From 7cf67c1e9ae4e1864ff65e865ff74902687a5454 Mon Sep 17 00:00:00 2001 From: derickhong Date: Tue, 27 Feb 2024 16:19:22 +0800 Subject: [PATCH 1/6] Allow HWC to access display refresh control Bug: 326869289 Test: adb shell dmesg | grep avc ; adb logcat -d | grep avc Change-Id: I353139e97728486f2a8b6c5f593cddf51adb7804 --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 738c892..a99a07e 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -12,6 +12,7 @@ genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/panel_extin genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/refresh_ctrl u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 From 229a44dbf90dd66ea71ef55fd6ec8f71522f82e7 Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Tue, 2 Apr 2024 09:02:39 +0000 Subject: [PATCH 2/6] sepolicy: Move the gnssif/wakeup to zumapro Bug: 329334328 Test: abtd device-boot-health-check-extra under b/329334328. Test: boot and check the logcat avc. Change-Id: Ieb02d6232186a3d0ee43b2b6c96b0db7ad4534f9 --- vendor/genfs_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index a99a07e..a31bd55 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -38,7 +38,6 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/power_supply/wire genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/111c0000.spi/spi_master/spi19/spi19.0/synaptics_tcm.0/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/111c0000.spi/spi_master/spi19/spi19.0/synaptics_tcm.0/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/gnssif/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/odm/odm:fp_fpc1020/wakeup u:object_r:sysfs_wakeup:s0 From 203b4dd470cbd7ee0505c83f170d56a7ace4231f Mon Sep 17 00:00:00 2001 From: Kevin Ying Date: Mon, 22 Apr 2024 22:29:53 +0000 Subject: [PATCH 3/6] Add sepolicy for power_state node Bug: 329703995 Test: manual - used camera Change-Id: I3764557b98334ec73ba94a691f0cbdbacb5c8400 Signed-off-by: Kevin Ying --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index a31bd55..fd9ff7a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -8,6 +8,7 @@ genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/panel_need_ genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/power_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 From 221e792107b48988a2747a9143685d68728f133d Mon Sep 17 00:00:00 2001 From: YiKai Peng Date: Fri, 26 Apr 2024 13:05:02 +0000 Subject: [PATCH 4/6] selinux: move wlc 0x61 wakeup to zumapro Bug: 335557235 Test: v2/pixel-health-guard/device-boot-health-check-extra Change-Id: I1ad5bf17dae71ec5e8b6756a8eadf26878afad22 Signed-off-by: YiKai Peng --- vendor/genfs_contexts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index a31bd55..4979b1a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -32,10 +32,6 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0036/power/wakeup genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0036/power_supply/maxfg_secondary/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0036/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/111c0000.spi/spi_master/spi19/spi19.0/synaptics_tcm.0/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/111c0000.spi/spi_master/spi19/spi19.0/synaptics_tcm.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/power/wakeup u:object_r:sysfs_wakeup:s0 From 9667a21442b25639f3e79c39fc05faa6fffd12e1 Mon Sep 17 00:00:00 2001 From: Frank Yu Date: Wed, 24 Apr 2024 12:22:50 +0000 Subject: [PATCH 5/6] Support register AntennaTuningService. The devices uses RadioExt 1.7 should have grilservice_app register antennaTuningCallbacks. The avc error log: avc: denied { find } for pid=3441 uid=10273 name=com.google.input.algos.gril.IGrilAntennaTuningService/default scontext=u:r:grilservice_app:s0:c17,c257,c512,c768 tcontext=u:object_r:gril_antenna_tuning_service:s0 tclass=service_manager permissive=0 [ 22.019071] type=1400 audit(1714448048.956:7): avc: denied { call } for comm="pool-2-thread-1" scontext=u:r:grilservice_app:s0:c254,c256,c512,c768 tcontext=u:r:twoshay:s0 tclass=binder permissive=0 app=com.google.android.grilservice Test: Manual. Without sepolicy error. Bug: 321790599 Change-Id: Ie2cecaea493d37cd3009bcf9bab942a62212641f --- vendor/grilservice_app.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 vendor/grilservice_app.te diff --git a/vendor/grilservice_app.te b/vendor/grilservice_app.te new file mode 100644 index 0000000..792dae4 --- /dev/null +++ b/vendor/grilservice_app.te @@ -0,0 +1,2 @@ +allow grilservice_app gril_antenna_tuning_service:service_manager find; +binder_call(grilservice_app, twoshay) From 432fb7298d14b59411e261b21fd5261023f0da21 Mon Sep 17 00:00:00 2001 From: jimsun Date: Fri, 17 May 2024 09:48:34 +0800 Subject: [PATCH 6/6] Allow vendor_init to set setupwizard prop 05-16 17:07:33.099472 root 351 351 E init : Unable to set property 'setupwizard.feature.provisioning_profile_mode' from uid:0 gid:0 pid:352: SELinux permission check failed 05-16 17:07:33.095723 root 352 352 W libc : Unable to set property "setupwizard.feature.provisioning_profile_mode" to "true": error code: 0x18 Bug: 339918070 Test: manual Change-Id: Ie1737d7632e11de9750305df4255da55b4a0c426 --- comet-sepolicy.mk | 4 ++++ system_ext/private/gmscore_app.te | 2 ++ system_ext/private/priv_app.te | 2 ++ system_ext/private/property_contexts | 2 ++ system_ext/public/property.te | 2 ++ vendor/vendor_init.te | 3 +++ 6 files changed, 15 insertions(+) create mode 100644 system_ext/private/gmscore_app.te create mode 100644 system_ext/private/priv_app.te create mode 100644 system_ext/private/property_contexts create mode 100644 system_ext/public/property.te diff --git a/comet-sepolicy.mk b/comet-sepolicy.mk index 32aa697..3ffaa05 100644 --- a/comet-sepolicy.mk +++ b/comet-sepolicy.mk @@ -1,2 +1,6 @@ # sepolicy exclusively for comet. BOARD_SEPOLICY_DIRS += device/google/comet-sepolicy/vendor + +# system_ext +SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/comet-sepolicy/system_ext/public +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/comet-sepolicy/system_ext/private diff --git a/system_ext/private/gmscore_app.te b/system_ext/private/gmscore_app.te new file mode 100644 index 0000000..4dc1639 --- /dev/null +++ b/system_ext/private/gmscore_app.te @@ -0,0 +1,2 @@ +# Allow to read setupwizard_feature_prop +get_prop(gmscore_app, setupwizard_feature_prop) diff --git a/system_ext/private/priv_app.te b/system_ext/private/priv_app.te new file mode 100644 index 0000000..90bc371 --- /dev/null +++ b/system_ext/private/priv_app.te @@ -0,0 +1,2 @@ +# Allow to read setupwizard_feature_prop +get_prop(priv_app, setupwizard_feature_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts new file mode 100644 index 0000000..464a289 --- /dev/null +++ b/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# setupwizard +setupwizard.feature.provisioning_profile_mode u:object_r:setupwizard_feature_prop:s0 diff --git a/system_ext/public/property.te b/system_ext/public/property.te new file mode 100644 index 0000000..96cb3b3 --- /dev/null +++ b/system_ext/public/property.te @@ -0,0 +1,2 @@ +# setupwizard +system_public_prop(setupwizard_feature_prop) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 91d16a9..0af5c8a 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -1,2 +1,5 @@ # Camera vendor property set_prop(vendor_init, vendor_camera_debug_prop) + +# setupwizard +set_prop(vendor_init, setupwizard_feature_prop)