From 256d37b5d70fa3d140ad1fd32abe3b296021c285 Mon Sep 17 00:00:00 2001 From: Philip Quinn Date: Wed, 29 May 2024 18:33:49 -0700 Subject: [PATCH 1/5] Remove obsolete relfector HAL policy. Bug: 343566773 Test: presubmit Change-Id: Ie779a71dfdc9d198643f5eb95396085ea842b7a5 --- touch/twoshay/sepolicy/touchflow_debug/file_contexts | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 touch/twoshay/sepolicy/touchflow_debug/file_contexts diff --git a/touch/twoshay/sepolicy/touchflow_debug/file_contexts b/touch/twoshay/sepolicy/touchflow_debug/file_contexts deleted file mode 100644 index 17dfe62..0000000 --- a/touch/twoshay/sepolicy/touchflow_debug/file_contexts +++ /dev/null @@ -1,2 +0,0 @@ -/vendor/bin/hw/android\.hardware\.input\.processor-reflector u:object_r:hal_input_processor_default_exec:s0 -/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0 From ec3a55308067d4a608960527d18a5c901522e04e Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Tue, 2 Apr 2024 10:05:36 +0000 Subject: [PATCH 2/5] sepolicy: Allow gnssd access modem_state avc: denied { read } for name="modem_state" dev="sysfs" ino=77641 scontext=u:r:gnssd:s0 tcontext=u:object_r:sysfs_modem_state:s0 tclass=file avc: denied { open } for path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=77641 scontext=u:r:gnssd:s0 tcontext=u:object_r:sysfs_modem_state:s0 tclass=file avc: denied { getattr } for path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=77641 scontext=u:r:gnssd:s0 tcontext=u:object_r:sysfs_modem_state:s0 tclass=file Bug: 342284863 Test: b/342284863 for boot-health check. Test: b/342284863 for function verification. Change-Id: I1accfe367915737c14ee79dce71fe04cdcdbb727 --- gps/lsi/sepolicy/gnssd.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gps/lsi/sepolicy/gnssd.te b/gps/lsi/sepolicy/gnssd.te index 56ab51f..a293b95 100644 --- a/gps/lsi/sepolicy/gnssd.te +++ b/gps/lsi/sepolicy/gnssd.te @@ -31,3 +31,6 @@ set_prop(gnssd, vendor_gps_prop) # Read RIL property get_prop(gnssd, vendor_rild_prop) + +# Read modme state +allow gnssd sysfs_modem_state:file r_file_perms; From 1f7c89e359122284a469fb1414b88f01271408db Mon Sep 17 00:00:00 2001 From: Bruce Po Date: Fri, 31 May 2024 11:51:10 -0700 Subject: [PATCH 3/5] selinux move aocx from vndservice to service When updating aocx service to use binder ndk backend, we get this selinux violation: SELinux : avc: denied { add } for pid=2772 uid=0 name=aocx.IAocx scontext=u:r:aocxd:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0 TEST: adb push out/target/product/tangorpro/vendor/etc/selinux/* /vendor/etc/selinux adb reboot adb shell aocx_tool list BUG: 343998265 Change-Id: I1e4f554abfe02f33328c851f7da64c671d8f4cb7 --- aoc/sepolicy/service.te | 1 + aoc/sepolicy/{vndservice_contexts => service_contexts} | 0 aoc/sepolicy/vndservice.te | 1 - 3 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 aoc/sepolicy/service.te rename aoc/sepolicy/{vndservice_contexts => service_contexts} (100%) delete mode 100644 aoc/sepolicy/vndservice.te diff --git a/aoc/sepolicy/service.te b/aoc/sepolicy/service.te new file mode 100644 index 0000000..502b28d --- /dev/null +++ b/aoc/sepolicy/service.te @@ -0,0 +1 @@ +type aocx, service_manager_type; diff --git a/aoc/sepolicy/vndservice_contexts b/aoc/sepolicy/service_contexts similarity index 100% rename from aoc/sepolicy/vndservice_contexts rename to aoc/sepolicy/service_contexts diff --git a/aoc/sepolicy/vndservice.te b/aoc/sepolicy/vndservice.te deleted file mode 100644 index 01c2436..0000000 --- a/aoc/sepolicy/vndservice.te +++ /dev/null @@ -1 +0,0 @@ -type aocx, vndservice_manager_type; From bb3522634e7494513dd11ea8084c35e7bf7645c9 Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Fri, 31 May 2024 02:12:23 +0000 Subject: [PATCH 4/5] sepolicy: Allow hal_gnss_pixel access sscoredump file avc: denied { read } for name="ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 avc: denied { search } for name="ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 avc: denied { read } for name="ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 avc: denied { open } for path="/data/vendor/ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 avc: denied { search } for name="ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 avc: denied { getattr } for path="/data/vendor/ssrdump/crashinfo_gnss_2024-05-22_16-00-45.txt" dev="dm-48" ino=19897 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 avc: denied { read } for name="crashinfo_modem_2024-05-22_16-34-51.txt" dev="dm-48" ino=20760 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 Bug: 341224300 Test: b/341224300#comment13 abtd boot health check. Test: b/341224300 SST test verification. Change-Id: Ie2b55cb487e7e801a0199b1e9dd9ad16f1e3d682 --- gps/pixel/sepolicy/hal_gnss_pixel.te | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te index ecdfcd3..43ff35d 100644 --- a/gps/pixel/sepolicy/hal_gnss_pixel.te +++ b/gps/pixel/sepolicy/hal_gnss_pixel.te @@ -22,4 +22,8 @@ allow hal_gnss_pixel hal_contexthub_service:service_manager find; # Allow connect to gnss service allow hal_gnss_pixel vendor_gps_file:dir create_dir_perms; -allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms; \ No newline at end of file +allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms; + +# Allow access ssrdump information +allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:file r_file_perms; +allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; From 70f4b0431e27eb7b382ee651865e2ef9fc01c234 Mon Sep 17 00:00:00 2001 From: Super Liu Date: Mon, 27 May 2024 07:00:20 +0000 Subject: [PATCH 5/5] touch: Add the capability to simulate HW failure Usage: $> setprop vendor.touch.gti0.ical.override.result RESULT The designate RESULT to be used for the designate CMD. If no RESULT assign, the default value will be "0 - -2147483648". $> setprop vendor.touch.gti0.ical.override.cmd CMD The result of designate CMD(e.g. 202 or 301) to be overrode by the designate RESULT. If the CMD is "xxx", the result of any CMD will be overode with the designate RESULT. Bug: 341021854 Test: manual test Change-Id: I3d24618e240b4a966b5a76a33ed9ab96503a3257 Signed-off-by: Super Liu --- touch/gti/touch_gti_ical.cpp | 44 ++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/touch/gti/touch_gti_ical.cpp b/touch/gti/touch_gti_ical.cpp index 0aabd9e..9b5eed5 100644 --- a/touch/gti/touch_gti_ical.cpp +++ b/touch/gti/touch_gti_ical.cpp @@ -34,6 +34,18 @@ int main(int argc, char *argv[]) char *line = NULL; size_t len = 0; FILE *ical_fd; + const char *ical_override_cmd_prop[2] = { + [0] = "vendor.touch.gti0.ical.override.cmd", + [1] = "vendor.touch.gti1.ical.override.cmd", + }; + const char *ical_override_result_prop[2] = { + [0] = "vendor.touch.gti0.ical.override.result", + [1] = "vendor.touch.gti1.ical.override.result", + }; + const char *ical_write_history_prop[2] = { + [0] = "vendor.touch.gti0.ical.write.history", + [1] = "vendor.touch.gti1.ical.write.history", + }; const char *ical_state_prop[2] = { [0] = "vendor.touch.gti0.ical.state", [1] = "vendor.touch.gti1.ical.state", @@ -46,9 +58,16 @@ int main(int argc, char *argv[]) [0] = "/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate", [1] = "/sys/devices/virtual/goog_touch_interface/gti.1/interactive_calibrate", }; + const char *ical_override_cmd_prop_path = ical_override_cmd_prop[0]; + const char *ical_override_result_prop_path = ical_override_result_prop[0]; + const char *ical_write_history_prop_path = ical_write_history_prop[0]; const char *ical_state_prop_path = ical_state_prop[0]; const char *ical_result_prop_path = ical_result_prop[0]; const char *ical_sysfs_path = ical_sysfs[0]; + const char ical_override_all_cmd_prop_val[PROPERTY_VALUE_MAX] = "xxx"; + char ical_override_cmd_prop_val[PROPERTY_VALUE_MAX] = "\0"; + char ical_override_result_prop_val[PROPERTY_VALUE_MAX] = "\0"; + char ical_write_history_prop_val[PROPERTY_VALUE_MAX] = "\0"; if (argc < 3) { ALOGW("No target dev or command for interactive_calibrate sysfs.\n"); @@ -60,11 +79,18 @@ int main(int argc, char *argv[]) if (strncmp(argv[1], "1", strlen(argv[1])) == 0 || strncmp(argv[1], "gti1", strlen(argv[1])) == 0 || strncmp(argv[1], "gti.1", strlen(argv[1])) == 0) { + ical_override_cmd_prop_path = ical_override_cmd_prop[1]; + ical_override_result_prop_path = ical_override_result_prop[1]; + ical_write_history_prop_path = ical_write_history_prop[1]; ical_state_prop_path = ical_state_prop[1]; ical_result_prop_path = ical_result_prop[1]; ical_sysfs_path = ical_sysfs[1]; } + property_get(ical_override_cmd_prop_path, ical_override_cmd_prop_val, NULL); + property_get(ical_override_result_prop_path, ical_override_result_prop_val, "0 - -2147483648"); + property_get(ical_write_history_prop_path, ical_write_history_prop_val, NULL); + property_set(ical_result_prop_path, "na"); property_set(ical_state_prop_path, "running"); if (access(ical_sysfs_path, F_OK | R_OK | W_OK)) { @@ -84,11 +110,25 @@ int main(int argc, char *argv[]) getline(&line, &len, ical_fd); if (line != NULL) { property_set(ical_state_prop_path, "read"); - property_set(ical_result_prop_path, line); - ALOGI("read: %s => %s", ical_sysfs_path, line); + if (strncmp(ical_override_cmd_prop_val, + ical_write_history_prop_val, + strlen(ical_write_history_prop_path)) == 0 || + strncasecmp(ical_override_cmd_prop_val, + ical_override_all_cmd_prop_val, + strlen(ical_override_all_cmd_prop_val)) == 0) { + property_set(ical_result_prop_path, ical_override_result_prop_val); + ALOGW("read(original): %s => %s", + ical_sysfs_path, line); + ALOGW("read(override): %s => %s", + ical_sysfs_path, ical_override_result_prop_val); + } else { + property_set(ical_result_prop_path, line); + ALOGI("read: %s => %s", ical_sysfs_path, line); + } free(line); } } else { + property_set(ical_write_history_prop_path, argv[2]); property_set(ical_state_prop_path, argv[2]); fwrite(argv[2], 1, strlen(argv[2]), ical_fd); ALOGI("write: %s => %s\n", argv[2], ical_sysfs_path);