Lucas Wei
219845f0d9
dump_chip_info: dump more tables from chip-info driver
...
Add instructions to dump more tables from chip-info driver and grant
permissions by sepolicy.
Flag: EXEMPT, add more table entries for dumping
Test: adb shell dumpsys android.hardware.dumpstate.IDumpstateDevice/default dump_chip_info
Bug: 376346526
Change-Id: Ic9d0bb2059271e95e615e8f64cab129fa8358484
2024-11-27 03:40:47 +00:00
Treehugger Robot
1b957304b3
Merge "Introduce interrupts module for debug and trace" into main
2024-11-24 16:04:01 +00:00
Will Song
d3f90503f7
Merge changes from topic "reland_common_perf_config" into main
...
* changes:
Revert^2 "gs-common: Move cpufreq perf settings to gs-common"
Revert^2 "gs-common: Added common perf init.rc"
2024-11-23 07:29:48 +00:00
Chintan Pandya
d6b9cc46bf
Introduce interrupts module for debug and trace
...
Interrupts module has following functions to perform:
1. Apply boot time configuration
- Create a new trace instance
- Enable required irq and irq_gia events in the
instance
- Apply required filters on the high frequency
events
- Set instance's trace buffer size
- Enable tracing
2. Sepolicy for every required access
3. Copy interrupts trace buffer to dumpsys whenever triggered
AVC denials:
avc: denied { search } for comm="dump_interrupts" name="radio" dev="dm-53" ino=373 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc: denied { write } for comm="dump_interrupts" name="all_logs" dev="dm-53" ino=7808 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc: denied { add_name } for comm="dump_interrupts" name="interrupts" scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc: denied { create } for comm="dump_interrupts" name="interrupts" scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc: denied { search } for comm="dump_interrupts" name="instances" dev="tracefs" ino=2151 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
avc: denied { search } for comm="dump_interrupts" name="radio" dev="dm-53" ino=373 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc: denied { read } for comm="dump_interrupts" name="trace" dev="tracefs" ino=143409 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:tracefs_instances_interrupts:s0 tclass=file permissive=1
avc: denied { open } for comm="dump_interrupts" path="/sys/kernel/tracing/instances/irq_gia_google/trace" dev="tracefs" ino=143409 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:tracefs_instances_interrupts:s0 tclass=file permissive=1
avc: denied { create } for comm="dump_interrupts" name="interrupts_trace" scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc: denied { write open } for comm="dump_interrupts" path="/data/vendor/radio/logs/always-on/all_logs/interrupts/interrupts_trace" dev="dm-53" ino=8102 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc: denied { getattr } for comm="dump_interrupts" path="/sys/kernel/tracing/instances/irq_gia_google/trace" dev="tracefs" ino=141578 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:tracefs_instances_interrupts:s0 tclass=file permissive=1
avc: denied { getattr } for comm="dump_interrupts" path="/data/vendor/radio/logs/always-on/all_logs/interrupts/interrupts_trace" dev="dm-53" ino=7965 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
Flag: EXEMPT, add interrupts traces dump program to bugreport
Bug: 376124648
Test: Manually checked boot time trace configuration. Collected
`adb bugreport`. And checked interrupt traces are dumped
into and extracted out from the bugreport. More details
in the bug.
Change-Id: I08872a321fa9726b50a54aeb0a91ed63c0652a3a
2024-11-22 21:38:57 +00:00
Will Song
db25f03ec3
Revert^2 "gs-common: Move cpufreq perf settings to gs-common"
...
Re-land after making SELinux corrections.
7606e41504
2024-11-22 09:08:17 -08:00
Will Song
168f30d8a1
Revert^2 "gs-common: Added common perf init.rc"
...
Re-land after making SELinux corrections.
98e6a61c1f
2024-11-22 09:08:08 -08:00
Liana Kazanova (xWF)
cafe80b310
Merge "Revert "modem_svc: move shared_modem_platform related sepolicy t..."" into main
2024-11-21 20:16:06 +00:00
Liana Kazanova (xWF)
74283c5cbe
Revert "modem_svc: move shared_modem_platform related sepolicy t..."
...
Revert submission 30519089-move_modem_sepolicy
Reason for revert: DroidMonitor: Potential culprit for http://b/380274930 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted changes: /q/submissionid:30519089-move_modem_sepolicy
Change-Id: I241b3aba370f77c705ca3890151e760b4764beca
2024-11-21 17:54:12 +00:00
Eileen Lai
6db7e6756d
Merge "modem_svc: move shared_modem_platform related sepolicy to gs-common" into main
2024-11-21 17:03:11 +00:00
Eileen Lai
20bb32819d
modem_svc: move shared_modem_platform related sepolicy to gs-common
...
Bug: 372400955
Flag: NONE local testing only
Change-Id: Ia23ff9f43ee855c2a758714d025123c071e9c288
2024-11-21 08:27:55 +00:00
Dinesh Yadav
acf0eb0ee5
Merge "Add sepolicy for edgetpu_tachyon_service to report metrics" into main
2024-11-21 08:25:01 +00:00
Dinesh Yadav
064b50e43b
Add sepolicy for edgetpu_tachyon_service to report metrics
...
This permission is needed to report errors encountered while running gxp workloads to telemetry services.
AVC Error seen while reporting errors:
11-21 09:30:05.711 406 406 E SELinux : avc: denied { find } for pid=1821 uid=1000 name=android.frameworks.stats.IStats/default scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=0
Bug: 359404493
Flag: EXEMPT updates device sepolicy only
Change-Id: Ic282928aad6283077e183f931230f79eea49053d
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
2024-11-21 06:39:00 +00:00
Wesley Lee
9cb50229d9
Merge "mediacodec: add GPU access policy" into main
2024-11-21 03:31:04 +00:00
Cheng Chang
90398dea27
Merge "sepolicy: Allow hal_gnss_pixel create file" into main
2024-11-21 00:39:46 +00:00
Wesley Lee
0649754278
mediacodec: add GPU access policy
...
avc: denied { read write }
for comm="binder:757_6" name="renderD128" dev="tmpfs"
ino=1566 scontext=u:r:mediacodec_google:s0
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1
Bug: 378609071
Flag: EXEMPT bugfix
Test: run cts -m CtsMediaV2TestCases -t
android.mediav2.cts.CodecEncoderSurfaceTest#testSimpleEncodeFromSurface[26_c2.google.av1.encoder_video/av01_c2.google.av1.decoder_video/av01_512kbps_30fps_yuv420flexible_tonemapyes_persistentsurface]
Change-Id: I2af4f53c9ff8aca0d3c7fd721738f2044d4772fd
Signed-off-by: Wesley Lee <szuweilee@google.com>
2024-11-20 06:29:09 +00:00
Daniel Lee
0cf5a2a95d
Merge "storage: turn off writebooster flags upon init" into main
2024-11-20 05:12:10 +00:00
Julius Snipes
993506e4f1
GRIL sepolicy for aidl radioext v2.1
...
avc: denied { find } for pid=2019 uid=10269 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c13,c257,c512,c768 tcontext=u:object_r:hal_aidl_radio_ext_service:s0 tclass=service_manager permissive=1
avc: denied { find } for pid=6500 uid=10242 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c242,c256,c512,c768 tcontext=u:object_r:hal_radio_ext_service:s0 tclass=service_manager permissive=0
avc: denied { find } for interface=vendor.google.radioext::IRadioExt sid=u:r:grilservice_app:s0:c242,c256,c512,c768 pid=6500 scontext=u:r:grilservice_app:s0:c242,c256,c512,c768 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { read write } for comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1
avc: denied { search } for name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
avc: denied { read write } for name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1
avc: denied { read write } for name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1
avc: denied { create } for name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc: denied { create } for name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc: denied { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1
avc: denied { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1
avc: denied { read } for name="link_rate" dev="sysfs" ino=111840 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Bug: 355774451
Change-Id: Iea5e0cdff82b140caa1e8b6717e94d6d78076b28
Test: verify with test roms
Flag: EXEMPT sepolicy
2024-11-19 23:27:20 +00:00
Daniel Lee
350e262415
storage: turn off writebooster flags upon init
...
Enabling writebooster capability for Pixel UFS (pa/2994670)
enabled the following flags in Android Common Kernel:
- wb_flush_en
- wb_flush_during_h8
- wb_enable
This patch disables these writebooster-related flags to restore the
intended behavior for Pixel devices. This overrides the default Android
Common Kernel behavior.
While 'wb_flush_en' and 'wb_enable' have corresponding sysfs entries
('enable_wb_buf_flush' and 'wb_on') for toggling,
'wb_flush_during_h8' currently lacks this functionality in the Android
Common Kernel. Pixel provides the 'manual_gc' sysfs entry as a
workaround. Setting 'manual_gc' to 0 disables 'wb_flush_during_h8'.
Bug: 377958570
Flag: EXEMPT bugfix
Test: check if all writebooster-realated flags are false upon init
Change-Id: I918bf6939de3e208b715f554a96ccbd053f68a18
Signed-off-by: Daniel Lee <chullee@google.com>
2024-11-19 17:22:10 +00:00
Tommy Chiu
fa76c993b7
[automerger skipped] gsc: Change the criteria for building GSC targets am: 421324351c -s ours
...
am skip reason: Merged-In I96f429ec3284114868ad220ea308a6920930c065 with SHA-1 8af77ef942https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/30467455
Change-Id: I008809abb19974fc20f8f5047d08b017d9d3ae3d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-11-18 21:45:44 +00:00
Tommy Chiu
421324351c
gsc: Change the criteria for building GSC targets
...
There can be a case where vendor directory exists but vendor/google_nos
does not.
Bug: 371059500
Test: manual
Flag: EXEMPT refactor
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8af77ef94228bf37bd7be4d8db496f7084e0333d )
Merged-In: I96f429ec3284114868ad220ea308a6920930c065
Change-Id: I96f429ec3284114868ad220ea308a6920930c065
2024-11-18 18:10:31 +00:00
Robert Lee
32569fc7e5
Merge "audio: update hdmi audio path" into main
2024-11-18 03:10:31 +00:00
Robert Lee
5a063cc17b
audio: update hdmi audio path
...
Add permission to read HDMI states by audio hal.
For new project is using
/devices/platform/dwc_dptx-audio/extcon/hdmi_audio
For old projects are using
/devices/platform/drmdp-adma/extcon/hdmi_audio
Bug: 328784922
Test: builds
Flag: EXEMPT update sepolocy
Change-Id: I3bd0ccf1ee804de3157e759eac275673c9fc96a2
Signed-off-by: Robert Lee <lerobert@google.com>
2024-11-18 03:08:08 +00:00
Madhav Iyengar
36f37eaf3b
Merge "Give ContextHub HAL access to AOC version" into main
2024-11-15 21:51:42 +00:00
Kai Hsieh
3c9ee42c23
Merge "Revert^2 "Add GIA (Google Input interface Abstraction laye..."" into main
2024-11-15 05:32:43 +00:00
Kai Hsieh
97586506bb
Revert^2 "Add GIA (Google Input interface Abstraction laye..."
...
Revert submission 30378113-revert-29512389-gia-PMLMEKURMT
Reason for revert: Revert to fix the issue that GIA cannot be started in caimen-next-userdbg
Reverted changes: /q/submissionid:30378113-revert-29512389-gia-PMLMEKURMT
Bug: 367881686
Change-Id: Iecc4738c10dfe244bea02611f1926a9f6264a46c
2024-11-14 10:10:46 +00:00
Cheng Chang
303cf04de1
sepolicy: Allow hal_gnss_pixel create file
...
[ 7564.504317] type=1400 audit(1731556655.872:63): avc: denied { create } for comm="android.hardwar" name="android.hardware.gnss-service.pixel" scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_gps_file:s0 tclass=file permissive=0 bug=b/378004800
flag: EXEMPT the function has been verified at userdebug ROM.
Bug: 378004800
Bug: 377446770
Test: b/378004800 abtd to check sepolicy
Test: b/377446770#comment1 verified the coredump function on user ROM.
Change-Id: If5cbe1dfde904f7d1eb0daaa53fa6bef19161f01
2024-11-14 09:42:15 +00:00
Xin Li
efc0fc73ea
[automerger skipped] Merge 24Q4 (ab/12406339) into aosp-main-future am: 61302f297c -s ours
...
am skip reason: Merged-In Idd70cf3d846fad1a25060ebfb6ae6a99599fd861 with SHA-1 d43a6e1c5ahttps://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/30284589
Change-Id: I323ceafb8b8140a941b906990b0cb63e3c941515
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-11-13 23:00:57 +00:00
Madhav Iyengar
e546ba5bae
Give ContextHub HAL access to AOC version
...
Required to gate use of the new ContextHub HAL <-> CHRE transport on the
availability of a bugfix in AOC.
Bug: 378367295
Flag: android.chre.flags.efw_xport_in_context_hub
Test: ...
Change-Id: Ibd5e3d20b7e5c14ea2200d85c179a4e96eb3b65a
2024-11-13 21:07:38 +00:00
Kai Hsieh
6e5b6a6998
Merge "Revert "Add GIA (Google Input interface Abstraction layer) relat..."" into main
2024-11-13 14:42:35 +00:00
ELIYAZ MOMIN (xWF)
c68ac049e1
Revert "Add GIA (Google Input interface Abstraction layer) relat..."
...
Revert submission 29512389-gia
Reason for revert: <Potential culprit for b/378865024 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>
Reverted changes: /q/submissionid:29512389-gia
Change-Id: Ia4fd036130e54a5573efbd02a044631232561ea1
2024-11-13 14:06:24 +00:00
Treehugger Robot
cad0ccbb94
Merge "Introduce Pixel mailbox module" into main
2024-11-13 08:49:49 +00:00
Lucas Wei
f39a955d95
Introduce Pixel mailbox module
...
Introduce Pixel mailbox module to dump debugging messages and integrate
with bugreport.
This patch also create sepolicy files to avoid avc denied.
avc: denied { search } for comm="dump_mailbox" name="radio" dev="dm-57" ino=375 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc: denied { search } for comm="dump_mailbox" name="instances" dev="tracefs" ino=4203 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
avc: denied { read } for comm="dump_mailbox" name="trace" dev="tracefs" ino=7250 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1
avc: denied { open } for comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=7187 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_traci
avc: denied { create } for comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc: denied { write open } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=29097 scontext=u:r:dump_mailbox:s0 tcontex=1
avc: denied { getattr } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=29097 scontext=u:r:dump_mailbox:s0 tcontext=ut=5 audit_backlog_limit=64
=1
avc: denied { read } for comm="dump_mailbox" name="trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc: denied { open } for comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc: denied { create } for comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc: denied { write open } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=30937 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc: denied { getattr } for comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc: denied { getattr } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=30937 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc: denied { create } for comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclas(6 results) 15:39:41 [4796/19306]
avc: denied { write open } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=32864 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc: denied { getattr } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=32864 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
Flag: EXEMPT, add mailbox dump program to bugreport
Bug: 363168077
Change-Id: I622f37bf8f913df8d9b242ab206fc267d446753d
2024-11-13 07:52:03 +00:00
Kai Hsieh
9c0119a3d2
Merge "Add GIA (Google Input interface Abstraction layer) related SEPolicy rules and AIDL compatibility matrices." into main
2024-11-13 07:05:58 +00:00
timmyli
cfedcac7d7
Remove bug comment
...
Bug: 363018500
Test: comment only
Flag: EXEMPT remove comment
Change-Id: I86ed9f0e7ed5b3741b23afffb2d7440683f34eb0
2024-11-12 18:40:13 +00:00
Treehugger Robot
993cd00d79
Merge "Replace many app service permission with app_api_service" into main
2024-11-12 18:36:27 +00:00
Ocean Chen
594e90f573
Merge "Revert "storage: Defer blkio class configuration"" into main
2024-11-12 02:21:33 +00:00
Ocean Chen
3330640782
Revert "storage: Defer blkio class configuration"
...
This patch change the I/O schedulor back to mq-deadline before boot completed.
Bug:374905027
Test: forrest run
This reverts commit 0af034bf9f
2024-11-12 02:21:23 +00:00
timmyli
872e432821
Replace many app service permission with app_api_service
...
We don't need to grant permissions to all these things. Just
app_api_service is enough.
Bug: 363018500
Test: manual test with GCA Eng
Flag: EXEMPT add permissions
Change-Id: I2457b54b244b2739e89393f52442afd4544418f1
11-08 00:33:23.429 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.436 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=display scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.439 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=network_management scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.453 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=connectivity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.457 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=netstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.470 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.488 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=jobscheduler scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.502 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=shortcut scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:shortcut_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.604 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=notification scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.606 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.627 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=content_capture scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=gpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=activity_task scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.643 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=sensorservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.644 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=virtualdevice_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=device_policy scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=batterystats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.653 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=powerstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:powerstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.662 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=trust scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.677 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=device_state scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.718 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=vibrator_manager scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:vibrator_manager_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.724 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=input_method scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_method_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.732 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=power scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.733 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=thermalservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.784 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.786 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=autofill scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.795 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=graphicsstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:graphicsstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=performance_hint scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.835 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=clipboard scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.029 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.130 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=backup scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.160 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=audio scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.368 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1555): avc: denied { read } for name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1556): avc: denied { open } for path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.650 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.872 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=package_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:26.556 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=input scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_service:s0 tclass=service_manager permissive=1
11-08 00:33:34.977 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=storagestats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:storagestats_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.547 344 344 E SELinux : avc: denied { find } for pid=16961 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.593 344 344 E SELinux : avc: denied { find } for pid=16961 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1681): avc: denied { read } for name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1682): avc: denied { open } for path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.726 344 344 E SELinux : avc: denied { find } for pid=16961 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
Change-Id: I91235f2f699fd07107eaa11174beee895559770e
2024-11-11 18:00:58 +00:00
Snehal Koukuntla
ea38f5c687
Add widevine SELinux permissions for L1
...
839 839 I android.hardwar: type=1400 audit(0.0:982): avc: denied { read } for name="system" dev="tmpfs" ino=1313 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1
Bug: 363181505
Flag: EXEMPT bugfix
Change-Id: Ib9391b24f03a7306b8ba42c960d4c77c5bf148e8
2024-11-08 17:04:21 +00:00
Xin Li
61302f297c
Merge 24Q4 (ab/12406339) into aosp-main-future
...
Bug: 370570306
Merged-In: Idd70cf3d846fad1a25060ebfb6ae6a99599fd861
Change-Id: I254edf09968accebbee718cb5494612d0e5031e7
2024-11-06 10:31:19 -08:00
Timmy Li
ba53a62a59
Revert^2 "Add more access for GCA to edgetpu"
...
This reverts commit 84d3523c6c
2024-11-06 18:24:20 +00:00
ELIYAZ MOMIN (xWF)
84d3523c6c
Revert "Add more access for GCA to edgetpu"
...
This reverts commit 132ad09bce
2024-11-06 16:54:52 +00:00
timmyli
132ad09bce
Add more access for GCA to edgetpu
...
Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions
11-06 03:01:49.736 719 719 W binder:719_3: type=1400 audit(0.0:710): avc: denied { read write } for path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0
Change-Id: I2ef4ac39645179fe2a2ec1d7aeac928a43a01a61
2024-11-06 08:47:39 +00:00
Timmy Li
5f7aae6dac
Merge "Consolidate gca permissions inside gs-common" into main
2024-11-06 03:53:26 +00:00
Frank Yu
4cea32f400
Merge "Allow grilservice_app to binder call twoshay" into main
2024-11-06 03:25:18 +00:00
timmyli
cb2c9c91c1
Consolidate gca permissions inside gs-common
...
SeLinux team is making an effort to have a general set of permissions
inside gs-common for GCA as oppose to having a new google_camera_app.te
for each device generation. Move the next gen permissions to the gs-common.
Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions
11-05 16:28:30.048 5720 5720 I FinishThread: type=1400 audit(0.0:665): avc: denied { read write } for name="gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048 5720 5720 I FinishThread: type=1400 audit(0.0:666): avc: denied { open } for path="/dev/gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048 5720 5720 I FinishThread: type=1400 audit(0.0:667): avc: denied { ioctl } for path="/dev/gxp" dev="tmpfs" ino=1545 ioctlcmd=0xee06 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:15:05.062 332 332 E SELinux : avc: denied { find } for pid=5586 uid=10155 name=com.google.edgetpu.IEdgeTpuAppService/default scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_app_service:s0 tclass=service_manager permissive=1
11-05 16:15:06.356 5586 5586 I frame-quality-s: type=1400 audit(0.0:554): avc: denied { ioctl } for path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 ioctlcmd=0xed23 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
Change-Id: Ie38edbf7e2fecf6bc45605a947ad6fc63d4f4378
2024-11-05 21:57:22 +00:00
Timmy Li
91ee7dae60
Merge "Add permissions for GCA to access various services" into main
2024-11-05 19:37:39 +00:00
Treehugger Robot
ff585df52b
Merge "Allow fingerprint HAL to access IGoodixFingerprintDaemon" into main
2024-11-05 10:34:29 +00:00
KRIS CHEN
8d4f1c1f07
Allow fingerprint HAL to access IGoodixFingerprintDaemon
...
Fix the following avc denial:
avc: denied { add } for pid=1285 uid=1000 name=vendor.goodix.hardware.biometrics.fingerprint.IGoodixFingerprintDaemon/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0
Flag: EXEMPT NDK
Bug: 376602341
Test: boot with no relevant error
Change-Id: I12b5824d239bb3b55bb82fb50b9f6fc4c38b36c5
2024-11-05 09:31:29 +00:00
timmyli
5c50ccab62
Add permissions for GCA to access various services
...
app_api_service gives access to blanket app service permissions. The
more specific ones are listed in logs below.
Bug: 370899024
Bug: 375958865
Test: manual test with GCA to verify permissions
Flag: EXEMPT refactor
Specific logs:
11-05 01:13:34.640 332 332 E SELinux : avc: denied { find } for pid=5493 uid=10155 name=media.player scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1
11-05 01:13:34.641 332 332 E SELinux : avc: denied { find } for pid=5493 uid=10155 name=media.camera scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
11-05 01:29:31.002 326 326 E SELinux : avc: denied { find } for pid=5465 uid=10155 name=media.metrics scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=1
11-05 01:29:31.498 326 326 E SELinux : avc: denied { find } for pid=5465 uid=10155 name=media.extractor scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaextractor_service:s0 tclass=service_manager permissive=1
11-05 01:29:30.961 326 326 E SELinux : avc: denied { find } for
pid=5465 uid=10155 name=media.audio_flinger
scontext=u:r:google_camera_app:s0:c155,c256,c512,c768
tcontext=u:object_r:audioserver_service:s0 tclass=service_manager
permissive=1
Logs from app services blanket granted by app_api_service
10-28 02:25:22.057 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=content scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.953 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=connectivity scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.577 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=power scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.062 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=notification scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.988 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=appops scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:appops_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.014 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=user scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:user_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.852 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=display scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.998 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=jobscheduler scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.855 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=network_management scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
10-02 05:40:18.428 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=content_capture scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.270 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=device_policy scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.215 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=sensorservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
10-02 05:40:18.166 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=netstats scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.219 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=virtualdevice_native scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.230 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=thermalservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.224 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=media.camera scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.214 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=media.player scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.485 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=backup scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
10-02 05:40:17.920 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=activity scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.511 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=device_state scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1
Change-Id: I9bd98af328f948152c89f9f2c3a066a951f4aaad
2024-11-05 06:48:54 +00:00
