Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2829 commits 1 branch 0 tags 325 MiB
Commit graph

2829 commits

This branch
This branch
All branches
Author SHA1 Message Date
Madhav Iyengar
36f37eaf3b Merge "Give ContextHub HAL access to AOC version" into main 2024-11-15 21:51:42 +00:00
Kai Hsieh
3c9ee42c23 Merge "Revert^2 "Add GIA (Google Input interface Abstraction laye..."" into main 2024-11-15 05:32:43 +00:00
Kai Hsieh
97586506bb Revert^2 "Add GIA (Google Input interface Abstraction laye..." 
Revert submission 30378113-revert-29512389-gia-PMLMEKURMT

Reason for revert: Revert to fix the issue that GIA cannot be started in caimen-next-userdbg

Reverted changes: /q/submissionid:30378113-revert-29512389-gia-PMLMEKURMT
Bug: 367881686
Change-Id: Iecc4738c10dfe244bea02611f1926a9f6264a46c
 2024-11-14 10:10:46 +00:00
Cheng Chang
303cf04de1 sepolicy: Allow hal_gnss_pixel create file 
[ 7564.504317] type=1400 audit(1731556655.872:63): avc:  denied  { create } for  comm="android.hardwar" name="android.hardware.gnss-service.pixel" scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_gps_file:s0 tclass=file permissive=0 bug=b/378004800

flag: EXEMPT the function has been verified at userdebug ROM.
Bug: 378004800
Bug: 377446770
Test: b/378004800 abtd to check sepolicy
Test: b/377446770#comment1 verified the coredump function on user ROM.
Change-Id: If5cbe1dfde904f7d1eb0daaa53fa6bef19161f01
 2024-11-14 09:42:15 +00:00
Xin Li
efc0fc73ea [automerger skipped] Merge 24Q4 (ab/12406339) into aosp-main-future am: 61302f297c -s ours 
am skip reason: Merged-In Idd70cf3d846fad1a25060ebfb6ae6a99599fd861 with SHA-1 d43a6e1c5a is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/30284589

Change-Id: I323ceafb8b8140a941b906990b0cb63e3c941515
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-11-13 23:00:57 +00:00
Madhav Iyengar
e546ba5bae Give ContextHub HAL access to AOC version 
Required to gate use of the new ContextHub HAL <-> CHRE transport on the
availability of a bugfix in AOC.

Bug: 378367295
Flag: android.chre.flags.efw_xport_in_context_hub
Test: ...
Change-Id: Ibd5e3d20b7e5c14ea2200d85c179a4e96eb3b65a
 2024-11-13 21:07:38 +00:00
Kai Hsieh
6e5b6a6998 Merge "Revert "Add GIA (Google Input interface Abstraction layer) relat..."" into main 2024-11-13 14:42:35 +00:00
ELIYAZ MOMIN (xWF)
c68ac049e1 Revert "Add GIA (Google Input interface Abstraction layer) relat..." 
Revert submission 29512389-gia

Reason for revert: <Potential culprit for b/378865024  - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Reverted changes: /q/submissionid:29512389-gia

Change-Id: Ia4fd036130e54a5573efbd02a044631232561ea1
 2024-11-13 14:06:24 +00:00
Treehugger Robot
cad0ccbb94 Merge "Introduce Pixel mailbox module" into main 2024-11-13 08:49:49 +00:00
Lucas Wei
f39a955d95 Introduce Pixel mailbox module 
Introduce Pixel mailbox module to dump debugging messages and integrate
with bugreport.
This patch also create sepolicy files to avoid avc denied.

avc:  denied  { search } for  comm="dump_mailbox" name="radio" dev="dm-57" ino=375 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
avc:  denied  { search } for  comm="dump_mailbox" name="instances" dev="tracefs" ino=4203 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
avc:  denied  { read } for  comm="dump_mailbox" name="trace" dev="tracefs" ino=7250 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1
avc:  denied  { open } for  comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=7187 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_traci
avc:  denied  { create } for  comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { write open } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=29097 scontext=u:r:dump_mailbox:s0 tcontex=1
avc:  denied  { getattr } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=29097 scontext=u:r:dump_mailbox:s0 tcontext=ut=5 audit_backlog_limit=64
=1
avc:  denied  { read } for  comm="dump_mailbox" name="trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc:  denied  { open } for  comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc:  denied  { create } for  comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { write open } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=30937 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { getattr } for  comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1
avc:  denied  { getattr } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=30937 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { create } for  comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclas(6 results) 15:39:41 [4796/19306]
avc:  denied  { write open } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=32864 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
avc:  denied  { getattr } for  comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=32864 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1

Flag: EXEMPT, add mailbox dump program to bugreport
Bug: 363168077
Change-Id: I622f37bf8f913df8d9b242ab206fc267d446753d
 2024-11-13 07:52:03 +00:00
Kai Hsieh
9c0119a3d2 Merge "Add GIA (Google Input interface Abstraction layer) related SEPolicy rules and AIDL compatibility matrices." into main 2024-11-13 07:05:58 +00:00
timmyli
cfedcac7d7 Remove bug comment 
Bug: 363018500
Test: comment only
Flag: EXEMPT remove comment
Change-Id: I86ed9f0e7ed5b3741b23afffb2d7440683f34eb0
 2024-11-12 18:40:13 +00:00
Treehugger Robot
993cd00d79 Merge "Replace many app service permission with app_api_service" into main 2024-11-12 18:36:27 +00:00
Ocean Chen
594e90f573 Merge "Revert "storage: Defer blkio class configuration"" into main 2024-11-12 02:21:33 +00:00
Ocean Chen
3330640782 Revert "storage: Defer blkio class configuration" 
This patch change the I/O schedulor back to mq-deadline before boot completed.

Bug:374905027
Test: forrest run

This reverts commit 0af034bf9f.

Change-Id: Ie49fb8a62d6fdb8da112e83d5a8e3551b0072379
 2024-11-12 02:21:23 +00:00
timmyli
872e432821 Replace many app service permission with app_api_service 
We don't need to grant permissions to all these things. Just
app_api_service is enough.

Bug: 363018500
Test: manual test with GCA Eng
Flag: EXEMPT add permissions
Change-Id: I2457b54b244b2739e89393f52442afd4544418f1

11-08 00:33:23.429   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.436   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=display scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.439   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=network_management scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.453   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=connectivity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.457   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=netstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.470   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.488   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=jobscheduler scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.502   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=shortcut scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:shortcut_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.604   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=notification scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.606   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.627   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=content_capture scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=gpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=activity_task scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.643   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=sensorservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.644   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=virtualdevice_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=device_policy scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=batterystats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.653   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=powerstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:powerstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.662   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=trust scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.677   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=device_state scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.718   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=vibrator_manager scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:vibrator_manager_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.724   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=input_method scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_method_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.732   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=power scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.733   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=thermalservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.784   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.786   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=autofill scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.795   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=graphicsstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:graphicsstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=performance_hint scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.835   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=clipboard scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.029   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.130   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=backup scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.160   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=audio scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.368   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1555): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1556): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.650   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.872   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=package_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:26.556   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=input scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_service:s0 tclass=service_manager permissive=1
11-08 00:33:34.977   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=storagestats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:storagestats_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.547   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.593   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1681): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1682): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.726   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1

Change-Id: I91235f2f699fd07107eaa11174beee895559770e
 2024-11-11 18:00:58 +00:00
Snehal Koukuntla
ea38f5c687 Add widevine SELinux permissions for L1 
839   839 I android.hardwar: type=1400 audit(0.0:982): avc:  denied  { read } for  name="system" dev="tmpfs" ino=1313 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1

Bug: 363181505
Flag: EXEMPT bugfix
Change-Id: Ib9391b24f03a7306b8ba42c960d4c77c5bf148e8
 2024-11-08 17:04:21 +00:00
Zhengyuan Cui
2f08dd633a Allow command line tools to access Tachyon service in user builds. 
Bug: 377528455
Change-Id: I878e960b32af45030cebf73e9138752506c37953
Flag: tachyon
 2024-11-06 20:40:46 +00:00
Xin Li
61302f297c Merge 24Q4 (ab/12406339) into aosp-main-future 
Bug: 370570306
Merged-In: Idd70cf3d846fad1a25060ebfb6ae6a99599fd861
Change-Id: I254edf09968accebbee718cb5494612d0e5031e7
 2024-11-06 10:31:19 -08:00
Timmy Li
ba53a62a59 Revert^2 "Add more access for GCA to edgetpu" 
This reverts commit 84d3523c6c.

Reason for revert: Remerge attempt after fixing build error.

Bug: 361092857
Test: manual test with GCA for permissions
Flag: EXEMPT add permissions

11-06 03:01:49.736   719   719 W binder:719_3: type=1400 audit(0.0:710): avc:  denied  { read write } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0

Change-Id: I89ec01928edc4fcb4832d2da84c442354a65c25c
 2024-11-06 18:24:20 +00:00
ELIYAZ MOMIN (xWF)
84d3523c6c Revert "Add more access for GCA to edgetpu" 
This reverts commit 132ad09bce.

Reason for revert: <Potential culprit for b/377693729  - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Change-Id: Ic0cf086e2dc3aad19b1e0965873f9966ad7e6c29
 2024-11-06 16:54:52 +00:00
timmyli
132ad09bce Add more access for GCA to edgetpu 
Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions

11-06 03:01:49.736   719   719 W binder:719_3: type=1400 audit(0.0:710): avc:  denied  { read write } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0

Change-Id: I2ef4ac39645179fe2a2ec1d7aeac928a43a01a61
 2024-11-06 08:47:39 +00:00
Timmy Li
5f7aae6dac Merge "Consolidate gca permissions inside gs-common" into main 2024-11-06 03:53:26 +00:00
Frank Yu
4cea32f400 Merge "Allow grilservice_app to binder call twoshay" into main 2024-11-06 03:25:18 +00:00
timmyli
cb2c9c91c1 Consolidate gca permissions inside gs-common 
SeLinux team is making an effort to have a general set of permissions
inside gs-common for GCA as oppose to having a new google_camera_app.te
for each device generation. Move the next gen permissions to the gs-common.

Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions

11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:665): avc:  denied  { read write } for  name="gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:666): avc:  denied  { open } for  path="/dev/gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:667): avc:  denied  { ioctl } for  path="/dev/gxp" dev="tmpfs" ino=1545 ioctlcmd=0xee06 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera

11-05 16:15:05.062   332   332 E SELinux : avc:  denied  { find } for pid=5586 uid=10155 name=com.google.edgetpu.IEdgeTpuAppService/default scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_app_service:s0 tclass=service_manager permissive=1
11-05 16:15:06.356  5586  5586 I frame-quality-s: type=1400 audit(0.0:554): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 ioctlcmd=0xed23 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera

Change-Id: Ie38edbf7e2fecf6bc45605a947ad6fc63d4f4378
 2024-11-05 21:57:22 +00:00
Timmy Li
91ee7dae60 Merge "Add permissions for GCA to access various services" into main 2024-11-05 19:37:39 +00:00
Treehugger Robot
ff585df52b Merge "Allow fingerprint HAL to access IGoodixFingerprintDaemon" into main 2024-11-05 10:34:29 +00:00
Android Build Coastguard Worker
0eedc805e0 Snap for 12605939 from 31cb3f5521 to mainline-tzdata6-release 
Change-Id: I52e4a8f9924ba01518dc96884db8e3b08e79a935
 2024-11-05 10:09:33 +00:00
KRIS CHEN
8d4f1c1f07 Allow fingerprint HAL to access IGoodixFingerprintDaemon 
Fix the following avc denial:
avc:  denied  { add } for pid=1285 uid=1000 name=vendor.goodix.hardware.biometrics.fingerprint.IGoodixFingerprintDaemon/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0

Flag: EXEMPT NDK
Bug: 376602341
Test: boot with no relevant error
Change-Id: I12b5824d239bb3b55bb82fb50b9f6fc4c38b36c5
 2024-11-05 09:31:29 +00:00
timmyli
5c50ccab62 Add permissions for GCA to access various services 
app_api_service gives access to blanket app service permissions. The
more specific ones are listed in logs below.

Bug: 370899024
Bug: 375958865
Test: manual test with GCA to verify permissions
Flag: EXEMPT refactor

Specific logs:
11-05 01:13:34.640   332   332 E SELinux : avc:  denied  { find } for pid=5493 uid=10155 name=media.player scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1
11-05 01:13:34.641   332   332 E SELinux : avc:  denied  { find } for pid=5493 uid=10155 name=media.camera scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
11-05 01:29:31.002   326   326 E SELinux : avc:  denied  { find } for pid=5465 uid=10155 name=media.metrics scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=1
11-05 01:29:31.498   326   326 E SELinux : avc:  denied  { find } for pid=5465 uid=10155 name=media.extractor scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaextractor_service:s0 tclass=service_manager permissive=1
11-05 01:29:30.961   326   326 E SELinux : avc:  denied  { find } for
pid=5465 uid=10155 name=media.audio_flinger
scontext=u:r:google_camera_app:s0:c155,c256,c512,c768
tcontext=u:object_r:audioserver_service:s0 tclass=service_manager
permissive=1

Logs from app services blanket granted by app_api_service
10-28 02:25:22.057   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=content scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.953   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=connectivity scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.577   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=power scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.062   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=notification scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.988   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=appops scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:appops_service:s0 tclass=service_manager permissive=1
10-28 02:25:22.014   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=user scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:user_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.852   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=display scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.998   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=jobscheduler scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
10-28 02:25:21.855   339   339 I auditd  : avc:  denied  { find } for pid=10509 uid=10149 name=network_management scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
10-02 05:40:18.428   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=content_capture scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.270   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=device_policy scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.215   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=sensorservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
10-02 05:40:18.166   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=netstats scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.219   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=virtualdevice_native scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.230   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=thermalservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.224   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=media.camera scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.214   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=media.player scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.485   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=backup scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
10-02 05:40:17.920   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=activity scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
10-02 05:40:19.511   355   355 I auditd  : avc:  denied  { find } for pid=9560 uid=10129 name=device_state scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1

Change-Id: I9bd98af328f948152c89f9f2c3a066a951f4aaad
 2024-11-05 06:48:54 +00:00
Enzo Liao
31cb3f5521 Merge "RamdumpService: Update the SELinux policy for Flood Control to use Firebase Cloud Firestore." into main 2024-11-05 03:38:08 +00:00
Treehugger Robot
4ec2ce09c4 Merge "[USB Audio] Fix SEPolicy issue" into main 2024-11-04 03:28:24 +00:00
Frank Yu
50930b4181 Allow grilservice_app to binder call twoshay 
avc error log:

[   37.308566] type=1400 audit(1730161331.968:20): avc:  denied  { call } for  comm="pool-3-thread-1" scontext=u:r:grilservice_app:s0:c253,c256,c512,c768 tcontext=u:r:twoshay:s0 tclass=binder permissive=0 bug=b/375564898 app=com.google.android.grilservice

Flag: EXEMPT bugfix
Bug: 375564898
Change-Id: I7bd57884763e255be57455b138e306c904bc66e1
 2024-11-01 09:04:43 +00:00
Enzo Liao
8ad4c5c9b9 RamdumpService: Update the SELinux policy for Flood Control to use Firebase Cloud Firestore. 
Bug: 369260803
Design: go/fc-app-server
Flag: NONE N/A
Change-Id: Iebc91446aad59e2ed4e995fc5fc8fd3a45e0dc6f
 2024-11-01 11:55:32 +08:00
Lucas Wei
6a2ff60cdf Merge "Introduce dump_chip_info module" into main 2024-10-31 05:29:28 +00:00
Kai Hsieh
1f83bb110e Add GIA (Google Input interface Abstraction layer) related SEPolicy rules and AIDL compatibility matrices. 
AVC evidences:
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:24): avc:  denied  { search } for  name="goog_touch_interface" dev="sysfs" ino=110634 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=dir permissive=1
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:25): avc:  denied  { read } for  name="interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:26): avc:  denied  { open } for  path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:27): avc:  denied  { getattr } for  path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1
10-29 16:53:50.756  1305  1305 I binder:1305_2: type=1400 audit(0.0:28): avc:  denied  { write } for  name="interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1

Test: Build succeed.
Test: Manually, checked whether GIA service is started successfully via command `service list`.
Bug: 367881686
Flag: build.RELEASE_PIXEL_GIA_ENABLED
Change-Id: I8069521425ff1e830d759252bf8bf460f4dc6f32
Signed-off-by: Kai Hsieh <kaihsieh@google.com>
 2024-10-31 00:57:56 +00:00
Lucas Wei
0a17acae18 Introduce dump_chip_info module 
Introduce dump_chip_info dumper to dump driver information of chip-info
and required sepolicy.

[ 9819.206787][  T335] type=1400 audit(1729750876.372:4710): avc:
denied  { execute_no_trans } for  comm="android.hardwar"
path="/vendor/bin/dump/dump_chip_info" dev="dm-11" ino=79
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0
tclass=file permissive=1
[ 9819.231374][  T335] type=1400 audit(1729750876.384:4711): avc:
denied  { getattr } for  comm="dump_chip_info" path="pipe:[1038881]"
dev="pipefs" ino=1038881 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:r:shell:s0 tclass=fifo_file permissive=1

Flag: EXEMPT, change source of chipid
Bug: 298883728
Change-Id: I0ff6edf98548de4b93c9eeee005ab2e7b365cf7f
 2024-10-30 01:54:29 +00:00
Kiwon Park
16cae5b0bc Merge "Disable bootstrap for UGS devices (sold in Canada)" into main 2024-10-29 18:36:24 +00:00
Joner Lin
89a81be220 Merge "add sepolicy rules for bluetooth common hal dumpstate" into main 2024-10-29 08:34:45 +00:00
Joner Lin
dc6f3713ce Merge "add bluetooth common hal sepolicy rules for bt subsystem crash info files" into main 2024-10-29 04:04:57 +00:00
jonerlin
62abd5daf8 add sepolicy rules for bluetooth common hal dumpstate 
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1002): avc:  denied  { search } for  comm="dump_bt" name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1002): avc:  denied  { search } for  name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1003): avc:  denied  { write } for  comm="dump_bt" name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1003): avc:  denied  { write } for  name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1004): avc:  denied  { add_name } for  comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1004): avc:  denied  { add_name } for  name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1005): avc:  denied  { create } for  comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1005): avc:  denied  { create } for  name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1006): avc:  denied  { read } for  comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1006): avc:  denied  { read } for  name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1005): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1005): avc:  denied  { open } for  path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1006): avc:  denied  { read } for  comm="dump_bt" name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1006): avc:  denied  { read } for  name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1007): avc:  denied  { search } for  comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1007): avc:  denied  { search } for  name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1008): avc:  denied  { read } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1008): avc:  denied  { read } for  name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1009): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1009): avc:  denied  { open } for  path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1015): avc:  denied  { create } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1015): avc:  denied  { create } for  name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1016): avc:  denied  { write open } for  comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1016): avc:  denied  { write open } for  path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1017): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1017): avc:  denied  { getattr } for  path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1018): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1018): avc:  denied  { getattr } for  path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:42.000000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1019): avc:  denied  { search } for  comm="dump_bt" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-27 21:03:42.000000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1019): avc:  denied  { search } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1062): avc:  denied  { read } for  comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1062): avc:  denied  { read } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1063): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1063): avc:  denied  { open } for  path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1064): avc:  denied  { search } for  comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1064): avc:  denied  { search } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1065): avc:  denied  { read } for  comm="dump_bt" name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1065): avc:  denied  { read } for  name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1066): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1066): avc:  denied  { open } for  path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 07:01:56.708000  1000  7681  7681 I auditd  : type=1400 audit(0.0:1019): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 07:01:56.708000  1000  7681  7681 I dump_bt : type=1400 audit(0.0:1019): avc:  denied  { getattr } for  path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:985): avc:  denied  { read } for  comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:985): avc:  denied  { read } for  name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:986): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:986): avc:  denied  { open } for  path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:987): avc:  denied  { search } for  comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:987): avc:  denied  { search } for  name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:988): avc:  denied  { read } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:988): avc:  denied  { read } for  name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1

Bug: 373526518
Bug: 372146292
Test: build pass, get bugreport and check bt dumpstate log files
Flag: EXEMPT, mechanical change.
Change-Id: I65025ffdac1c3017c494ae2a9fe8deeb5c7ce970
 2024-10-28 14:51:40 +00:00
Joner Lin
9590adf0c7 Merge "bt: add dumpstate for bluetooth common hal" into main 2024-10-28 14:15:47 +00:00
jonerlin
1de5b57908 add bluetooth common hal sepolicy rules for bt subsystem crash info files 
10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:131): avc:  denied  { write } for  comm="binder:894_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:131): avc:  denied  { write } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:132): avc:  denied  { add_name } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:132): avc:  denied  { add_name } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:133): avc:  denied  { create } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:133): avc:  denied  { create } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I auditd  : type=1400 audit(0.0:134): avc:  denied  { read write open } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I binder:894_2: type=1400 audit(0.0:134): avc:  denied  { read write open } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I auditd  : type=1400 audit(0.0:135): avc:  denied  { setattr } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I binder:894_2: type=1400 audit(0.0:135): avc:  denied  { setattr } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2065): avc:  denied  { open } for  comm="binder:894_2" path="/data/vendor/ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2065): avc:  denied  { open } for  path="/data/vendor/ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2066): avc:  denied  { read } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2066): avc:  denied  { read } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2067): avc:  denied  { open } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2067): avc:  denied  { open } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2068): avc:  denied  { getattr } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2068): avc:  denied  { getattr } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-23 13:34:22.912   873   873 I binder:873_3: type=1400 audit(0.0:5105): avc:  denied  { read } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
[  354.876922] type=1400 audit(1729656523.440:124): avc:  denied  { search } for  comm="binder:873_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
[  738.332303] type=1400 audit(1729656906.896:2087): avc:  denied  { read } for  comm="binder:873_3" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1

Bug: 374695851
Test: build pass, make bt crash and get the bugreport
Flag: EXEMPT, internal cleanup.
Change-Id: If9c4064fe71bfc0b1055bc953a1b2e22978e1938
 2024-10-28 12:10:33 +00:00
jonerlin
952e4d7841 bt: add dumpstate for bluetooth common hal 
Bug: 373526518
Bug: 372146292
Test: build pass, get bugreport and check bt dumpstate log files
Flag: EXEMPT, mechanical change.
Change-Id: I63cf188014696e830160ebc7acaeead79520c5b4
 2024-10-28 01:14:01 +00:00
Florian Mayer
d9f390d180 Remove mitchp from OWNERS am: cea50c9a35 am: 807b201e0d 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3321033

Change-Id: I18642110a1acdd8b02bd0613cd2805359a34cdbf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-26 01:43:14 +00:00
Florian Mayer
807b201e0d Remove mitchp from OWNERS am: cea50c9a35 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3321033

Change-Id: I270f087f593d214429eea2004efc2e49eba05277
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-26 01:21:48 +00:00
Nick Kralevich
22c1045a5c mte: add nnk@google.com to OWNERS am: b7d645e1b4 am: 82dd63c79c 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3320735

Change-Id: Iec8e8d3bd0db452755f4c83405da185a55bd2479
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-25 18:42:59 +00:00
Nick Kralevich
82dd63c79c mte: add nnk@google.com to OWNERS am: b7d645e1b4 
Original change: https://android-review.googlesource.com/c/device/google/gs-common/+/3320735

Change-Id: I045ae89a04542e70933a9a986c0d24255e0ae59f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-25 18:22:55 +00:00
Florian Mayer
cea50c9a35 Remove mitchp from OWNERS 
Change-Id: Ib22ad3ae3a6ad1634618d2e04bda363d318c95cd
 2024-10-25 17:58:48 +00:00
Nick Kralevich
b7d645e1b4 mte: add nnk@google.com to OWNERS 
That way I can help with reviews and other MTE changes.

Test: not needed. OWNERS file change only
Change-Id: I1fb75c2e1347c4085eb614f858b4fb57dd462ad1
 2024-10-25 10:55:23 -07:00