in their own processes so this
is needed.
- TODO: binder_call(vendor_pbcs_app, vendor_pcs_app);
Allow PBCS appdomain to make binder calls into PCS appdomain
after ag/24030784 lands.
Bug: 280340307
Test: We can successfully start and register the LyricConfigProvider service with the servicemanager.
Change-Id: Ia0a74065e98761e48aa041bf7f2f34188017cee4
Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches
Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Bug: 287069860
Test: m && flashall && dev test with Open Camera and Camera2 Ext
Change-Id: I7f9a759ca7b5538441de451eb80f20b3cb1e30a9
Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches
Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Bug: 287069860
Test: m && flashall
Change-Id: Ic6ef3d67a518500f0db2cb8c537a3934e64d366b
Lab devices don't do factory reset. So we see 'avc: denied' logs
everynow and then. The fix disables the related audits to avoid any
false negatives.
Bug: 287069860
Test: m && flashall && check for 'avc: denied { write }'
Change-Id: I4f98af849b99f4ece737c85a23e22b817677d917
The config needs to be moved here to support future PDK builds
where the LyricCameraHAL directory will be absent.
Bug: 280124102
Test: presubmit
Change-Id: If967c3db8bb94cadd761ee19b7665db8b7e4b305
Bug: 240530709
Test: adb bugreport
Create empty files starting with the following prefix
/data/vendor/camera/profiler/session-ended-
/data/vendor/camera/profiler/high-drop-rate-
/data/vendor/camera/profiler/watchdog-
/data/vendor/camera/profiler/camera-ended-
and do adb bugreport and make sure they end up in dumpstate_board.bin
Change-Id: I2f9dfb74476af295db8a392ebf7757681404841e
