Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2456 commits 1 branch 0 tags 325 MiB
Commit graph

2456 commits

This branch
This branch
All branches
Author SHA1 Message Date
Randall Huang
69c69b2609 storage: fix ota selinux error 
avc:  denied  { read write } for  pid=281 comm="update_engine_s" name="boot_lun_enabled" dev="sysfs" ino=99875 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
avc:  denied  { open } for  pid=281 comm="update_engine_s" path="/sys/devices/platform/3c400000.ufs/pixel/boot_lun_enabled" dev="sysfs" ino=99875 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1

Bug: 361093433
Test: OTA sideload
Change-Id: I7c92346d7ab08597d612e798d2252768eed124a2
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-09 12:48:43 +08:00
Randall Huang
9b9bee2c1a Storage: add sepolicy for recovery mode 
avc:  denied  { search } for  pid=286 comm="fsck.f2fs" name="0:0:0:0" dev="sysfs" ino=100643 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { getattr } for  pid=286 comm="fsck.f2fs" path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda10/partition" dev="sysfs" ino=102318 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  pid=286 comm="fsck.f2fs" name="zoned" dev="sysfs" ino=101014 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  pid=286 comm="fsck.f2fs" path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/queue/zoned" dev="sysfs" ino=101014 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  pid=340 comm="fsck.f2fs" name="sda1" dev="tmpfs" ino=1060 scontext=u:r:fsck:s0 tcontext=u:object_r:persist_block_device:s0 tclass=blk_file permissive=0
avc:  denied  { read write } for  pid=340 comm="fsck.f2fs" name="sda1" dev="tmpfs" ino=1060 scontext=u:r:fsck:s0 tcontext=u:object_r:persist_block_device:s0 tclass=blk_file permissive=0

Bug: 361093433
Test: factory data reset
Change-Id: Idce44f75e8ef6f3e381fcdaa8c29831747ee0ecd
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-09 12:41:58 +08:00
Xin Li
92f65e92ab [automerger skipped] Merge 24Q3 to AOSP main am: 3d9a037343 -s ours am: 1753d5c4df -s ours 
am skip reason: Merged-In I14cff8dfe4e143995b9011cd34a1e7d74613ae33 with SHA-1 d1adbe0cb2 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3258121

Change-Id: I703ee8ce839d2e5412036ef723919ca010a89a47
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-07 06:09:36 +00:00
Xin Li
1753d5c4df [automerger skipped] Merge 24Q3 to AOSP main am: 3d9a037343 -s ours 
am skip reason: Merged-In I14cff8dfe4e143995b9011cd34a1e7d74613ae33 with SHA-1 d1adbe0cb2 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3258121

Change-Id: I812aa14274c7353bf1322ca8aaedae71adc2a471
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-07 02:41:15 +00:00
Robin Peng
c8a640f591 check_current_prebuilt: Symlink current prebuilt folder to android root 
The Android are now based on Trunk Stable world and Pixel prebuilts CLs
also needs to reply with this which controlled by the flag which results:
- the flag value might be different on each branches
- the flag value are mostly different on each release configuration
- for local builds, ENGs' needs to figure out the correct location
  of current prebuilts by checking through entire prebuilt textproto
  files

To alleviate this problem, create an symlink file under android root
indicates current prebuilt path after invoke the android lunch cmd.

Bug: 364831620
Flag: EXEMPT export current prebuilt path
Change-Id: Idd130a70815fe1fe5288b003c5edb6979fd4c88c
Signed-off-by: Robin Peng <robinpeng@google.com>
 2024-09-06 09:35:30 +00:00
Neo Yu
ab39c35ee2 Merge "Separate GRIL sepolicy for AIDL and HIDL by folders" into main 2024-09-06 01:41:13 +00:00
Xin Li
3d9a037343 Merge 24Q3 to AOSP main 
Bug: 357762254
Merged-In: I14cff8dfe4e143995b9011cd34a1e7d74613ae33
Change-Id: Ic2a51a2ac1a142369dd49e4b6eb0dd37c32f1383
 2024-09-05 17:02:37 -07:00
Kieran Cyphus
19ab72a3de Merge "shamp: Update shared_modem_platform HAL version to 2" into main 2024-09-05 18:17:58 +00:00
Treehugger Robot
c1cdcbaeed Merge "storage: fix vold avc denied" into main 2024-09-05 09:42:34 +00:00
Randall Huang
0440e82770 storage: fix vendor_init avc denied 
avc:  denied  { write } for  comm="init" name="swappiness" dev="proc" ino=207356 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc_dirty:s0 tclass=file permissive=1

Bug: 361093041
Test: local build
Change-Id: I595008f957c322aedbdf383c4e50c0e0ce30b9dc
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 08:42:30 +00:00
Randall Huang
24568c64d1 storage: fix vold avc denied 
[   33.709752][  T363] type=1400 audit(1725519791.892:729): avc:  denied  { read } for  comm="binder:369_6" name="/" dev="sda5" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.710804][  T363] type=1400 audit(1725519791.892:730): avc:  denied  { open } for  comm="binder:369_6" path="/mnt/vendor/efs" dev="sda5" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.711734][  T363] type=1400 audit(1725519791.892:731): avc:  denied  { ioctl } for  comm="binder:369_6" path="/mnt/vendor/efs" dev="sda5" ino=3 ioctlcmd=0x5879 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
[   33.712732][  T363] type=1400 audit(1725519791.892:732): avc:  denied  { read } for  comm="binder:369_6" name="/" dev="sda7" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1
[   33.713612][  T363] type=1400 audit(1725519791.892:733): avc:  denied  { open } for  comm="binder:369_6" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1
[   33.714833][  T363] type=1400 audit(1725519791.892:734): avc:  denied  { ioctl } for  comm="binder:369_6" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 ioctlcmd=0x5879 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1

Bug: 361093041
Test: local build
Change-Id: I629f0303940f3f07ce3717cd0a2c8f975378f24b
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 08:42:25 +00:00
Randall Huang
bce5748b4f storage: fix adb bugreport and refactor the existing rules 
avc: denied { getattr } for comm="df" path="/mnt/vendor/persist" dev="sda15" ino=2 scontext=u:r:dumpstate:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { call } for comm="binder:10121_3" scontext=u:r:dumpstate:s0 tcontext=u:r:vold:s0 tclass=binder permissive=1
avc: denied { getattr } for comm="df" path="/mnt/vendor/efs" dev="sda5" ino=3 scontext=u:r:dumpstate:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
avc: denied { getattr } for comm="df" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 scontext=u:r:dumpstate:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1

Bug: 361093041
Test: local build
Change-Id: I5c6be63beebf66d64db7e495c28493ab35621054
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 16:39:22 +08:00
Randall Huang
4391ba797c Merge "storage: fix PowerStats avc denied" into main 2024-09-05 06:24:35 +00:00
Randall Huang
9d99d1d598 storage: fix PowerStats avc denied 
avc:  denied  { search } for  name="ufs_stats" dev="sysfs" ino=99872 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { open } for  comm="android.hardwar" path="/sys/devices/platform/3c400000.ufs/host0/target000/0000/block/sda/stat" dev="sysfs" ino=100761 scontext=urhal_health_default
avc:  denied  { getattr } for  comm="android.hardwar" path="/sys/devices/platform/3c400000.ufs/host0/target000/0000/block/sda/stat" dev="sysfs" ino=100761 scontext=urhal_health_default
avc:  denied  { search } for  comm="android.hardwar" name="0000" dev="sysfs" ino=100578 scontext=urhal_health_defaults0 tcontext=uobject_r
avc:  denied  { read } for  comm="android.hardwar" name="stat" dev="sysfs" ino=100761 scontext=urhal_health_defaults0 tcontext=uobject_rsysfs_scsi_devices_0000s0 tclass=file permissive=1
avc:  denied  { search } for  comm="android.hardwar" name="0000" dev="sysfs" ino=100578 scontext=urhal_health_defaults0 tcontext=uobject_r
avc:  denied  { read } for  comm="android.hardwar" name="stat" dev="sysfs" ino=100761 scontext=urhal_health_defaults0 tcontext=uobject_rsysfs_scsi_devices_0000s0 tclass=file permissive=1

Bug: 361093041
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I94dadb9b9fc015fd1ecc39f9d62bc7209375a13a
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 04:10:53 +00:00
Sam Ou
2fdeb6aed7 Merge "sepolicy: fix dump_power policy" into main 2024-09-05 04:01:07 +00:00
Randall Huang
cacedb4ae8 storage: move sepolicy to common folder 
avc: denied { read } for comm="android.hardwar" name="specification_version" dev="sysfs" ino=56257 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0

Bug: 361093041
Test: local build
Change-Id: I90d29590908efc329a05bd8f5f3e145dac4982fc
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-05 10:48:44 +08:00
Kieran Cyphus
94ef296dae shamp: Update shared_modem_platform HAL version to 2 
Bug: 364363838

ag/28965951 accidentally started providing a V2 when the manifests only said V1 which broke some VTS tests.

Test: `atest vts_treble_vintf_vendor_test:DeviceManifest/SingleAidlTest#HalIsServed/com_google_pixel_shared_modem_platform_ISharedModemPlatform_default_V1_84`
Flag: EXEMPT can't flag manifest changes

Change-Id: I17113f86e9bceaa3efe2f0d4d76e8349fe2c456e
 2024-09-04 21:29:37 +00:00
Kiwon Park
d3977c94ad Merge "Add eSIM directory and disable bootstrap when bootloader is unlocked in user build" into main 2024-09-04 16:55:20 +00:00
Neo Yu
0ca7adab01 Separate GRIL sepolicy for AIDL and HIDL by folders 
Related avc error:

aidl part:
avc:  denied  { find } for pid=2019 uid=10269 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c13,c257,c512,c768 tcontext=u:object_r:hal_aidl_radio_ext_service:s0 tclass=service_manager permissive=1

avc:  denied  { read write } for  comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1

avc:  denied  { search } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1


hidl part:
avc:  denied  { read write } for  comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1

avc:  denied  { create } for  name="radio" dev="dm-53" ino=379 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

avc:  denied  { search } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

avc:  denied  { read write } for  name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1

avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1

Bug: 363665676
Test: verify with test roms
Flag: EXEMPT sepolicy refactor
Change-Id: I0fb75f7f9c7339864ee303c0f1de3b218ceb81ed
 2024-09-04 16:54:15 +00:00
Devika Krishnadas
76ca89b967 Add GPU team owners for mk files am: 1d82070ee9 am: 9747c1bb8d 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3252915

Change-Id: Ifdcf32d2555f28851739c53019e9bec4dfc13167
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-04 16:49:25 +00:00
Devika Krishnadas
9747c1bb8d Add GPU team owners for mk files am: 1d82070ee9 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3252915

Change-Id: I12c5349ad38ca36302996f139dac08114cbea42a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-04 16:39:39 +00:00
samou
202f18ed18 sepolicy: fix dump_power policy 
09-03 10:57:32.552 11878 11878 W dump_power: type=1400 audit(0.0:23): avc:  denied  { read } for  name="thismeal.txt" dev="dm-51" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0
09-05 00:01:19.432  6967  6967 W dump_power: type=1400 audit(0.0:25): avc:  denied  { open } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-52" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0
09-05 00:11:25.532  6913  6913 W dump_power: type=1400 audit(0.0:25): avc:  denied  { getattr } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-52" ino=14368 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=0

Flag: EXEMPT refactor
Bug: 364612419
Change-Id: Ide2ad35e3f2a5bc3246603a4e66b67ec901ddc64
Signed-off-by: samou <samou@google.com>
 2024-09-04 16:15:06 +00:00
Treehugger Robot
52f7c66ea0 Merge "gs-common: nfc: st21nfc: Add rules for android.hardware.nfc-service.st" into main 2024-09-04 08:54:32 +00:00
Snehal Koukuntla
13e34cc96a Merge "Add widevine SELinux permissions" into main 2024-09-04 08:42:49 +00:00
Kyle Hsiao
a0681a7b7a gs-common: nfc: st21nfc: Add rules for android.hardware.nfc-service.st 
sepolicy for android.hardware.nfc-service.st

Flag: EXEMPT NDK
Bug: 361093394
Test: manual
Change-Id: Ibe90555a6ec9b13fb2cd8eae4131216d3240ec3a
 2024-09-04 06:20:49 +00:00
Randall Huang
6ec23c152f storage: move storage related device type to common folder 
Bug: 364225000
Test: forrest build
Change-Id: Ica102c5a1ec45560939ac32c3ec22e721659c3cf
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-04 10:43:47 +08:00
Devika Krishnadas
1d82070ee9 Add GPU team owners for mk files 
Bug: 275906497
Flag: EXEMPT only changing OWNERS
Change-Id: Ife6cdfd5097c6c50e0276ea3a70552e9feeb76a8
Signed-off-by: Devika Krishnadas <kdevika@google.com>
 2024-09-03 22:49:19 +00:00
Snehal
bd3767ae16 Add widevine SELinux permissions 
15992 15992 I exoplayer2.demo: type=1400 audit(0.0:1934): avc:  denied  { call } for  scontext=u:r:untrusted_app_29:s0:c36,c257,c512,c768 tcontext=u:r:hal_drm_clearkey:s0 tclass=binder permissive=1 app=com.google.android.exoplayer2.demo

15992 15992 I exoplayer2.demo: type=1400 audit(0.0:1935): avc:  denied  { call } for  scontext=u:r:untrusted_app_29:s0:c36,c257,c512,c768 tcontext=u:r:hal_drm_widevine:s0 tclass=binder permissive=1 app=com.google.android.exoplayer2.demo

860   860 I android.hardwar: type=1400 audit(0.0:4302): avc:  denied  { write } for  name="mediadrm" dev="dm-57" ino=2565 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:mediadrm_vendor_data_file:s0 tclass=dir permissive=1

860   860 I android.hardwar: type=1400 audit(0.0:4304): avc:  denied  { create } for  name="IDM1013" scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:mediadrm_vendor_data_file:s0 tclass=dir permissive=1

Bug: 363182767
Bug: 363181505

Flag: EXEMPT bugfix

Change-Id: Ia8c3ba3d7fe9f09ceb40fd2b6ae88bbbcf5ac6f6
 2024-09-03 13:40:57 +00:00
George Chang
019cc571f4 Merge "gs-common: nfc: st54spi: Add rules for hal_secure_element_st54spi_aidl" into main 2024-09-03 11:33:00 +00:00
Treehugger Robot
90f357aa8d Merge "Storage: add selinux for ufs firmware upgrade event" into main 2024-09-03 03:36:51 +00:00
Randall Huang
0f4a0bb8a2 Storage: add selinux for ufs firmware upgrade event 
avc:  denied  { execute_no_trans } for  comm="ufs_firmware_up" path="/vendor/bin/toybox_vendor" dev="dm-11" ino=380 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1
avc:  denied  { read } for  comm="cat" name="vendor" dev="sysfs" ino=63193 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  comm="cat" path="/sys/devices/platform/13200000.ufs/vendor" dev="sysfs" ino=63193 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { search } for  comm="dd" name="block" dev="tmpfs" ino=12 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=1
avc:  denied  { write } for  comm="dd" name="sda12" dev="tmpfs" ino=1139 scontext=u:r:ufs_firmware_update:s0 tcontext=u:object_r:ufs_internal_block_device:s0 tclass=blk_file permissive=1

Bug: 361093041
Test: NA
Change-Id: I54445d4543a733baae85cd408b433033dd93ec6b
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-02 22:33:03 +00:00
Cheng Chang
4c672d13c9 Merge "gps: Allow gnss hal access vendor_gps_prop" into main 2024-09-02 07:38:45 +00:00
George Chang
cf2d68668f gs-common: nfc: st54spi: Add rules for hal_secure_element_st54spi_aidl 
sepolicy for android.hardware.secure_element-service.thales

08-26 12:49:43.959   343   343 E SELinux : avc:  denied  { add } for pid=706 uid=1068 name=android.hardware.secure_element.ISecureElement/eSE1 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:hal_secure_element_service:s0 tclass=service_manager permissive=1
08-26 12:49:43.936   706   706 I android.hardwar: type=1400 audit(0.0:9): avc:  denied  { call } for  scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1
08-26 12:49:43.936   706   706 I android.hardwar: type=1400 audit(0.0:10): avc:  denied  { transfer } for  scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1
08-26 12:49:59.904     1     1 I /system/bin/init: type=1107 audit(0.0:139): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=persist.vendor.se.reset pid=706 uid=1068 gid=1068 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=1'
08-26 12:50:12.124   706   706 I android.hardwar: type=1400 audit(0.0:461): avc:  denied  { read write } for  name="st54spi" dev="tmpfs" ino=1552 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:st54spi_device:s0 tclass=chr_file permissive=1
08-26 12:50:12.124   706   706 I android.hardwar: type=1400 audit(0.0:462): avc:  denied  { open } for  path="/dev/st54spi" dev="tmpfs" ino=1552 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:st54spi_device:s0 tclass=chr_file permissive=1
08-26 16:33:44.332   737   737 I android.hardwar: type=1400 audit(0.0:959): avc:  denied  { read write } for  name="st21nfc" dev="tmpfs" ino=1550 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
08-26 16:33:44.332   737   737 I android.hardwar: type=1400 audit(0.0:960): avc:  denied  { open } for  path="/dev/st21nfc" dev="tmpfs" ino=1550 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
08-26 16:33:44.332   737   737 I android.hardwar: type=1400 audit(0.0:961): avc:  denied  { ioctl } for  path="/dev/st21nfc" dev="tmpfs" ino=1550 ioctlcmd=0xea05 scontext=u:r:hal_secure_element_st54spi_aidl:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1

Flag: EXEMPT NDK
Bug: 361093024
Test: manual
Change-Id: I1f3aebc9894de9f3410f2031e2b99e07d4060fa5
 2024-09-02 06:37:19 +00:00
Attis Chen
e5c668587d Merge "Add dump of panel power_mode." into main 2024-09-02 04:54:18 +00:00
Martin Liu
a13a1663fd [automerger skipped] Move compaction_proactiveness to vendor sepolicy am: d1adbe0cb2 -s ours 
am skip reason: Merged-In I14cff8dfe4e143995b9011cd34a1e7d74613ae33 with SHA-1 d6d4a779e5 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/29091424

Change-Id: Ied82c7da10415424f42bd7101bbe7c6ece892f0b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-01 15:28:58 +00:00
Martin Liu
d1adbe0cb2 Move compaction_proactiveness to vendor sepolicy 
Move compaction_proactiveness sepolicy from the system
to vendor since it breaks other vendors.

Bug: 361985704
Test: check knob value
Flag: NONE sepolicy doesn't support flag
Change-Id: I14cff8dfe4e143995b9011cd34a1e7d74613ae33
Merged-In: I14cff8dfe4e143995b9011cd34a1e7d74613ae33
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-09-01 08:06:04 +00:00
Kiwon Park
69797e03ca Add eSIM directory and disable bootstrap when bootloader is unlocked in user build 
Allow vendor_init to set setupwizard prop
Allow priv_app and gmscore_app to get setupwizard prop
<11>[    7.276992][  T329] init: Unable to set property 'setupwizard.feature.provisioning_profile_mode' from uid:0 gid:0 pid:330: SELinux permission check failed

08-28 15:35:42.536 10156  5884  5884 W oid.setupwizard: type=1400 audit(0.0:63): avc:  denied  { read } for  name="u:object_r:setupwizard_feature_prop:s0" dev="tmpfs" ino=335 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:setupwizard_feature_prop:s0 tclass=file permissive=0 app=com.google.android.setupwizard

08-28 15:11:52.015 10185  6915  6915 W highpool[8]: type=1400 audit(0.0:17): avc:  denied  { read } for  name="u:object_r:setupwizard_feature_prop:s0" dev="tmpfs" ino=339 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:setupwizard_feature_prop:s0 tclass=file permissive=0 app=com.google.android.gms

Bug: 349592724
Test: m
Change-Id: I8330c9f6f9efd215ec4ea1f7d3d6ff5596773e21
Flag: NONE disabling a feature just in factory
 2024-08-30 10:28:16 -07:00
Treehugger Robot
d1dfe55442 Merge "Move compaction_proactiveness to vendor sepolicy" into main 2024-08-30 10:50:43 +00:00
Dennis Song
c9fb05a230 [automerger skipped] Explicitly set user root for the gs_watchdogd service. am: f25cb6895f am: 6c82faf70b -s ours 
am skip reason: Merged-In I36a3a67dc357f608b33a131a4e5f6fd6defb91e5 with SHA-1 c0b820e056 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3250951

Change-Id: I0e5a8cbb986a06a2e55ab58ee1c80b53fca96f2b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-08-30 09:58:38 +00:00
Dennis Song
6c82faf70b Explicitly set user root for the gs_watchdogd service. am: f25cb6895f 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3250951

Change-Id: I58b8abe45d82b6ea620d6e623c4716785a992c76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-08-30 09:29:18 +00:00
Dennis Song
f25cb6895f Explicitly set user root for the gs_watchdogd service. 
Otherwise host_init_verifier would fail.

Bug: 362447627
Test: Treehugger
Merged-In: I36a3a67dc357f608b33a131a4e5f6fd6defb91e5
Change-Id: I36a3a67dc357f608b33a131a4e5f6fd6defb91e5
 2024-08-30 08:27:36 +00:00
Dennis Song
37238f4cff Merge "Explicitly set user root for the gs_watchdogd service." into main 2024-08-30 08:24:56 +00:00
Martin Liu
d6d4a779e5 Move compaction_proactiveness to vendor sepolicy 
Move compaction_proactiveness sepolicy from the system
to vendor since it breaks other vendors.

Bug: 361985704
Test: check knob value
Flag: NONE sepolicy doesn't support flag
Change-Id: I14cff8dfe4e143995b9011cd34a1e7d74613ae33
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-08-30 07:21:16 +00:00
Cheng Chang
f71ff2ba7c gps: Allow gnss hal access vendor_gps_prop 
avc:  denied  { read } for  name="u:object_r:vendor_gps_prop:s0" dev="tmpfs" ino=421 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_gps_prop:s0 tclass=file permissive=0

Bug: 335354369
Test: Check avc logcat.
Change-Id: Idfc885c6d54a9a5160643ff53f3e278ee067b286
 2024-08-30 06:05:32 +00:00
Tommy Chiu
15ed5c639e Move PRODUCT_COPY_FILES from each board>device-vendor.mk here 
We used to put the firmware copy logic in dedicated device-vendor.mk
files for each platform. This approach is difficult to maintain and
unnecessary since we always want to deploy the latest firmware.
Propose a better approach for handling firmware copy logic.

Flag: EXEMPT refactor
Bug: 359071523
Test: Build pass
Change-Id: I4169353b9f8f16b82eb0e4ebf2a884f46e1a5f8b
 2024-08-30 04:28:47 +00:00
Dennis Song
c0b820e056 Explicitly set user root for the gs_watchdogd service. 
Otherwise host_init_verifier would fail.

Bug: 362447627
Test: Treehugger
Flag: EXEMPT bugfix
Change-Id: I36a3a67dc357f608b33a131a4e5f6fd6defb91e5
 2024-08-30 03:42:06 +00:00
Randall Huang
1ae1d53973 Merge "storage: fix idle-maint avc denials." into main 2024-08-29 02:51:57 +00:00
Treehugger Robot
d9667c65f6 Merge "storage: allow mkfs/fsck for vendor partitons" into main 2024-08-29 02:51:23 +00:00
Frank Yu
d03036bdef Merge "Move hal_radio_ext_service related policy of grilservice_app to gs-common." into main 2024-08-29 01:52:23 +00:00
Randall Huang
df4a5f7b48 storage: allow mkfs/fsck for vendor partitons 
avc:  denied  { read } for  name="sda7" dev="tmpfs" ino=1173 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/dev/block/sda7" dev="tmpfs" ino=1173 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { write } for  name="sda7" dev="tmpfs" ino=1173 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { ioctl } for  path="/dev/block/sda7" dev="tmpfs" ino=1173 ioctlcmd=0x1268 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { read } for  name="sda5" dev="tmpfs" ino=1010 scontext=u:r:fsck:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/dev/block/sda5" dev="tmpfs" ino=1010 scontext=u:r:fsck:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/queue/zoned" dev="sysfs" ino=100275 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc:  denied  { write } for  name="sda5" dev="tmpfs" ino=1010 scontext=u:r:fsck:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { ioctl } for  path="/dev/block/sda5" dev="tmpfs" ino=1010 ioctlcmd=0x1268 scontext=u:r:fsck:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { search } for  name="0:0:0:0" dev="sysfs" ino=100048 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { getattr } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda5/partition" dev="sysfs" ino=101272 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  name="zoned" dev="sysfs" ino=100308 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/queue/zoned" dev="sysfs" ino=100308 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1

avc:  denied  { search } for  name="0:0:0:0" dev="sysfs" ino=100048 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=1
avc:  denied  { getattr } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda10/partition" dev="sysfs" ino=102003 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  name="zoned" dev="sysfs" ino=100308 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { open } for  path="/sys/devices/platform/3c400000.ufs/host0/target0:0:0/0:0:0:0/block/sda/queue/zoned" dev="sysfs" ino=100308 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=1
avc:  denied  { read } for  name="sda5" dev="tmpfs" ino=1004 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/dev/block/sda5" dev="tmpfs" ino=1004 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { write } for  name="sda5" dev="tmpfs" ino=1004 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { ioctl } for  path="/dev/block/sda5" dev="tmpfs" ino=1004 ioctlcmd=0x1268 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { read } for  name="sda7" dev="tmpfs" ino=1199 scontext=u:r:e2fs:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { open } for  path="/dev/block/sda7" dev="tmpfs" ino=1199 scontext=u:r:e2fs:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { write } for  name="sda7" dev="tmpfs" ino=1199 scontext=u:r:e2fs:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1
avc:  denied  { ioctl } for  path="/dev/block/sda7" dev="tmpfs" ino=1199 ioctlcmd=0x1268 scontext=u:r:e2fs:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1


Bug: 361093041
Test: build pass
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0cf7210eb1b5ba1d22fb8dcb59f40cb74b98dd37)
Change-Id: I0d89d360e75335784116a4e4769d0b60699917eb
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-08-29 01:10:11 +00:00