Android 15.0.0 Release 20 (BP1A.250305.019)

-----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8eo6wAKCRDorT+BmrEO eD0rAJ9SRD7zzUKLmewavtzFbwp+MZWfUACbBJG1dCQKBV9xPOSSb7zem7FrJSo= =B9Fi -----END PGP SIGNATURE----- gpgsig -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ +rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQFEHb0TMYShFb2DXEj4QrA8cnv6eGKNtkouF/Vn9dmP39cdn7w63GMtZxwdv+/2vBM eMWE2L1TBgl0EKahZ18Qw= -----END SSH SIGNATURE----- Merge tag 'android-15.0.0_r20' into staging/lineage-22.2_merge-android-15.0.0_r20 Android 15.0.0 Release 20 (BP1A.250305.019) # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8eo6wAKCRDorT+BmrEO # eD0rAJ9SRD7zzUKLmewavtzFbwp+MZWfUACbBJG1dCQKBV9xPOSSb7zem7FrJSo= # =B9Fi # -----END PGP SIGNATURE----- # gpg: Signature made Wed Mar 5 03:29:15 2025 EET # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate] # By Nina Chen (8) and others # Via Android Build Coastguard Worker (20) and others * tag 'android-15.0.0_r20': Update SELinux error modem_svc: move shared_modem_platform related sepolicy to gs-common Update SELinux error Revert "modem_svc: move shared_modem_platform related sepolicy t..." modem_svc: move shared_modem_platform related sepolicy to gs-common Update SELinux error Update SELinux error Update SELinux error Update ldaf sensor device filename sepolicy: allow dump_power to read debugfs Remove cgroup_desc_file bugs. modem_svc: use shared_modem_platform to replace all modem_svc_sit Update SELinux error Update SELinux error sepolicy: allow dumpstate to execute dump_power Remove duplicate service entries Update SELinux error Update SELinux error Conflicts: sepolicy/gs101-sepolicy.mk Change-Id: I3ea518841f39386f17433e0a2cf48a9438166fd4
2025-03-09 11:07:04 +02:00 · 2025-03-09 11:07:04 +02:00 · 433218f59d
commit 433218f59d
parent 1382844ae3 9b72262b46
8 changed files with 34 additions and 7 deletions
--- a/sepolicy/gs101-sepolicy.mk
+++ b/sepolicy/gs101-sepolicy.mk
@ -8,7 +8,7 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/input
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/googlebattery

 # sepolicy that are shared among devices using whitechapel
-BOARD_SEPOLICY_DIRS += device/google/gs101/sepolicy/whitechapel/vendor/google
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs101/sepolicy/whitechapel/vendor/google

 # unresolved SELinux error log with bug tracking
 BOARD_SEPOLICY_DIRS += device/google/gs101/sepolicy/tracking_denials
--- a/sepolicy/tracking_denials/bluetooth.te
+++ b/sepolicy/tracking_denials/bluetooth.te
@ -0,0 +1,2 @@
+# b/382362462
+dontaudit bluetooth default_android_service:service_manager { find };
--- a/sepolicy/tracking_denials/bug_map
+++ b/sepolicy/tracking_denials/bug_map
@ -1,18 +1,30 @@

 battery_mitigation sysfs file b/364446534
+bluetooth audio_config_prop file b/379226761
+bluetooth audio_config_prop file b/379245675
 chre vendor_data_file dir b/301948771
 dump_display sysfs file b/340722772
 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873
 dump_modem sscoredump_vendor_data_logcat_file dir b/366115873
+hal_camera_default aconfig_storage_metadata_file dir b/383013727
 hal_power_default hal_power_default capability b/240632824
 hal_sensors_default sysfs file b/340723303
-hal_vibrator_default default_android_service service_manager b/317316478
 incidentd debugfs_wakeup_sources file b/282626428
 incidentd incidentd anon_inode b/282626428
+init init capability b/379591559
 kernel dm_device blk_file b/315907959
 kernel kernel capability b/340722537
 kernel kernel capability b/340723030
 kernel tmpfs chr_file b/315907959
+modem_svc_sit hal_radioext_default process b/372348067
+pixelstats_vendor block_device dir b/369537606
+pixelstats_vendor block_device dir b/369735407
+platform_app vendor_fw_file dir b/372122654
+platform_app vendor_rild_prop file b/372122654
+priv_app audio_config_prop file b/379226710
+priv_app audio_config_prop file b/379246066
+radio audio_config_prop file b/379227275
+ramdump ramdump capability b/369538457
 rfsd vendor_cbd_prop file b/317734418
 shell sysfs_net file b/329380904
 ssr_detector_app default_prop file b/350831964
@ -20,13 +32,19 @@ surfaceflinger selinuxfs file b/313804340
 system_server vendor_default_prop file b/366115457
 system_server vendor_default_prop file b/366116435
 system_server vendor_default_prop file b/366116587
+untrusted_app audio_config_prop file b/379226644
+untrusted_app audio_config_prop file b/379246340
 untrusted_app nativetest_data_file dir b/305600845
 untrusted_app shell_test_data_file dir b/305600845
 untrusted_app system_data_root_file dir b/305600845
 untrusted_app userdebug_or_eng_prop file b/305600845
+untrusted_app_29 audio_config_prop file b/379246143
 vendor_init debugfs_trace_marker file b/340723222
 vendor_init default_prop file b/315104713
 vendor_init default_prop file b/316817111
 vendor_init default_prop property_service b/315104713
 vendor_init default_prop property_service b/366115458
 vendor_init default_prop property_service b/366116214
+vendor_init default_prop property_service b/369735133
+vendor_init default_prop property_service b/369735170
+zygote zygote capability b/379591519
--- a/sepolicy/whitechapel/vendor/google/dump_power.te
+++ b/sepolicy/whitechapel/vendor/google/dump_power.te
@ -13,3 +13,12 @@ allow dump_power mitigation_vendor_data_file:dir r_dir_perms;
 allow dump_power mitigation_vendor_data_file:file r_file_perms;
 allow dump_power sysfs_bcl:dir r_dir_perms;
 allow dump_power sysfs_bcl:file r_file_perms;
+
+userdebug_or_eng(`
+  r_dir_file(dump_power, vendor_battery_debugfs)
+  r_dir_file(dump_power, vendor_maxfg_debugfs)
+  r_dir_file(dump_power, vendor_charger_debugfs)
+  r_dir_file(dump_power, vendor_votable_debugfs)
+  allow dump_power debugfs:dir r_dir_perms;
+  allow dump_power vendor_usb_debugfs:dir { search };
+')
--- a/sepolicy/whitechapel/vendor/google/file_contexts
+++ b/sepolicy/whitechapel/vendor/google/file_contexts
@ -167,7 +167,7 @@
 /vendor/lib(64)?/libGralloc4Wrapper\.so                                 u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/pixel-power-ext-V1-ndk\.so                             u:object_r:same_process_hal_file:s0

-/dev/stmvl53l1_ranging                                                  u:object_r:rls_device:s0
+/dev/ispolin_ranging                                                    u:object_r:rls_device:s0

 /dev/lwis-act0                                                          u:object_r:lwis_device:s0
 /dev/lwis-act1                                                          u:object_r:lwis_device:s0
@ -245,8 +245,7 @@
 # TCP logging
 /vendor/bin/tcpdump_logger          u:object_r:tcpdump_logger_exec:s0

-# modem_svc_sit files
-/vendor/bin/modem_svc_sit           u:object_r:modem_svc_sit_exec:s0
+# shared_modem_platform files
 /data/vendor/modem_stat(/.*)?       u:object_r:modem_stat_data_file:s0

 # modem mnt files
--- a/sepolicy/whitechapel/vendor/google/hwservice_contexts
+++ b/sepolicy/whitechapel/vendor/google/hwservice_contexts
@ -11,7 +11,6 @@ android.vendor.samsung_slsi.telephony.hardware.radio::IOemSamsungslsi        u:o
 vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal        u:object_r:hal_exynos_rild_hwservice:s0

 # VIDEO
-android.hardware.media.c2::IComponentStore                      u:object_r:hal_codec2_hwservice:s0
 android.hardware.media.c2::IConfigurable                        u:object_r:hal_codec2_hwservice:s0

 # GRIL HAL
--- a/sepolicy/whitechapel/vendor/google/modem_svc_sit.te
+++ b/sepolicy/whitechapel/vendor/google/modem_svc_sit.te
@ -1,3 +1,4 @@
+# Selinux rule for modem_svc_sit daemon
 type modem_svc_sit, domain;
 type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(modem_svc_sit)
--- a/sepolicy/whitechapel/vendor/google/service_contexts
+++ b/sepolicy/whitechapel/vendor/google/service_contexts
@ -3,4 +3,3 @@ hardware.qorvo.uwb.IUwbVendor/default                      u:object_r:hal_uwb_ve
 android.hardware.drm.IDrmFactory/widevine                  u:object_r:hal_drm_service:s0
 vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0
 rlsservice                                                 u:object_r:rls_service:s0
-android.hardware.media.c2.IComponentStore/default1                    u:object_r:hal_codec2_service:s0