From d6732a1351e921d4ef1b5f86afb11239dc2fb28b Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Mon, 21 Feb 2022 15:15:55 +0800 Subject: [PATCH 01/18] Remove CS40L26 common rules Bug: 220651401 Test: full build. Test: Check normal and audio-coupled haptics function Signed-off-by: Tai Kuo Change-Id: I4b87df352a066e50d1dd5e23b7b0cb06216fc78b --- bluejay/file_contexts | 3 --- bluejay/hal_vibrator_default.te | 7 ------- 2 files changed, 10 deletions(-) delete mode 100644 bluejay/file_contexts delete mode 100644 bluejay/hal_vibrator_default.te diff --git a/bluejay/file_contexts b/bluejay/file_contexts deleted file mode 100644 index 751c7d2..0000000 --- a/bluejay/file_contexts +++ /dev/null @@ -1,3 +0,0 @@ -# Haptics -/dev/snd/pcmC0D24p u:object_r:vibrator_snd_device:s0 -/dev/snd/pcmC1D24p u:object_r:vibrator_snd_device:s0 diff --git a/bluejay/hal_vibrator_default.te b/bluejay/hal_vibrator_default.te deleted file mode 100644 index b5db3f2..0000000 --- a/bluejay/hal_vibrator_default.te +++ /dev/null @@ -1,7 +0,0 @@ -# Haptics -allow hal_vibrator_default input_device:dir r_dir_perms; -allow hal_vibrator_default vibrator_snd_device:chr_file rw_file_perms; -allow hal_vibrator_default vibrator_snd_device:dir search; -allow hal_vibrator_default audio_device:dir search; -allow hal_vibrator_default proc_asound:dir search; -allow hal_vibrator_default proc_asound:file r_file_perms; From 335d12f5216586b0cbba2e31fb04cc10a5e29202 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 4 Jul 2022 12:51:42 +0800 Subject: [PATCH 02/18] Setup SELinux bug_map Bug: 234547283 Change-Id: I5a520a619440cae1bd0f50b876106ecb7f6f5d79 --- tracking_denials/bug_map | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tracking_denials/bug_map diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 0000000..e69de29 From 4f8b19962f3c1fdc6133c966a036769e03487a87 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 4 Jul 2022 14:48:23 +0800 Subject: [PATCH 03/18] correct the sepolicy path Bug: 234547283 Test: build pass Change-Id: I79948290dd02e547606659369c632f1d4bd549bf --- bluejay-sepolicy.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk index cb5229b..ab9ac22 100644 --- a/bluejay-sepolicy.mk +++ b/bluejay-sepolicy.mk @@ -1,2 +1,2 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay -BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials From 8742bddbd392c6254ce700738fa40da425994ffc Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 7 Jul 2022 11:28:17 +0800 Subject: [PATCH 04/18] Update SELinux error Test: checkLockScreen Bug: 238263942 Bug: 238263518 Change-Id: Icf86a62dc3da9e28aa9116cb0fbf93bc8eda8445 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e69de29..9da81e8 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -0,0 +1,2 @@ +dumpstate app_zygote process b/238263942 +incidentd debugfs_wakeup_sources file b/238263518 From ccbde531c1236ea242e34c24b619c1013862783e Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 29 Jul 2022 10:17:18 +0800 Subject: [PATCH 05/18] Update SELinux error Test: checkSensors Bug: 240632681 Test: checkLockScreen Bug: 240632681 Test: scanBugreport Bug: 240632681 Change-Id: Ia8431816f0099527f5c91bfe6ba23be98f0976b6 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 9da81e8..fbc2727 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,2 +1,3 @@ dumpstate app_zygote process b/238263942 +hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 From 1c646d0916d35ed3eb176fc6339601d1b559f9df Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 2 Aug 2022 14:03:35 +0800 Subject: [PATCH 06/18] Update SELinux error Test: checkSensors Bug: 241049482 Test: checkLockScreen Bug: 241049482 Test: scanBugreport Bug: 241049482 Change-Id: If705c911d761e68b13430d3d5bd0feabb2f3e5e9 --- tracking_denials/bug_map | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index fbc2727..1e8afd9 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,7 @@ dumpstate app_zygote process b/238263942 hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 +init app_data_file dir b/241049482 +init gsi_data_file file b/241049482 +init privapp_data_file dir b/241049482 +init system_app_data_file dir b/241049482 From 9641c85de84bcf828b8e654222b5b1587b2bd036 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 5 Sep 2022 13:25:20 +0800 Subject: [PATCH 07/18] remove obsolete entry on init Bug: 241049543 Test: boot with no relevant log Change-Id: I5ea13c4c51419ddf2be62cfc2bd915799d4268cf --- tracking_denials/bug_map | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 1e8afd9..fbc2727 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,7 +1,3 @@ dumpstate app_zygote process b/238263942 hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 -init app_data_file dir b/241049482 -init gsi_data_file file b/241049482 -init privapp_data_file dir b/241049482 -init system_app_data_file dir b/241049482 From db9dfd788598e4bc3b6c9f58973a348fbc2445d8 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 9 Dec 2022 11:59:00 +0800 Subject: [PATCH 08/18] Update SELinux error Test: scanBugreport Bug: 261932945 Change-Id: I3352cebe4fcfdf537e64fbcb78f146afd8bc3b80 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index fbc2727..c94808c 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,4 @@ dumpstate app_zygote process b/238263942 +dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 From 6f4d7700d636c9fbf62304ef43f0ae4b3c4b063e Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 5 Jan 2023 11:03:37 +0800 Subject: [PATCH 09/18] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 264483668 Change-Id: Iff6b208ec5534784094911bfb9d0964115072e7f --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index c94808c..bf5807e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,5 @@ dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 +hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 From 28cd577058a742e4c1258ba767ac15699716dfe8 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 6 Jan 2023 09:19:17 +0800 Subject: [PATCH 10/18] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 264600023 Test: scanBugreport Bug: 264600240 Change-Id: I7130be95f2d4f2e9ac3dc61583ebf1f2ef9f508e --- tracking_denials/bug_map | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index bf5807e..38b6364 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,5 +1,10 @@ +derive_sdk mediaprovider_app dir b/264600240 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 +webview_zygote logdr_socket sock_file b/264600023 +webview_zygote resourcecache_data_file dir b/264600023 +webview_zygote tombstoned_crash_socket sock_file b/264600023 +webview_zygote zygote_exec file b/264600023 From fb1523337e59e7e3f7d58871f0d5046f047f3751 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Wed, 18 Jan 2023 15:27:43 +0800 Subject: [PATCH 11/18] Update error on ROM 9496166 Bug: 265886512 Test: scanBugreport Change-Id: I8acf15a84d3b4ce9f8fd519912f8298b385e3e20 --- tracking_denials/dump_gsc.te | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tracking_denials/dump_gsc.te diff --git a/tracking_denials/dump_gsc.te b/tracking_denials/dump_gsc.te new file mode 100644 index 0000000..1eb7ccf --- /dev/null +++ b/tracking_denials/dump_gsc.te @@ -0,0 +1,3 @@ +# b/265886512 +dontaudit dump_gsc radio_vendor_data_file:file { read }; +dontaudit dump_gsc radio_vendor_data_file:file { write }; From 6de4461d3e32f2618168055b0e369eb9a27b46c6 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Fri, 10 Feb 2023 10:19:26 +0800 Subject: [PATCH 12/18] Update SELinux error Test: scanBugreport Bug: 268147400 Bug: 268147248 Bug: 268147280 Change-Id: I3c0b64c640b82a8df89e5272c26546866ed0e485 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 38b6364..d341070 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,9 +1,12 @@ derive_sdk mediaprovider_app dir b/264600240 +dump_pixel_metrics sysfs file b/268147280 +dump_stm sysfs_spi dir b/268147400 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 +incidentd incidentd anon_inode b/268147248 webview_zygote logdr_socket sock_file b/264600023 webview_zygote resourcecache_data_file dir b/264600023 webview_zygote tombstoned_crash_socket sock_file b/264600023 From 35b2971f9b18af0af376487bd13a98ef25bbb5f0 Mon Sep 17 00:00:00 2001 From: leochuang Date: Tue, 14 Feb 2023 15:45:22 +0800 Subject: [PATCH 13/18] Update SELinux error Test: scanBugreport Bug: 269218359 Change-Id: I146313942ee579bf875f8ca3b52467cade6994b8 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d341070..402fc20 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,6 +1,8 @@ derive_sdk mediaprovider_app dir b/264600240 dump_pixel_metrics sysfs file b/268147280 dump_stm sysfs_spi dir b/268147400 +dump_storage radio_vendor_data_file file b/269218359 +dump_storage vendor_slog_file file b/269218359 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 From 016905f2da50158339d436cc3ec6c7d89c043c3e Mon Sep 17 00:00:00 2001 From: leochuang Date: Wed, 22 Feb 2023 10:29:07 +0800 Subject: [PATCH 14/18] Update SELinux error Test: scanBugreport Bug: 270247129 Bug: 270247072 Change-Id: I9405da7b1aa9d10e71872e92e9e35f64bfc44cb3 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 402fc20..43d5d95 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,10 +1,12 @@ derive_sdk mediaprovider_app dir b/264600240 dump_pixel_metrics sysfs file b/268147280 +dump_ramdump radio_vendor_data_file file b/270247129 dump_stm sysfs_spi dir b/268147400 dump_storage radio_vendor_data_file file b/269218359 dump_storage vendor_slog_file file b/269218359 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 +hal_dumpstate_default dump_ramdump process b/270247072 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 From 0c5c6b803b90d69786c6d86ef538d0455d2717d4 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Fri, 24 Feb 2023 09:59:12 +0800 Subject: [PATCH 15/18] Update SELinux error Test: scanBugreport Bug: 270633115 Change-Id: I7ef3ae4b7a6f571a6159015a37406101a7e4e7f3 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 43d5d95..7752139 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,6 +1,7 @@ derive_sdk mediaprovider_app dir b/264600240 dump_pixel_metrics sysfs file b/268147280 dump_ramdump radio_vendor_data_file file b/270247129 +dump_ramdump vendor_camera_data_file file b/270633115 dump_stm sysfs_spi dir b/268147400 dump_storage radio_vendor_data_file file b/269218359 dump_storage vendor_slog_file file b/269218359 From fe21211958a828ba79595fce7d78395902a2740b Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 29 Mar 2023 10:48:39 +0800 Subject: [PATCH 16/18] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 275645961 Change-Id: If74d70c40faceba5618a292cdda6880fe1f6bcf1 --- tracking_denials/hal_vibrator_default.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/hal_vibrator_default.te diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te new file mode 100644 index 0000000..f634fe6 --- /dev/null +++ b/tracking_denials/hal_vibrator_default.te @@ -0,0 +1,2 @@ +# b/275645961 +dontaudit hal_vibrator_default service_manager_type:service_manager find; From ca6ca14a456ba4318da39cbcc69f6533f591d425 Mon Sep 17 00:00:00 2001 From: Leo Liou Date: Fri, 17 Mar 2023 16:24:34 +0800 Subject: [PATCH 17/18] bluejay: add sepolicy for ufs_firmware_update process Allow the script to access the specified partition and sysfs. Bug: 273305212 Test: full build and test ffu flow Change-Id: I6f86606ebf0da631d1d2c1a433a9d200d6cac51c Signed-off-by: Leo Liou --- bluejay/genfs_contexts | 5 +++++ vendor/device.te | 2 ++ vendor/file_contexts | 5 +++++ vendor/ufs_firmware_update.te | 10 ++++++++++ 4 files changed, 22 insertions(+) create mode 100644 vendor/device.te create mode 100644 vendor/file_contexts create mode 100644 vendor/ufs_firmware_update.te diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index 0e9b2a8..6b11056 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -4,3 +4,8 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 + +# Storage +genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 diff --git a/vendor/device.te b/vendor/device.te new file mode 100644 index 0000000..d2a91db --- /dev/null +++ b/vendor/device.te @@ -0,0 +1,2 @@ +# Block Devices +type fips_block_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..a273c79 --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,5 @@ +# Binaries +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 + +# Devices +/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0 diff --git a/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te new file mode 100644 index 0000000..53ceba5 --- /dev/null +++ b/vendor/ufs_firmware_update.te @@ -0,0 +1,10 @@ +type ufs_firmware_update, domain; +type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type; + +init_daemon_domain(ufs_firmware_update) + +allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans; +allow ufs_firmware_update block_device:dir r_dir_perms; +allow ufs_firmware_update fips_block_device:blk_file rw_file_perms; +allow ufs_firmware_update sysfs:dir r_dir_perms; +allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms; From 0304eefdcb165a47cdb99b1f9132c630b1789f23 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 10 Apr 2023 11:01:56 +0800 Subject: [PATCH 18/18] Update SELinux error Test: scanBugreport Bug: 277529247 Change-Id: Iaebc144608805c09d624272a38d6aa9a62008a4d --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 7752139..5aa59ad 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -5,6 +5,7 @@ dump_ramdump vendor_camera_data_file file b/270633115 dump_stm sysfs_spi dir b/268147400 dump_storage radio_vendor_data_file file b/269218359 dump_storage vendor_slog_file file b/269218359 +dump_trusty modem_efs_file file b/277529247 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_dumpstate_default dump_ramdump process b/270247072