Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Common interfaces & sepolicies for tensor-based Google Pixel devices
2552 commits 1 branch 0 tags 325 MiB
Find a file
timmyli 872e432821 Replace many app service permission with app_api_service 
We don't need to grant permissions to all these things. Just
app_api_service is enough.

Bug: 363018500
Test: manual test with GCA Eng
Flag: EXEMPT add permissions
Change-Id: I2457b54b244b2739e89393f52442afd4544418f1

11-08 00:33:23.429   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.436   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=display scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.439   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=network_management scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.453   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=connectivity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.457   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=netstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.470   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.488   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=jobscheduler scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.502   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=shortcut scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:shortcut_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.604   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=notification scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.606   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.627   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=content_capture scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=gpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.630   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=activity_task scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.643   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=sensorservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.644   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=virtualdevice_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=device_policy scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.652   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=batterystats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.653   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=powerstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:powerstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.662   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=trust scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.677   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=device_state scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.718   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=vibrator_manager scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:vibrator_manager_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.724   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=input_method scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_method_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.732   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=power scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.733   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=thermalservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.784   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.786   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=autofill scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.795   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=graphicsstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:graphicsstats_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.798   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=performance_hint scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1
11-08 00:33:23.835   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=clipboard scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.029   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.130   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=backup scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.160   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=audio scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.368   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1555): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1556): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:24.650   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
11-08 00:33:24.872   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=package_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1
11-08 00:33:26.556   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=input scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_service:s0 tclass=service_manager permissive=1
11-08 00:33:34.977   344   344 E SELinux : avc:  denied  { find } for pid=16052 uid=10296 name=storagestats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:storagestats_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.547   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.593   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1681): avc:  denied  { read } for  name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1682): avc:  denied  { open } for  path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng
11-08 00:33:42.726   344   344 E SELinux : avc:  denied  { find } for pid=16961 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1

Change-Id: I91235f2f699fd07107eaa11174beee895559770e
2024-11-11 18:00:58 +00:00
aoc Merge "[Audio AIDL] Move audiometricext to HIDL only." into main 2024-10-22 02:49:28 +00:00
audio Merge "[USB Audio] Fix SEPolicy issue" into main 2024-11-04 03:28:24 +00:00
battery_mitigation sepolicy: remove irregular policy 2024-10-04 16:07:24 +00:00
bcmbt [BT] change # of copy file when crash 2024-07-17 03:23:38 +00:00
betterbug Apply flag RELEASE_PACKAGE_BETTER_BUG 2024-07-16 23:10:34 +00:00
bluetooth Merge "add sepolicy rules for bluetooth common hal dumpstate" into main 2024-10-29 08:34:45 +00:00
bootctrl bootctrl: fixed OOB read in BootControl 2024-08-28 12:44:34 -07:00
camera Use Build-Time flag to choose build from source or use prebuilt 2024-08-13 15:05:46 +00:00
check_current_prebuilt check_current_prebuilt: Symlink current prebuilt folder to android root 2024-09-06 09:35:30 +00:00
chre Allow sensor hal to connect to CHRE HAL 2024-02-07 15:36:08 -08:00
dauntless gsc: Change the criteria for building GSC targets 2024-10-09 05:10:25 +00:00
display display: add pixel display trace to bugreport 2024-10-04 18:55:40 +00:00
display_logbuffer dumpstate: add logbuffer support for display 2023-12-13 06:12:51 +00:00
dump_chip_info Introduce dump_chip_info module 2024-10-30 01:54:29 +00:00
edgetpu Remove DBA from edgetpu.mk 2024-10-11 00:56:55 +00:00
esim Disable bootstrap for UGS devices (sold in Canada) 2024-10-09 23:41:33 +00:00
euiccpixel_app gs-common: add rules for euiccpixel_app 2024-09-13 14:09:38 +00:00
fingerprint Allow fingerprint HAL to access IGoodixFingerprintDaemon 2024-11-05 09:31:29 +00:00
gcam_app Replace many app service permission with app_api_service 2024-11-11 18:00:58 +00:00
gear ban hal_dumpstate_default from execute_no_trans 2024-10-07 05:54:43 +00:00
gps dump_gps: Support bugreport extract resource info 2024-10-16 04:39:03 +00:00
gpu Add GPU team owners for mk files am: 1d82070ee9 am: 9747c1bb8d 2024-09-04 16:49:25 +00:00
gril Allow grilservice_app to binder call twoshay 2024-11-01 09:04:43 +00:00
gs_watchdogd Explicitly set user root for the gs_watchdogd service. am: f25cb6895f 2024-08-30 09:29:18 +00:00
gsa dumpstate: gsa: Add GSA logs to dumpstate 2024-09-05 14:24:35 +00:00
gxp Remove the duplicate gxp rule 2024-10-24 08:05:26 +00:00
gyotaku_app [dump_gyotaku] Add collect odpm logs for dump_gyotaku. 2024-06-07 03:33:43 +00:00
insmod insmod.sh: Support 'rmmod' directive 2024-10-18 15:10:16 -07:00
led create led dump 2023-02-13 12:48:47 +08:00
mediacodec Add permission for mediacodec to bindercall camera hal 2024-10-07 10:01:00 +00:00
misc_writer Sepolicy: allow vendor_misc_writer to get sota_prop 2023-06-29 20:47:51 +00:00
modem Merge "Revert^2 "Allow devices that use HIDL to find AIDL radio_ext_service"" into main 2024-09-16 21:10:24 +00:00
mte Remove mitchp from OWNERS 2024-10-25 17:58:48 +00:00
nfc gs-common: nfc: st21nfc: Add rules for android.hardware.nfc-service.st 2024-09-04 06:20:49 +00:00
pcie dumpstate: Collect PCIe link statistics 2023-02-10 09:08:10 -06:00
performance Move compaction_proactiveness to vendor sepolicy 2024-09-01 08:06:04 +00:00
pixel_metrics gs-common: dumpstate: Add RT Runnable stats into bugreport 2023-11-13 17:53:18 +00:00
pixel_ril pixel_ril: make VINTF target level specify by device 2023-05-10 18:43:58 +08:00
pixelsupport Add SEPolicy domain for cavalry app 2024-03-28 09:43:36 +00:00
power Create power folder and align pm_freeze_timeout settings with p22 2024-06-27 02:36:28 +08:00
powerstats powerstats: sort frequencies in descending order 2023-12-25 15:04:50 +08:00
radio Move the sysfs_modem_state from a product folder to gs-common 2024-03-28 21:10:23 +00:00
ramdump_and_coredump RamdumpService: Update the SELinux policy for Flood Control to use Firebase Cloud Firestore. 2024-11-01 11:55:32 +08:00
recorder Recorder: add sepolicy for Google Recorder app 2024-06-04 14:57:11 +08:00
sensors sensors: Support registry dump on DEV device. 2024-07-30 20:08:40 +08:00
sepolicy Export build flag to selinux policy for sysfs_udc fscontext 2024-08-21 01:12:43 +00:00
soc Change bash script to C++ implementation 2023-07-19 13:20:59 +08:00
sota_app Add a factoryota-watch.mk file to include the OtaClient for wearable 2024-03-27 03:11:31 +00:00
storage storage: adjust ufs error history design 2024-10-22 05:15:58 +00:00
thermal thermal: allow thermal_hal to read sysfs_gpu 2024-04-29 05:37:09 +00:00
touch touch: Support SW_LID event from sensor HAL 2024-10-07 01:04:53 +00:00
trusty rpmb_dev: add rpmb_dev package 2024-03-13 17:49:16 +01:00
tts Updates TTS voice packs in gs-common 202407 2024-07-15 04:00:32 +00:00
umfw_stat dump_umfw_stat: Reduce timeout to 0.5 seconds 2024-04-25 16:43:16 +00:00
vibrator/flags Vibrator: Add enable_pwle_v2 2024-10-23 02:20:47 +00:00
widevine Add widevine SELinux permissions for L1 2024-11-08 17:04:21 +00:00
wireless_charger WLC: service: update AIDL manifest version to 1-2 2024-08-08 04:58:14 +00:00
wlan create wlan dump 2023-03-31 06:28:07 +08:00
Android.bp gs-common: add device_google_gs-common_license 2023-12-05 00:46:19 +08:00
device.mk Revert^2 "Add one variable to decide if need TTS voice packs" 2024-06-13 01:37:43 +00:00
FSTAB_OWNERS Add FSTAB_OWNERS and update OWNERS to include Android.bp 2024-08-02 11:39:01 +00:00
MK_OWNERS Add MK_OWNERS as owners file for makefile 2024-05-24 08:01:37 +00:00
NOTICE gs-common: add device_google_gs-common_license 2023-12-05 00:46:19 +08:00
OWNERS Add FSTAB_OWNERS and update OWNERS to include Android.bp 2024-08-02 11:39:01 +00:00
README.txt add owners to manage gs-common 2022-08-12 09:55:21 +08:00

README.txt 

Please refer to go/pixel-recycle to modularize your code in this space.