Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2731 commits 1 branch 0 tags 325 MiB
Commit graph

2731 commits

This branch
This branch
All branches
Author SHA1 Message Date
Aleks Rozman
83e7cc5a7f Build lyric from source if prebuilt directory is missing. 
On select branches, like the camera-stability, the prebuilt directory is missing so we want to make sure that it is building from source even if the flags tell us that a prebuilt should be used.

Bug: 380099804
Change-Id: I8832451c1f7ff6d6de3c2991e9f63317966a2f83
Test: Make on camera-stability-dev and verify warning
Flag: EXEMPT (not applicable)
 2024-11-20 22:48:19 +00:00
Wesley Lee
0649754278 mediacodec: add GPU access policy 
avc:  denied  { read write }
for  comm="binder:757_6" name="renderD128" dev="tmpfs"
ino=1566 scontext=u:r:mediacodec_google:s0
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

Bug: 378609071

Flag: EXEMPT bugfix

Test: run cts -m CtsMediaV2TestCases -t
android.mediav2.cts.CodecEncoderSurfaceTest#testSimpleEncodeFromSurface[26_c2.google.av1.encoder_video/av01_c2.google.av1.decoder_video/av01_512kbps_30fps_yuv420flexible_tonemapyes_persistentsurface]

Change-Id: I2af4f53c9ff8aca0d3c7fd721738f2044d4772fd
Signed-off-by: Wesley Lee <szuweilee@google.com>
 2024-11-20 06:29:09 +00:00
Daniel Lee
0cf5a2a95d Merge "storage: turn off writebooster flags upon init" into main 2024-11-20 05:12:10 +00:00
Julius Snipes
993506e4f1 GRIL sepolicy for aidl radioext v2.1 
avc:  denied  { find } for pid=2019 uid=10269 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c13,c257,c512,c768 tcontext=u:object_r:hal_aidl_radio_ext_service:s0 tclass=service_manager permissive=1

avc:  denied  { find } for pid=6500 uid=10242 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c242,c256,c512,c768 tcontext=u:object_r:hal_radio_ext_service:s0 tclass=service_manager permissive=0

avc:  denied  { find } for interface=vendor.google.radioext::IRadioExt sid=u:r:grilservice_app:s0:c242,c256,c512,c768 pid=6500 scontext=u:r:grilservice_app:s0:c242,c256,c512,c768 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0

avc:  denied  { read write } for  comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1

avc:  denied  { search } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1

avc:  denied  { read } for  name="link_rate" dev="sysfs" ino=111840 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 355774451
Change-Id: Iea5e0cdff82b140caa1e8b6717e94d6d78076b28
Test: verify with test roms
Flag: EXEMPT sepolicy
 2024-11-19 23:27:20 +00:00
Daniel Lee
350e262415 storage: turn off writebooster flags upon init 
Enabling writebooster capability for Pixel UFS (pa/2994670)
enabled the following flags in Android Common Kernel:

  - wb_flush_en
  - wb_flush_during_h8
  - wb_enable

This patch disables these writebooster-related flags to restore the
intended behavior for Pixel devices. This overrides the default Android
Common Kernel behavior.

While 'wb_flush_en' and 'wb_enable' have corresponding sysfs entries
('enable_wb_buf_flush' and 'wb_on') for toggling,
'wb_flush_during_h8' currently lacks this functionality in the Android
Common Kernel. Pixel provides the 'manual_gc' sysfs entry as a
workaround. Setting 'manual_gc' to 0 disables 'wb_flush_during_h8'.

Bug: 377958570
Flag: EXEMPT bugfix
Test: check if all writebooster-realated flags are false upon init
Change-Id: I918bf6939de3e208b715f554a96ccbd053f68a18
Signed-off-by: Daniel Lee <chullee@google.com>
 2024-11-19 17:22:10 +00:00
Tommy Chiu
fa76c993b7 [automerger skipped] gsc: Change the criteria for building GSC targets am: 421324351c -s ours 
am skip reason: Merged-In I96f429ec3284114868ad220ea308a6920930c065 with SHA-1 8af77ef942 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/30467455

Change-Id: I008809abb19974fc20f8f5047d08b017d9d3ae3d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-11-18 21:45:44 +00:00
Tommy Chiu
421324351c gsc: Change the criteria for building GSC targets 
There can be a case where vendor directory exists but vendor/google_nos
does not.

Bug: 371059500
Test: manual
Flag: EXEMPT refactor
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8af77ef94228bf37bd7be4d8db496f7084e0333d)
Merged-In: I96f429ec3284114868ad220ea308a6920930c065
Change-Id: I96f429ec3284114868ad220ea308a6920930c065
 2024-11-18 18:10:31 +00:00
Robert Lee
32569fc7e5 Merge "audio: update hdmi audio path" into main 2024-11-18 03:10:31 +00:00
Robert Lee
5a063cc17b audio: update hdmi audio path 
Add permission to read HDMI states by audio hal.

For new project is using
/devices/platform/dwc_dptx-audio/extcon/hdmi_audio

For old projects are using
/devices/platform/drmdp-adma/extcon/hdmi_audio

Bug: 328784922
Test: builds
Flag: EXEMPT update sepolocy
Change-Id: I3bd0ccf1ee804de3157e759eac275673c9fc96a2
Signed-off-by: Robert Lee <lerobert@google.com>
 2024-11-18 03:08:08 +00:00
Madhav Iyengar
36f37eaf3b Merge "Give ContextHub HAL access to AOC version" into main 2024-11-15 21:51:42 +00:00
Kai Hsieh
3c9ee42c23 Merge "Revert^2 "Add GIA (Google Input interface Abstraction laye..."" into main 2024-11-15 05:32:43 +00:00
Kai Hsieh
97586506bb Revert^2 "Add GIA (Google Input interface Abstraction laye..." 
Revert submission 30378113-revert-29512389-gia-PMLMEKURMT

Reason for revert: Revert to fix the issue that GIA cannot be started in caimen-next-userdbg

Reverted changes: /q/submissionid:30378113-revert-29512389-gia-PMLMEKURMT
Bug: 367881686
Change-Id: Iecc4738c10dfe244bea02611f1926a9f6264a46c
 2024-11-14 10:10:46 +00:00
Cheng Chang
303cf04de1 sepolicy: Allow hal_gnss_pixel create file 
[ 7564.504317] type=1400 audit(1731556655.872:63): avc:  denied  { create } for  comm="android.hardwar" name="android.hardware.gnss-service.pixel" scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_gps_file:s0 tclass=file permissive=0 bug=b/378004800

flag: EXEMPT the function has been verified at userdebug ROM.
Bug: 378004800
Bug: 377446770
Test: b/378004800 abtd to check sepolicy
Test: b/377446770#comment1 verified the coredump function on user ROM.
Change-Id: If5cbe1dfde904f7d1eb0daaa53fa6bef19161f01
 2024-11-14 09:42:15 +00:00
Xin Li
efc0fc73ea [automerger skipped] Merge 24Q4 (ab/12406339) into aosp-main-future am: 61302f297c -s ours 
am skip reason: Merged-In Idd70cf3d846fad1a25060ebfb6ae6a99599fd861 with SHA-1 d43a6e1c5a is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/30284589

Change-Id: I323ceafb8b8140a941b906990b0cb63e3c941515
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-11-13 23:00:57 +00:00
Madhav Iyengar
e546ba5bae Give ContextHub HAL access to AOC version 
Required to gate use of the new ContextHub HAL <-> CHRE transport on the
availability of a bugfix in AOC.

Bug: 378367295
Flag: android.chre.flags.efw_xport_in_context_hub
Test: ...
Change-Id: Ibd5e3d20b7e5c14ea2200d85c179a4e96eb3b65a
 2024-11-13 21:07:38 +00:00
Kai Hsieh
6e5b6a6998 Merge "Revert "Add GIA (Google Input interface Abstraction layer) relat..."" into main 2024-11-13 14:42:35 +00:00
ELIYAZ MOMIN (xWF)
c68ac049e1 Revert "Add GIA (Google Input interface Abstraction layer) relat..." 
Revert submission 29512389-gia

Reason for revert: <Potential culprit for b/378865024  - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Reverted changes: /q/submissionid:29512389-gia

Change-Id: Ia4fd036130e54a5573efbd02a044631232561ea1
 2024-11-13 14:06:24 +00:00
Treehugger Robot
cad0ccbb94 Merge "Introduce Pixel mailbox module" into main 2024-11-13 08:49:49 +00:00
Lucas Wei
f39a955d95 Introduce Pixel mailbox module 
Introduce Pixel mailbox module to dump debugging messages and integrate
with bugreport.
This patch also create sepolicy files to avoid avc denied.

avc:  denied  { search } for  comm="dump_mailbox" name="radio" dev="dm-57" ino=375 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc:  denied  { search } for  comm="dump_mailbox" name="instances" dev="tracefs" ino=4203 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
avc:  denied  { read } for  comm="dump_mailbox" name="trace" dev="tracefs" ino=7250 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1
avc:  denied  { open } for  comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=7187 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_traci
avc:  denied  { create } for  comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { write open } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=29097 scontext=u:r:dump_mailbox:s0 tcontex=1
avc:  denied  { getattr } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=29097 scontext=u:r:dump_mailbox:s0 tcontext=ut=5 audit_backlog_limit=64
=1
avc:  denied  { read } for  comm="dump_mailbox" name="trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc:  denied  { open } for  comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc:  denied  { create } for  comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { write open } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=30937 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { getattr } for  comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc:  denied  { getattr } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=30937 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { create } for  comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclas(6 results) 15:39:41 [4796/19306]
avc:  denied  { write open } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=32864 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { getattr } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=32864 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

Flag: EXEMPT, add mailbox dump program to bugreport
Bug: 363168077
Change-Id: I622f37bf8f913df8d9b242ab206fc267d446753d
 2024-11-13 07:52:03 +00:00
Kai Hsieh
9c0119a3d2 Merge "Add GIA (Google Input interface Abstraction layer) related SEPolicy rules and AIDL compatibility matrices." into main 2024-11-13 07:05:58 +00:00
timmyli
cfedcac7d7 Remove bug comment 
Bug: 363018500
Test: comment only
Flag: EXEMPT remove comment
Change-Id: I86ed9f0e7ed5b3741b23afffb2d7440683f34eb0
 2024-11-12 18:40:13 +00:00
Treehugger Robot
993cd00d79 Merge "Replace many app service permission with app_api_service" into main 2024-11-12 18:36:27 +00:00
Ocean Chen
594e90f573 Merge "Revert "storage: Defer blkio class configuration"" into main 2024-11-12 02:21:33 +00:00
Ocean Chen
3330640782 Revert "storage: Defer blkio class configuration" 
This patch change the I/O schedulor back to mq-deadline before boot completed.

Bug:374905027
Test: forrest run

This reverts commit 0af034bf9f.

Change-Id: Ie49fb8a62d6fdb8da112e83d5a8e3551b0072379
 2024-11-12 02:21:23 +00:00
timmyli
872e432821 Replace many app service permission with app_api_service 
We don't need to grant permissions to all these things. Just
app_api_service is enough.

Bug: 363018500
Test: manual test with GCA Eng
Flag: EXEMPT add permissions
Change-Id: I2457b54b244b2739e89393f52442afd4544418f1

11-08 00:33:23.429   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.436   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=display scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.439   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=network_management scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.453   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=connectivity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.457   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=netstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.470   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.488   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=jobscheduler scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.502   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=shortcut scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:shortcut_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.604   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=notification scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.606   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.627   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=content_capture scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=gpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=activity_task scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.643   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=sensorservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.644   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=virtualdevice_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=device_policy scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=batterystats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.653   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=powerstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:powerstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.662   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=trust scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.677   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=device_state scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.718   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=vibrator_manager scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:vibrator_manager_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.724   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=input_method scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_method_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.732   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=power scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.733   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=thermalservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.784   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.786   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=autofill scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.795   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=graphicsstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:graphicsstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=performance_hint scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.835   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=clipboard scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.029   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.130   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=backup scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.160   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=audio scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.368   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1555): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1556): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.650   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.872   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=package_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:26.556   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=input scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_service:s0 tclass=service_manager permissive=1
11-08 00:33:34.977   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=storagestats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:storagestats_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.547   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.593   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1681): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1682): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.726   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1

Change-Id: I91235f2f699fd07107eaa11174beee895559770e
 2024-11-11 18:00:58 +00:00
Snehal Koukuntla
ea38f5c687 Add widevine SELinux permissions for L1 
839   839 I android.hardwar: type=1400 audit(0.0:982): avc:  denied  { read } for  name="system" dev="tmpfs" ino=1313 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1

Bug: 363181505
Flag: EXEMPT bugfix
Change-Id: Ib9391b24f03a7306b8ba42c960d4c77c5bf148e8
 2024-11-08 17:04:21 +00:00
Zhengyuan Cui
2f08dd633a Allow command line tools to access Tachyon service in user builds. 
Bug: 377528455
Change-Id: I878e960b32af45030cebf73e9138752506c37953
Flag: tachyon
 2024-11-06 20:40:46 +00:00
Xin Li
61302f297c Merge 24Q4 (ab/12406339) into aosp-main-future 
Bug: 370570306
Merged-In: Idd70cf3d846fad1a25060ebfb6ae6a99599fd861
Change-Id: I254edf09968accebbee718cb5494612d0e5031e7
 2024-11-06 10:31:19 -08:00
Timmy Li
ba53a62a59 Revert^2 "Add more access for GCA to edgetpu" 
This reverts commit 84d3523c6c.

Reason for revert: Remerge attempt after fixing build error.

Bug: 361092857
Test: manual test with GCA for permissions
Flag: EXEMPT add permissions

11-06 03:01:49.736   719   719 W binder:719_3: type=1400 audit(0.0:710): avc:  denied  { read write } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0

Change-Id: I89ec01928edc4fcb4832d2da84c442354a65c25c
 2024-11-06 18:24:20 +00:00
ELIYAZ MOMIN (xWF)
84d3523c6c Revert "Add more access for GCA to edgetpu" 
This reverts commit 132ad09bce.

Reason for revert: <Potential culprit for b/377693729  - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Change-Id: Ic0cf086e2dc3aad19b1e0965873f9966ad7e6c29
 2024-11-06 16:54:52 +00:00
timmyli
132ad09bce Add more access for GCA to edgetpu 
Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions

11-06 03:01:49.736   719   719 W binder:719_3: type=1400 audit(0.0:710): avc:  denied  { read write } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0

Change-Id: I2ef4ac39645179fe2a2ec1d7aeac928a43a01a61
 2024-11-06 08:47:39 +00:00
Timmy Li
5f7aae6dac Merge "Consolidate gca permissions inside gs-common" into main 2024-11-06 03:53:26 +00:00
Frank Yu
4cea32f400 Merge "Allow grilservice_app to binder call twoshay" into main 2024-11-06 03:25:18 +00:00
timmyli
cb2c9c91c1 Consolidate gca permissions inside gs-common 
SeLinux team is making an effort to have a general set of permissions
inside gs-common for GCA as oppose to having a new google_camera_app.te
for each device generation. Move the next gen permissions to the gs-common.

Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions

11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:665): avc:  denied  { read write } for  name="gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:666): avc:  denied  { open } for  path="/dev/gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:667): avc:  denied  { ioctl } for  path="/dev/gxp" dev="tmpfs" ino=1545 ioctlcmd=0xee06 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera

11-05 16:15:05.062   332   332 E SELinux : avc:  denied  { find } for pid=5586 uid=10155 name=com.google.edgetpu.IEdgeTpuAppService/default scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_app_service:s0 tclass=service_manager permissive=1
11-05 16:15:06.356  5586  5586 I frame-quality-s: type=1400 audit(0.0:554): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 ioctlcmd=0xed23 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera

Change-Id: Ie38edbf7e2fecf6bc45605a947ad6fc63d4f4378
 2024-11-05 21:57:22 +00:00
Timmy Li
91ee7dae60 Merge "Add permissions for GCA to access various services" into main 2024-11-05 19:37:39 +00:00
Treehugger Robot
ff585df52b Merge "Allow fingerprint HAL to access IGoodixFingerprintDaemon" into main 2024-11-05 10:34:29 +00:00
KRIS CHEN
8d4f1c1f07 Allow fingerprint HAL to access IGoodixFingerprintDaemon 
Fix the following avc denial:
avc:  denied  { add } for pid=1285 uid=1000 name=vendor.goodix.hardware.biometrics.fingerprint.IGoodixFingerprintDaemon/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0

Flag: EXEMPT NDK
Bug: 376602341
Test: boot with no relevant error
Change-Id: I12b5824d239bb3b55bb82fb50b9f6fc4c38b36c5
 2024-11-05 09:31:29 +00:00
timmyli
5c50ccab62 Add permissions for GCA to access various services 
app_api_service gives access to blanket app service permissions. The
more specific ones are listed in logs below.

Bug: 370899024
Bug: 375958865
Test: manual test with GCA to verify permissions
Flag: EXEMPT refactor

Specific logs:
11-05 01:13:34.640   332   332 E SELinux : avc:  denied  { find } for pid=5493 uid=10155 name=media.player scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1
11-05 01:13:34.641   332   332 E SELinux : avc:  denied  { find } for pid=5493 uid=10155 name=media.camera scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
11-05 01:29:31.002   326   326 E SELinux : avc:  denied  { find } for pid=5465 uid=10155 name=media.metrics scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=1
11-05 01:29:31.498   326   326 E SELinux : avc:  denied  { find } for pid=5465 uid=10155 name=media.extractor scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaextractor_service:s0 tclass=service_manager permissive=1
11-05 01:29:30.961   326   326 E SELinux : avc:  denied  { find } for
pid=5465 uid=10155 name=media.audio_flinger
scontext=u:r:google_camera_app:s0:c155,c256,c512,c768
tcontext=u:object_r:audioserver_service:s0 tclass=service_manager
permissive=1

Logs from app services blanket granted by app_api_service
10-28 02:25:22.057   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=content scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.953   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=connectivity scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.577   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=power scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.062   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=notification scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.988   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=appops scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:appops_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.014   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=user scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:user_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.852   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=display scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.998   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=jobscheduler scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.855   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=network_management scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
10-02 05:40:18.428   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=content_capture scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.270   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=device_policy scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.215   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=sensorservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
10-02 05:40:18.166   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=netstats scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.219   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=virtualdevice_native scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.230   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=thermalservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.224   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=media.camera scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.214   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=media.player scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.485   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=backup scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
10-02 05:40:17.920   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=activity scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.511   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=device_state scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1

Change-Id: I9bd98af328f948152c89f9f2c3a066a951f4aaad
 2024-11-05 06:48:54 +00:00
Enzo Liao
31cb3f5521 Merge "RamdumpService: Update the SELinux policy for Flood Control to use Firebase Cloud Firestore." into main 2024-11-05 03:38:08 +00:00
Treehugger Robot
4ec2ce09c4 Merge "[USB Audio] Fix SEPolicy issue" into main 2024-11-04 03:28:24 +00:00
Frank Yu
50930b4181 Allow grilservice_app to binder call twoshay 
avc error log:

[   37.308566] type=1400 audit(1730161331.968:20): avc:  denied  { call } for  comm="pool-3-thread-1" scontext=u:r:grilservice_app:s0:c253,c256,c512,c768 tcontext=u:r:twoshay:s0 tclass=binder permissive=0 bug=b/375564898 app=com.google.android.grilservice

Flag: EXEMPT bugfix
Bug: 375564898
Change-Id: I7bd57884763e255be57455b138e306c904bc66e1
 2024-11-01 09:04:43 +00:00
Enzo Liao
8ad4c5c9b9 RamdumpService: Update the SELinux policy for Flood Control to use Firebase Cloud Firestore. 
Bug: 369260803
Design: go/fc-app-server
Flag: NONE N/A
Change-Id: Iebc91446aad59e2ed4e995fc5fc8fd3a45e0dc6f
 2024-11-01 11:55:32 +08:00
Lucas Wei
6a2ff60cdf Merge "Introduce dump_chip_info module" into main 2024-10-31 05:29:28 +00:00
Kai Hsieh
1f83bb110e Add GIA (Google Input interface Abstraction layer) related SEPolicy rules and AIDL compatibility matrices. 
AVC evidences:
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:24): avc:  denied  { search } for  name="goog_touch_interface" dev="sysfs" ino=110634 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=dir permissive=1
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:25): avc:  denied  { read } for  name="interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:26): avc:  denied  { open } for  path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:27): avc:  denied  { getattr } for  path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:28): avc:  denied  { write } for  name="interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1

Test: Build succeed.
Test: Manually, checked whether GIA service is started successfully via command `service list`.
Bug: 367881686
Flag: build.RELEASE_PIXEL_GIA_ENABLED
Change-Id: I8069521425ff1e830d759252bf8bf460f4dc6f32
Signed-off-by: Kai Hsieh <kaihsieh@google.com>
 2024-10-31 00:57:56 +00:00
Lucas Wei
0a17acae18 Introduce dump_chip_info module 
Introduce dump_chip_info dumper to dump driver information of chip-info
and required sepolicy.

[ 9819.206787][  T335] type=1400 audit(1729750876.372:4710): avc:
denied  { execute_no_trans } for  comm="android.hardwar"
path="/vendor/bin/dump/dump_chip_info" dev="dm-11" ino=79
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0
tclass=file permissive=1
[ 9819.231374][  T335] type=1400 audit(1729750876.384:4711): avc:
denied  { getattr } for  comm="dump_chip_info" path="pipe:[1038881]"
dev="pipefs" ino=1038881 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:r:shell:s0 tclass=fifo_file permissive=1

Flag: EXEMPT, change source of chipid
Bug: 298883728
Change-Id: I0ff6edf98548de4b93c9eeee005ab2e7b365cf7f
 2024-10-30 01:54:29 +00:00
Kiwon Park
16cae5b0bc Merge "Disable bootstrap for UGS devices (sold in Canada)" into main 2024-10-29 18:36:24 +00:00
Joner Lin
89a81be220 Merge "add sepolicy rules for bluetooth common hal dumpstate" into main 2024-10-29 08:34:45 +00:00
Joner Lin
dc6f3713ce Merge "add bluetooth common hal sepolicy rules for bt subsystem crash info files" into main 2024-10-29 04:04:57 +00:00
jonerlin
62abd5daf8 add sepolicy rules for bluetooth common hal dumpstate 
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1002): avc:  denied  { search } for  comm="dump_bt" name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1002): avc:  denied  { search } for  name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1003): avc:  denied  { write } for  comm="dump_bt" name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1003): avc:  denied  { write } for  name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1004): avc:  denied  { add_name } for  comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1004): avc:  denied  { add_name } for  name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1005): avc:  denied  { create } for  comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1005): avc:  denied  { create } for  name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1006): avc:  denied  { read } for  comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1006): avc:  denied  { read } for  name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1005): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1005): avc:  denied  { open } for  path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1006): avc:  denied  { read } for  comm="dump_bt" name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1006): avc:  denied  { read } for  name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1007): avc:  denied  { search } for  comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1007): avc:  denied  { search } for  name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1008): avc:  denied  { read } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1008): avc:  denied  { read } for  name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1009): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1009): avc:  denied  { open } for  path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1015): avc:  denied  { create } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1015): avc:  denied  { create } for  name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1016): avc:  denied  { write open } for  comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1016): avc:  denied  { write open } for  path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1017): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1017): avc:  denied  { getattr } for  path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1018): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1018): avc:  denied  { getattr } for  path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:42.000000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1019): avc:  denied  { search } for  comm="dump_bt" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-27 21:03:42.000000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1019): avc:  denied  { search } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1062): avc:  denied  { read } for  comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1062): avc:  denied  { read } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1063): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1063): avc:  denied  { open } for  path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1064): avc:  denied  { search } for  comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1064): avc:  denied  { search } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1065): avc:  denied  { read } for  comm="dump_bt" name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1065): avc:  denied  { read } for  name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1066): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1066): avc:  denied  { open } for  path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 07:01:56.708000  1000  7681  7681 I auditd  : type=1400 audit(0.0:1019): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 07:01:56.708000  1000  7681  7681 I dump_bt : type=1400 audit(0.0:1019): avc:  denied  { getattr } for  path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:985): avc:  denied  { read } for  comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:985): avc:  denied  { read } for  name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:986): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:986): avc:  denied  { open } for  path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:987): avc:  denied  { search } for  comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:987): avc:  denied  { search } for  name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:988): avc:  denied  { read } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:988): avc:  denied  { read } for  name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1

Bug: 373526518
Bug: 372146292
Test: build pass, get bugreport and check bt dumpstate log files
Flag: EXEMPT, mechanical change.
Change-Id: I65025ffdac1c3017c494ae2a9fe8deeb5c7ce970
 2024-10-28 14:51:40 +00:00
Joner Lin
9590adf0c7 Merge "bt: add dumpstate for bluetooth common hal" into main 2024-10-28 14:15:47 +00:00