Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2510 commits 1 branch 0 tags 325 MiB
Commit graph

2510 commits

This branch
This branch
All branches
Author SHA1 Message Date
Android Build Coastguard Worker
124caa5313 Snap for 12361654 from 194a58c7bb to 24Q4-release 
Change-Id: I95922170a21294ef3ae2911b09406a2269df1fed
 2024-09-12 23:01:39 +00:00
Treehugger Robot
194a58c7bb Merge "audio: allow set_prop for vendor_audio_prop_restricted" into main 2024-09-12 11:11:17 +00:00
Robert Lee
6902f81e2d audio: allow set_prop for vendor_audio_prop_restricted 
Bug: 338910843
Test: manual test
Flag: EXEMPT sepolicy
Change-Id: Id8ad088512aca6cc939c25b5d747fbedeb4cd479
Signed-off-by: Robert Lee <lerobert@google.com>
 2024-09-12 09:07:45 +00:00
Android Build Coastguard Worker
b3b26dd18b Snap for 12354992 from df9178aaf4 to 24Q4-release 
Change-Id: I4e8e485fb60b5ff2d9212f2f49e94277c3ce8d7f
 2024-09-11 23:01:42 +00:00
Danh Nguyen
df9178aaf4 Merge "shamp: Update shared_modem_platform HAL version to 3" into main 2024-09-10 23:03:38 +00:00
Android Build Coastguard Worker
e7f58a6ca7 Snap for 12348750 from a85b95de5b to 24Q4-release 
Change-Id: I2499b8a0bc8a1d03b812a8560aaefb5edc974056
 2024-09-10 23:02:36 +00:00
Nishok Kumar S
a85b95de5b Merge "Add sepolicy for NNAPI HAL to access hal_graphics_allocator_service, This is required for AHardwareBuffer allocation." into main 2024-09-10 06:02:09 +00:00
Android Build Coastguard Worker
5a96e406c4 Snap for 12342105 from eb22aeaaa8 to 24Q4-release 
Change-Id: I416362df57b0e9e0eb02242e274bb0215554d28a
 2024-09-09 23:02:00 +00:00
Andy Hsu
eb22aeaaa8 Merge "Add sepolicy for gcam app" into main 2024-09-09 08:57:21 +00:00
Nishok Kumar S
db15a0bcf2 Add sepolicy for NNAPI HAL to access hal_graphics_allocator_service, 
This is required for AHardwareBuffer allocation.

Attached avc error log in commit message:

E SELinux : avc:  denied  { find } for pid=820 uid=1000 name=android.hardware.graphics.allocator.IAllocator/default scontext=u:r:hal_neuralnetworks_darwinn:s0 tcontext=u:object_r:hal_graphics_allocator_service:s0 tclass=service_manager permissive=0

Bug: 361711471
Test: Flash private build, run CTS NNAPI tests.
Change-Id: I7850bd0c64974180cee206bfc43c25b70fac3f79
 2024-09-09 06:32:45 +00:00
Randall Huang
69c69b2609 storage: fix ota selinux error 
avc:  denied  { read write } for  pid=281 comm="update_engine_s" name="boot_lun_enabled" dev="sysfs" ino=99875 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
avc:  denied  { open } for  pid=281 comm="update_engine_s" path="/sys/devices/platform/3c400000.ufs/pixel/boot_lun_enabled" dev="sysfs" ino=99875 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1

Bug: 361093433
Test: OTA sideload
Change-Id: I7c92346d7ab08597d612e798d2252768eed124a2
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-09 12:48:43 +08:00
Randall Huang
9b9bee2c1a Storage: add sepolicy for recovery mode 
avc:  denied  { search } for  pid=286 comm="fsck.f2fs" name="0:0:0:0" dev="sysfs" ino=100643 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { getattr } for  pid=286 comm="fsck.f2fs" path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda10/partition" dev="sysfs" ino=102318 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  pid=286 comm="fsck.f2fs" name="zoned" dev="sysfs" ino=101014 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  pid=286 comm="fsck.f2fs" path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/queue/zoned" dev="sysfs" ino=101014 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  pid=340 comm="fsck.f2fs" name="sda1" dev="tmpfs" ino=1060 scontext=u:r:fsck:s0 tcontext=u:object_r:persist_block_device:s0 tclass=blk_file permissive=0
avc:  denied  { read write } for  pid=340 comm="fsck.f2fs" name="sda1" dev="tmpfs" ino=1060 scontext=u:r:fsck:s0 tcontext=u:object_r:persist_block_device:s0 tclass=blk_file permissive=0

Bug: 361093433
Test: factory data reset
Change-Id: Idce44f75e8ef6f3e381fcdaa8c29831747ee0ecd
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-09 12:41:58 +08:00
Android Build Coastguard Worker
b92f611c88 Snap for 12337246 from 92f65e92ab to 24Q4-release 
Change-Id: Ic8185bd6fed7f0d10fcf3683c178816e57059328
 2024-09-07 21:01:43 +00:00
Xin Li
92f65e92ab [automerger skipped] Merge 24Q3 to AOSP main am: 3d9a037343 -s ours am: 1753d5c4df -s ours 
am skip reason: Merged-In I14cff8dfe4e143995b9011cd34a1e7d74613ae33 with SHA-1 d1adbe0cb2 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3258121

Change-Id: I703ee8ce839d2e5412036ef723919ca010a89a47
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-07 06:09:36 +00:00
Xin Li
1753d5c4df [automerger skipped] Merge 24Q3 to AOSP main am: 3d9a037343 -s ours 
am skip reason: Merged-In I14cff8dfe4e143995b9011cd34a1e7d74613ae33 with SHA-1 d1adbe0cb2 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3258121

Change-Id: I812aa14274c7353bf1322ca8aaedae71adc2a471
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-07 02:41:15 +00:00
Android Build Coastguard Worker
988e34aa3c Snap for 12335440 from c8a640f591 to 24Q4-release 
Change-Id: I7d7b562d588c834d2369703aac31e71f9d774150
 2024-09-07 02:32:07 +00:00
hwandy
6265f1f2eb Add sepolicy for gcam app 
Bug: b/359815606.
Bug: b/363018500.
Flag: EXEMPT bugfix.
Test: Locally built selinux policy and a local GCAEng (go/ab/12329728) and run GCAEng and saw selinux policy denial message gone.

AVC evidence from b/363018500:

    08-27 22:57:12.442   340   340 I auditd  : avc:  denied  { find } for pid=15696 uid=10286 name=activity scontext=u:r:debug_camera_app:s0:c30,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=0

    08-27 21:35:58.954   332   332 I auditd  : avc:  denied  { find } for pid=4055 uid=10286 name=media.audio_policy scontext=u:r:debug_camera_app:s0:c30,c257,c512,c768 tcontext=u:object_r:audioserver_service:s0 tclass=service_manager permissive=1

    08-27 21:34:50.138   332   332 I auditd  : avc:  denied  { find } for pid=4055 uid=10286 name=media.camera scontext=u:r:debug_camera_app:s0:c30,c257,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1

    08-27 21:34:53.320   332   332 I auditd  : avc:  denied  { find } for pid=4055 uid=10286 name=media.extractor scontext=u:r:debug_camera_app:s0:c30,c257,c512,c768 tcontext=u:object_r:mediaextractor_service:s0 tclass=service_manager permissive=1

    08-27 21:34:51.622   332   332 I auditd  : avc:  denied  { find } for pid=4055 uid=10286 name=media.metrics scontext=u:r:debug_camera_app:s0:c30,c257,c512,c768 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=1

    08-27 21:35:59.012   332   332 I auditd  : avc:  denied  { find } for pid=4055 uid=10286 name=media.resource_manager scontext=u:r:debug_camera_app:s0:c30,c257,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1

AVC evidence from go/ab/12328923:

09-06 11:16:24.421   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=netstats scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
09-06 11:16:24.627   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=shortcut scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:shortcut_service:s0 tclass=service_manager permissive=1
09-06 11:16:24.812 17252 17252 I GoogleCameraEng: type=1400 audit(0.0:1091): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:16:24.812 17252 17252 I GoogleCameraEng: type=1400 audit(0.0:1092): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:16:25.222   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=content_capture scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
09-06 11:16:25.220 17252 17252 I RenderThread: type=1400 audit(0.0:1093): avc:  denied  { read } for  name="uevent" dev="sysfs" ino=45203 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:16:25.220 17252 17252 I RenderThread: type=1400 audit(0.0:1094): avc:  denied  { open } for  path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=45203 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:16:25.220 17252 17252 I RenderThread: type=1400 audit(0.0:1095): avc:  denied  { getattr } for  path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=45203 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:16:25.877   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
09-06 11:16:25.902   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=autofill scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
09-06 11:16:25.920   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
09-06 11:16:25.928   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=performance_hint scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1
09-06 11:16:26.060   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=clipboard scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1
09-06 11:16:29.417   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=backup scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
09-06 11:16:29.484   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
09-06 11:17:01.249   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 11:17:01.306   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=package_native scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1
09-06 11:17:01.495   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=package_native scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1
09-06 11:17:02.330   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 11:17:05.916   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 11:17:07.826   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 11:17:09.579   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 11:17:10.580 17252 17252 I FinishThread: type=1400 audit(0.0:1164): avc:  denied  { read } for  name="gxp" dev="tmpfs" ino=1511 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:17:10.580 17252 17252 I FinishThread: type=1400 audit(0.0:1165): avc:  denied  { open } for  path="/dev/gxp" dev="tmpfs" ino=1511 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:17:10.580 17252 17252 I FinishThread: type=1400 audit(0.0:1166): avc:  denied  { ioctl } for  path="/dev/gxp" dev="tmpfs" ino=1511 ioctlcmd=0xee1a scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:17:10.580 17252 17252 I FinishThread: type=1400 audit(0.0:1167): avc:  denied  { write } for  name="gxp" dev="tmpfs" ino=1511 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:17:11.692   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 11:17:13.696 17252 17252 I FinishThread: type=1400 audit(0.0:1177): avc:  denied  { ioctl } for  path="/dev/gxp" dev="tmpfs" ino=1511 ioctlcmd=0xee00 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:17:15.443   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 11:17:20.159   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=uimode scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:uimode_service:s0 tclass=service_manager permissive=1
09-06 11:17:21.816 17252 17252 I FinishThread: type=1400 audit(0.0:1185): avc:  denied  { ioctl } for  path="/dev/gxp" dev="tmpfs" ino=1511 ioctlcmd=0xee00 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:17:36.508 17252 17252 I FinishThread: type=1400 audit(0.0:1189): avc:  denied  { ioctl } for  path="/dev/gxp" dev="tmpfs" ino=1511 ioctlcmd=0xee00 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 11:17:54.854   328   328 E SELinux : avc:  denied  { find } for pid=17252 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1

09-06 15:38:05.817   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=netstats scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.000   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=shortcut scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:shortcut_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.627   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=content_capture scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.634   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=gpu scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.640   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=activity_task scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.694   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=sensorservice scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.695   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=virtualdevice_native scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.728   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=device_policy scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.730   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=batterystats scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.731   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=powerstats scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:powerstats_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.788   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=trust scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=1
09-06 15:38:06.869   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=device_state scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1
09-06 15:38:07.052   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=vibrator_manager scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:vibrator_manager_service:s0 tclass=service_manager permissive=1
09-06 15:38:07.135   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=thermalservice scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
09-06 15:38:07.380   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
09-06 15:38:07.384   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=autofill scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
09-06 15:38:07.399   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
09-06 15:38:07.406   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=performance_hint scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1
09-06 15:38:07.542   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=clipboard scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1
09-06 15:38:10.834   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=backup scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
09-06 15:38:10.899   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=com.google.edgetpu.IEdgeTpuAppService/default scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_app_service:s0 tclass=service_manager permissive=1
09-06 15:38:10.913   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
09-06 15:38:27.247   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
09-06 15:38:27.612   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 15:38:27.866   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=package_native scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1
09-06 15:38:58.145   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=uimode scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:uimode_service:s0 tclass=service_manager permissive=1
09-06 15:38:59.592 12740 12740 I SEnhWorker: type=1400 audit(0.0:430): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1511 ioctlcmd=0xed1a scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:39:03.375   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=storagestats scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:storagestats_service:s0 tclass=service_manager permissive=1
09-06 15:41:04.632 12740 12740 I RenderThread: type=1400 audit(0.0:470): avc:  denied  { read } for  name="uevent" dev="sysfs" ino=45203 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:41:04.632 12740 12740 I RenderThread: type=1400 audit(0.0:471): avc:  denied  { open } for  path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=45203 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:41:04.632 12740 12740 I RenderThread: type=1400 audit(0.0:472): avc:  denied  { getattr } for  path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=45203 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:41:04.769   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=autofill scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
09-06 15:41:05.188 12740 12740 I MicrovideoQShar: type=1400 audit(0.0:474): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1511 ioctlcmd=0xed1a scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:41:17.532   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=legacy_permission scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:legacy_permission_service:s0 tclass=service_manager permissive=1
09-06 15:41:45.676 12740 12740 I MicrovideoQShar: type=1400 audit(0.0:535): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1511 ioctlcmd=0xed1a scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:41:46.684 12740 12740 I GcaGeneric-4: type=1400 audit(0.0:540): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1511 ioctlcmd=0xed19 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:41:48.288 12740 12740 I FinishThread: type=1400 audit(0.0:544): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1511 ioctlcmd=0xed11 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:42:02.482   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 15:42:03.576 12740 12740 I GcaGeneric-4: type=1400 audit(0.0:565): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1511 ioctlcmd=0xed19 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:42:06.947   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
09-06 15:42:06.955   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
09-06 15:42:07.652 12740 12740 I GcaGeneric-4: type=1400 audit(0.0:568): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1511 ioctlcmd=0xed12 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCameraEng
09-06 15:42:08.903   343   343 E SELinux : avc:  denied  { find } for pid=12740 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 16:58:35.741   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=gpu scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
09-06 16:58:35.759   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=activity_task scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.142   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=sensorservice scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.142   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=virtualdevice_native scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.265   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=device_policy scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.344   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=batterystats scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.344   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=trust scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.345   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=powerstats scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:powerstats_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.436   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=device_state scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.610   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=vibrator_manager scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:vibrator_manager_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.640   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=thermalservice scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.785   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.944   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.946   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=autofill scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.955   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
09-06 16:58:36.962   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=performance_hint scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1
09-06 16:58:37.147   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=clipboard scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1
09-06 16:58:37.374  6263  6263 I binder:6263_6: type=1400 audit(0.0:2483): avc:  denied  { open } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=392 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 16:58:37.374  6263  6263 I binder:6263_6: type=1400 audit(0.0:2484): avc:  denied  { getattr } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=392 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 16:58:37.374  6263  6263 I binder:6263_6: type=1400 audit(0.0:2485): avc:  denied  { map } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=392 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
09-06 16:58:37.547   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=audio scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
09-06 16:58:37.949   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=backup scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
09-06 16:58:38.733   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
09-06 16:58:38.737   338   338 E SELinux : avc:  denied  { find } for pid=6263 uid=10289 name=package_native scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1

09-06 17:18:32.828   697   697 I binder:697_2: type=1400 audit(0.0:1275): avc:  denied  { read write } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1511 scontext=u:r:debug_camera_app:s0:c33,c257,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1

Change-Id: I243f6242968fdc24478e923e8d30e529939b8a57
 2024-09-07 01:16:23 +00:00
Robin Peng
c8a640f591 check_current_prebuilt: Symlink current prebuilt folder to android root 
The Android are now based on Trunk Stable world and Pixel prebuilts CLs
also needs to reply with this which controlled by the flag which results:
- the flag value might be different on each branches
- the flag value are mostly different on each release configuration
- for local builds, ENGs' needs to figure out the correct location
  of current prebuilts by checking through entire prebuilt textproto
  files

To alleviate this problem, create an symlink file under android root
indicates current prebuilt path after invoke the android lunch cmd.

Bug: 364831620
Flag: EXEMPT export current prebuilt path
Change-Id: Idd130a70815fe1fe5288b003c5edb6979fd4c88c
Signed-off-by: Robin Peng <robinpeng@google.com>
 2024-09-06 09:35:30 +00:00
Neo Yu
ab39c35ee2 Merge "Separate GRIL sepolicy for AIDL and HIDL by folders" into main 2024-09-06 01:41:13 +00:00
Xin Li
3d9a037343 Merge 24Q3 to AOSP main 
Bug: 357762254
Merged-In: I14cff8dfe4e143995b9011cd34a1e7d74613ae33
Change-Id: Ic2a51a2ac1a142369dd49e4b6eb0dd37c32f1383
 2024-09-05 17:02:37 -07:00
Android Build Coastguard Worker
c06c9d88d2 Snap for 12327203 from 19ab72a3de to 24Q4-release 
Change-Id: Ie125c53bf36bd3d072c70df97977659c1b8883fa
 2024-09-05 23:01:48 +00:00
danhtn
116b9d5ec1 shamp: Update shared_modem_platform HAL version to 3 
Bug: 322731425

ag/29120584 provides a new V3 version

Test: `atest vts_treble_vintf_vendor_test:DeviceManifest/SingleAidlTest#HalIsServed/com_google_pixel_shared_modem_platform_ISharedModemPlatform_default_V1_84`
Flag: EXEMPT can't flag manifest changes

Change-Id: Ia91d7499f218a733906173e388a287cd591b8c01
 2024-09-05 20:51:22 +00:00
Kieran Cyphus
19ab72a3de Merge "shamp: Update shared_modem_platform HAL version to 2" into main 2024-09-05 18:17:58 +00:00
Treehugger Robot
c1cdcbaeed Merge "storage: fix vold avc denied" into main 2024-09-05 09:42:34 +00:00
Randall Huang
0440e82770 storage: fix vendor_init avc denied 
avc:  denied  { write } for  comm="init" name="swappiness" dev="proc" ino=207356 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc_dirty:s0 tclass=file permissive=1

Bug: 361093041
Test: local build
Change-Id: I595008f957c322aedbdf383c4e50c0e0ce30b9dc
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 08:42:30 +00:00
Randall Huang
24568c64d1 storage: fix vold avc denied 
[   33.709752][  T363] type=1400 audit(1725519791.892:729): avc:  denied  { read } for  comm="binder:369_6" name="/" dev="sda5" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.710804][  T363] type=1400 audit(1725519791.892:730): avc:  denied  { open } for  comm="binder:369_6" path="/mnt/vendor/efs" dev="sda5" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.711734][  T363] type=1400 audit(1725519791.892:731): avc:  denied  { ioctl } for  comm="binder:369_6" path="/mnt/vendor/efs" dev="sda5" ino=3 ioctlcmd=0x5879 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.712732][  T363] type=1400 audit(1725519791.892:732): avc:  denied  { read } for  comm="binder:369_6" name="/" dev="sda7" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1
[   33.713612][  T363] type=1400 audit(1725519791.892:733): avc:  denied  { open } for  comm="binder:369_6" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1
[   33.714833][  T363] type=1400 audit(1725519791.892:734): avc:  denied  { ioctl } for  comm="binder:369_6" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 ioctlcmd=0x5879 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1

Bug: 361093041
Test: local build
Change-Id: I629f0303940f3f07ce3717cd0a2c8f975378f24b
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 08:42:25 +00:00
Randall Huang
bce5748b4f storage: fix adb bugreport and refactor the existing rules 
avc: denied { getattr } for comm="df" path="/mnt/vendor/persist" dev="sda15" ino=2 scontext=u:r:dumpstate:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { call } for comm="binder:10121_3" scontext=u:r:dumpstate:s0 tcontext=u:r:vold:s0 tclass=binder permissive=1
avc: denied { getattr } for comm="df" path="/mnt/vendor/efs" dev="sda5" ino=3 scontext=u:r:dumpstate:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
avc: denied { getattr } for comm="df" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 scontext=u:r:dumpstate:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1

Bug: 361093041
Test: local build
Change-Id: I5c6be63beebf66d64db7e495c28493ab35621054
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 16:39:22 +08:00
Randall Huang
4391ba797c Merge "storage: fix PowerStats avc denied" into main 2024-09-05 06:24:35 +00:00
Randall Huang
9d99d1d598 storage: fix PowerStats avc denied 
avc:  denied  { search } for  name="ufs_stats" dev="sysfs" ino=99872 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { open } for  comm="android.hardwar" path="/sys/devices/platform/3c400000.ufs/host0/target000/0000/block/sda/stat" dev="sysfs" ino=100761 scontext=urhal_health_default
avc:  denied  { getattr } for  comm="android.hardwar" path="/sys/devices/platform/3c400000.ufs/host0/target000/0000/block/sda/stat" dev="sysfs" ino=100761 scontext=urhal_health_default
avc:  denied  { search } for  comm="android.hardwar" name="0000" dev="sysfs" ino=100578 scontext=urhal_health_defaults0 tcontext=uobject_r
avc:  denied  { read } for  comm="android.hardwar" name="stat" dev="sysfs" ino=100761 scontext=urhal_health_defaults0 tcontext=uobject_rsysfs_scsi_devices_0000s0 tclass=file permissive=1
avc:  denied  { search } for  comm="android.hardwar" name="0000" dev="sysfs" ino=100578 scontext=urhal_health_defaults0 tcontext=uobject_r
avc:  denied  { read } for  comm="android.hardwar" name="stat" dev="sysfs" ino=100761 scontext=urhal_health_defaults0 tcontext=uobject_rsysfs_scsi_devices_0000s0 tclass=file permissive=1

Bug: 361093041
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I94dadb9b9fc015fd1ecc39f9d62bc7209375a13a
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 04:10:53 +00:00
Sam Ou
2fdeb6aed7 Merge "sepolicy: fix dump_power policy" into main 2024-09-05 04:01:07 +00:00
Randall Huang
cacedb4ae8 storage: move sepolicy to common folder 
avc: denied { read } for comm="android.hardwar" name="specification_version" dev="sysfs" ino=56257 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0

Bug: 361093041
Test: local build
Change-Id: I90d29590908efc329a05bd8f5f3e145dac4982fc
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 10:48:44 +08:00
Android Build Coastguard Worker
fa12e08e98 Snap for 12319997 from d3977c94ad to 24Q4-release 
Change-Id: If4d8990287e9ae871226a7ebc10c10b30a9044a7
 2024-09-04 23:02:18 +00:00
Kieran Cyphus
94ef296dae shamp: Update shared_modem_platform HAL version to 2 
Bug: 364363838

ag/28965951 accidentally started providing a V2 when the manifests only said V1 which broke some VTS tests.

Test: `atest vts_treble_vintf_vendor_test:DeviceManifest/SingleAidlTest#HalIsServed/com_google_pixel_shared_modem_platform_ISharedModemPlatform_default_V1_84`
Flag: EXEMPT can't flag manifest changes

Change-Id: I17113f86e9bceaa3efe2f0d4d76e8349fe2c456e
 2024-09-04 21:29:37 +00:00
Kiwon Park
d3977c94ad Merge "Add eSIM directory and disable bootstrap when bootloader is unlocked in user build" into main 2024-09-04 16:55:20 +00:00
Neo Yu
0ca7adab01 Separate GRIL sepolicy for AIDL and HIDL by folders 
Related avc error:

aidl part:
avc:  denied  { find } for pid=2019 uid=10269 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c13,c257,c512,c768 tcontext=u:object_r:hal_aidl_radio_ext_service:s0 tclass=service_manager permissive=1

avc:  denied  { read write } for  comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1

avc:  denied  { search } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1


hidl part:
avc:  denied  { read write } for  comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

avc:  denied  { search } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1

Bug: 363665676
Test: verify with test roms
Flag: EXEMPT sepolicy refactor
Change-Id: I0fb75f7f9c7339864ee303c0f1de3b218ceb81ed
 2024-09-04 16:54:15 +00:00
Devika Krishnadas
76ca89b967 Add GPU team owners for mk files am: 1d82070ee9 am: 9747c1bb8d 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3252915

Change-Id: Ifdcf32d2555f28851739c53019e9bec4dfc13167
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-04 16:49:25 +00:00
Devika Krishnadas
9747c1bb8d Add GPU team owners for mk files am: 1d82070ee9 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3252915

Change-Id: I12c5349ad38ca36302996f139dac08114cbea42a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-04 16:39:39 +00:00
samou
202f18ed18 sepolicy: fix dump_power policy 
09-03 10:57:32.552 11878 11878 W dump_power: type=1400 audit(0.0:23): avc:  denied  { read } for  name="thismeal.txt" dev="dm-51" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0
09-05 00:01:19.432  6967  6967 W dump_power: type=1400 audit(0.0:25): avc:  denied  { open } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-52" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0
09-05 00:11:25.532  6913  6913 W dump_power: type=1400 audit(0.0:25): avc:  denied  { getattr } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-52" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0

Flag: EXEMPT refactor
Bug: 364612419
Change-Id: Ide2ad35e3f2a5bc3246603a4e66b67ec901ddc64
Signed-off-by: samou <samou@google.com>
 2024-09-04 16:15:06 +00:00
Treehugger Robot
52f7c66ea0 Merge "gs-common: nfc: st21nfc: Add rules for android.hardware.nfc-service.st" into main 2024-09-04 08:54:32 +00:00
Snehal Koukuntla
13e34cc96a Merge "Add widevine SELinux permissions" into main 2024-09-04 08:42:49 +00:00
Kyle Hsiao
a0681a7b7a gs-common: nfc: st21nfc: Add rules for android.hardware.nfc-service.st 
sepolicy for android.hardware.nfc-service.st

Flag: EXEMPT NDK
Bug: 361093394
Test: manual
Change-Id: Ibe90555a6ec9b13fb2cd8eae4131216d3240ec3a
 2024-09-04 06:20:49 +00:00
Randall Huang
6ec23c152f storage: move storage related device type to common folder 
Bug: 364225000
Test: forrest build
Change-Id: Ica102c5a1ec45560939ac32c3ec22e721659c3cf
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-04 10:43:47 +08:00
Android Build Coastguard Worker
7f8d413a40 Snap for 12313714 from 019cc571f4 to 24Q4-release 
Change-Id: I32d5a2ce7c74d01ed67e3bd0461eba6d6c6be1e7
 2024-09-03 23:01:53 +00:00
Devika Krishnadas
1d82070ee9 Add GPU team owners for mk files 
Bug: 275906497
Flag: EXEMPT only changing OWNERS
Change-Id: Ife6cdfd5097c6c50e0276ea3a70552e9feeb76a8
Signed-off-by: Devika Krishnadas <kdevika@google.com>
 2024-09-03 22:49:19 +00:00
Snehal
bd3767ae16 Add widevine SELinux permissions 
15992 15992 I exoplayer2.demo: type=1400 audit(0.0:1934): avc:  denied  { call } for  scontext=u:r:untrusted_app_29:s0:c36,c257,c512,c768 tcontext=u:r:hal_drm_clearkey:s0 tclass=binder permissive=1 app=com.google.android.exoplayer2.demo

15992 15992 I exoplayer2.demo: type=1400 audit(0.0:1935): avc:  denied  { call } for  scontext=u:r:untrusted_app_29:s0:c36,c257,c512,c768 tcontext=u:r:hal_drm_widevine:s0 tclass=binder permissive=1 app=com.google.android.exoplayer2.demo

860   860 I android.hardwar: type=1400 audit(0.0:4302): avc:  denied  { write } for  name="mediadrm" dev="dm-57" ino=2565 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:mediadrm_vendor_data_file:s0 tclass=dir permissive=1

860   860 I android.hardwar: type=1400 audit(0.0:4304): avc:  denied  { create } for  name="IDM1013" scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:mediadrm_vendor_data_file:s0 tclass=dir permissive=1

Bug: 363182767
Bug: 363181505

Flag: EXEMPT bugfix

Change-Id: Ia8c3ba3d7fe9f09ceb40fd2b6ae88bbbcf5ac6f6
 2024-09-03 13:40:57 +00:00
George Chang
019cc571f4 Merge "gs-common: nfc: st54spi: Add rules for hal_secure_element_st54spi_aidl" into main 2024-09-03 11:33:00 +00:00
Treehugger Robot
90f357aa8d Merge "Storage: add selinux for ufs firmware upgrade event" into main 2024-09-03 03:36:51 +00:00
Android Build Coastguard Worker
3e22674416 Snap for 12309590 from 4c672d13c9 to 24Q4-release 
Change-Id: I20e11f2f2a172737231b55e971c9dc54b2096b9c
 2024-09-02 23:01:48 +00:00
Randall Huang
0f4a0bb8a2 Storage: add selinux for ufs firmware upgrade event 
avc:  denied  { execute_no_trans } for  comm="ufs_firmware_up" path="/vendor/bin/toybox_vendor" dev="dm-11" ino=380 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1
avc:  denied  { read } for  comm="cat" name="vendor" dev="sysfs" ino=63193 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  comm="cat" path="/sys/devices/platform/13200000.ufs/vendor" dev="sysfs" ino=63193 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { search } for  comm="dd" name="block" dev="tmpfs" ino=12 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=1
avc:  denied  { write } for  comm="dd" name="sda12" dev="tmpfs" ino=1139 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:ufs_internal_block_device:s0 tclass=blk_file permissive=1

Bug: 361093041
Test: NA
Change-Id: I54445d4543a733baae85cd408b433033dd93ec6b
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-02 22:33:03 +00:00
Cheng Chang
4c672d13c9 Merge "gps: Allow gnss hal access vendor_gps_prop" into main 2024-09-02 07:38:45 +00:00