From d1e0b924ae1e76151985687bdb11ee25fc9a82f5 Mon Sep 17 00:00:00 2001 From: George Lee Date: Mon, 24 Oct 2022 17:00:13 -0700 Subject: [PATCH 1/7] betterbug: Update selinux policy for betterbug Update startup_bugreport_requested property to vendor_public for betterbug to access. Bug: 237287659 Test: Load Betterbug for accessing startup bugreport reason property Signed-off-by: George Lee Change-Id: Idc07e3f4ce425c0167654743fbe1ad8b7ece5e15 --- whitechapel_pro/better_bug_app.te | 7 ++++++- whitechapel_pro/property.te | 2 +- whitechapel_pro/seapp_contexts | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/whitechapel_pro/better_bug_app.te b/whitechapel_pro/better_bug_app.te index 7a8c3818..506e832f 100644 --- a/whitechapel_pro/better_bug_app.te +++ b/whitechapel_pro/better_bug_app.te @@ -1,6 +1,11 @@ -type better_bug_app, domain; +type better_bug_app, domain, coredomain; userdebug_or_eng(` app_domain(better_bug_app) + net_domain(better_bug_app) + allow better_bug_app app_api_service:service_manager find; + allow better_bug_app system_api_service:service_manager find; + allow better_bug_app privapp_data_file:file execute; + get_prop(better_bug_app, default_prop); get_prop(better_bug_app, vendor_startup_bugreport_requested_prop) ') diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te index 1bca1a73..ca17222c 100644 --- a/whitechapel_pro/property.te +++ b/whitechapel_pro/property.te @@ -39,4 +39,4 @@ vendor_internal_prop(vendor_telephony_app_prop) # Battery Mitigation vendor_internal_prop(vendor_mitigation_ready_prop) -vendor_internal_prop(vendor_startup_bugreport_requested_prop) +vendor_public_prop(vendor_startup_bugreport_requested_prop) diff --git a/whitechapel_pro/seapp_contexts b/whitechapel_pro/seapp_contexts index 7a908751..ce467c3b 100644 --- a/whitechapel_pro/seapp_contexts +++ b/whitechapel_pro/seapp_contexts @@ -73,4 +73,4 @@ user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_ user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all # BetterBug -user=_app seinfo=platform name=com.google.android.apps.internal.betterbug domain=better_bug_app type=app_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=app_data_file levelFrom=all From 441a3ad3ef14ddcde44b0a9897eaa607db466b16 Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Fri, 30 Sep 2022 16:56:57 +0800 Subject: [PATCH 2/7] Add permission for logbuffer_bd Bug: 242679204 Signed-off-by: Jenny Ho Change-Id: Ie5c9829ee1a4980689c933273a273f1f4ac612b6 --- whitechapel_pro/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 83232f1e..8b382741 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -107,6 +107,7 @@ /dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 /dev/bbd_pwrstat u:object_r:power_stats_device:s0 /dev/lwis-act-jotnar u:object_r:lwis_device:s0 /dev/lwis-act-slenderman u:object_r:lwis_device:s0 From 0810814b496c8135336831bedcebfb88bbb96039 Mon Sep 17 00:00:00 2001 From: pointerkung Date: Fri, 7 Oct 2022 14:59:53 +0800 Subject: [PATCH 3/7] Add required sepolicy rule for Camera Grant access for TNR max_freq to let libperfmgr can control it via powerhint. Bug: 243729855 Test: Build pass, GCA, Control TNR max_freq via powerhint Change-Id: I8f8faa360d9908afe3fe0de3c322a2be356b86c8 --- whitechapel_pro/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index 452f93b2..b7e4a6fe 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -389,6 +389,7 @@ genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:obj # Camera genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq u:object_r:sysfs_camera:s0 genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 # USB-C throttling stats From 6202c44816525e1bd1489eef7c81ad762a078fb9 Mon Sep 17 00:00:00 2001 From: Gabriel Biren Date: Wed, 26 Oct 2022 23:29:29 +0000 Subject: [PATCH 4/7] Update gs201 sepolicy to allow the wifi_ext AIDL service. Changes should be similar to aosp/2262723. Bug: 205044134 Test: m + Pre-submit tests Change-Id: Ia1c784953225cb48b5320d8f1f5346a3cace005b --- whitechapel_pro/chre.te | 1 + whitechapel_pro/grilservice_app.te | 1 + 2 files changed, 2 insertions(+) diff --git a/whitechapel_pro/chre.te b/whitechapel_pro/chre.te index 4eda4096..ebee19df 100644 --- a/whitechapel_pro/chre.te +++ b/whitechapel_pro/chre.te @@ -18,6 +18,7 @@ usf_low_latency_transport(chre) # Allow CHRE to talk to the WiFi HAL allow chre hal_wifi_ext:binder { call transfer }; allow chre hal_wifi_ext_hwservice:hwservice_manager find; +allow chre hal_wifi_ext_service:service_manager find; # Allow CHRE host to talk to stats service allow chre fwk_stats_service:service_manager find; diff --git a/whitechapel_pro/grilservice_app.te b/whitechapel_pro/grilservice_app.te index 6e0dd667..7809537d 100644 --- a/whitechapel_pro/grilservice_app.te +++ b/whitechapel_pro/grilservice_app.te @@ -5,6 +5,7 @@ allow grilservice_app app_api_service:service_manager find; allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; allow grilservice_app hal_radioext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; +allow grilservice_app hal_wifi_ext_service:service_manager find; allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find; allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find; binder_call(grilservice_app, hal_bluetooth_btlinux) From be2e1b2edee58a3c3fc8298c9bae97fc45a2a607 Mon Sep 17 00:00:00 2001 From: Amith Dsouza Date: Tue, 1 Nov 2022 04:01:49 +0000 Subject: [PATCH 5/7] Fix untracked SELinux denials on boot Error: avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:platform_app:s0:c512,c768 pid=2641 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0 Bug: 254453654 Test: Flash device, rebuild driver blobs, check logs after boot Change-Id: I43d524f781c1dda1d3d5291f661bc549fdbb99d6 --- whitechapel_pro/platform_app.te | 3 +++ whitechapel_pro/rild.te | 1 + 2 files changed, 4 insertions(+) diff --git a/whitechapel_pro/platform_app.te b/whitechapel_pro/platform_app.te index 356167ab..9021c1a8 100644 --- a/whitechapel_pro/platform_app.te +++ b/whitechapel_pro/platform_app.te @@ -1,3 +1,6 @@ +binder_call(platform_app, rild) +allow platform_app hal_exynos_rild_hwservice:hwservice_manager find; + allow platform_app hal_pixel_display_service:service_manager find; allow platform_app hal_wlc_hwservice:hwservice_manager find; allow platform_app nfc_service:service_manager find; diff --git a/whitechapel_pro/rild.te b/whitechapel_pro/rild.te index d8c8c290..db749f41 100644 --- a/whitechapel_pro/rild.te +++ b/whitechapel_pro/rild.te @@ -16,6 +16,7 @@ allow rild mnt_vendor_file:dir r_dir_perms; r_dir_file(rild, modem_img_file) +binder_call(rild, platform_app) binder_call(rild, bipchmgr) binder_call(rild, gpsd) binder_call(rild, hal_audio_default) From f03c6fb1d8824e4218f8ef589cb77b500e49da04 Mon Sep 17 00:00:00 2001 From: George Lee Date: Mon, 24 Oct 2022 17:00:13 -0700 Subject: [PATCH 6/7] betterbug: Update selinux policy for betterbug Update startup_bugreport_requested property to vendor_public for betterbug to access. Bug: 237287659 Test: Load Betterbug for accessing startup bugreport reason property Signed-off-by: George Lee Change-Id: Idc07e3f4ce425c0167654743fbe1ad8b7ece5e15 (cherry picked from commit d1e0b924ae1e76151985687bdb11ee25fc9a82f5) --- whitechapel_pro/better_bug_app.te | 11 ----------- whitechapel_pro/seapp_contexts | 3 --- whitechapel_pro/vendor_init.te | 3 --- 3 files changed, 17 deletions(-) delete mode 100644 whitechapel_pro/better_bug_app.te diff --git a/whitechapel_pro/better_bug_app.te b/whitechapel_pro/better_bug_app.te deleted file mode 100644 index 506e832f..00000000 --- a/whitechapel_pro/better_bug_app.te +++ /dev/null @@ -1,11 +0,0 @@ -type better_bug_app, domain, coredomain; - -userdebug_or_eng(` - app_domain(better_bug_app) - net_domain(better_bug_app) - allow better_bug_app app_api_service:service_manager find; - allow better_bug_app system_api_service:service_manager find; - allow better_bug_app privapp_data_file:file execute; - get_prop(better_bug_app, default_prop); - get_prop(better_bug_app, vendor_startup_bugreport_requested_prop) -') diff --git a/whitechapel_pro/seapp_contexts b/whitechapel_pro/seapp_contexts index 77a7bd73..223c931a 100644 --- a/whitechapel_pro/seapp_contexts +++ b/whitechapel_pro/seapp_contexts @@ -68,6 +68,3 @@ user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_ # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all - -# BetterBug -user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=app_data_file levelFrom=all diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te index 5de29166..dfdbf8b3 100644 --- a/whitechapel_pro/vendor_init.te +++ b/whitechapel_pro/vendor_init.te @@ -36,8 +36,5 @@ set_prop(vendor_init, vendor_battery_defender_prop) # Display set_prop(vendor_init, vendor_display_prop) -# Battery Mitigation -set_prop(vendor_init, vendor_startup_bugreport_requested_prop) - # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; From 9877742035e91b2e7d4f57d147b020776d6f3b24 Mon Sep 17 00:00:00 2001 From: Puma Hsu Date: Wed, 26 Oct 2022 16:58:59 +0800 Subject: [PATCH 7/7] Add xhci-hcd-exynos.6 wakeup path for suspend_control Bug: 255270480 Test: verified with forrest test build Change-Id: I5e2eed4d5e20361d86f6d6be8c92ca337e4ee004 Signed-off-by: Puma Hsu --- whitechapel_pro/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index b7e4a6fe..85dc310d 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -342,6 +342,9 @@ genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.au genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2 u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb3 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb2 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb3 u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup u:object_r:sysfs_wakeup:s0