Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add sepolicy rules for bluetooth common hal

Browse source 
10-21 17:44:33.052  8548  8548 W binder:8548_2: type=1400 audit(0.0:181): avc:  denied  { open } for  path="/dev/wbrc" dev="tmpfs" ino=1653 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0
10-21 17:44:33.056  8548  8548 W binder:8548_2: type=1400 audit(0.0:182): avc:  denied  { call } for  scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0
10-21 14:33:39.544   491   491 E SELinux : avc:  denied  { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothCcc/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0
10-21 14:33:39.547   491   491 E SELinux : avc:  denied  { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothExt/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0
10-21 14:33:39.548   491   491 E SELinux : avc:  denied  { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothEwp/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0
10-21 14:33:39.548   491   491 E SELinux : avc:  denied  { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothFinder/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0
10-21 14:33:39.549   491   491 E SELinux : avc:  denied  { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothSar/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0
10-21 14:33:39.550   491   491 E SELinux : avc:  denied  { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBTChannelAvoidance/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0
10-21 14:34:29.557   491   491 E SELinux : avc:  denied  { find } for pid=11758 uid=1002 name=power.stats-vendor scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_power_stats_vendor_service:s0 tclass=service_manager permissive=0
10-21 14:34:29.558   491   491 E SELinux : avc:  denied  { add } for pid=11758 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothExt/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0
10-21 14:34:29.848 11758 11758 W binder:11758_2: type=1400 audit(0.0:317): avc:  denied  { read write } for  name="wbrc" dev="tmpfs" ino=1654 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0
10-21 14:34:29.948 11758 11758 W binder:11758_2: type=1400 audit(0.0:318): avc:  denied  { read write } for  name="wbrc" dev="tmpfs" ino=1654 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0
10-22 21:43:21.504000  1002   874   874 I auditd  : type=1400 audit(0.0:7): avc:  denied  { search } for  comm="android.hardwar" name="aconfig" dev="sda10" ino=18 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:aconfig_storage_metadata_file:s0 tclass=dir permissive=0
10-22 21:43:21.504000  1002   874   874 W android.hardwar: type=1400 audit(0.0:7): avc:  denied  { search } for  name="aconfig" dev="sda10" ino=18 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:aconfig_storage_metadata_file:s0 tclass=dir permissive=0
10-22 05:51:56.052000  1002   890   890 I auditd  : type=1400 audit(0.0:30): avc:  denied  { read } for  comm="binder:890_2" name="logbuffer_tty18" dev="tmpfs" ino=1297 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0
10-22 05:51:56.052000  1002   890   890 W binder:890_2: type=1400 audit(0.0:30): avc:  denied  { read } for  name="logbuffer_tty18" dev="tmpfs" ino=1297 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0
10-22 22:35:30.176   871   871 I binder:871_2: type=1400 audit(0.0:122): avc:  denied  { search } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-22 22:35:30.176   871   871 I binder:871_2: type=1400 audit(0.0:123): avc:  denied  { write } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-22 22:35:30.176   871   871 I binder:871_2: type=1400 audit(0.0:124): avc:  denied  { add_name } for  name="coredump_bt_2024-10-22_22-35-30.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-22 22:35:30.176   871   871 I binder:871_2: type=1400 audit(0.0:125): avc:  denied  { create } for  name="coredump_bt_2024-10-22_22-35-30.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-22 22:35:30.176   871   871 I binder:871_2: type=1400 audit(0.0:126): avc:  denied  { read write open } for  path="/data/vendor/ssrdump/coredump/coredump_bt_2024-10-22_22-35-30.bin" dev="dm-52" ino=18673 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-22 22:35:30.176   871   871 I binder:871_2: type=1400 audit(0.0:127): avc:  denied  { setattr } for  name="coredump_bt_2024-10-22_22-35-30.bin" dev="dm-52" ino=18673 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-23 13:34:22.908   873   873 I binder:873_3: type=1400 audit(0.0:5101): avc:  denied  { read } for  name="logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
10-23 13:34:22.908   873   873 I binder:873_3: type=1400 audit(0.0:5102): avc:  denied  { open } for  path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
10-23 13:34:22.908   873   873 I binder:873_3: type=1400 audit(0.0:5103): avc:  denied  { getattr } for  path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
10-23 13:34:22.908   873   873 I binder:873_3: type=1400 audit(0.0:5104): avc:  denied  { ioctl } for  path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 ioctlcmd=0x5401 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
10-23 13:34:22.912   873   873 I binder:873_3: type=1400 audit(0.0:5105): avc:  denied  { read } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
[  354.876922] type=1400 audit(1729656523.440:124): avc:  denied  { search } for  comm="binder:873_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
[  354.879606] type=1400 audit(1729656523.444:126): avc:  denied  { write } for  comm="binder:873_2" name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
[  354.879747] type=1400 audit(1729656523.444:127): avc:  denied  { add_name } for  comm="binder:873_2" name="coredump_bt_2024-10-23_12-08-43.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
[  710.811807] type=1400 audit(1729656879.376:1045): avc:  denied  { getattr } for  comm="dump_modem" path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_modem:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 bug=b/361725982
[  738.329130] type=1400 audit(1729656906.892:2083): avc:  denied  { read } for  comm="binder:873_3" name="logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
[  738.329926] type=1400 audit(1729656906.892:2084): avc:  denied  { open } for  comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
[  738.330266] type=1400 audit(1729656906.892:2085): avc:  denied  { getattr } for  comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
[  738.330724] type=1400 audit(1729656906.892:2086): avc:  denied  { ioctl } for  comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 ioctlcmd=0x5401 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
[  738.332303] type=1400 audit(1729656906.896:2087): avc:  denied  { read } for  comm="binder:873_3" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1

Bug: 374695851
Bug: 372146292
Test: build pass, enable/disable Bluetooth and Pair new device, make
bt firmware crash to get the firmware dump file
Flag: EXEMPT, mechanical change.

Change-Id: Ia5b2b8485c53dd677a39268438a9507817908f4f
This commit is contained in:
jonerlin 2024-10-22 15:36:51 +00:00
parent 016ddaf6d0
commit d76dcdca38
9 changed files with 56 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
bluetooth/bluetooth.mk
View file

@ -9,5 +9,8 @@ PRODUCT_PACKAGES += \
android.hardware.bluetooth.prebuilt.xml \
android.hardware.bluetooth_le.prebuilt.xml
BOARD_SEPOLICY_DIRS += device/google/gs-common/bluetooth/sepolicy
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
DEVICE_MANIFEST_FILE += device/google/gs-common/bluetooth/manifest_bluetooth.xml
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/bluetooth/compatibility_matrix.xml

3
bluetooth/sepolicy/device.te Normal file
View file

@ -0,0 +1,3 @@
# Bt Wifi Coexistence device
type wb_coexistence_dev, dev_type;

6
bluetooth/sepolicy/file_contexts Normal file
View file

@ -0,0 +1,6 @@
# Bluetooth
/vendor/bin/hw/android\.hardware\.bluetooth-service\.pixel u:object_r:hal_bluetooth_btlinux_exec:s0
/dev/wbrc u:object_r:wb_coexistence_dev:s0
/dev/ttySAC16 u:object_r:hci_attach_dev:s0

8
bluetooth/sepolicy/genfs_contexts Normal file
View file

@ -0,0 +1,8 @@
# Bluetooth pin control device node
genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0
genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0
genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0
genfscon proc /bluetooth/timesync u:object_r:proc_bluetooth_writable:s0

18
bluetooth/sepolicy/hal_bluetooth_btlinux.te Normal file
View file

@ -0,0 +1,18 @@
# coexistence device file node
add_hwservice(hal_bluetooth_btlinux, hal_bluetooth_coexistence_hwservice);
add_service(hal_bluetooth_btlinux, hal_bluetooth_coexistence_service);
allow hal_bluetooth_btlinux wb_coexistence_dev:chr_file rw_file_perms;
# power stats
allow hal_bluetooth_btlinux hal_power_stats_vendor_service:service_manager find;
binder_call(hal_bluetooth_btlinux, hal_power_stats_default)
# bt firmware dump
allow hal_bluetooth_btlinux aconfig_storage_metadata_file:dir search;
allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir { read search };
userdebug_or_eng(`
allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms;
allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:file create_file_perms;
allow hal_bluetooth_btlinux logbuffer_device:chr_file r_file_perms;
')

3
bluetooth/sepolicy/hwservice.te Normal file
View file

@ -0,0 +1,3 @@
# Bluetooth HAL extension
type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;

6
bluetooth/sepolicy/hwservice_contexts Normal file
View file

@ -0,0 +1,6 @@
# Bluetooth HAL extension
hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0
hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0
hardware.google.bluetooth.ccc::IBluetoothCcc u:object_r:hal_bluetooth_coexistence_hwservice:s0
hardware.google.bluetooth.ewp::IBluetoothEwp u:object_r:hal_bluetooth_coexistence_hwservice:s0
hardware.google.bluetooth.ext::IBluetoothExt u:object_r:hal_bluetooth_coexistence_hwservice:s0

2
bluetooth/sepolicy/service.te Normal file
View file

@ -0,0 +1,2 @@
# Bluetooth HAL extension
type hal_bluetooth_coexistence_service, hal_service_type, service_manager_type;

7
bluetooth/sepolicy/service_contexts Normal file
View file

@ -0,0 +1,7 @@
# Bluetooth HAL extension
vendor.google.bluetooth_ext.IBTChannelAvoidance/default u:object_r:hal_bluetooth_coexistence_service:s0
vendor.google.bluetooth_ext.IBluetoothSar/default u:object_r:hal_bluetooth_coexistence_service:s0
vendor.google.bluetooth_ext.IBluetoothCcc/default u:object_r:hal_bluetooth_coexistence_service:s0
vendor.google.bluetooth_ext.IBluetoothEwp/default u:object_r:hal_bluetooth_coexistence_service:s0
vendor.google.bluetooth_ext.IBluetoothExt/default u:object_r:hal_bluetooth_coexistence_service:s0
vendor.google.bluetooth_ext.IBluetoothFinder/default u:object_r:hal_bluetooth_coexistence_service:s0