Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2580 commits 1 branch 0 tags 325 MiB
Commit graph

2580 commits

This branch
This branch
All branches
Author SHA1 Message Date
Android Build Coastguard Worker
7993e14af2 Snap for 12644741 from 993cd00d79 to 25Q1-release 
Change-Id: Ibff35ba4e173e93b8ee6cba694098bfea3ba7c61
 2024-11-13 00:03:21 +00:00
Treehugger Robot
993cd00d79 Merge "Replace many app service permission with app_api_service" into main 2024-11-12 18:36:27 +00:00
Ocean Chen
594e90f573 Merge "Revert "storage: Defer blkio class configuration"" into main 2024-11-12 02:21:33 +00:00
Ocean Chen
3330640782 Revert "storage: Defer blkio class configuration" 
This patch change the I/O schedulor back to mq-deadline before boot completed.

Bug:374905027
Test: forrest run

This reverts commit 0af034bf9f.

Change-Id: Ie49fb8a62d6fdb8da112e83d5a8e3551b0072379
 2024-11-12 02:21:23 +00:00
Android Build Coastguard Worker
a092a1d146 Snap for 12637843 from ea38f5c687 to 25Q1-release 
Change-Id: I1c8956ef66e1054578a1874c5a39695bb59f4943
 2024-11-12 00:03:06 +00:00
timmyli
872e432821 Replace many app service permission with app_api_service 
We don't need to grant permissions to all these things. Just
app_api_service is enough.

Bug: 363018500
Test: manual test with GCA Eng
Flag: EXEMPT add permissions
Change-Id: I2457b54b244b2739e89393f52442afd4544418f1

11-08 00:33:23.429   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.436   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=display scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.439   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=network_management scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.453   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=connectivity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.457   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=netstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.470   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.488   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=jobscheduler scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.502   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=shortcut scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:shortcut_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.604   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=notification scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.606   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.627   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=content_capture scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=gpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=activity_task scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.643   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=sensorservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.644   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=virtualdevice_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=device_policy scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=batterystats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.653   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=powerstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:powerstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.662   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=trust scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.677   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=device_state scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.718   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=vibrator_manager scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:vibrator_manager_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.724   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=input_method scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_method_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.732   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=power scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.733   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=thermalservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.784   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.786   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=autofill scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.795   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=graphicsstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:graphicsstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=performance_hint scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.835   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=clipboard scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.029   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.130   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=backup scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.160   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=audio scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.368   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1555): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1556): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.650   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.872   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=package_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:26.556   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=input scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_service:s0 tclass=service_manager permissive=1
11-08 00:33:34.977   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=storagestats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:storagestats_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.547   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.593   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1681): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1682): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.726   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1

Change-Id: I91235f2f699fd07107eaa11174beee895559770e
 2024-11-11 18:00:58 +00:00
Snehal Koukuntla
ea38f5c687 Add widevine SELinux permissions for L1 
839   839 I android.hardwar: type=1400 audit(0.0:982): avc:  denied  { read } for  name="system" dev="tmpfs" ino=1313 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1

Bug: 363181505
Flag: EXEMPT bugfix
Change-Id: Ib9391b24f03a7306b8ba42c960d4c77c5bf148e8
 2024-11-08 17:04:21 +00:00
Android Build Coastguard Worker
79c1d9921a Snap for 12623742 from ba53a62a59 to 25Q1-release 
Change-Id: Id34703b961eb399d7dc8e96a98ff4de67494048a
 2024-11-08 00:03:23 +00:00
Android Build Coastguard Worker
8abc2c9922 Snap for 12616459 from 84d3523c6c to 25Q1-release 
Change-Id: I9f28c10af64d538ea66fe5f0cd258607d88312e0
 2024-11-07 00:06:14 +00:00
Timmy Li
ba53a62a59 Revert^2 "Add more access for GCA to edgetpu" 
This reverts commit 84d3523c6c.

Reason for revert: Remerge attempt after fixing build error.

Bug: 361092857
Test: manual test with GCA for permissions
Flag: EXEMPT add permissions

11-06 03:01:49.736   719   719 W binder:719_3: type=1400 audit(0.0:710): avc:  denied  { read write } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0

Change-Id: I89ec01928edc4fcb4832d2da84c442354a65c25c
 2024-11-06 18:24:20 +00:00
ELIYAZ MOMIN (xWF)
84d3523c6c Revert "Add more access for GCA to edgetpu" 
This reverts commit 132ad09bce.

Reason for revert: <Potential culprit for b/377693729  - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Change-Id: Ic0cf086e2dc3aad19b1e0965873f9966ad7e6c29
 2024-11-06 16:54:52 +00:00
timmyli
132ad09bce Add more access for GCA to edgetpu 
Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions

11-06 03:01:49.736   719   719 W binder:719_3: type=1400 audit(0.0:710): avc:  denied  { read write } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0

Change-Id: I2ef4ac39645179fe2a2ec1d7aeac928a43a01a61
 2024-11-06 08:47:39 +00:00
Timmy Li
5f7aae6dac Merge "Consolidate gca permissions inside gs-common" into main 2024-11-06 03:53:26 +00:00
Frank Yu
4cea32f400 Merge "Allow grilservice_app to binder call twoshay" into main 2024-11-06 03:25:18 +00:00
Android Build Coastguard Worker
066da71397 Snap for 12609205 from 91ee7dae60 to 25Q1-release 
Change-Id: I88a4444efeb51f6baa290b9a1d65562477472e4a
 2024-11-06 00:03:52 +00:00
timmyli
cb2c9c91c1 Consolidate gca permissions inside gs-common 
SeLinux team is making an effort to have a general set of permissions
inside gs-common for GCA as oppose to having a new google_camera_app.te
for each device generation. Move the next gen permissions to the gs-common.

Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions

11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:665): avc:  denied  { read write } for  name="gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:666): avc:  denied  { open } for  path="/dev/gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:667): avc:  denied  { ioctl } for  path="/dev/gxp" dev="tmpfs" ino=1545 ioctlcmd=0xee06 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera

11-05 16:15:05.062   332   332 E SELinux : avc:  denied  { find } for pid=5586 uid=10155 name=com.google.edgetpu.IEdgeTpuAppService/default scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_app_service:s0 tclass=service_manager permissive=1
11-05 16:15:06.356  5586  5586 I frame-quality-s: type=1400 audit(0.0:554): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 ioctlcmd=0xed23 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera

Change-Id: Ie38edbf7e2fecf6bc45605a947ad6fc63d4f4378
 2024-11-05 21:57:22 +00:00
Timmy Li
91ee7dae60 Merge "Add permissions for GCA to access various services" into main 2024-11-05 19:37:39 +00:00
Treehugger Robot
ff585df52b Merge "Allow fingerprint HAL to access IGoodixFingerprintDaemon" into main 2024-11-05 10:34:29 +00:00
KRIS CHEN
8d4f1c1f07 Allow fingerprint HAL to access IGoodixFingerprintDaemon 
Fix the following avc denial:
avc:  denied  { add } for pid=1285 uid=1000 name=vendor.goodix.hardware.biometrics.fingerprint.IGoodixFingerprintDaemon/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0

Flag: EXEMPT NDK
Bug: 376602341
Test: boot with no relevant error
Change-Id: I12b5824d239bb3b55bb82fb50b9f6fc4c38b36c5
 2024-11-05 09:31:29 +00:00
timmyli
5c50ccab62 Add permissions for GCA to access various services 
app_api_service gives access to blanket app service permissions. The
more specific ones are listed in logs below.

Bug: 370899024
Bug: 375958865
Test: manual test with GCA to verify permissions
Flag: EXEMPT refactor

Specific logs:
11-05 01:13:34.640   332   332 E SELinux : avc:  denied  { find } for pid=5493 uid=10155 name=media.player scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1
11-05 01:13:34.641   332   332 E SELinux : avc:  denied  { find } for pid=5493 uid=10155 name=media.camera scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
11-05 01:29:31.002   326   326 E SELinux : avc:  denied  { find } for pid=5465 uid=10155 name=media.metrics scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=1
11-05 01:29:31.498   326   326 E SELinux : avc:  denied  { find } for pid=5465 uid=10155 name=media.extractor scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaextractor_service:s0 tclass=service_manager permissive=1
11-05 01:29:30.961   326   326 E SELinux : avc:  denied  { find } for
pid=5465 uid=10155 name=media.audio_flinger
scontext=u:r:google_camera_app:s0:c155,c256,c512,c768
tcontext=u:object_r:audioserver_service:s0 tclass=service_manager
permissive=1

Logs from app services blanket granted by app_api_service
10-28 02:25:22.057   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=content scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.953   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=connectivity scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.577   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=power scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.062   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=notification scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.988   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=appops scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:appops_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.014   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=user scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:user_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.852   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=display scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.998   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=jobscheduler scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.855   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=network_management scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
10-02 05:40:18.428   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=content_capture scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.270   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=device_policy scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.215   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=sensorservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
10-02 05:40:18.166   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=netstats scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.219   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=virtualdevice_native scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.230   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=thermalservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.224   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=media.camera scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.214   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=media.player scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.485   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=backup scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
10-02 05:40:17.920   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=activity scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.511   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=device_state scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1

Change-Id: I9bd98af328f948152c89f9f2c3a066a951f4aaad
 2024-11-05 06:48:54 +00:00
Enzo Liao
31cb3f5521 Merge "RamdumpService: Update the SELinux policy for Flood Control to use Firebase Cloud Firestore." into main 2024-11-05 03:38:08 +00:00
Android Build Coastguard Worker
f82c4a9a47 Snap for 12602378 from 4ec2ce09c4 to 25Q1-release 
Change-Id: Ifa825bd207fe0d7aaaac9220fa7fd1ba4bef165a
 2024-11-05 00:03:55 +00:00
Treehugger Robot
4ec2ce09c4 Merge "[USB Audio] Fix SEPolicy issue" into main 2024-11-04 03:28:24 +00:00
Frank Yu
50930b4181 Allow grilservice_app to binder call twoshay 
avc error log:

[   37.308566] type=1400 audit(1730161331.968:20): avc:  denied  { call } for  comm="pool-3-thread-1" scontext=u:r:grilservice_app:s0:c253,c256,c512,c768 tcontext=u:r:twoshay:s0 tclass=binder permissive=0 bug=b/375564898 app=com.google.android.grilservice

Flag: EXEMPT bugfix
Bug: 375564898
Change-Id: I7bd57884763e255be57455b138e306c904bc66e1
 2024-11-01 09:04:43 +00:00
Enzo Liao
8ad4c5c9b9 RamdumpService: Update the SELinux policy for Flood Control to use Firebase Cloud Firestore. 
Bug: 369260803
Design: go/fc-app-server
Flag: NONE N/A
Change-Id: Iebc91446aad59e2ed4e995fc5fc8fd3a45e0dc6f
 2024-11-01 11:55:32 +08:00
Android Build Coastguard Worker
ca94d03179 Snap for 12587146 from 6a2ff60cdf to 25Q1-release 
Change-Id: I160412d97490985e2fee569efdb513ae5537a65e
 2024-10-31 23:02:36 +00:00
Lucas Wei
6a2ff60cdf Merge "Introduce dump_chip_info module" into main 2024-10-31 05:29:28 +00:00
Lucas Wei
0a17acae18 Introduce dump_chip_info module 
Introduce dump_chip_info dumper to dump driver information of chip-info
and required sepolicy.

[ 9819.206787][  T335] type=1400 audit(1729750876.372:4710): avc:
denied  { execute_no_trans } for  comm="android.hardwar"
path="/vendor/bin/dump/dump_chip_info" dev="dm-11" ino=79
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0
tclass=file permissive=1
[ 9819.231374][  T335] type=1400 audit(1729750876.384:4711): avc:
denied  { getattr } for  comm="dump_chip_info" path="pipe:[1038881]"
dev="pipefs" ino=1038881 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:r:shell:s0 tclass=fifo_file permissive=1

Flag: EXEMPT, change source of chipid
Bug: 298883728
Change-Id: I0ff6edf98548de4b93c9eeee005ab2e7b365cf7f
 2024-10-30 01:54:29 +00:00
Android Build Coastguard Worker
de94bf2ded Snap for 12573674 from 16cae5b0bc to 25Q1-release 
Change-Id: I6558b839db8cbb6754fe3d61bf3cf99900eb0b06
 2024-10-29 23:03:58 +00:00
Kiwon Park
16cae5b0bc Merge "Disable bootstrap for UGS devices (sold in Canada)" into main 2024-10-29 18:36:24 +00:00
Joner Lin
89a81be220 Merge "add sepolicy rules for bluetooth common hal dumpstate" into main 2024-10-29 08:34:45 +00:00
Joner Lin
dc6f3713ce Merge "add bluetooth common hal sepolicy rules for bt subsystem crash info files" into main 2024-10-29 04:04:57 +00:00
Android Build Coastguard Worker
a8ee8082d3 Snap for 12565212 from 9590adf0c7 to 25Q1-release 
Change-Id: I188fe30e648ac27fadee2f484131bfad57caffa9
 2024-10-28 23:03:30 +00:00
jonerlin
62abd5daf8 add sepolicy rules for bluetooth common hal dumpstate 
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1002): avc:  denied  { search } for  comm="dump_bt" name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1002): avc:  denied  { search } for  name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1003): avc:  denied  { write } for  comm="dump_bt" name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1003): avc:  denied  { write } for  name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1004): avc:  denied  { add_name } for  comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1004): avc:  denied  { add_name } for  name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1005): avc:  denied  { create } for  comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1005): avc:  denied  { create } for  name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1006): avc:  denied  { read } for  comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1006): avc:  denied  { read } for  name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1005): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1005): avc:  denied  { open } for  path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1006): avc:  denied  { read } for  comm="dump_bt" name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1006): avc:  denied  { read } for  name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1007): avc:  denied  { search } for  comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1007): avc:  denied  { search } for  name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1008): avc:  denied  { read } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1008): avc:  denied  { read } for  name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1009): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1009): avc:  denied  { open } for  path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1015): avc:  denied  { create } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1015): avc:  denied  { create } for  name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1016): avc:  denied  { write open } for  comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1016): avc:  denied  { write open } for  path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1017): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1017): avc:  denied  { getattr } for  path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1018): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1018): avc:  denied  { getattr } for  path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:42.000000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1019): avc:  denied  { search } for  comm="dump_bt" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-27 21:03:42.000000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1019): avc:  denied  { search } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1062): avc:  denied  { read } for  comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1062): avc:  denied  { read } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1063): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1063): avc:  denied  { open } for  path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1064): avc:  denied  { search } for  comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1064): avc:  denied  { search } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1065): avc:  denied  { read } for  comm="dump_bt" name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1065): avc:  denied  { read } for  name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1066): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1066): avc:  denied  { open } for  path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 07:01:56.708000  1000  7681  7681 I auditd  : type=1400 audit(0.0:1019): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 07:01:56.708000  1000  7681  7681 I dump_bt : type=1400 audit(0.0:1019): avc:  denied  { getattr } for  path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:985): avc:  denied  { read } for  comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:985): avc:  denied  { read } for  name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:986): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:986): avc:  denied  { open } for  path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:987): avc:  denied  { search } for  comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:987): avc:  denied  { search } for  name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:988): avc:  denied  { read } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:988): avc:  denied  { read } for  name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1

Bug: 373526518
Bug: 372146292
Test: build pass, get bugreport and check bt dumpstate log files
Flag: EXEMPT, mechanical change.
Change-Id: I65025ffdac1c3017c494ae2a9fe8deeb5c7ce970
 2024-10-28 14:51:40 +00:00
Joner Lin
9590adf0c7 Merge "bt: add dumpstate for bluetooth common hal" into main 2024-10-28 14:15:47 +00:00
jonerlin
1de5b57908 add bluetooth common hal sepolicy rules for bt subsystem crash info files 
10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:131): avc:  denied  { write } for  comm="binder:894_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:131): avc:  denied  { write } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:132): avc:  denied  { add_name } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:132): avc:  denied  { add_name } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:133): avc:  denied  { create } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:133): avc:  denied  { create } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I auditd  : type=1400 audit(0.0:134): avc:  denied  { read write open } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I binder:894_2: type=1400 audit(0.0:134): avc:  denied  { read write open } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I auditd  : type=1400 audit(0.0:135): avc:  denied  { setattr } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I binder:894_2: type=1400 audit(0.0:135): avc:  denied  { setattr } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2065): avc:  denied  { open } for  comm="binder:894_2" path="/data/vendor/ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2065): avc:  denied  { open } for  path="/data/vendor/ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2066): avc:  denied  { read } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2066): avc:  denied  { read } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2067): avc:  denied  { open } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2067): avc:  denied  { open } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2068): avc:  denied  { getattr } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2068): avc:  denied  { getattr } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-23 13:34:22.912   873   873 I binder:873_3: type=1400 audit(0.0:5105): avc:  denied  { read } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
[  354.876922] type=1400 audit(1729656523.440:124): avc:  denied  { search } for  comm="binder:873_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
[  738.332303] type=1400 audit(1729656906.896:2087): avc:  denied  { read } for  comm="binder:873_3" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1

Bug: 374695851
Test: build pass, make bt crash and get the bugreport
Flag: EXEMPT, internal cleanup.
Change-Id: If9c4064fe71bfc0b1055bc953a1b2e22978e1938
 2024-10-28 12:10:33 +00:00
jonerlin
952e4d7841 bt: add dumpstate for bluetooth common hal 
Bug: 373526518
Bug: 372146292
Test: build pass, get bugreport and check bt dumpstate log files
Flag: EXEMPT, mechanical change.
Change-Id: I63cf188014696e830160ebc7acaeead79520c5b4
 2024-10-28 01:14:01 +00:00
Android Build Coastguard Worker
600b20a2b7 Snap for 12561555 from d9f390d180 to 25Q1-release 
Change-Id: Ie66e9963997589f45de2e0ecf04f274109aaaa4b
 2024-10-26 21:02:23 +00:00
Florian Mayer
d9f390d180 Remove mitchp from OWNERS am: cea50c9a35 am: 807b201e0d 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3321033

Change-Id: I18642110a1acdd8b02bd0613cd2805359a34cdbf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-26 01:43:14 +00:00
Florian Mayer
807b201e0d Remove mitchp from OWNERS am: cea50c9a35 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3321033

Change-Id: I270f087f593d214429eea2004efc2e49eba05277
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-26 01:21:48 +00:00
Android Build Coastguard Worker
b88282cb85 Snap for 12559614 from 22c1045a5c to 25Q1-release 
Change-Id: Iae7db9a4e4ed6f69ce6015f64c95b537f4846d35
 2024-10-26 01:07:52 +00:00
Nick Kralevich
22c1045a5c mte: add nnk@google.com to OWNERS am: b7d645e1b4 am: 82dd63c79c 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3320735

Change-Id: Iec8e8d3bd0db452755f4c83405da185a55bd2479
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-25 18:42:59 +00:00
Nick Kralevich
82dd63c79c mte: add nnk@google.com to OWNERS am: b7d645e1b4 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3320735

Change-Id: I045ae89a04542e70933a9a986c0d24255e0ae59f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-25 18:22:55 +00:00
Florian Mayer
cea50c9a35 Remove mitchp from OWNERS 
Change-Id: Ib22ad3ae3a6ad1634618d2e04bda363d318c95cd
 2024-10-25 17:58:48 +00:00
Nick Kralevich
b7d645e1b4 mte: add nnk@google.com to OWNERS 
That way I can help with reviews and other MTE changes.

Test: not needed. OWNERS file change only
Change-Id: I1fb75c2e1347c4085eb614f858b4fb57dd462ad1
 2024-10-25 10:55:23 -07:00
Wilson Sung
11ddfc3f82 Merge changes from topic "375108715" into main 
* changes:
  Move camera type back to project
  Remove the duplicate gxp rule
 2024-10-25 06:35:38 +00:00
Treehugger Robot
268ba1bac8 Merge "insmod.sh: Support 'rmmod' directive" into main 2024-10-24 20:05:47 +00:00
Wilson Sung
4352bbc13d Move camera type back to project 
Bug: 375108715
Test: build
Flag: EXEMPT bugfix
Change-Id: I3fe71ed2249903e703590c43ae675d67588a87a5
 2024-10-24 11:18:51 +00:00
Wilson Sung
69ffa902be Remove the duplicate gxp rule 
Bug: 375108715
Test: build
Flag: EXEMPT bugfix
Change-Id: I8d4aa27c963709a91b1284921a20d7fc5d369d89
 2024-10-24 08:05:26 +00:00
Android Build Coastguard Worker
bd6c469fc0 Snap for 12543847 from ca74f2730a to 25Q1-release 
Change-Id: Ib76ed9fdaeaeddafcf5d9c1eb6f5e41669200b69
 2024-10-23 23:02:53 +00:00