Evolution-X-Tensor/device_google_felix
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
225 commits 1 branch 0 tags 122 MiB
Commit graph

37 commits

Author SHA1 Message Date
Liana Kazanova
1979e8df0a Revert "Add device specific entry back." 
Revert submission 26288713-twoshay-sepolicy-24

Reason for revert: DroidMonitor: Potential culprit for b/327235315 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.

Bug:327235315

Reverted changes: /q/submissionid:26288713-twoshay-sepolicy-24

Change-Id: I250fd1c8415c3c865bffa4504c8c290c0d49fddb
 2024-02-27 21:20:02 +00:00
Mark Chang
836da8022d Add device specific entry back. 
Bug: 325422902
Test: Manual, system booted without sepolicy denied error.
Change-Id: I10132c2da0b6b3b76e67ba07a6692f41a6a1a58a
Signed-off-by: Mark Chang <changmark@google.com>
 2024-02-19 05:46:59 +00:00
Jacky Liu
2bc710e44c Update i2c device paths 
Update i2c device paths with static bus numbers.
Remove entries which are already in gs201-sepolicy.

Bug: 323447554
Test: Boot to home
Change-Id: I5de14147fbe16242182e3940c9318c3dec372bdc
 2024-02-06 16:17:32 +00:00
Darren Hsu
0ddbc3d4a3 sepolicy: label required display paths for hal_power_stats 
Bug: 322458289
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I8dd6d0a26f4dc6dcdd3025f36f8bb5262a7a1a25
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2024-01-26 17:57:06 +08:00
Jenny Ho
260dd531fe sepolicy: felix: add wireless path permission 
W binder:558_3: type=1400 audit(0.0:734): avc:  denied  { read } for  name="wakeup80" dev="sysfs" ino=86209 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
E android.system.suspend-service: Error opening kernel wakelock stats for: wakeup13 (../../devices/platform/10da0000.hsi2c/i2c-8/8-0061/power_supply/wireless/wakeup13): Permission denied

W UeventThread: type=1400 audit(0.0:189): avc:  denied  { read } for  name="voltage_now" dev="sysfs" ino=69837 scontext=u:r:hal_wireless_charger:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 320193504
Change-Id: Iec4bf714ab4051fcd32bfc8c824e81af0fc35793
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2024-01-16 15:40:32 +08:00
Limon Mia
bb2d2ad0c9 allow bthal to access vendor bluetooth folder 
Bug: 316071157
Test: enable vendor btsnoop property and check the vendor snoop log
Flag: EXEMPT .
Change-Id: I5b1b9f475089313c205ae384589e07414497a72b
 2023-12-26 08:01:41 +00:00
Sebastian Pickl
6e6ea34596 Revert "selinux: fix the wakeup avc denials" am: 959371629b am: c6050bb668 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/felix-sepolicy/+/24189204

Change-Id: I71d2a8a0f47b259d5e58ffc571657a5cffeb6203
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 11:36:48 +00:00
Sebastian Pickl
959371629b Revert "selinux: fix the wakeup avc denials" 
This reverts commit 6cd5fef048.

Reason for revert: build break b/292813704

Change-Id: Ib9cb338d2767f62f048c7ae979bc97242d18e500
 2023-07-25 08:26:34 +00:00
Ken Yang
68a5d82a54 selinux: fix the wakeup avc denials am: 6cd5fef048 am: 15b985efa6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/felix-sepolicy/+/24158114

Change-Id: Ic0e68446b4fb3211cd4bb8f07ad4707496b8de5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 03:26:22 +00:00
Ken Yang
6cd5fef048 selinux: fix the wakeup avc denials 
Bug: 292076108
Change-Id: I8ce862cd945edc63541b36cd3e5227c43b4c7caa
Signed-off-by: Ken Yang <yangken@google.com>
 2023-07-24 05:43:40 +00:00
Ted Wang
fda887ed1b Add sepolicy for aidl bt extension hal 
Bug: 274906319
Bug: 282685427
Test: make sepolicy and manual test
Change-Id: Ic8f870a570f5bb68277419a6ae6a8350c6c53639
 2023-05-22 07:44:40 +00:00
Chungkai Mei
354a3d1de2 sepolicy: fix avc denials 
add potential paths for i2c peripheral devices
sine we enable parallel module loading

Test: ABTD https://android-build.googleplex.com/builds/abtd/run/L94600000960253970 https://android-build.googleplex.com/builds/abtd/run/L92800000960257192
Bug: 279848350
Change-Id: I7779752aa79c1e0ffa1d1c5a7150ef5193d4f986
Signed-off-by: Chungkai Mei <chungkai@google.com>
 2023-04-27 12:19:40 +00:00
Ken Yang
b6e7c3d0c7 WLC: Cleanup the sysfs_wlc policies 
Bug: 263830018
Change-Id: I534eda445241e3a907b11004cafb737f6ec63586
Signed-off-by: Ken Yang <yangken@google.com>
 2023-01-06 19:24:38 +00:00
Wasb Liu
d6606b7439 sepolicy: add necessary sepolicy for dual battery am: 49cdfcb3c7 am: 6c46e922ab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/felix-sepolicy/+/20803963

Change-Id: I99ec363f789026842ff58ba39801f479ac41cf18
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-27 08:53:31 +00:00
Wasb Liu
49cdfcb3c7 sepolicy: add necessary sepolicy for dual battery 
12-22 16:24:51.964  1000   865   865 I auditd  : type=1400 audit(0.0:10): avc: denied { read } for comm="android.hardwar" name="logbuffer_maxfg_secondary" dev="tmpfs" ino=799 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
12-22 16:24:51.968  1000   865   865 I auditd  : type=1400 audit(0.0:11): avc: denied { read } for comm="android.hardwar" name="logbuffer_maxfg_secondary_monitor" dev="tmpfs" ino=630 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
12-22 16:24:51.968  1000   865   865 I auditd  : type=1400 audit(0.0:12): avc: denied { read } for comm="android.hardwar" name="logbuffer_dual_batt" dev="tmpfs" ino=1040 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

12-22 16:23:17.056  1000   522   522 I auditd  : type=1400 audit(0.0:4): avc: denied { read } for comm="binder:522_1" name="wakeup65" dev="sysfs" ino=79686 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0

Bug: 263496320
Test: no dual batt related denied
Change-Id: I021cd15d771524828a942fe1e4c63e3a24418ae8
Signed-off-by: Wasb Liu <wasbliu@google.com>
 2022-12-23 09:21:05 +00:00
Ken Yang
7cea766957 Merge "WLC: Add device specific sepolicy for wireless_charger" 2022-12-21 08:36:16 +00:00
Ken Yang
97c1d104cc WLC: Add device specific sepolicy for wireless_charger 
Bug: 237600973
Change-Id: I301c636cffb5520aa7bcf998d099c29ca19a2dd6
Signed-off-by: Ken Yang <yangken@google.com>
 2022-12-20 00:58:11 +00:00
Chase Wu
f4be42ae00 Remove sepolicy for vibrator manager service am: c02424796d am: cbfaaeea39 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/felix-sepolicy/+/20610806

Change-Id: If5c216b5bbcbfda16712a8e8421c0498a35b0900
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 11:26:50 +00:00
Chase Wu
c02424796d Remove sepolicy for vibrator manager service 
Bug: 260090235
Test: check avc error
Change-Id: I2cb9f9efe849ae6e7fb9b1b5aba2f92a3346af6d
Signed-off-by: Chase Wu <chasewu@google.com>
 2022-12-02 01:09:45 +08:00
Mason Wang
3c82f575b9 Allow dumpstate to access touch vendor nodes[DO NOT MERGE] 
Fix following avc denial log:
avc: denied { read } for name="driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { write } for name="driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/proc/fts/driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/appid" dev="sysfs" ino=110523 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=110529 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/proc/fts_ext/driver_test" dev="proc" ino=4026535585 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721


Bug: 226475119
Bug: 254164096
Test: There are no above avc denial logs.
Change-Id: I0a136a7e259640e3e13ea66c945251cf26878b33
 2022-11-24 15:35:16 +08:00
Nicole Lee
d6fe8df131 Revert "Allow dumpstate to access touch vendor nodes" 
This reverts commit b1d4e8ab2f.

Reason for revert: DroidMonitor: Potential culprit for Bug 260019672 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.

Change-Id: I8c3bf9982eb9c163e73e75624fd3265ddaa1de95
 2022-11-22 06:02:47 +00:00
Chase Wu
6c42229dcc add sepolicy for vibrator manager service 
Bug: 181615889
Test: Run all test suites
Signed-off-by: chasewu <chasewu@google.com>
Change-Id: Ie9e3c86b01afb26557ae69ead813dd123b4df91b
 2022-11-03 12:14:03 +08:00
Mason Wang
b1d4e8ab2f Allow dumpstate to access touch vendor nodes 
Fix following avc denial log:
avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="driver_test" dev="proc" ino=4026535565 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 bug=b/240632721
avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721


Bug: 226475119
Bug: 254164096
Test: There are no above avc denial logs.
Change-Id: Ie01104ebfb94154584d9d466cb295095eb634f48
 2022-10-28 12:44:25 +08:00
Darren Hsu
99f9cd6a45 sepolicy: add sysfs_wakeup labels for System Suspend 
Bug: 253980198
Test: run vts -m SuspendSepolicyTests
Change-Id: Ie58c35b37ad0a904d0292d2be9092f82b02d514b
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-10-18 11:39:51 +08:00
Wasb Liu
2dcb7cc94f Add sepolicy for dual_batt_gauge power supply 
08-23 02:45:54.456   860   860 I auditd  : type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=100372 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 243491187
Test: reboot device and check the avc
Signed-off-by: Wasb Liu <wasbliu@google.com>
Change-Id: I7600c816e743fc91afaf66db00ba332229b21e28
 2022-08-24 05:01:15 +00:00
Ted Lin
fd1cdb48b7 Sepolicy: fix the avc 
07-29 08:18:53.464   876   876 I auditd  : type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=78463 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 240632860
Test: reboot device and check the avc
Signed-off-by: Ted Lin <tedlin@google.com>
Change-Id: Ibb1f93c2003e9229c1fd2b3bd14ee022fa6539cc
 2022-08-03 09:18:35 +00:00
luofrank
f6c212c921 Add rules to allow Sensor HAL write access to als_table 
Sensor HAL needs write access to
/sys/class/backlight/panel1-backlight/als_table.

Bug: 238847421
Test: Refer to b/238847421#comment5.
Change-Id: I21845b7772b3806f8796dab7e23b91fe3ae6c881
 2022-07-25 09:50:17 +08:00
TreeHugger Robot
fde1b9d375 Merge "add sepolicy for both vibrator path" into tm-qpr-dev 2022-07-22 01:44:54 +00:00
TreeHugger Robot
82d6ccff80 Merge "Add service context for IDisplay/secondary" into tm-qpr-dev 2022-07-21 08:21:39 +00:00
Chase Wu
eb0d700258 add sepolicy for both vibrator path 
Change the both driver path's sysfs to sysfs_vibrator

Bug: 181615889
Test: adb shell ls -lZ /sys/bus/i2c/devices/i2c-cs40l26a/default/
Test: adb shell ls -lZ /sys/bus/i2c/devices/i2c-cs40l26a-dual/default/
Signed-off-by: Chase Wu <chasewu@google.com>
Change-Id: I839d4b9406d140a326730873cb8cb86d13188fe2
 2022-07-21 16:20:10 +08:00
Ted Wang
9d19bb92a9 Add sepolicy for Blutooth 
Bug: 236681575
Test: Manually
Change-Id: I7bb8af445718703032ba1b22858654b6a5972063
 2022-06-28 15:19:42 +08:00
linpeter
96d7d967fe Add service context for IDisplay/secondary 
Bug: 210380703
test: check avc
Change-Id: I32a62b5cbbd0168d3a90245af04a204e74d063b2
 2022-06-14 21:58:44 +08:00
linpeter
bc7b3c639c Add file context for decon1 and dsim1 
Bug: 232886745
test: check sysfs context
Change-Id: Icb85a54fd4d5b949fde698ca7afeb97a0bd43408
 2022-06-09 15:47:41 +08:00
Wasb Liu
1b1d98425f Add sepolicy for P9222 WLC power_supply 
avc: denied { getattr } for comm="android.hardwar" path="/sys/devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/capacity" dev="sysfs" ino=72303 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 229820966
Test: build ok, wireless power_supply can be detected by healthd
Signed-off-by: Wasb Liu <wasbliu@google.com>
Change-Id: I3078a11d6398be626d2c419ebee7d9e33babe441
 2022-04-29 16:40:45 +08:00
JimiChen
d4c74fffeb Add sepolicy for specific camera components 
Bug: 228822580
Bug: 228823145
Test: build okay
Change-Id: I9530292acb28414d13374128d9f453bdb602503f
 2022-04-15 15:41:43 +08:00
horngchuang
4f83b87879 Add F10 specific camera component sepolicy settings 
Bug: 227709256
Test: build okay
Change-Id: If1d2a22a0d3efd5b87a44f137ad115091e5653ac
 2022-04-08 19:06:35 +08:00
Cyan_Hsieh
a61abb8263 Initial device felix sepolicy 
Bug: 206057564
Change-Id: Ie0a08bf9c7a6cdaf634efce69401bcaa9e6a5d1b
 2021-12-06 12:12:10 +08:00