From 016ddaf6d00d171971ff34064072a046d3d01582 Mon Sep 17 00:00:00 2001 From: jonerlin Date: Sun, 29 Sep 2024 02:21:10 +0000 Subject: [PATCH 1/2] introduce pixel bluetooth common hal service android.hardware.bluetooth-service.pixel bug: 373530837 bug: 370264579 Test: verify bt function in forest test build Flag: EXEMPT, mechanical change. Change-Id: I5c0d87740bab8636309ee6c60ee9e8d83ea3a66c --- bluetooth/bluetooth.mk | 13 +++++++++++++ bluetooth/compatibility_matrix.xml | 30 ++++++++++++++++++++++++++++++ bluetooth/manifest_bluetooth.xml | 27 +++++++++++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 bluetooth/bluetooth.mk create mode 100644 bluetooth/compatibility_matrix.xml create mode 100644 bluetooth/manifest_bluetooth.xml diff --git a/bluetooth/bluetooth.mk b/bluetooth/bluetooth.mk new file mode 100644 index 0000000..6f9a9d7 --- /dev/null +++ b/bluetooth/bluetooth.mk @@ -0,0 +1,13 @@ +PRODUCT_SOONG_NAMESPACES += vendor/google/connectivity/bluetooth/common +PRODUCT_PACKAGES += \ + android.hardware.bluetooth-V1-ndk.so \ + android.hardware.bluetooth.finder-V1-ndk.so \ + android.hardware.bluetooth.ranging-V1-ndk.so \ + android.hardware.bluetooth-service.pixel \ + vendor.google.bluetooth_ext-V1-ndk.so \ + bt_vendor.conf \ + android.hardware.bluetooth.prebuilt.xml \ + android.hardware.bluetooth_le.prebuilt.xml + +DEVICE_MANIFEST_FILE += device/google/gs-common/bluetooth/manifest_bluetooth.xml +DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/bluetooth/compatibility_matrix.xml diff --git a/bluetooth/compatibility_matrix.xml b/bluetooth/compatibility_matrix.xml new file mode 100644 index 0000000..65b0c6d --- /dev/null +++ b/bluetooth/compatibility_matrix.xml @@ -0,0 +1,30 @@ + + + vendor.google.bluetooth_ext + 1 + + IBluetoothFinder + default + + + IBluetoothCcc + default + + + IBTChannelAvoidance + default + + + IBluetoothSar + default + + + IBluetoothExt + default + + + IBluetoothEwp + default + + + diff --git a/bluetooth/manifest_bluetooth.xml b/bluetooth/manifest_bluetooth.xml new file mode 100644 index 0000000..a72f1c9 --- /dev/null +++ b/bluetooth/manifest_bluetooth.xml @@ -0,0 +1,27 @@ + + + android.hardware.bluetooth + 1 + IBluetoothHci/default + + + android.hardware.bluetooth.finder + 1 + IBluetoothFinder/default + + + android.hardware.bluetooth.ranging + 1 + IBluetoothChannelSounding/default + + + vendor.google.bluetooth_ext + 1 + IBTChannelAvoidance/default + IBluetoothCcc/default + IBluetoothEwp/default + IBluetoothExt/default + IBluetoothFinder/default + IBluetoothSar/default + + From d76dcdca38059f3bd2288856452eab796b5b3dfd Mon Sep 17 00:00:00 2001 From: jonerlin Date: Tue, 22 Oct 2024 15:36:51 +0000 Subject: [PATCH 2/2] add sepolicy rules for bluetooth common hal 10-21 17:44:33.052 8548 8548 W binder:8548_2: type=1400 audit(0.0:181): avc: denied { open } for path="/dev/wbrc" dev="tmpfs" ino=1653 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0 10-21 17:44:33.056 8548 8548 W binder:8548_2: type=1400 audit(0.0:182): avc: denied { call } for scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0 10-21 14:33:39.544 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothCcc/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.547 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothExt/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.548 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothEwp/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.548 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothFinder/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.549 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothSar/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.550 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBTChannelAvoidance/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:34:29.557 491 491 E SELinux : avc: denied { find } for pid=11758 uid=1002 name=power.stats-vendor scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_power_stats_vendor_service:s0 tclass=service_manager permissive=0 10-21 14:34:29.558 491 491 E SELinux : avc: denied { add } for pid=11758 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothExt/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:34:29.848 11758 11758 W binder:11758_2: type=1400 audit(0.0:317): avc: denied { read write } for name="wbrc" dev="tmpfs" ino=1654 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0 10-21 14:34:29.948 11758 11758 W binder:11758_2: type=1400 audit(0.0:318): avc: denied { read write } for name="wbrc" dev="tmpfs" ino=1654 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0 10-22 21:43:21.504000 1002 874 874 I auditd : type=1400 audit(0.0:7): avc: denied { search } for comm="android.hardwar" name="aconfig" dev="sda10" ino=18 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:aconfig_storage_metadata_file:s0 tclass=dir permissive=0 10-22 21:43:21.504000 1002 874 874 W android.hardwar: type=1400 audit(0.0:7): avc: denied { search } for name="aconfig" dev="sda10" ino=18 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:aconfig_storage_metadata_file:s0 tclass=dir permissive=0 10-22 05:51:56.052000 1002 890 890 I auditd : type=1400 audit(0.0:30): avc: denied { read } for comm="binder:890_2" name="logbuffer_tty18" dev="tmpfs" ino=1297 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0 10-22 05:51:56.052000 1002 890 890 W binder:890_2: type=1400 audit(0.0:30): avc: denied { read } for name="logbuffer_tty18" dev="tmpfs" ino=1297 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:122): avc: denied { search } for name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:123): avc: denied { write } for name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:124): avc: denied { add_name } for name="coredump_bt_2024-10-22_22-35-30.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:125): avc: denied { create } for name="coredump_bt_2024-10-22_22-35-30.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:126): avc: denied { read write open } for path="/data/vendor/ssrdump/coredump/coredump_bt_2024-10-22_22-35-30.bin" dev="dm-52" ino=18673 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:127): avc: denied { setattr } for name="coredump_bt_2024-10-22_22-35-30.bin" dev="dm-52" ino=18673 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-23 13:34:22.908 873 873 I binder:873_3: type=1400 audit(0.0:5101): avc: denied { read } for name="logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-23 13:34:22.908 873 873 I binder:873_3: type=1400 audit(0.0:5102): avc: denied { open } for path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-23 13:34:22.908 873 873 I binder:873_3: type=1400 audit(0.0:5103): avc: denied { getattr } for path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-23 13:34:22.908 873 873 I binder:873_3: type=1400 audit(0.0:5104): avc: denied { ioctl } for path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 ioctlcmd=0x5401 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-23 13:34:22.912 873 873 I binder:873_3: type=1400 audit(0.0:5105): avc: denied { read } for name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 [ 354.876922] type=1400 audit(1729656523.440:124): avc: denied { search } for comm="binder:873_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 [ 354.879606] type=1400 audit(1729656523.444:126): avc: denied { write } for comm="binder:873_2" name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 [ 354.879747] type=1400 audit(1729656523.444:127): avc: denied { add_name } for comm="binder:873_2" name="coredump_bt_2024-10-23_12-08-43.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 [ 710.811807] type=1400 audit(1729656879.376:1045): avc: denied { getattr } for comm="dump_modem" path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_modem:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 bug=b/361725982 [ 738.329130] type=1400 audit(1729656906.892:2083): avc: denied { read } for comm="binder:873_3" name="logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 [ 738.329926] type=1400 audit(1729656906.892:2084): avc: denied { open } for comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 [ 738.330266] type=1400 audit(1729656906.892:2085): avc: denied { getattr } for comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 [ 738.330724] type=1400 audit(1729656906.892:2086): avc: denied { ioctl } for comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 ioctlcmd=0x5401 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 [ 738.332303] type=1400 audit(1729656906.896:2087): avc: denied { read } for comm="binder:873_3" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 Bug: 374695851 Bug: 372146292 Test: build pass, enable/disable Bluetooth and Pair new device, make bt firmware crash to get the firmware dump file Flag: EXEMPT, mechanical change. Change-Id: Ia5b2b8485c53dd677a39268438a9507817908f4f --- bluetooth/bluetooth.mk | 3 +++ bluetooth/sepolicy/device.te | 3 +++ bluetooth/sepolicy/file_contexts | 6 ++++++ bluetooth/sepolicy/genfs_contexts | 8 ++++++++ bluetooth/sepolicy/hal_bluetooth_btlinux.te | 18 ++++++++++++++++++ bluetooth/sepolicy/hwservice.te | 3 +++ bluetooth/sepolicy/hwservice_contexts | 6 ++++++ bluetooth/sepolicy/service.te | 2 ++ bluetooth/sepolicy/service_contexts | 7 +++++++ 9 files changed, 56 insertions(+) create mode 100644 bluetooth/sepolicy/device.te create mode 100644 bluetooth/sepolicy/file_contexts create mode 100644 bluetooth/sepolicy/genfs_contexts create mode 100644 bluetooth/sepolicy/hal_bluetooth_btlinux.te create mode 100644 bluetooth/sepolicy/hwservice.te create mode 100644 bluetooth/sepolicy/hwservice_contexts create mode 100644 bluetooth/sepolicy/service.te create mode 100644 bluetooth/sepolicy/service_contexts diff --git a/bluetooth/bluetooth.mk b/bluetooth/bluetooth.mk index 6f9a9d7..29ddb9c 100644 --- a/bluetooth/bluetooth.mk +++ b/bluetooth/bluetooth.mk @@ -9,5 +9,8 @@ PRODUCT_PACKAGES += \ android.hardware.bluetooth.prebuilt.xml \ android.hardware.bluetooth_le.prebuilt.xml +BOARD_SEPOLICY_DIRS += device/google/gs-common/bluetooth/sepolicy +BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats + DEVICE_MANIFEST_FILE += device/google/gs-common/bluetooth/manifest_bluetooth.xml DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/bluetooth/compatibility_matrix.xml diff --git a/bluetooth/sepolicy/device.te b/bluetooth/sepolicy/device.te new file mode 100644 index 0000000..a256332 --- /dev/null +++ b/bluetooth/sepolicy/device.te @@ -0,0 +1,3 @@ +# Bt Wifi Coexistence device +type wb_coexistence_dev, dev_type; + diff --git a/bluetooth/sepolicy/file_contexts b/bluetooth/sepolicy/file_contexts new file mode 100644 index 0000000..e7c2617 --- /dev/null +++ b/bluetooth/sepolicy/file_contexts @@ -0,0 +1,6 @@ +# Bluetooth +/vendor/bin/hw/android\.hardware\.bluetooth-service\.pixel u:object_r:hal_bluetooth_btlinux_exec:s0 + +/dev/wbrc u:object_r:wb_coexistence_dev:s0 +/dev/ttySAC16 u:object_r:hci_attach_dev:s0 + diff --git a/bluetooth/sepolicy/genfs_contexts b/bluetooth/sepolicy/genfs_contexts new file mode 100644 index 0000000..899041b --- /dev/null +++ b/bluetooth/sepolicy/genfs_contexts @@ -0,0 +1,8 @@ +# Bluetooth pin control device node +genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0 +genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0 +genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0 +genfscon proc /bluetooth/timesync u:object_r:proc_bluetooth_writable:s0 + diff --git a/bluetooth/sepolicy/hal_bluetooth_btlinux.te b/bluetooth/sepolicy/hal_bluetooth_btlinux.te new file mode 100644 index 0000000..a893102 --- /dev/null +++ b/bluetooth/sepolicy/hal_bluetooth_btlinux.te @@ -0,0 +1,18 @@ +# coexistence device file node +add_hwservice(hal_bluetooth_btlinux, hal_bluetooth_coexistence_hwservice); +add_service(hal_bluetooth_btlinux, hal_bluetooth_coexistence_service); +allow hal_bluetooth_btlinux wb_coexistence_dev:chr_file rw_file_perms; + +# power stats +allow hal_bluetooth_btlinux hal_power_stats_vendor_service:service_manager find; +binder_call(hal_bluetooth_btlinux, hal_power_stats_default) + +# bt firmware dump +allow hal_bluetooth_btlinux aconfig_storage_metadata_file:dir search; +allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir { read search }; + +userdebug_or_eng(` + allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms; + allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:file create_file_perms; + allow hal_bluetooth_btlinux logbuffer_device:chr_file r_file_perms; +') diff --git a/bluetooth/sepolicy/hwservice.te b/bluetooth/sepolicy/hwservice.te new file mode 100644 index 0000000..5e36cd0 --- /dev/null +++ b/bluetooth/sepolicy/hwservice.te @@ -0,0 +1,3 @@ +# Bluetooth HAL extension +type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type; + diff --git a/bluetooth/sepolicy/hwservice_contexts b/bluetooth/sepolicy/hwservice_contexts new file mode 100644 index 0000000..8480b4e --- /dev/null +++ b/bluetooth/sepolicy/hwservice_contexts @@ -0,0 +1,6 @@ +# Bluetooth HAL extension +hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.ccc::IBluetoothCcc u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.ewp::IBluetoothEwp u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.ext::IBluetoothExt u:object_r:hal_bluetooth_coexistence_hwservice:s0 diff --git a/bluetooth/sepolicy/service.te b/bluetooth/sepolicy/service.te new file mode 100644 index 0000000..b8403da --- /dev/null +++ b/bluetooth/sepolicy/service.te @@ -0,0 +1,2 @@ +# Bluetooth HAL extension +type hal_bluetooth_coexistence_service, hal_service_type, service_manager_type; diff --git a/bluetooth/sepolicy/service_contexts b/bluetooth/sepolicy/service_contexts new file mode 100644 index 0000000..4aecc90 --- /dev/null +++ b/bluetooth/sepolicy/service_contexts @@ -0,0 +1,7 @@ +# Bluetooth HAL extension +vendor.google.bluetooth_ext.IBTChannelAvoidance/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothSar/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothCcc/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothEwp/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothExt/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothFinder/default u:object_r:hal_bluetooth_coexistence_service:s0