From 3e87f7351a032af0db19f07045ea23965355f738 Mon Sep 17 00:00:00 2001 From: Roman Yepishev Date: Mon, 15 Nov 2021 23:23:19 +0000 Subject: [PATCH 01/42] Initial empty repository From ad04f387e5115860dafec085c9365bc48df78304 Mon Sep 17 00:00:00 2001 From: Robin Peng Date: Tue, 16 Nov 2021 22:06:17 +0800 Subject: [PATCH 02/42] Move bluejay source code into bluejay device folders from: 9419ce002ef9160ace967918f3568c88b5731d0f Bug: 206553389 Change-Id: If4e8b2b04ecc6804b20ef7eebadcea565eb7c3e2 --- OWNERS | 12 ++++++++++++ bluejay-sepolicy.mk | 2 ++ bluejay/file_contexts | 3 +++ bluejay/genfs_contexts | 2 ++ bluejay/hal_vibrator_default.te | 7 +++++++ 5 files changed, 26 insertions(+) create mode 100644 OWNERS create mode 100644 bluejay-sepolicy.mk create mode 100644 bluejay/file_contexts create mode 100644 bluejay/genfs_contexts create mode 100644 bluejay/hal_vibrator_default.te diff --git a/OWNERS b/OWNERS new file mode 100644 index 0000000..8306db7 --- /dev/null +++ b/OWNERS @@ -0,0 +1,12 @@ +adamshih@google.com +alanstokes@google.com +bowgotsai@google.com +cbrubaker@google.com +jbires@google.com +jeffv@google.com +jgalenson@google.com +jiyong@google.com +rurumihong@google.com +smoreland@google.com +sspatil@google.com +trong@google.com diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk new file mode 100644 index 0000000..cb5229b --- /dev/null +++ b/bluejay-sepolicy.mk @@ -0,0 +1,2 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay diff --git a/bluejay/file_contexts b/bluejay/file_contexts new file mode 100644 index 0000000..751c7d2 --- /dev/null +++ b/bluejay/file_contexts @@ -0,0 +1,3 @@ +# Haptics +/dev/snd/pcmC0D24p u:object_r:vibrator_snd_device:s0 +/dev/snd/pcmC1D24p u:object_r:vibrator_snd_device:s0 diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts new file mode 100644 index 0000000..f3bb0bd --- /dev/null +++ b/bluejay/genfs_contexts @@ -0,0 +1,2 @@ +# Haptics +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 diff --git a/bluejay/hal_vibrator_default.te b/bluejay/hal_vibrator_default.te new file mode 100644 index 0000000..b5db3f2 --- /dev/null +++ b/bluejay/hal_vibrator_default.te @@ -0,0 +1,7 @@ +# Haptics +allow hal_vibrator_default input_device:dir r_dir_perms; +allow hal_vibrator_default vibrator_snd_device:chr_file rw_file_perms; +allow hal_vibrator_default vibrator_snd_device:dir search; +allow hal_vibrator_default audio_device:dir search; +allow hal_vibrator_default proc_asound:dir search; +allow hal_vibrator_default proc_asound:file r_file_perms; From 78579f42438a635f2313ab5aacf7948384a544b8 Mon Sep 17 00:00:00 2001 From: Joel Galenson Date: Tue, 21 Dec 2021 07:39:20 -0800 Subject: [PATCH 03/42] Include core policy OWNERS Test: None Change-Id: Ie4d25275e7f390ce6b44ddae53a8cce3c50ca9c1 --- OWNERS | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/OWNERS b/OWNERS index 8306db7..791abb4 100644 --- a/OWNERS +++ b/OWNERS @@ -1,12 +1,3 @@ -adamshih@google.com -alanstokes@google.com -bowgotsai@google.com -cbrubaker@google.com -jbires@google.com -jeffv@google.com -jgalenson@google.com -jiyong@google.com +include platform/system/sepolicy:/OWNERS + rurumihong@google.com -smoreland@google.com -sspatil@google.com -trong@google.com From a3e65a067454b7641412c1774d46963720ee1f1c Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Mon, 21 Feb 2022 15:15:55 +0800 Subject: [PATCH 04/42] Remove CS40L26 common rules Bug: 220651401 Test: full build. Test: Check normal and audio-coupled haptics function Signed-off-by: Tai Kuo Change-Id: I4b87df352a066e50d1dd5e23b7b0cb06216fc78b --- bluejay/file_contexts | 3 --- bluejay/hal_vibrator_default.te | 7 ------- 2 files changed, 10 deletions(-) delete mode 100644 bluejay/file_contexts delete mode 100644 bluejay/hal_vibrator_default.te diff --git a/bluejay/file_contexts b/bluejay/file_contexts deleted file mode 100644 index 751c7d2..0000000 --- a/bluejay/file_contexts +++ /dev/null @@ -1,3 +0,0 @@ -# Haptics -/dev/snd/pcmC0D24p u:object_r:vibrator_snd_device:s0 -/dev/snd/pcmC1D24p u:object_r:vibrator_snd_device:s0 diff --git a/bluejay/hal_vibrator_default.te b/bluejay/hal_vibrator_default.te deleted file mode 100644 index b5db3f2..0000000 --- a/bluejay/hal_vibrator_default.te +++ /dev/null @@ -1,7 +0,0 @@ -# Haptics -allow hal_vibrator_default input_device:dir r_dir_perms; -allow hal_vibrator_default vibrator_snd_device:chr_file rw_file_perms; -allow hal_vibrator_default vibrator_snd_device:dir search; -allow hal_vibrator_default audio_device:dir search; -allow hal_vibrator_default proc_asound:dir search; -allow hal_vibrator_default proc_asound:file r_file_perms; From d6732a1351e921d4ef1b5f86afb11239dc2fb28b Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Mon, 21 Feb 2022 15:15:55 +0800 Subject: [PATCH 05/42] Remove CS40L26 common rules Bug: 220651401 Test: full build. Test: Check normal and audio-coupled haptics function Signed-off-by: Tai Kuo Change-Id: I4b87df352a066e50d1dd5e23b7b0cb06216fc78b --- bluejay/file_contexts | 3 --- bluejay/hal_vibrator_default.te | 7 ------- 2 files changed, 10 deletions(-) delete mode 100644 bluejay/file_contexts delete mode 100644 bluejay/hal_vibrator_default.te diff --git a/bluejay/file_contexts b/bluejay/file_contexts deleted file mode 100644 index 751c7d2..0000000 --- a/bluejay/file_contexts +++ /dev/null @@ -1,3 +0,0 @@ -# Haptics -/dev/snd/pcmC0D24p u:object_r:vibrator_snd_device:s0 -/dev/snd/pcmC1D24p u:object_r:vibrator_snd_device:s0 diff --git a/bluejay/hal_vibrator_default.te b/bluejay/hal_vibrator_default.te deleted file mode 100644 index b5db3f2..0000000 --- a/bluejay/hal_vibrator_default.te +++ /dev/null @@ -1,7 +0,0 @@ -# Haptics -allow hal_vibrator_default input_device:dir r_dir_perms; -allow hal_vibrator_default vibrator_snd_device:chr_file rw_file_perms; -allow hal_vibrator_default vibrator_snd_device:dir search; -allow hal_vibrator_default audio_device:dir search; -allow hal_vibrator_default proc_asound:dir search; -allow hal_vibrator_default proc_asound:file r_file_perms; From 97b7cebd49c09a406af0886e08f433ec65cc0288 Mon Sep 17 00:00:00 2001 From: chungkai Date: Thu, 31 Mar 2022 07:06:18 +0000 Subject: [PATCH 06/42] genfs_contexts: fix path for i2c peripheral device paths are changed when we enable parallel module loading and reorder the initializtaion of devices. Test: without avc denial on B3 when booting Bug: 227541760 Signed-off-by: chungkai Change-Id: I38c8baaa221e7552d2cdabe2169e937ec0d548ea --- bluejay/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index f3bb0bd..b3737f5 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -1,2 +1,3 @@ # Haptics genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 From 97bad77bfa3cf1705783e4e4bc45bb203e8df086 Mon Sep 17 00:00:00 2001 From: chungkai Date: Thu, 14 Apr 2022 04:00:32 +0000 Subject: [PATCH 07/42] genfs_contexts: fix path for i2c peripheral device paths are changed when we enable parallel module loading and reorder the initializtaion of devices. Test: without avc denial on B3 when booting Bug: 22754176 Signed-off-by: chungkai Change-Id: I5153ec42d996390ae8167c67f35402afe65105cd --- bluejay/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index b3737f5..0e9b2a8 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -1,3 +1,6 @@ # Haptics genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 From 335d12f5216586b0cbba2e31fb04cc10a5e29202 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 4 Jul 2022 12:51:42 +0800 Subject: [PATCH 08/42] Setup SELinux bug_map Bug: 234547283 Change-Id: I5a520a619440cae1bd0f50b876106ecb7f6f5d79 --- tracking_denials/bug_map | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tracking_denials/bug_map diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 0000000..e69de29 From 4f8b19962f3c1fdc6133c966a036769e03487a87 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 4 Jul 2022 14:48:23 +0800 Subject: [PATCH 09/42] correct the sepolicy path Bug: 234547283 Test: build pass Change-Id: I79948290dd02e547606659369c632f1d4bd549bf --- bluejay-sepolicy.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk index cb5229b..ab9ac22 100644 --- a/bluejay-sepolicy.mk +++ b/bluejay-sepolicy.mk @@ -1,2 +1,2 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay -BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials From 8742bddbd392c6254ce700738fa40da425994ffc Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 7 Jul 2022 11:28:17 +0800 Subject: [PATCH 10/42] Update SELinux error Test: checkLockScreen Bug: 238263942 Bug: 238263518 Change-Id: Icf86a62dc3da9e28aa9116cb0fbf93bc8eda8445 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e69de29..9da81e8 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -0,0 +1,2 @@ +dumpstate app_zygote process b/238263942 +incidentd debugfs_wakeup_sources file b/238263518 From ccbde531c1236ea242e34c24b619c1013862783e Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 29 Jul 2022 10:17:18 +0800 Subject: [PATCH 11/42] Update SELinux error Test: checkSensors Bug: 240632681 Test: checkLockScreen Bug: 240632681 Test: scanBugreport Bug: 240632681 Change-Id: Ia8431816f0099527f5c91bfe6ba23be98f0976b6 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 9da81e8..fbc2727 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,2 +1,3 @@ dumpstate app_zygote process b/238263942 +hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 From 1c646d0916d35ed3eb176fc6339601d1b559f9df Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 2 Aug 2022 14:03:35 +0800 Subject: [PATCH 12/42] Update SELinux error Test: checkSensors Bug: 241049482 Test: checkLockScreen Bug: 241049482 Test: scanBugreport Bug: 241049482 Change-Id: If705c911d761e68b13430d3d5bd0feabb2f3e5e9 --- tracking_denials/bug_map | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index fbc2727..1e8afd9 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,7 @@ dumpstate app_zygote process b/238263942 hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 +init app_data_file dir b/241049482 +init gsi_data_file file b/241049482 +init privapp_data_file dir b/241049482 +init system_app_data_file dir b/241049482 From 9641c85de84bcf828b8e654222b5b1587b2bd036 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 5 Sep 2022 13:25:20 +0800 Subject: [PATCH 13/42] remove obsolete entry on init Bug: 241049543 Test: boot with no relevant log Change-Id: I5ea13c4c51419ddf2be62cfc2bd915799d4268cf --- tracking_denials/bug_map | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 1e8afd9..fbc2727 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,7 +1,3 @@ dumpstate app_zygote process b/238263942 hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 -init app_data_file dir b/241049482 -init gsi_data_file file b/241049482 -init privapp_data_file dir b/241049482 -init system_app_data_file dir b/241049482 From 5e8ab96efb898bb04ea3e5f5ec80902209e2e4ad Mon Sep 17 00:00:00 2001 From: Chris Paulo Date: Tue, 30 Aug 2022 00:29:28 +0000 Subject: [PATCH 14/42] [DO NOT MERGE] device/sepolicy: Add sepolicy for vibrator hal Added sepolicy for vibrator hal specific to device uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=vibrator.adaptive_haptics.enabled pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1' avc: denied { open } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { getattr } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { map } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1094 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1 avc: denied { connectto } for comm="android.hardwar" path="/dev/socket/chre" scontext=u:r:hal_vibrator_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1 avc: denied { open } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms avc: denied { getattr } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms Bug: 198239103 Test: Verified functionality Signed-off-by: Chris Paulo Change-Id: I1f38a069c06c5cc142236aed9cb34eede77c0315 --- bluejay-sepolicy.mk | 1 + vendor/file_contexts | 2 ++ vendor/hal_vibrator_default.te | 3 +++ vendor/property_contexts | 2 ++ vendor/vendor_init.te | 2 ++ 5 files changed, 10 insertions(+) create mode 100644 vendor/file_contexts create mode 100644 vendor/hal_vibrator_default.te create mode 100644 vendor/property_contexts create mode 100644 vendor/vendor_init.te diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk index cb5229b..5a2b557 100644 --- a/bluejay-sepolicy.mk +++ b/bluejay-sepolicy.mk @@ -1,2 +1,3 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/vendor BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..66359fc --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,2 @@ +# Haptics +/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private-bluejay u:object_r:hal_vibrator_default_exec:s0 diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te new file mode 100644 index 0000000..8cb0c72 --- /dev/null +++ b/vendor/hal_vibrator_default.te @@ -0,0 +1,3 @@ +# Allow Vibrator HAL to communicate with daemon via socket +allow hal_vibrator_default chre:unix_stream_socket connectto; +allow hal_vibrator_default chre_socket:sock_file write; diff --git a/vendor/property_contexts b/vendor/property_contexts new file mode 100644 index 0000000..4222a57 --- /dev/null +++ b/vendor/property_contexts @@ -0,0 +1,2 @@ +# Haptics +persist.vendor.vibrator.hal. u:object_r:vendor_vibrator_prop:s0 diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te new file mode 100644 index 0000000..6641c23 --- /dev/null +++ b/vendor/vendor_init.te @@ -0,0 +1,2 @@ +# Haptics +get_prop(vendor_init, adaptive_haptics_prop) From db9dfd788598e4bc3b6c9f58973a348fbc2445d8 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 9 Dec 2022 11:59:00 +0800 Subject: [PATCH 15/42] Update SELinux error Test: scanBugreport Bug: 261932945 Change-Id: I3352cebe4fcfdf537e64fbcb78f146afd8bc3b80 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index fbc2727..c94808c 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,4 @@ dumpstate app_zygote process b/238263942 +dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 From 6f4d7700d636c9fbf62304ef43f0ae4b3c4b063e Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 5 Jan 2023 11:03:37 +0800 Subject: [PATCH 16/42] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 264483668 Change-Id: Iff6b208ec5534784094911bfb9d0964115072e7f --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index c94808c..bf5807e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,5 @@ dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 +hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 From 28cd577058a742e4c1258ba767ac15699716dfe8 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 6 Jan 2023 09:19:17 +0800 Subject: [PATCH 17/42] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 264600023 Test: scanBugreport Bug: 264600240 Change-Id: I7130be95f2d4f2e9ac3dc61583ebf1f2ef9f508e --- tracking_denials/bug_map | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index bf5807e..38b6364 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,5 +1,10 @@ +derive_sdk mediaprovider_app dir b/264600240 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 +webview_zygote logdr_socket sock_file b/264600023 +webview_zygote resourcecache_data_file dir b/264600023 +webview_zygote tombstoned_crash_socket sock_file b/264600023 +webview_zygote zygote_exec file b/264600023 From a04a8b591ad5eb40c014d51a4b4d16d3478b8ba5 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 6 Jan 2023 10:30:15 +0800 Subject: [PATCH 18/42] update error on ROM Bug: 242203678 Test: pass boot test Change-Id: If456b357feb84ca5f57a38d4768f1340929306d4 Merged-In: I3352cebe4fcfdf537e64fbcb78f146afd8bc3b80 --- bluejay-sepolicy.mk | 2 +- tracking_denials/bug_map | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 tracking_denials/bug_map diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk index cb5229b..ab9ac22 100644 --- a/bluejay-sepolicy.mk +++ b/bluejay-sepolicy.mk @@ -1,2 +1,2 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay -BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 0000000..c94808c --- /dev/null +++ b/tracking_denials/bug_map @@ -0,0 +1,4 @@ +dumpstate app_zygote process b/238263942 +dumpstate system_data_file dir b/261932945 +hal_power_default hal_power_default capability b/240632681 +incidentd debugfs_wakeup_sources file b/238263518 From fb1523337e59e7e3f7d58871f0d5046f047f3751 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Wed, 18 Jan 2023 15:27:43 +0800 Subject: [PATCH 19/42] Update error on ROM 9496166 Bug: 265886512 Test: scanBugreport Change-Id: I8acf15a84d3b4ce9f8fd519912f8298b385e3e20 --- tracking_denials/dump_gsc.te | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tracking_denials/dump_gsc.te diff --git a/tracking_denials/dump_gsc.te b/tracking_denials/dump_gsc.te new file mode 100644 index 0000000..1eb7ccf --- /dev/null +++ b/tracking_denials/dump_gsc.te @@ -0,0 +1,3 @@ +# b/265886512 +dontaudit dump_gsc radio_vendor_data_file:file { read }; +dontaudit dump_gsc radio_vendor_data_file:file { write }; From 6de4461d3e32f2618168055b0e369eb9a27b46c6 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Fri, 10 Feb 2023 10:19:26 +0800 Subject: [PATCH 20/42] Update SELinux error Test: scanBugreport Bug: 268147400 Bug: 268147248 Bug: 268147280 Change-Id: I3c0b64c640b82a8df89e5272c26546866ed0e485 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 38b6364..d341070 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,9 +1,12 @@ derive_sdk mediaprovider_app dir b/264600240 +dump_pixel_metrics sysfs file b/268147280 +dump_stm sysfs_spi dir b/268147400 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 +incidentd incidentd anon_inode b/268147248 webview_zygote logdr_socket sock_file b/264600023 webview_zygote resourcecache_data_file dir b/264600023 webview_zygote tombstoned_crash_socket sock_file b/264600023 From 35b2971f9b18af0af376487bd13a98ef25bbb5f0 Mon Sep 17 00:00:00 2001 From: leochuang Date: Tue, 14 Feb 2023 15:45:22 +0800 Subject: [PATCH 21/42] Update SELinux error Test: scanBugreport Bug: 269218359 Change-Id: I146313942ee579bf875f8ca3b52467cade6994b8 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d341070..402fc20 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,6 +1,8 @@ derive_sdk mediaprovider_app dir b/264600240 dump_pixel_metrics sysfs file b/268147280 dump_stm sysfs_spi dir b/268147400 +dump_storage radio_vendor_data_file file b/269218359 +dump_storage vendor_slog_file file b/269218359 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_power_default hal_power_default capability b/240632681 From bfd77dc818dcc0adf3797fccbfe85cfcee59b77a Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Thu, 16 Feb 2023 22:24:57 +0800 Subject: [PATCH 22/42] Revert "[DO NOT MERGE] device/sepolicy: Add sepolicy for vibrator hal" This reverts commit 5e8ab96efb898bb04ea3e5f5ec80902209e2e4ad. Bug: 198239103 Test: build pass on git_tm-qpr-dev-plus-aosp Test: build pass on git_stage-aosp-master Change-Id: I64fa53bef8a88b219ddb154dc919a1313f4e9db7 --- bluejay-sepolicy.mk | 1 - vendor/file_contexts | 2 -- vendor/hal_vibrator_default.te | 3 --- vendor/property_contexts | 2 -- vendor/vendor_init.te | 2 -- 5 files changed, 10 deletions(-) delete mode 100644 vendor/file_contexts delete mode 100644 vendor/hal_vibrator_default.te delete mode 100644 vendor/property_contexts delete mode 100644 vendor/vendor_init.te diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk index 5a2b557..cb5229b 100644 --- a/bluejay-sepolicy.mk +++ b/bluejay-sepolicy.mk @@ -1,3 +1,2 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay -BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/vendor BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay diff --git a/vendor/file_contexts b/vendor/file_contexts deleted file mode 100644 index 66359fc..0000000 --- a/vendor/file_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Haptics -/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private-bluejay u:object_r:hal_vibrator_default_exec:s0 diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te deleted file mode 100644 index 8cb0c72..0000000 --- a/vendor/hal_vibrator_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# Allow Vibrator HAL to communicate with daemon via socket -allow hal_vibrator_default chre:unix_stream_socket connectto; -allow hal_vibrator_default chre_socket:sock_file write; diff --git a/vendor/property_contexts b/vendor/property_contexts deleted file mode 100644 index 4222a57..0000000 --- a/vendor/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Haptics -persist.vendor.vibrator.hal. u:object_r:vendor_vibrator_prop:s0 diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te deleted file mode 100644 index 6641c23..0000000 --- a/vendor/vendor_init.te +++ /dev/null @@ -1,2 +0,0 @@ -# Haptics -get_prop(vendor_init, adaptive_haptics_prop) From c92ecfbf1b747067e8ed7dc9c8781f05030bc19e Mon Sep 17 00:00:00 2001 From: leochuang Date: Tue, 21 Feb 2023 08:49:05 +0800 Subject: [PATCH 23/42] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 270080469 Change-Id: Iae618c0bda9e787db8db5f64cd2d2d5ffc86c0d8 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 402fc20..d2ece11 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,4 @@ +cbd vendor_modem_prop property_service b/270080469 derive_sdk mediaprovider_app dir b/264600240 dump_pixel_metrics sysfs file b/268147280 dump_stm sysfs_spi dir b/268147400 From 016905f2da50158339d436cc3ec6c7d89c043c3e Mon Sep 17 00:00:00 2001 From: leochuang Date: Wed, 22 Feb 2023 10:29:07 +0800 Subject: [PATCH 24/42] Update SELinux error Test: scanBugreport Bug: 270247129 Bug: 270247072 Change-Id: I9405da7b1aa9d10e71872e92e9e35f64bfc44cb3 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 402fc20..43d5d95 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,10 +1,12 @@ derive_sdk mediaprovider_app dir b/264600240 dump_pixel_metrics sysfs file b/268147280 +dump_ramdump radio_vendor_data_file file b/270247129 dump_stm sysfs_spi dir b/268147400 dump_storage radio_vendor_data_file file b/269218359 dump_storage vendor_slog_file file b/269218359 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 +hal_dumpstate_default dump_ramdump process b/270247072 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 From 0c5c6b803b90d69786c6d86ef538d0455d2717d4 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Fri, 24 Feb 2023 09:59:12 +0800 Subject: [PATCH 25/42] Update SELinux error Test: scanBugreport Bug: 270633115 Change-Id: I7ef3ae4b7a6f571a6159015a37406101a7e4e7f3 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 43d5d95..7752139 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,6 +1,7 @@ derive_sdk mediaprovider_app dir b/264600240 dump_pixel_metrics sysfs file b/268147280 dump_ramdump radio_vendor_data_file file b/270247129 +dump_ramdump vendor_camera_data_file file b/270633115 dump_stm sysfs_spi dir b/268147400 dump_storage radio_vendor_data_file file b/269218359 dump_storage vendor_slog_file file b/269218359 From 4ca8f97dff02a7847ea004b167b42464bdd1a1a8 Mon Sep 17 00:00:00 2001 From: Woody Lin Date: Mon, 6 Feb 2023 08:54:22 +0000 Subject: [PATCH 26/42] Revert "Update SELinux error" This reverts commit db9dfd788598e4bc3b6c9f58973a348fbc2445d8. Reason for revert: fixed by aosp/2422419 Bug: 260366497 Bug: 264600011 Change-Id: I5454fb84cde8bb7b24971388e9a09e31100f7993 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index aa9095f..0067d86 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -7,7 +7,6 @@ dump_stm sysfs_spi dir b/268147400 dump_storage radio_vendor_data_file file b/269218359 dump_storage vendor_slog_file file b/269218359 dumpstate app_zygote process b/238263942 -dumpstate system_data_file dir b/261932945 hal_dumpstate_default dump_ramdump process b/270247072 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 From fe21211958a828ba79595fce7d78395902a2740b Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 29 Mar 2023 10:48:39 +0800 Subject: [PATCH 27/42] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 275645961 Change-Id: If74d70c40faceba5618a292cdda6880fe1f6bcf1 --- tracking_denials/hal_vibrator_default.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/hal_vibrator_default.te diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te new file mode 100644 index 0000000..f634fe6 --- /dev/null +++ b/tracking_denials/hal_vibrator_default.te @@ -0,0 +1,2 @@ +# b/275645961 +dontaudit hal_vibrator_default service_manager_type:service_manager find; From ca6ca14a456ba4318da39cbcc69f6533f591d425 Mon Sep 17 00:00:00 2001 From: Leo Liou Date: Fri, 17 Mar 2023 16:24:34 +0800 Subject: [PATCH 28/42] bluejay: add sepolicy for ufs_firmware_update process Allow the script to access the specified partition and sysfs. Bug: 273305212 Test: full build and test ffu flow Change-Id: I6f86606ebf0da631d1d2c1a433a9d200d6cac51c Signed-off-by: Leo Liou --- bluejay/genfs_contexts | 5 +++++ vendor/device.te | 2 ++ vendor/file_contexts | 5 +++++ vendor/ufs_firmware_update.te | 10 ++++++++++ 4 files changed, 22 insertions(+) create mode 100644 vendor/device.te create mode 100644 vendor/file_contexts create mode 100644 vendor/ufs_firmware_update.te diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index 0e9b2a8..6b11056 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -4,3 +4,8 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 + +# Storage +genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 diff --git a/vendor/device.te b/vendor/device.te new file mode 100644 index 0000000..d2a91db --- /dev/null +++ b/vendor/device.te @@ -0,0 +1,2 @@ +# Block Devices +type fips_block_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..a273c79 --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,5 @@ +# Binaries +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 + +# Devices +/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0 diff --git a/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te new file mode 100644 index 0000000..53ceba5 --- /dev/null +++ b/vendor/ufs_firmware_update.te @@ -0,0 +1,10 @@ +type ufs_firmware_update, domain; +type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type; + +init_daemon_domain(ufs_firmware_update) + +allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans; +allow ufs_firmware_update block_device:dir r_dir_perms; +allow ufs_firmware_update fips_block_device:blk_file rw_file_perms; +allow ufs_firmware_update sysfs:dir r_dir_perms; +allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms; From 0304eefdcb165a47cdb99b1f9132c630b1789f23 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 10 Apr 2023 11:01:56 +0800 Subject: [PATCH 29/42] Update SELinux error Test: scanBugreport Bug: 277529247 Change-Id: Iaebc144608805c09d624272a38d6aa9a62008a4d --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 7752139..5aa59ad 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -5,6 +5,7 @@ dump_ramdump vendor_camera_data_file file b/270633115 dump_stm sysfs_spi dir b/268147400 dump_storage radio_vendor_data_file file b/269218359 dump_storage vendor_slog_file file b/269218359 +dump_trusty modem_efs_file file b/277529247 dumpstate app_zygote process b/238263942 dumpstate system_data_file dir b/261932945 hal_dumpstate_default dump_ramdump process b/270247072 From 5e42855d003a53a038e00eb0abf6d13f79960738 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 11 Apr 2023 03:43:17 +0000 Subject: [PATCH 30/42] Remove obsolete entries Bug: 270080469 Bug: 264600240 Bug: 268147280 Bug: 270247129 Bug: 270633115 Bug: 268147400 Bug: 269218359 Bug: 269218359 Bug: 277529247 Bug: 238263942 Bug: 270247072 Bug: 240632681 Bug: 264483668 Bug: 238263518 Bug: 265886512 Test: adb bugreport Change-Id: I66b3c16af0845513e907e92be8d7afe03d9e0d8f --- tracking_denials/bug_map | 9 --------- tracking_denials/dump_gsc.te | 3 --- 2 files changed, 12 deletions(-) delete mode 100644 tracking_denials/dump_gsc.te diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 00aec3b..f62d5cc 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,14 +1,5 @@ cbd vendor_modem_prop property_service b/270080469 derive_sdk mediaprovider_app dir b/264600240 -dump_pixel_metrics sysfs file b/268147280 -dump_ramdump radio_vendor_data_file file b/270247129 -dump_ramdump vendor_camera_data_file file b/270633115 -dump_stm sysfs_spi dir b/268147400 -dump_storage radio_vendor_data_file file b/269218359 -dump_storage vendor_slog_file file b/269218359 -dump_trusty modem_efs_file file b/277529247 -dumpstate app_zygote process b/238263942 -hal_dumpstate_default dump_ramdump process b/270247072 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 diff --git a/tracking_denials/dump_gsc.te b/tracking_denials/dump_gsc.te deleted file mode 100644 index 1eb7ccf..0000000 --- a/tracking_denials/dump_gsc.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/265886512 -dontaudit dump_gsc radio_vendor_data_file:file { read }; -dontaudit dump_gsc radio_vendor_data_file:file { write }; From 959afe2835cd0ebf928de307dd141b29f9ec05eb Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 11 Apr 2023 11:32:28 +0800 Subject: [PATCH 31/42] Remove obsolete entries Bug: 268147280 Bug: 270247129 Bug: 270633115 Bug: 268147400 Bug: 269218359 Bug: 269218359 Bug: 238263942 Bug: 261932945 Bug: 270247072 Bug: 265886512 Test: adb bugreport Change-Id: I93d79c0e1b6d85d45d59dd3e39dece3d58406654 Merged-In: I66b3c16af0845513e907e92be8d7afe03d9e0d8f --- tracking_denials/bug_map | 10 ---------- tracking_denials/dump_gsc.te | 3 --- 2 files changed, 13 deletions(-) delete mode 100644 tracking_denials/dump_gsc.te diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 5aa59ad..69858d8 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,14 +1,4 @@ derive_sdk mediaprovider_app dir b/264600240 -dump_pixel_metrics sysfs file b/268147280 -dump_ramdump radio_vendor_data_file file b/270247129 -dump_ramdump vendor_camera_data_file file b/270633115 -dump_stm sysfs_spi dir b/268147400 -dump_storage radio_vendor_data_file file b/269218359 -dump_storage vendor_slog_file file b/269218359 -dump_trusty modem_efs_file file b/277529247 -dumpstate app_zygote process b/238263942 -dumpstate system_data_file dir b/261932945 -hal_dumpstate_default dump_ramdump process b/270247072 hal_power_default hal_power_default capability b/240632681 hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 diff --git a/tracking_denials/dump_gsc.te b/tracking_denials/dump_gsc.te deleted file mode 100644 index 1eb7ccf..0000000 --- a/tracking_denials/dump_gsc.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/265886512 -dontaudit dump_gsc radio_vendor_data_file:file { read }; -dontaudit dump_gsc radio_vendor_data_file:file { write }; From 54a353165cdac9f447fb73c796ecb1e45bca86cc Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 12 May 2023 02:07:52 +0000 Subject: [PATCH 32/42] introduce a new sepolicy owner Bug: 281631102 Test: N/A Change-Id: Iee0db5d439442fe7c689aaecfa214ea90dbe76b4 --- OWNERS | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/OWNERS b/OWNERS index 791abb4..5232bc3 100644 --- a/OWNERS +++ b/OWNERS @@ -1,3 +1,4 @@ -include platform/system/sepolicy:/OWNERS +include device/google/gs-common:/sepolicy/OWNERS + +adamshih@google.com -rurumihong@google.com From b5b80403a1aa4533f08d15741af2d3e764176fe0 Mon Sep 17 00:00:00 2001 From: Ted Wang Date: Mon, 15 May 2023 12:25:39 +0000 Subject: [PATCH 33/42] Add sepolicy for aidl bt extension hal Bug: 280970790 Bug: 282685427 Test: make sepolicy and manual test Change-Id: I54de5dce02eb8ba01a90b1f14389a36114d9e8b0 --- bluejay/grilservice_app.te | 1 + 1 file changed, 1 insertion(+) create mode 100644 bluejay/grilservice_app.te diff --git a/bluejay/grilservice_app.te b/bluejay/grilservice_app.te new file mode 100644 index 0000000..ad0a779 --- /dev/null +++ b/bluejay/grilservice_app.te @@ -0,0 +1 @@ +allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; From 9525992cace9e42520c79cdbf5a1006bdec39b82 Mon Sep 17 00:00:00 2001 From: DesmondH Date: Wed, 31 May 2023 01:40:00 +0000 Subject: [PATCH 34/42] Remove obsolete entries Bug: 270080469 Bug: 264600240 Bug: 264483668 Change-Id: Iab8a37f169f3ff6e0d5be070567f6a455cd32c75 --- tracking_denials/bug_map | 3 --- 1 file changed, 3 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index f62d5cc..3ba34fa 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,7 +1,4 @@ -cbd vendor_modem_prop property_service b/270080469 -derive_sdk mediaprovider_app dir b/264600240 hal_power_default hal_power_default capability b/240632681 -hal_vibrator_default sysfs file b/264483668 incidentd debugfs_wakeup_sources file b/238263518 incidentd incidentd anon_inode b/268147248 webview_zygote logdr_socket sock_file b/264600023 From ad379fc0aef018a35dae8d6291b3ea8135a19edc Mon Sep 17 00:00:00 2001 From: DesmondH Date: Wed, 14 Jun 2023 16:51:41 +0000 Subject: [PATCH 35/42] Remove fixed or obsolete entries Bug: 240632681 Change-Id: I5176d220959aefd3e39acf34a3f80128b8348989 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 3ba34fa..e242e62 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,3 @@ -hal_power_default hal_power_default capability b/240632681 incidentd debugfs_wakeup_sources file b/238263518 incidentd incidentd anon_inode b/268147248 webview_zygote logdr_socket sock_file b/264600023 From 5ba0e738aec731490df3254ee87d65d0474eee97 Mon Sep 17 00:00:00 2001 From: DesmondH Date: Wed, 28 Jun 2023 05:31:36 +0000 Subject: [PATCH 36/42] Remove obsolete entries Fix: 264600023 Fix: 275645961 Change-Id: If4ada1f505b9295f3415dea8cbd177694163a9a4 --- tracking_denials/bug_map | 4 ---- tracking_denials/hal_vibrator_default.te | 2 -- 2 files changed, 6 deletions(-) delete mode 100644 tracking_denials/hal_vibrator_default.te diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e242e62..0a3984e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,6 +1,2 @@ incidentd debugfs_wakeup_sources file b/238263518 incidentd incidentd anon_inode b/268147248 -webview_zygote logdr_socket sock_file b/264600023 -webview_zygote resourcecache_data_file dir b/264600023 -webview_zygote tombstoned_crash_socket sock_file b/264600023 -webview_zygote zygote_exec file b/264600023 diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te deleted file mode 100644 index f634fe6..0000000 --- a/tracking_denials/hal_vibrator_default.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/275645961 -dontaudit hal_vibrator_default service_manager_type:service_manager find; From 5431c78f3c185d631da28cd38038bf65fa38f1a6 Mon Sep 17 00:00:00 2001 From: Leo Liou Date: Mon, 17 Jul 2023 16:22:44 +0800 Subject: [PATCH 37/42] bluejay: move ffu selinux rule into BOARD_VENDOR_SEPOLICY_DIRS The ffu selinux rule don't work because it's not included by BOARD_VENDOR_SEPOLICY_DIRS. Move it to bluejay folder and fix the not working problem. Bug: 273305600 Test: local build and test on B3 Change-Id: I7c9034b72b237508ecd9893fe86dee51d47c3c88 Signed-off-by: Leo Liou --- {vendor => bluejay}/device.te | 0 {vendor => bluejay}/file_contexts | 0 {vendor => bluejay}/ufs_firmware_update.te | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename {vendor => bluejay}/device.te (100%) rename {vendor => bluejay}/file_contexts (100%) rename {vendor => bluejay}/ufs_firmware_update.te (100%) diff --git a/vendor/device.te b/bluejay/device.te similarity index 100% rename from vendor/device.te rename to bluejay/device.te diff --git a/vendor/file_contexts b/bluejay/file_contexts similarity index 100% rename from vendor/file_contexts rename to bluejay/file_contexts diff --git a/vendor/ufs_firmware_update.te b/bluejay/ufs_firmware_update.te similarity index 100% rename from vendor/ufs_firmware_update.te rename to bluejay/ufs_firmware_update.te From 4fda2b12336d10601d39a79638de47dc498ff717 Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Mon, 4 Sep 2023 17:32:53 +0800 Subject: [PATCH 38/42] Add more CS40L26 i2c paths Sometimes the I2C will not be in the usual allowlist, need to enumerate possible paths to prevent unexpected vibrator behaviors. Bug: 284969808 Test: full build Test: Check normal and audio-coupled haptics function Change-Id: I84772c484022b47cc6db79ecd96b327279f7dfbc --- bluejay/genfs_contexts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index 6b11056..b01c716 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -1,4 +1,8 @@ # Haptics +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 From 7595c2dae851525ec03fae35c5f2af45c78e8242 Mon Sep 17 00:00:00 2001 From: Desmond Huang Date: Wed, 13 Sep 2023 01:08:11 +0800 Subject: [PATCH 39/42] Relocate common tracking denial entries Bug: 299029620 Change-Id: I15c42b09239e2c59b1a8d505f03fba260257d475 --- tracking_denials/bug_map | 2 -- 1 file changed, 2 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 0a3984e..e69de29 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,2 +0,0 @@ -incidentd debugfs_wakeup_sources file b/238263518 -incidentd incidentd anon_inode b/268147248 From ccdd975a88d05de92a839697f3963baec914a62b Mon Sep 17 00:00:00 2001 From: Will McVicker Date: Mon, 18 Sep 2023 15:29:57 -0700 Subject: [PATCH 40/42] Update the cs40l26a i2c device node sepolicy labeling This change needs to be merged with the corresponding kernel change that sets the i2c bus aliases correctly to match the existing v5.10 bus probe ordering. To verify the sepolicy labeling doesn't change, run the below commands and diff the stdout on builds with and without the changes. For extra credit, verify the nodes are labeled the same when upgrading the kernel to v6.1 (with the correct i2c aliases to match the existing policy): acpm_bus_array=("acpm_mfd_bus@17500000" "acpm_mfd_bus@17510000") for bus in ${acpm_bus_array[@]}; do adb shell ls -ZR /sys/devices/platform/${bus}/i2c-*; done bus_array=("10960000" "10970000" "10d50000" "10900000") for bus in ${bus_array[@]}; do adb shell ls -ZR /sys/devices/platform/${bus}.hsi2c/i2c-*; done Test: verify on b3 Bug: 291606723 Change-Id: I36e41d7e2379b731c2092a679dc4e4042e0d3651 --- bluejay/genfs_contexts | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index b01c716..09f7b8a 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -1,13 +1,6 @@ # Haptics -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/7-0043 u:object_r:sysfs_vibrator:s0 # Storage genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 From 5e130ea7c30b66fd85501103e3176a213235d87b Mon Sep 17 00:00:00 2001 From: Roy Luo Date: Thu, 28 Sep 2023 18:00:06 +0000 Subject: [PATCH 41/42] Revert "Update the cs40l26a i2c device node sepolicy labeling" Revert submission 24855741-gs101-i2c-bus-fixes Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.corp.google.com/builds/quarterdeck?branch=git_main&target=bluejay-trunk_food-userdebug&lkgb=10876543&lkbb=10876988&fkbb=10876587, bug b/302549624. Reverted changes: /q/submissionid:24855741-gs101-i2c-bus-fixes Change-Id: I1450fd464d661edbb7b3dc45bccc46f1e4d3a4bc BUG: 302549624 --- bluejay/genfs_contexts | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index 09f7b8a..b01c716 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -1,6 +1,13 @@ # Haptics +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/7-0043 u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 # Storage genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 From 37bba82cfb84e89ac5cd5bdd08ca60d595793b6e Mon Sep 17 00:00:00 2001 From: Will McVicker Date: Thu, 28 Sep 2023 10:33:27 -0700 Subject: [PATCH 42/42] Move haptics sepolicy to gs101-sepolicy The i2c-7/7-0043 label is shared with both i2c-7/i2c-cs40l25a and i2c-7/i2c-cs40l26a nodes. To make it clear that these all are related, let's move i2c-7/i2c-cs40l26a to gs101-sepolicy and have all the gs101 vibrator policy labels together. Test: build on b3 and verify i2c nodes on r4 Bug: 291606723 Change-Id: I58be5961120c0ec5597a947c5ab6caa52aeb7bce --- bluejay/genfs_contexts | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index b01c716..829c58d 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -1,14 +1,3 @@ -# Haptics -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 - # Storage genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0