Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2452 commits 1 branch 0 tags 325 MiB
Commit graph

2452 commits

This branch
This branch
All branches
Author SHA1 Message Date
Charlie Yang
1685969e60 Revert "Allow devices that use HIDL to find AIDL radio_ext_service" 
Revert submission 29238469-gril-selinux

Reason for revert: b/367183524 - build break

Reverted changes: /q/submissionid:29238469-gril-selinux

Change-Id: Ica10c6ee500389223256e328d182c9495a826b06
 2024-09-16 07:41:26 +00:00
cey
1331d97c92 Allow devices that use HIDL to find AIDL radio_ext_service 
Move the type to a common sepolicy so it can be shared.

avc:  denied  { find } for pid=6493 uid=10256 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c0,c257,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0

NO_AVC_EVIDENCE_CHECK=default_android_service not supported

Bug: 365099058
Test: manual
Flag: EXEMPT mk file
Change-Id: I9c2471792c2a423e19f1472bd7923a5284f9127e
 2024-09-12 16:17:33 +08:00
Neo Yu
ab39c35ee2 Merge "Separate GRIL sepolicy for AIDL and HIDL by folders" into main 2024-09-06 01:41:13 +00:00
Kieran Cyphus
19ab72a3de Merge "shamp: Update shared_modem_platform HAL version to 2" into main 2024-09-05 18:17:58 +00:00
Treehugger Robot
c1cdcbaeed Merge "storage: fix vold avc denied" into main 2024-09-05 09:42:34 +00:00
Randall Huang
0440e82770 storage: fix vendor_init avc denied 
avc:  denied  { write } for  comm="init" name="swappiness" dev="proc" ino=207356 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc_dirty:s0 tclass=file permissive=1

Bug: 361093041
Test: local build
Change-Id: I595008f957c322aedbdf383c4e50c0e0ce30b9dc
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 08:42:30 +00:00
Randall Huang
24568c64d1 storage: fix vold avc denied 
[   33.709752][  T363] type=1400 audit(1725519791.892:729): avc:  denied  { read } for  comm="binder:369_6" name="/" dev="sda5" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.710804][  T363] type=1400 audit(1725519791.892:730): avc:  denied  { open } for  comm="binder:369_6" path="/mnt/vendor/efs" dev="sda5" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.711734][  T363] type=1400 audit(1725519791.892:731): avc:  denied  { ioctl } for  comm="binder:369_6" path="/mnt/vendor/efs" dev="sda5" ino=3 ioctlcmd=0x5879 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.712732][  T363] type=1400 audit(1725519791.892:732): avc:  denied  { read } for  comm="binder:369_6" name="/" dev="sda7" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1
[   33.713612][  T363] type=1400 audit(1725519791.892:733): avc:  denied  { open } for  comm="binder:369_6" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1
[   33.714833][  T363] type=1400 audit(1725519791.892:734): avc:  denied  { ioctl } for  comm="binder:369_6" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 ioctlcmd=0x5879 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1

Bug: 361093041
Test: local build
Change-Id: I629f0303940f3f07ce3717cd0a2c8f975378f24b
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 08:42:25 +00:00
Randall Huang
bce5748b4f storage: fix adb bugreport and refactor the existing rules 
avc: denied { getattr } for comm="df" path="/mnt/vendor/persist" dev="sda15" ino=2 scontext=u:r:dumpstate:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { call } for comm="binder:10121_3" scontext=u:r:dumpstate:s0 tcontext=u:r:vold:s0 tclass=binder permissive=1
avc: denied { getattr } for comm="df" path="/mnt/vendor/efs" dev="sda5" ino=3 scontext=u:r:dumpstate:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
avc: denied { getattr } for comm="df" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 scontext=u:r:dumpstate:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1

Bug: 361093041
Test: local build
Change-Id: I5c6be63beebf66d64db7e495c28493ab35621054
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 16:39:22 +08:00
Randall Huang
4391ba797c Merge "storage: fix PowerStats avc denied" into main 2024-09-05 06:24:35 +00:00
Randall Huang
9d99d1d598 storage: fix PowerStats avc denied 
avc:  denied  { search } for  name="ufs_stats" dev="sysfs" ino=99872 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { open } for  comm="android.hardwar" path="/sys/devices/platform/3c400000.ufs/host0/target000/0000/block/sda/stat" dev="sysfs" ino=100761 scontext=urhal_health_default
avc:  denied  { getattr } for  comm="android.hardwar" path="/sys/devices/platform/3c400000.ufs/host0/target000/0000/block/sda/stat" dev="sysfs" ino=100761 scontext=urhal_health_default
avc:  denied  { search } for  comm="android.hardwar" name="0000" dev="sysfs" ino=100578 scontext=urhal_health_defaults0 tcontext=uobject_r
avc:  denied  { read } for  comm="android.hardwar" name="stat" dev="sysfs" ino=100761 scontext=urhal_health_defaults0 tcontext=uobject_rsysfs_scsi_devices_0000s0 tclass=file permissive=1
avc:  denied  { search } for  comm="android.hardwar" name="0000" dev="sysfs" ino=100578 scontext=urhal_health_defaults0 tcontext=uobject_r
avc:  denied  { read } for  comm="android.hardwar" name="stat" dev="sysfs" ino=100761 scontext=urhal_health_defaults0 tcontext=uobject_rsysfs_scsi_devices_0000s0 tclass=file permissive=1

Bug: 361093041
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I94dadb9b9fc015fd1ecc39f9d62bc7209375a13a
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 04:10:53 +00:00
Sam Ou
2fdeb6aed7 Merge "sepolicy: fix dump_power policy" into main 2024-09-05 04:01:07 +00:00
Randall Huang
cacedb4ae8 storage: move sepolicy to common folder 
avc: denied { read } for comm="android.hardwar" name="specification_version" dev="sysfs" ino=56257 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0

Bug: 361093041
Test: local build
Change-Id: I90d29590908efc329a05bd8f5f3e145dac4982fc
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 10:48:44 +08:00
Kieran Cyphus
94ef296dae shamp: Update shared_modem_platform HAL version to 2 
Bug: 364363838

ag/28965951 accidentally started providing a V2 when the manifests only said V1 which broke some VTS tests.

Test: `atest vts_treble_vintf_vendor_test:DeviceManifest/SingleAidlTest#HalIsServed/com_google_pixel_shared_modem_platform_ISharedModemPlatform_default_V1_84`
Flag: EXEMPT can't flag manifest changes

Change-Id: I17113f86e9bceaa3efe2f0d4d76e8349fe2c456e
 2024-09-04 21:29:37 +00:00
Kiwon Park
d3977c94ad Merge "Add eSIM directory and disable bootstrap when bootloader is unlocked in user build" into main 2024-09-04 16:55:20 +00:00
Neo Yu
0ca7adab01 Separate GRIL sepolicy for AIDL and HIDL by folders 
Related avc error:

aidl part:
avc:  denied  { find } for pid=2019 uid=10269 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c13,c257,c512,c768 tcontext=u:object_r:hal_aidl_radio_ext_service:s0 tclass=service_manager permissive=1

avc:  denied  { read write } for  comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1

avc:  denied  { search } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1


hidl part:
avc:  denied  { read write } for  comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

avc:  denied  { search } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1

Bug: 363665676
Test: verify with test roms
Flag: EXEMPT sepolicy refactor
Change-Id: I0fb75f7f9c7339864ee303c0f1de3b218ceb81ed
 2024-09-04 16:54:15 +00:00
Devika Krishnadas
76ca89b967 Add GPU team owners for mk files am: 1d82070ee9 am: 9747c1bb8d 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3252915

Change-Id: Ifdcf32d2555f28851739c53019e9bec4dfc13167
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-04 16:49:25 +00:00
Devika Krishnadas
9747c1bb8d Add GPU team owners for mk files am: 1d82070ee9 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3252915

Change-Id: I12c5349ad38ca36302996f139dac08114cbea42a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-04 16:39:39 +00:00
samou
202f18ed18 sepolicy: fix dump_power policy 
09-03 10:57:32.552 11878 11878 W dump_power: type=1400 audit(0.0:23): avc:  denied  { read } for  name="thismeal.txt" dev="dm-51" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0
09-05 00:01:19.432  6967  6967 W dump_power: type=1400 audit(0.0:25): avc:  denied  { open } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-52" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0
09-05 00:11:25.532  6913  6913 W dump_power: type=1400 audit(0.0:25): avc:  denied  { getattr } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-52" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0

Flag: EXEMPT refactor
Bug: 364612419
Change-Id: Ide2ad35e3f2a5bc3246603a4e66b67ec901ddc64
Signed-off-by: samou <samou@google.com>
 2024-09-04 16:15:06 +00:00
Treehugger Robot
52f7c66ea0 Merge "gs-common: nfc: st21nfc: Add rules for android.hardware.nfc-service.st" into main 2024-09-04 08:54:32 +00:00
Snehal Koukuntla
13e34cc96a Merge "Add widevine SELinux permissions" into main 2024-09-04 08:42:49 +00:00
Kyle Hsiao
a0681a7b7a gs-common: nfc: st21nfc: Add rules for android.hardware.nfc-service.st 
sepolicy for android.hardware.nfc-service.st

Flag: EXEMPT NDK
Bug: 361093394
Test: manual
Change-Id: Ibe90555a6ec9b13fb2cd8eae4131216d3240ec3a
 2024-09-04 06:20:49 +00:00
Randall Huang
6ec23c152f storage: move storage related device type to common folder 
Bug: 364225000
Test: forrest build
Change-Id: Ica102c5a1ec45560939ac32c3ec22e721659c3cf
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-04 10:43:47 +08:00
Devika Krishnadas
1d82070ee9 Add GPU team owners for mk files 
Bug: 275906497
Flag: EXEMPT only changing OWNERS
Change-Id: Ife6cdfd5097c6c50e0276ea3a70552e9feeb76a8
Signed-off-by: Devika Krishnadas <kdevika@google.com>
 2024-09-03 22:49:19 +00:00
Snehal
bd3767ae16 Add widevine SELinux permissions 
15992 15992 I exoplayer2.demo: type=1400 audit(0.0:1934): avc:  denied  { call } for  scontext=u:r:untrusted_app_29:s0:c36,c257,c512,c768 tcontext=u:r:hal_drm_clearkey:s0 tclass=binder permissive=1 app=com.google.android.exoplayer2.demo

15992 15992 I exoplayer2.demo: type=1400 audit(0.0:1935): avc:  denied  { call } for  scontext=u:r:untrusted_app_29:s0:c36,c257,c512,c768 tcontext=u:r:hal_drm_widevine:s0 tclass=binder permissive=1 app=com.google.android.exoplayer2.demo

860   860 I android.hardwar: type=1400 audit(0.0:4302): avc:  denied  { write } for  name="mediadrm" dev="dm-57" ino=2565 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:mediadrm_vendor_data_file:s0 tclass=dir permissive=1

860   860 I android.hardwar: type=1400 audit(0.0:4304): avc:  denied  { create } for  name="IDM1013" scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:mediadrm_vendor_data_file:s0 tclass=dir permissive=1

Bug: 363182767
Bug: 363181505

Flag: EXEMPT bugfix

Change-Id: Ia8c3ba3d7fe9f09ceb40fd2b6ae88bbbcf5ac6f6
 2024-09-03 13:40:57 +00:00
George Chang
019cc571f4 Merge "gs-common: nfc: st54spi: Add rules for hal_secure_element_st54spi_aidl" into main 2024-09-03 11:33:00 +00:00
Treehugger Robot
90f357aa8d Merge "Storage: add selinux for ufs firmware upgrade event" into main 2024-09-03 03:36:51 +00:00
Randall Huang
0f4a0bb8a2 Storage: add selinux for ufs firmware upgrade event 
avc:  denied  { execute_no_trans } for  comm="ufs_firmware_up" path="/vendor/bin/toybox_vendor" dev="dm-11" ino=380 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1
avc:  denied  { read } for  comm="cat" name="vendor" dev="sysfs" ino=63193 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  comm="cat" path="/sys/devices/platform/13200000.ufs/vendor" dev="sysfs" ino=63193 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { search } for  comm="dd" name="block" dev="tmpfs" ino=12 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=1
avc:  denied  { write } for  comm="dd" name="sda12" dev="tmpfs" ino=1139 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:ufs_internal_block_device:s0 tclass=blk_file permissive=1

Bug: 361093041
Test: NA
Change-Id: I54445d4543a733baae85cd408b433033dd93ec6b
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-02 22:33:03 +00:00
Cheng Chang
4c672d13c9 Merge "gps: Allow gnss hal access vendor_gps_prop" into main 2024-09-02 07:38:45 +00:00
George Chang
cf2d68668f gs-common: nfc: st54spi: Add rules for hal_secure_element_st54spi_aidl 
sepolicy for android.hardware.secure_element-service.thales

08-26 12:49:43.959   343   343 E SELinux : avc:  denied  { add } for pid=706 uid=1068 name=android.hardware.secure_element.ISecureElement/eSE1 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:hal_secure_element_service:s0 tclass=service_manager permissive=1
08-26 12:49:43.936   706   706 I android.hardwar: type=1400 audit(0.0:9): avc:  denied  { call } for  scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1
08-26 12:49:43.936   706   706 I android.hardwar: type=1400 audit(0.0:10): avc:  denied  { transfer } for  scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1
08-26 12:49:59.904     1     1 I /system/bin/init: type=1107 audit(0.0:139): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=persist.vendor.se.reset pid=706 uid=1068 gid=1068 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=1'
08-26 12:50:12.124   706   706 I android.hardwar: type=1400 audit(0.0:461): avc:  denied  { read write } for  name="st54spi" dev="tmpfs" ino=1552 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:st54spi_device:s0 tclass=chr_file permissive=1
08-26 12:50:12.124   706   706 I android.hardwar: type=1400 audit(0.0:462): avc:  denied  { open } for  path="/dev/st54spi" dev="tmpfs" ino=1552 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:st54spi_device:s0 tclass=chr_file permissive=1
08-26 16:33:44.332   737   737 I android.hardwar: type=1400 audit(0.0:959): avc:  denied  { read write } for  name="st21nfc" dev="tmpfs" ino=1550 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
08-26 16:33:44.332   737   737 I android.hardwar: type=1400 audit(0.0:960): avc:  denied  { open } for  path="/dev/st21nfc" dev="tmpfs" ino=1550 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
08-26 16:33:44.332   737   737 I android.hardwar: type=1400 audit(0.0:961): avc:  denied  { ioctl } for  path="/dev/st21nfc" dev="tmpfs" ino=1550 ioctlcmd=0xea05 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1

Flag: EXEMPT NDK
Bug: 361093024
Test: manual
Change-Id: I1f3aebc9894de9f3410f2031e2b99e07d4060fa5
 2024-09-02 06:37:19 +00:00
Attis Chen
e5c668587d Merge "Add dump of panel power_mode." into main 2024-09-02 04:54:18 +00:00
Martin Liu
a13a1663fd [automerger skipped] Move compaction_proactiveness to vendor sepolicy am: d1adbe0cb2 -s ours 
am skip reason: Merged-In I14cff8dfe4e143995b9011cd34a1e7d74613ae33 with SHA-1 d6d4a779e5 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/29091424

Change-Id: Ied82c7da10415424f42bd7101bbe7c6ece892f0b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-01 15:28:58 +00:00
Martin Liu
d1adbe0cb2 Move compaction_proactiveness to vendor sepolicy 
Move compaction_proactiveness sepolicy from the system
to vendor since it breaks other vendors.

Bug: 361985704
Test: check knob value
Flag: NONE sepolicy doesn't support flag
Change-Id: I14cff8dfe4e143995b9011cd34a1e7d74613ae33
Merged-In: I14cff8dfe4e143995b9011cd34a1e7d74613ae33
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-09-01 08:06:04 +00:00
Kiwon Park
69797e03ca Add eSIM directory and disable bootstrap when bootloader is unlocked in user build 
Allow vendor_init to set setupwizard prop
Allow priv_app and gmscore_app to get setupwizard prop
<11>[    7.276992][  T329] init: Unable to set property 'setupwizard.feature.provisioning_profile_mode' from uid:0 gid:0 pid:330: SELinux permission check failed

08-28 15:35:42.536 10156  5884  5884 W oid.setupwizard: type=1400 audit(0.0:63): avc:  denied  { read } for  name="u:object_r:setupwizard_feature_prop:s0" dev="tmpfs" ino=335 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:setupwizard_feature_prop:s0 tclass=file permissive=0 app=com.google.android.setupwizard

08-28 15:11:52.015 10185  6915  6915 W highpool[8]: type=1400 audit(0.0:17): avc:  denied  { read } for  name="u:object_r:setupwizard_feature_prop:s0" dev="tmpfs" ino=339 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:setupwizard_feature_prop:s0 tclass=file permissive=0 app=com.google.android.gms

Bug: 349592724
Test: m
Change-Id: I8330c9f6f9efd215ec4ea1f7d3d6ff5596773e21
Flag: NONE disabling a feature just in factory
 2024-08-30 10:28:16 -07:00
Treehugger Robot
d1dfe55442 Merge "Move compaction_proactiveness to vendor sepolicy" into main 2024-08-30 10:50:43 +00:00
Dennis Song
c9fb05a230 [automerger skipped] Explicitly set user root for the gs_watchdogd service. am: f25cb6895f am: 6c82faf70b -s ours 
am skip reason: Merged-In I36a3a67dc357f608b33a131a4e5f6fd6defb91e5 with SHA-1 c0b820e056 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3250951

Change-Id: I0e5a8cbb986a06a2e55ab58ee1c80b53fca96f2b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-08-30 09:58:38 +00:00
Dennis Song
6c82faf70b Explicitly set user root for the gs_watchdogd service. am: f25cb6895f 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3250951

Change-Id: I58b8abe45d82b6ea620d6e623c4716785a992c76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-08-30 09:29:18 +00:00
Dennis Song
f25cb6895f Explicitly set user root for the gs_watchdogd service. 
Otherwise host_init_verifier would fail.

Bug: 362447627
Test: Treehugger
Merged-In: I36a3a67dc357f608b33a131a4e5f6fd6defb91e5
Change-Id: I36a3a67dc357f608b33a131a4e5f6fd6defb91e5
 2024-08-30 08:27:36 +00:00
Dennis Song
37238f4cff Merge "Explicitly set user root for the gs_watchdogd service." into main 2024-08-30 08:24:56 +00:00
Martin Liu
d6d4a779e5 Move compaction_proactiveness to vendor sepolicy 
Move compaction_proactiveness sepolicy from the system
to vendor since it breaks other vendors.

Bug: 361985704
Test: check knob value
Flag: NONE sepolicy doesn't support flag
Change-Id: I14cff8dfe4e143995b9011cd34a1e7d74613ae33
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-08-30 07:21:16 +00:00
Cheng Chang
f71ff2ba7c gps: Allow gnss hal access vendor_gps_prop 
avc:  denied  { read } for  name="u:object_r:vendor_gps_prop:s0" dev="tmpfs" ino=421 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_gps_prop:s0 tclass=file permissive=0

Bug: 335354369
Test: Check avc logcat.
Change-Id: Idfc885c6d54a9a5160643ff53f3e278ee067b286
 2024-08-30 06:05:32 +00:00
Tommy Chiu
15ed5c639e Move PRODUCT_COPY_FILES from each board>device-vendor.mk here 
We used to put the firmware copy logic in dedicated device-vendor.mk
files for each platform. This approach is difficult to maintain and
unnecessary since we always want to deploy the latest firmware.
Propose a better approach for handling firmware copy logic.

Flag: EXEMPT refactor
Bug: 359071523
Test: Build pass
Change-Id: I4169353b9f8f16b82eb0e4ebf2a884f46e1a5f8b
 2024-08-30 04:28:47 +00:00
Dennis Song
c0b820e056 Explicitly set user root for the gs_watchdogd service. 
Otherwise host_init_verifier would fail.

Bug: 362447627
Test: Treehugger
Flag: EXEMPT bugfix
Change-Id: I36a3a67dc357f608b33a131a4e5f6fd6defb91e5
 2024-08-30 03:42:06 +00:00
Randall Huang
1ae1d53973 Merge "storage: fix idle-maint avc denials." into main 2024-08-29 02:51:57 +00:00
Treehugger Robot
d9667c65f6 Merge "storage: allow mkfs/fsck for vendor partitons" into main 2024-08-29 02:51:23 +00:00
Frank Yu
d03036bdef Merge "Move hal_radio_ext_service related policy of grilservice_app to gs-common." into main 2024-08-29 01:52:23 +00:00
Randall Huang
df4a5f7b48 storage: allow mkfs/fsck for vendor partitons 
avc:  denied  { read } for  name="sda7" dev="tmpfs" ino=1173 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/dev/block/sda7" dev="tmpfs" ino=1173 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { write } for  name="sda7" dev="tmpfs" ino=1173 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { ioctl } for  path="/dev/block/sda7" dev="tmpfs" ino=1173 ioctlcmd=0x1268 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { read } for  name="sda5" dev="tmpfs" ino=1010 scontext=u:r:fsck:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/dev/block/sda5" dev="tmpfs" ino=1010 scontext=u:r:fsck:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/queue/zoned" dev="sysfs" ino=100275 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc:  denied  { write } for  name="sda5" dev="tmpfs" ino=1010 scontext=u:r:fsck:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { ioctl } for  path="/dev/block/sda5" dev="tmpfs" ino=1010 ioctlcmd=0x1268 scontext=u:r:fsck:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { search } for  name="0:0:0:0" dev="sysfs" ino=100048 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { getattr } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda5/partition" dev="sysfs" ino=101272 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  name="zoned" dev="sysfs" ino=100308 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/queue/zoned" dev="sysfs" ino=100308 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1

avc:  denied  { search } for  name="0:0:0:0" dev="sysfs" ino=100048 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { getattr } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda10/partition" dev="sysfs" ino=102003 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  name="zoned" dev="sysfs" ino=100308 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/queue/zoned" dev="sysfs" ino=100308 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  name="sda5" dev="tmpfs" ino=1004 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/dev/block/sda5" dev="tmpfs" ino=1004 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { write } for  name="sda5" dev="tmpfs" ino=1004 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { ioctl } for  path="/dev/block/sda5" dev="tmpfs" ino=1004 ioctlcmd=0x1268 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { read } for  name="sda7" dev="tmpfs" ino=1199 scontext=u:r:e2fs:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/dev/block/sda7" dev="tmpfs" ino=1199 scontext=u:r:e2fs:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { write } for  name="sda7" dev="tmpfs" ino=1199 scontext=u:r:e2fs:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { ioctl } for  path="/dev/block/sda7" dev="tmpfs" ino=1199 ioctlcmd=0x1268 scontext=u:r:e2fs:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1


Bug: 361093041
Test: build pass
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0cf7210eb1b5ba1d22fb8dcb59f40cb74b98dd37)
Change-Id: I0d89d360e75335784116a4e4769d0b60699917eb
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-08-29 01:10:11 +00:00
Randall Huang
d6ba7fad68 storage: fix idle-maint avc denials. 
avc: denied { getattr } for path="/dev/block/sda5" dev="tmpfs" ino=1039 scontext=u:r:vold:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc: denied { getattr } for path="/dev/block/sda7" dev="tmpfs" ino=1199 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1

Bug: 361093041
Test: run idle-maint run
Change-Id: Ie92ffa8b576c74e3a1cb127b265059ec76c14667
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-08-29 00:00:09 +00:00
Ernie Hsu
714dc8abf8 Merge "mediacodec: fix perfetto trace permission" into main 2024-08-28 23:33:40 +00:00
Prochin Wang
a8910cb36b Merge "Label touch_property_type to associate with vendor_gti_prop" into main 2024-08-28 23:21:38 +00:00
Prochin Wang
956edf0d26 Label touch_property_type to associate with vendor_gti_prop 
Pass ROM build of all git_main targets:
https://android-build.googleplex.com/builds/abtd/run/L52500030006128092/
https://android-build.corp.google.com/abtd/run/L93900030006078492/
https://android-build.corp.google.com/abtd/run/L15800030006086232/
https://android-build.corp.google.com/abtd/run/L27700030006086619/

Bug: 361237875
Test: mm and flash rom
Flag: build.RELEASE_PIXEL_BOOST_DATALAYER_PSA_ENABLED
Change-Id: I518ff7c05fc1fa279cd7300cb77673a86ff3e35b
 2024-08-28 23:20:52 +00:00