From 56b04c828ed507e38c092e1e733fc2c99f8834e1 Mon Sep 17 00:00:00 2001 From: Jason Macnak Date: Thu, 24 Feb 2022 18:37:55 +0000 Subject: [PATCH 001/116] Remove sysfs_gpu type definition ... as it has moved to system/sepolicy. Bug: b/161819018 Test: presubmit Change-Id: I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7 --- whitechapel/vendor/google/file.te | 3 --- 1 file changed, 3 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 90098249..cb5ade95 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -169,9 +169,6 @@ type persist_battery_file, file_type, vendor_persist_type; # CPU type sysfs_cpu, sysfs_type, fs_type; -# GPU -type sysfs_gpu, sysfs_type, fs_type; - # Fabric type sysfs_fabric, sysfs_type, fs_type; From 117be9022957430cbac0b8e2bb67198abdebbd54 Mon Sep 17 00:00:00 2001 From: Stephane Lee Date: Mon, 21 Mar 2022 17:42:10 -0700 Subject: [PATCH 002/116] Fix off-mode (charger) sepolicy for the health interface Bug: 223537397 Test: Ensure that there are no selinux errors for sysfs_batteryinfo in off-mode charging Change-Id: I46fa1b7552eb0655d0545538142131465a337f23 --- whitechapel/vendor/google/charger_vendor.te | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel/vendor/google/charger_vendor.te b/whitechapel/vendor/google/charger_vendor.te index 7b914da1..df59b717 100644 --- a/whitechapel/vendor/google/charger_vendor.te +++ b/whitechapel/vendor/google/charger_vendor.te @@ -1,4 +1,5 @@ allow charger_vendor mnt_vendor_file:dir search; +allow charger_vendor sysfs_batteryinfo:file w_file_perms; allow charger_vendor persist_file:dir search; allow charger_vendor persist_battery_file:dir search; allow charger_vendor persist_battery_file:file rw_file_perms; From dc8bd4652750f53da5d655371cbd2b8f2cac176b Mon Sep 17 00:00:00 2001 From: George Chang Date: Wed, 30 Mar 2022 22:36:58 +0800 Subject: [PATCH 003/116] Update nfc from hidl to aidl service Bug: 216290344 Test: atest NfcNciInstrumentationTests Test: atest VtsAidlHalNfcTargetTest Change-Id: I3d17eacddadaf78520edb1a94e17e091cbdba4c0 --- whitechapel/vendor/google/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 05e49591..c4f2166b 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -284,7 +284,7 @@ /vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 # NFC -/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 /dev/st21nfc u:object_r:nfc_device:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 From 63c1e192e7d11129f9cb33fbb18a5b2876ee8ab8 Mon Sep 17 00:00:00 2001 From: George Chang Date: Fri, 29 Apr 2022 15:39:32 +0000 Subject: [PATCH 004/116] Revert "Update nfc from hidl to aidl service" This reverts commit dc8bd4652750f53da5d655371cbd2b8f2cac176b. Reason for revert: Broken tests Bug: 230834308 Change-Id: I964632a92cb741c703e4d8d3e8623454541022e7 --- whitechapel/vendor/google/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index c4f2166b..05e49591 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -284,7 +284,7 @@ /vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 # NFC -/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 /dev/st21nfc u:object_r:nfc_device:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 From 130f2b784e25c9cda51fa4a449503dc764ce172f Mon Sep 17 00:00:00 2001 From: George Chang Date: Wed, 30 Mar 2022 22:36:58 +0800 Subject: [PATCH 005/116] Update nfc from hidl to aidl service Bug: 216290344 Test: atest NfcNciInstrumentationTests Test: atest VtsAidlHalNfcTargetTest Change-Id: I288474f691670655516728fe0e164a3e5689875c --- whitechapel/vendor/google/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 10ffc7af..5327e334 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -283,7 +283,7 @@ /vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 # NFC -/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 /dev/st21nfc u:object_r:nfc_device:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 From b71d24d62c578494fa381acbe63e3a51fca75811 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= Date: Tue, 10 May 2022 05:12:05 +0000 Subject: [PATCH 006/116] gs101: Add dontaudit statements to camera HAL policy. The autogenerated dontaudit statements in tracking_denials are actually the correct policy. Move them to the correct file and add comments. Fix: 178980085 Fix: 180567725 Test: build & camera check on raven Change-Id: I3f3a1f64d403182d4f592f1cacc6ef8d1418062d --- tracking_denials/hal_camera_default.te | 5 ----- whitechapel/vendor/google/hal_camera_default.te | 8 ++++++++ 2 files changed, 8 insertions(+), 5 deletions(-) delete mode 100644 tracking_denials/hal_camera_default.te diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te deleted file mode 100644 index 6ab5a51c..00000000 --- a/tracking_denials/hal_camera_default.te +++ /dev/null @@ -1,5 +0,0 @@ -# b/178980085 -dontaudit hal_camera_default system_data_file:dir { search }; -# b/180567725 -dontaudit hal_camera_default traced:unix_stream_socket { connectto }; -dontaudit hal_camera_default traced_producer_socket:sock_file { write }; diff --git a/whitechapel/vendor/google/hal_camera_default.te b/whitechapel/vendor/google/hal_camera_default.te index 440b503c..2e36e4a8 100644 --- a/whitechapel/vendor/google/hal_camera_default.te +++ b/whitechapel/vendor/google/hal_camera_default.te @@ -96,3 +96,11 @@ allow hal_camera_default proc_interrupts:file r_file_perms; # Allow camera HAL to send trace packets to Perfetto userdebug_or_eng(`perfetto_producer(hal_camera_default)') + +# Some file searches attempt to access system data and are denied. +# This is benign and can be ignored. +dontaudit hal_camera_default system_data_file:dir { search }; + +# google3 prebuilts attempt to connect to the wrong trace socket, ignore them. +dontaudit hal_camera_default traced:unix_stream_socket { connectto }; +dontaudit hal_camera_default traced_producer_socket:sock_file { write }; \ No newline at end of file From 101a021277e957f1cda1038b7c6a4927e3a3d901 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Mon, 16 May 2022 11:58:55 +0800 Subject: [PATCH 007/116] Update avc error on ROM 8595544 Bug: 232714489 Bug: 231821875 Test: PtsSELinuxTestCases Change-Id: I4dd2c51dd237b19a110b24cb7ac8e1cb2284f99c --- tracking_denials/bug_map | 1 + tracking_denials/hal_drm_default.te | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 tracking_denials/bug_map diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 00000000..41887edd --- /dev/null +++ b/tracking_denials/bug_map @@ -0,0 +1 @@ +hal_drm_default default_prop file b/232714489 diff --git a/tracking_denials/hal_drm_default.te b/tracking_denials/hal_drm_default.te index ee4ed089..872f5a0f 100644 --- a/tracking_denials/hal_drm_default.te +++ b/tracking_denials/hal_drm_default.te @@ -1,2 +1,4 @@ # b/223502652 dontaudit hal_drm_default vndbinder_device:chr_file { read }; +# b/232714489 +dontaudit hal_drm_default default_prop:file { read }; From 3531538a258bbabe428417b8c619745dfb6de835 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Mon, 23 May 2022 16:39:21 -0700 Subject: [PATCH 008/116] Allow sysfs_devices_block to f2fs-tools The fsck.f2fs checks the sysfs entries of block devices to get disk information. Note that, the block device entries are device-specific. 1. fsck.f2fs avc: denied { search } for comm="fsck.f2fs" name="0:0:0:0" dev="sysfs" ino=59803 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0 avc: denied { getattr } for comm="fsck.f2fs" path="/sys/devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda7/partition" dev="sysfs" ino=60672 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 2. mkfs.f2fs avc: denied { search } for comm="make_f2fs" name="0:0:0:0" dev="sysfs" ino=59803 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0 avc: denied { getattr } for comm="make_f2fs" path="/sys/devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda8/partition" dev="sysfs" ino=61046 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 Bug: 172377740 Signed-off-by: Jaegeuk Kim Change-Id: I409feec84565f965baa96b06a5b08bcfc1a8db02 --- whitechapel/vendor/google/e2fs.te | 2 ++ whitechapel/vendor/google/fsck.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/e2fs.te b/whitechapel/vendor/google/e2fs.te index a6664594..3e72adfb 100644 --- a/whitechapel/vendor/google/e2fs.te +++ b/whitechapel/vendor/google/e2fs.te @@ -4,3 +4,5 @@ allow e2fs modem_userdata_block_device:blk_file rw_file_perms; allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl { BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET }; +allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms; +allow e2fs sysfs_scsi_devices_0000:file r_file_perms; diff --git a/whitechapel/vendor/google/fsck.te b/whitechapel/vendor/google/fsck.te index d29555b3..cb9470d0 100644 --- a/whitechapel/vendor/google/fsck.te +++ b/whitechapel/vendor/google/fsck.te @@ -1,3 +1,5 @@ allow fsck persist_block_device:blk_file rw_file_perms; allow fsck efs_block_device:blk_file rw_file_perms; allow fsck modem_userdata_block_device:blk_file rw_file_perms; +allow fsck sysfs_scsi_devices_0000:dir r_dir_perms; +allow fsck sysfs_scsi_devices_0000:file r_file_perms; From 7835523aeaa6720b333b535a56c2e78363e7af51 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 5 Jul 2022 11:17:25 +0800 Subject: [PATCH 009/116] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 238038592 Change-Id: Id248ba82c49fa09be28f7a0219eb42b0ecc9e358 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 41887edd..c448a103 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1 +1,2 @@ hal_drm_default default_prop file b/232714489 +shell sysfs_wlc dir b/238038592 From a8aeb4a6c91d672459f06a000044ff9152c080c2 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 6 Jul 2022 02:58:51 +0000 Subject: [PATCH 010/116] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 238143262 Bug: 238143381 Change-Id: Ibe3ce917418d71b61aa6d085041a51dda5998c74 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index c448a103..67fadcf9 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,2 +1,4 @@ hal_drm_default default_prop file b/232714489 shell sysfs_wlc dir b/238038592 +dumpstate hal_input_processor_default process b/238143262 +hal_googlebattery dumpstate fd b/238143381 From bc85d4604502ad06d06660b929ffde09738d058b Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 6 Jul 2022 14:40:23 +0800 Subject: [PATCH 011/116] ignore shell access on wlc Bug: 238038592 Test: boot Change-Id: I09b67ca07d7f9573d77f64686fb818d4dc1753cc --- tracking_denials/bug_map | 1 - whitechapel/vendor/google/shell.te | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 67fadcf9..892c4dd5 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,3 @@ hal_drm_default default_prop file b/232714489 -shell sysfs_wlc dir b/238038592 dumpstate hal_input_processor_default process b/238143262 hal_googlebattery dumpstate fd b/238143381 diff --git a/whitechapel/vendor/google/shell.te b/whitechapel/vendor/google/shell.te index f982424d..e13e744e 100644 --- a/whitechapel/vendor/google/shell.te +++ b/whitechapel/vendor/google/shell.te @@ -8,3 +8,4 @@ userdebug_or_eng(` dontaudit shell proc_vendor_sched:dir search; dontaudit shell proc_vendor_sched:file write; +dontaudit shell sysfs_wlc:dir search; From 347e482d191867579aa1c0ed1f56dbcc8f34d5ae Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 7 Jul 2022 11:29:44 +0800 Subject: [PATCH 012/116] Update SELinux error Test: checkLockScreen Bug: 238263438 Bug: 238263568 Change-Id: I694924ceb031abb749e4b92a715d3b7dc87088be --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 892c4dd5..93e10b12 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,5 @@ hal_drm_default default_prop file b/232714489 dumpstate hal_input_processor_default process b/238143262 hal_googlebattery dumpstate fd b/238143381 +dumpstate app_zygote process b/238263438 +incidentd debugfs_wakeup_sources file b/238263568 From c6186c2960c0d1fb30877a27a5c76ec898395f3c Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 11 Jul 2022 10:24:12 +0800 Subject: [PATCH 013/116] Update SELinux error Test: checkSensors Bug: 238571420 Test: checkLockScreen Bug: 238570971 Test: scanBugreport Bug: 238571324 Change-Id: Ia6f2db6374d7ebe1a9c3f5b0bd8d152ed9d4a9a0 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 93e10b12..4e7c9cf6 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -3,3 +3,6 @@ dumpstate hal_input_processor_default process b/238143262 hal_googlebattery dumpstate fd b/238143381 dumpstate app_zygote process b/238263438 incidentd debugfs_wakeup_sources file b/238263568 +dumpstate incident process b/238571420 +dumpstate incident process b/238570971 +dumpstate incident process b/238571324 From 74d2d8963fec9ba5afe2982cb24ce9b70b53176f Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 13 Jul 2022 11:01:28 +0800 Subject: [PATCH 014/116] Update error on ROM 8820442 Bug: 238825802 Test: testSysfsHealth Change-Id: I607f78de19b18b258309f89669ded393dd74a2a7 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 4e7c9cf6..358c25e9 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -6,3 +6,4 @@ incidentd debugfs_wakeup_sources file b/238263568 dumpstate incident process b/238571420 dumpstate incident process b/238570971 dumpstate incident process b/238571324 +su modem_img_file filesystem b/238825802 From 32d987cd244b1fb6d24a1445cd049ec916bde4d6 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 14 Jul 2022 06:47:23 +0000 Subject: [PATCH 015/116] Update SELinux error Bug: 234547283 Change-Id: I50bd66a22755eefe7aa24ec1042e3b6cb627ad3d --- tracking_denials/bug_map | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 358c25e9..b36aa8ee 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,9 +1,9 @@ -hal_drm_default default_prop file b/232714489 -dumpstate hal_input_processor_default process b/238143262 -hal_googlebattery dumpstate fd b/238143381 dumpstate app_zygote process b/238263438 -incidentd debugfs_wakeup_sources file b/238263568 -dumpstate incident process b/238571420 +dumpstate hal_input_processor_default process b/238143262 dumpstate incident process b/238570971 dumpstate incident process b/238571324 +dumpstate incident process b/238571420 +hal_drm_default default_prop file b/232714489 +hal_googlebattery dumpstate fd b/238143381 +incidentd debugfs_wakeup_sources file b/238263568 su modem_img_file filesystem b/238825802 From 86ef69850bb74f047e2c93794122c180588d18f1 Mon Sep 17 00:00:00 2001 From: Minchan Kim Date: Wed, 13 Jul 2022 01:00:58 -0700 Subject: [PATCH 016/116] Remove vendor_init.te from tracking_denials Since last error fixed, remove the vendor_init.te from tracking_denials. Bug: 190337297 Signed-off-by: Minchan Kim Change-Id: I5178c864a70748c1dddf8c08baa8d653cd0225d9 --- tracking_denials/vendor_init.te | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 tracking_denials/vendor_init.te diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te deleted file mode 100644 index d27b8e95..00000000 --- a/tracking_denials/vendor_init.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/190337297 -dontaudit vendor_init vendor_page_pinner_debugfs:file setattr; From 0f7389240885c9e1597a6d2503a0b9af4dc4a46b Mon Sep 17 00:00:00 2001 From: timmyli Date: Fri, 15 Jul 2022 18:59:11 +0000 Subject: [PATCH 017/116] Change SElinux so Aswang can be accessed Need to add aswang here so that it can be accessed. Bug: 234259081 Test: CTS Change-Id: I3e701df76af8e803017bdfd04ce67093bf21a658 --- whitechapel/vendor/google/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 80344efc..a43d9084 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -225,6 +225,7 @@ /dev/lwis-sensor-imx355-front u:object_r:lwis_device:s0 /dev/lwis-sensor-imx363 u:object_r:lwis_device:s0 /dev/lwis-sensor-imx386 u:object_r:lwis_device:s0 +/dev/lwis-sensor-imx471 u:object_r:lwis_device:s0 /dev/lwis-sensor-imx586 u:object_r:lwis_device:s0 /dev/lwis-sensor-imx663 u:object_r:lwis_device:s0 /dev/lwis-slc u:object_r:lwis_device:s0 From 55d41f1a3e89b1f4d2525d9925e3319ef59e2705 Mon Sep 17 00:00:00 2001 From: Jimmy Shiu Date: Fri, 24 Jun 2022 09:30:58 +0800 Subject: [PATCH 018/116] Remove dontaudit since read early_wakeup completed The display file node, early_wakeup, just for trigger the worker for display and it doesn't have meaningful read function. But PowerHAL read all nodes and try to dump their valuesi while triggering bugreport. As the read operation has been completed, so we can remove the clause. 07-02 00:53:56.888 522 522 W android.hardwar: type=1400 audit(0.0:8): avc: denied { dac_read_search } for capability=2 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 07-02 00:53:56.888 522 522 W android.hardwar: type=1400 audit(0.0:9): avc: denied { dac_override } for capability=1 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 Bug: 221384860 Bug: 192617242 Bug: 171760921 Test: adb shell dumpsys android.hardware.power.IPower/default Change-Id: If0018499cc19f79819ef69794d7672d5a53de74e --- tracking_denials/hal_power_default.te | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 tracking_denials/hal_power_default.te diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te deleted file mode 100644 index 47f5162e..00000000 --- a/tracking_denials/hal_power_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/192617242 -dontaudit hal_power_default hal_power_default:capability dac_read_search; -dontaudit hal_power_default hal_power_default:capability dac_override; From faec9385c49df9d1a120ec87f585acc1be3fd033 Mon Sep 17 00:00:00 2001 From: Stephane Lee Date: Fri, 22 Jul 2022 16:55:22 -0700 Subject: [PATCH 019/116] Bug fixed in ag/19153533 Bug: 238143381 Test: N/A Change-Id: If527ea681abaa221e55533a3dab1371ecac7a3b2 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index b36aa8ee..36e712d0 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,6 +4,5 @@ dumpstate incident process b/238570971 dumpstate incident process b/238571324 dumpstate incident process b/238571420 hal_drm_default default_prop file b/232714489 -hal_googlebattery dumpstate fd b/238143381 incidentd debugfs_wakeup_sources file b/238263568 su modem_img_file filesystem b/238825802 From d1ddd0917ee49aa21bb84c5d71c6247fa436e81d Mon Sep 17 00:00:00 2001 From: Lei Ju Date: Tue, 26 Jul 2022 13:44:31 -0700 Subject: [PATCH 020/116] Allow chre to use WakeLock on whitechapel. Test: Manual test to confirm wakelock is acquired. Bug: 202447392 Change-Id: I40b83fc22fea79613c060d03beb60857b1b6e0de --- whitechapel/vendor/google/chre.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/chre.te b/whitechapel/vendor/google/chre.te index 9dfd9bf6..cdf1b988 100644 --- a/whitechapel/vendor/google/chre.te +++ b/whitechapel/vendor/google/chre.te @@ -23,3 +23,6 @@ allow chre hal_wifi_ext_hwservice:hwservice_manager find; allow chre fwk_stats_service:service_manager find; binder_call(chre, stats_service_server) +# Allow CHRE to use WakeLock +wakelock_use(chre) + From 479986a02020fa53ed4da504653129be6423ac1c Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 29 Jul 2022 10:18:10 +0800 Subject: [PATCH 021/116] Update SELinux error Test: checkSensors Bug: 240632824 Test: checkLockScreen Bug: 240632824 Test: scanBugreport Bug: 240632824 Change-Id: I4fee87636dc65765e4ab3e10e0b7080d7b4d44b2 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 36e712d0..f9fbf737 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,5 +4,6 @@ dumpstate incident process b/238570971 dumpstate incident process b/238571324 dumpstate incident process b/238571420 hal_drm_default default_prop file b/232714489 +hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 su modem_img_file filesystem b/238825802 From ea1580002f6d9dd184eed78a8612cbd2f488ef67 Mon Sep 17 00:00:00 2001 From: Denny cy Lee Date: Thu, 28 Jul 2022 09:57:16 +0000 Subject: [PATCH 022/116] HwInfo: Move hardware info sepolicy to pixel common Bug: 215271971 Test: no sepolicy for hardware info Signed-off-by: Denny cy Lee Change-Id: Ia7bfd171fe724848e9a6f0c1adab59402d2788a9 --- whitechapel/vendor/google/device.te | 3 --- whitechapel/vendor/google/file.te | 8 ------- whitechapel/vendor/google/genfs_contexts | 4 ++++ .../vendor/google/hardware_info_app.te | 24 ------------------- whitechapel/vendor/google/seapp_contexts | 3 --- 5 files changed, 4 insertions(+), 38 deletions(-) delete mode 100644 whitechapel/vendor/google/hardware_info_app.te diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te index 94ec0bb4..7a70e332 100644 --- a/whitechapel/vendor/google/device.te +++ b/whitechapel/vendor/google/device.te @@ -42,9 +42,6 @@ type fingerprint_device, dev_type; # AMCS device type amcs_device, dev_type; -# Battery history -type battery_history_device, dev_type; - # Raw HID device type hidraw_device, dev_type; diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 0c7a56d8..a393a8cd 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -78,7 +78,6 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type mediadrm_vendor_data_file, file_type, data_file_type; # Storage Health HAL -type sysfs_scsi_devices_0000, sysfs_type, fs_type; type debugfs_f2fs, debugfs_type, fs_type; type proc_f2fs, proc_type, fs_type; @@ -141,9 +140,6 @@ userdebug_or_eng(` type sysfs_gps, sysfs_type, fs_type; type sysfs_gps_assert, sysfs_type, fs_type; -# Display -type sysfs_display, sysfs_type, fs_type; - # Backlight type sysfs_backlight, sysfs_type, fs_type; @@ -160,7 +156,6 @@ type sysfs_bcl, sysfs_type, fs_type; # Chosen type sysfs_chosen, sysfs_type, fs_type; -type sysfs_chip_id, sysfs_type, fs_type; type sysfs_spi, sysfs_type, fs_type; # Battery @@ -186,9 +181,6 @@ type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type persist_uwb_file, file_type, vendor_persist_type; type uwb_data_vendor, file_type, data_file_type; -# PixelStats_vendor -type sysfs_pixelstats, fs_type, sysfs_type; - # WLC FW type vendor_wlc_fwupdata_file, vendor_file_type, file_type; diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 493e5af9..ba9aa72d 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -398,6 +398,10 @@ genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/time_in_state u:object_r:sysfs_cpu:s0 genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/time_in_state u:object_r:sysfs_cpu:s0 +genfscon sysfs /devices/system/chip-id/unique_id u:object_r:sysfs_soc:s0 +genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0 +genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0 + # Devfreq directory genfscon sysfs /class/devfreq u:object_r:sysfs_devfreq_dir:s0 diff --git a/whitechapel/vendor/google/hardware_info_app.te b/whitechapel/vendor/google/hardware_info_app.te deleted file mode 100644 index 80b53377..00000000 --- a/whitechapel/vendor/google/hardware_info_app.te +++ /dev/null @@ -1,24 +0,0 @@ -type hardware_info_app, domain; - -app_domain(hardware_info_app) - -allow hardware_info_app app_api_service:service_manager find; - -# Display -allow hardware_info_app sysfs_display:dir search; -allow hardware_info_app sysfs_display:file r_file_perms; - -# Audio -allow hardware_info_app sysfs_pixelstats:dir search; -allow hardware_info_app sysfs_pixelstats:file r_file_perms; - -# Storage -allow hardware_info_app sysfs_scsi_devices_0000:dir search; -allow hardware_info_app sysfs_scsi_devices_0000:file r_file_perms; - -# Battery -allow hardware_info_app sysfs_batteryinfo:file r_file_perms; -allow hardware_info_app sysfs_batteryinfo:dir search; - -# SoC -allow hardware_info_app sysfs:file r_file_perms; diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts index f866e37a..7c016d15 100644 --- a/whitechapel/vendor/google/seapp_contexts +++ b/whitechapel/vendor/google/seapp_contexts @@ -26,9 +26,6 @@ user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_ # HbmSVManager user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all -# Hardware Info Collection -user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user - # Domain for omadm user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all From 286d40c81b428abd0557f518566b721edfb947ea Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 3 Aug 2022 01:09:57 +0000 Subject: [PATCH 023/116] Update SELinux error Test: checkSensors Bug: 241172337 Test: scanBugreport Bug: 241172490 Test: testAtomicWrite Bug: 241172490 Test: testConfigMaxSectorsKB Bug: 241172490 Test: testDirectWriteNormalReadInEncryptedDir Bug: 241172391 Test: testInvalidWrite Bug: 241172490 Test: testLoopMaxPartDefined Bug: 241172391 Test: testNormalWriteDirectReadInEncryptedDir Bug: 241172490 Test: testPinFile Bug: 241172490 Test: testSmallFileInEncryptedDir Bug: 241172490 Change-Id: Iee5a8e6fff46b62ec0a448b05db64a788b7d08fb --- tracking_denials/bug_map | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index f9fbf737..f925d140 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -6,4 +6,13 @@ dumpstate incident process b/238571420 hal_drm_default default_prop file b/232714489 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 +init app_data_file dir b/241172337 +init app_data_file dir b/241172490 +init gsi_data_file file b/241172337 +init gsi_data_file file b/241172391 +init gsi_data_file file b/241172490 +init privapp_data_file dir b/241172337 +init privapp_data_file dir b/241172490 +init system_app_data_file dir b/241172337 +init system_app_data_file dir b/241172490 su modem_img_file filesystem b/238825802 From 7d6c4492615fdb3b719a2e0a4a6735f8ecc63181 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= Date: Mon, 15 Aug 2022 13:45:30 +1000 Subject: [PATCH 024/116] Revert "Update SELinux error" This reverts commit 286d40c81b428abd0557f518566b721edfb947ea. Test: TH Bug: 241172186 Bug: 241172220 Bug: 241172337 Bug: 241172391 Bug: 241172490 Change-Id: Id3453e85aee3ee8e0255d3e53f37ca4488d7c9f9 --- tracking_denials/bug_map | 9 --------- 1 file changed, 9 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index f925d140..f9fbf737 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -6,13 +6,4 @@ dumpstate incident process b/238571420 hal_drm_default default_prop file b/232714489 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 -init app_data_file dir b/241172337 -init app_data_file dir b/241172490 -init gsi_data_file file b/241172337 -init gsi_data_file file b/241172391 -init gsi_data_file file b/241172490 -init privapp_data_file dir b/241172337 -init privapp_data_file dir b/241172490 -init system_app_data_file dir b/241172337 -init system_app_data_file dir b/241172490 su modem_img_file filesystem b/238825802 From 443da0523acd5530a69794f216eebd90867a36ed Mon Sep 17 00:00:00 2001 From: Wiwit Rifa'i Date: Tue, 16 Aug 2022 13:22:33 +0800 Subject: [PATCH 025/116] Add SE policies for HWC logs Bug: 230361290 Test: adb bugreport Test: adb shell vndservice call Exynos.HWCService 11 i32 0 i32 308 i32 1 Change-Id: I20ec7ee1856a45d271e0e6ebfd7eb74525b96f77 --- whitechapel/vendor/google/file.te | 1 + whitechapel/vendor/google/file_contexts | 1 + whitechapel/vendor/google/hal_dumpstate_default.te | 3 +++ whitechapel/vendor/google/hal_graphics_composer_default.te | 4 ++++ 4 files changed, 9 insertions(+) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index ff41adfe..479732e4 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -7,6 +7,7 @@ type vendor_media_data_file, file_type, data_file_type; type vendor_log_file, file_type, data_file_type; type vendor_cbd_log_file, file_type, data_file_type; type vendor_dmd_log_file, file_type, data_file_type; +type vendor_hwc_log_file, file_type, data_file_type; type vendor_rfsd_log_file, file_type, data_file_type; type vendor_dump_log_file, file_type, data_file_type; type vendor_rild_log_file, file_type, data_file_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index da2222b2..b258cc89 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -154,6 +154,7 @@ /data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 /data/vendor/log/cbd(/.*)? u:object_r:vendor_cbd_log_file:s0 /data/vendor/log/dmd(/.*)? u:object_r:vendor_dmd_log_file:s0 +/data/vendor/log/hwc(/.*)? u:object_r:vendor_hwc_log_file:s0 /data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 /data/vendor/log/dump(/.*)? u:object_r:vendor_dump_log_file:s0 /data/vendor/log/rild(/.*)? u:object_r:vendor_rild_log_file:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 01c69b49..6dc4cde0 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -20,6 +20,9 @@ allow hal_dumpstate_default shell_data_file:file getattr; allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms; allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms; +allow hal_dumpstate_default vendor_hwc_log_file:dir r_dir_perms; +allow hal_dumpstate_default vendor_hwc_log_file:file r_file_perms; + allow hal_dumpstate_default vendor_rfsd_log_file:dir r_dir_perms; allow hal_dumpstate_default vendor_rfsd_log_file:file r_file_perms; diff --git a/whitechapel/vendor/google/hal_graphics_composer_default.te b/whitechapel/vendor/google/hal_graphics_composer_default.te index 0562aa0e..2cf6140d 100644 --- a/whitechapel/vendor/google/hal_graphics_composer_default.te +++ b/whitechapel/vendor/google/hal_graphics_composer_default.te @@ -4,3 +4,7 @@ allow hal_graphics_composer_default sysfs_display:file rw_file_perms; # allow HWC to access power hal binder_call(hal_graphics_composer_default, hal_power_default); hal_client_domain(hal_graphics_composer_default, hal_power); + +# allow HWC to write log file +allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms; +allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms; From 0c9ace503c07ffa433beed313b013956f51e9ff8 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 16 Aug 2022 13:58:57 +0800 Subject: [PATCH 026/116] move bcmbt settings to gs-common Bug: 242661555 Test: build pass Change-Id: Ib02f88317c31438871ac84bbe71d359b7186394d --- bluetooth/device.te | 3 --- bluetooth/file_contexts | 6 ------ bluetooth/genfs_contexts | 7 ------- bluetooth/hal_bluetooth_btlinux.te | 22 ---------------------- bluetooth/hwservice.te | 3 --- bluetooth/hwservice_contexts | 6 ------ 6 files changed, 47 deletions(-) delete mode 100644 bluetooth/device.te delete mode 100644 bluetooth/file_contexts delete mode 100644 bluetooth/genfs_contexts delete mode 100644 bluetooth/hal_bluetooth_btlinux.te delete mode 100644 bluetooth/hwservice.te delete mode 100644 bluetooth/hwservice_contexts diff --git a/bluetooth/device.te b/bluetooth/device.te deleted file mode 100644 index a2563322..00000000 --- a/bluetooth/device.te +++ /dev/null @@ -1,3 +0,0 @@ -# Bt Wifi Coexistence device -type wb_coexistence_dev, dev_type; - diff --git a/bluetooth/file_contexts b/bluetooth/file_contexts deleted file mode 100644 index d4681dbd..00000000 --- a/bluetooth/file_contexts +++ /dev/null @@ -1,6 +0,0 @@ -# Bluetooth -/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.1-service\.bcmbtlinux u:object_r:hal_bluetooth_btlinux_exec:s0 - -/dev/wbrc u:object_r:wb_coexistence_dev:s0 -/dev/ttySAC16 u:object_r:hci_attach_dev:s0 - diff --git a/bluetooth/genfs_contexts b/bluetooth/genfs_contexts deleted file mode 100644 index 607e1462..00000000 --- a/bluetooth/genfs_contexts +++ /dev/null @@ -1,7 +0,0 @@ -genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 -genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0 -genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0 -genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0 -genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0 -genfscon proc /bluetooth/timesync u:object_r:proc_bluetooth_writable:s0 - diff --git a/bluetooth/hal_bluetooth_btlinux.te b/bluetooth/hal_bluetooth_btlinux.te deleted file mode 100644 index f348099e..00000000 --- a/bluetooth/hal_bluetooth_btlinux.te +++ /dev/null @@ -1,22 +0,0 @@ -add_hwservice(hal_bluetooth_btlinux, hal_bluetooth_coexistence_hwservice); -get_prop(hal_bluetooth_btlinux, boot_status_prop) - -allow hal_bluetooth_btlinux sysfs_bluetooth_writable:file rw_file_perms; -allow hal_bluetooth_btlinux proc_bluetooth_writable:file rw_file_perms; -allow hal_bluetooth_btlinux hci_attach_dev:chr_file rw_file_perms; -allow hal_bluetooth_btlinux wb_coexistence_dev:chr_file rw_file_perms; -binder_call(hal_bluetooth_btlinux, servicemanager) - -# power stats -vndbinder_use(hal_bluetooth_btlinux) -allow hal_bluetooth_btlinux hal_power_stats_vendor_service:service_manager find; -binder_call(hal_bluetooth_btlinux, hal_power_stats_default) - -allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir create_dir_perms; -allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:file create_file_perms; - -userdebug_or_eng(` - allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms; - allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:file create_file_perms; - allow hal_bluetooth_btlinux logbuffer_device:chr_file r_file_perms; -') diff --git a/bluetooth/hwservice.te b/bluetooth/hwservice.te deleted file mode 100644 index 5e36cd0c..00000000 --- a/bluetooth/hwservice.te +++ /dev/null @@ -1,3 +0,0 @@ -# Bluetooth HAL extension -type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type; - diff --git a/bluetooth/hwservice_contexts b/bluetooth/hwservice_contexts deleted file mode 100644 index 8480b4e1..00000000 --- a/bluetooth/hwservice_contexts +++ /dev/null @@ -1,6 +0,0 @@ -# Bluetooth HAL extension -hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0 -hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0 -hardware.google.bluetooth.ccc::IBluetoothCcc u:object_r:hal_bluetooth_coexistence_hwservice:s0 -hardware.google.bluetooth.ewp::IBluetoothEwp u:object_r:hal_bluetooth_coexistence_hwservice:s0 -hardware.google.bluetooth.ext::IBluetoothExt u:object_r:hal_bluetooth_coexistence_hwservice:s0 From a5cbf912ce97899a0e2c4427f14848fd6d7119c2 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 30 Aug 2022 11:47:01 +0800 Subject: [PATCH 027/116] Move dauntless settings to gs-common Bug: 242479757 Test: build pass on all Gchip devices Change-Id: I9751e59b751f867d4cf734ffe7497a2e22c0c6f9 --- gs101-sepolicy.mk | 3 --- whitechapel/vendor/google/file_contexts | 3 --- whitechapel/vendor/google/hal_dumpstate_default.te | 4 ---- 3 files changed, 10 deletions(-) diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk index d33fcd4e..b9bb717f 100644 --- a/gs101-sepolicy.mk +++ b/gs101-sepolicy.mk @@ -20,9 +20,6 @@ SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/system_ext/priv # # Pixel-wide # -# Dauntless (uses Citadel policy currently) -BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/citadel - # PowerStats HAL BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index da2222b2..efdfd825 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -358,9 +358,6 @@ # RILD files /data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0 -# Citadel StrongBox -/dev/gsc0 u:object_r:citadel_device:s0 - # Tetheroffload Service /dev/dit2 u:object_r:vendor_toe_device:s0 /vendor/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@1\.[0-9]-service u:object_r:hal_tetheroffload_default_exec:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 28137c77..ad36bd10 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -92,10 +92,6 @@ allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans; allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms; allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms; -allow hal_dumpstate_default citadeld_service:service_manager find; -allow hal_dumpstate_default citadel_updater_exec:file execute_no_trans; -binder_call(hal_dumpstate_default, citadeld); - allow hal_dumpstate_default vendor_displaycolor_service:service_manager find; binder_call(hal_dumpstate_default, hal_graphics_composer_default); allow hal_dumpstate_default sysfs_display:dir r_dir_perms; From 5742be1014f3cb37b462495ccae45506d6f64de7 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 5 Sep 2022 11:38:18 +0800 Subject: [PATCH 028/116] move insmod script to gs-common Bug: 243763292 Test: boot to home Change-Id: If676806d806adcd7f1fcecc1199255788e8858ef --- whitechapel/vendor/google/file_contexts | 3 ++- whitechapel/vendor/google/init-display-sh.te | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 whitechapel/vendor/google/init-display-sh.te diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 119b1253..049df568 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -280,7 +280,8 @@ /mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0 # Kernel modules related -/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0 +/vendor/bin/insmod\.sh u:object_r:init-insmod-sh_exec:s0 +/vendor/bin/init\.display\.sh u:object_r:init-display-sh_exec:s0 # USB /vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 diff --git a/whitechapel/vendor/google/init-display-sh.te b/whitechapel/vendor/google/init-display-sh.te new file mode 100644 index 00000000..54ff7d6e --- /dev/null +++ b/whitechapel/vendor/google/init-display-sh.te @@ -0,0 +1,10 @@ +type init-display-sh, domain; +type init-display-sh_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(init-display-sh) + +allow init-display-sh self:capability sys_module; +allow init-display-sh vendor_kernel_modules:system module_load; +allow init-display-sh vendor_toolbox_exec:file execute_no_trans; + +dontaudit init-display-sh proc_cmdline:file r_file_perms; + From c08f9cf882c799b1f72cae07c63609be6953ab0c Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 6 Sep 2022 10:40:01 +0800 Subject: [PATCH 029/116] move insert module script sepolicy to gs-common Bug: 243763292 Test: boot to home with no relevant SELinux error Change-Id: I52fe6631b3ec806a5624375457874d9248927b00 --- whitechapel/vendor/google/file_contexts | 4 ---- whitechapel/vendor/google/init-insmod-sh.te | 20 -------------------- whitechapel/vendor/google/insmod-sh.te | 11 +++++++++++ whitechapel/vendor/google/property.te | 1 - whitechapel/vendor/google/property_contexts | 6 ------ 5 files changed, 11 insertions(+), 31 deletions(-) delete mode 100644 whitechapel/vendor/google/init-insmod-sh.te create mode 100644 whitechapel/vendor/google/insmod-sh.te diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 049df568..5e2efdda 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -280,7 +280,6 @@ /mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0 # Kernel modules related -/vendor/bin/insmod\.sh u:object_r:init-insmod-sh_exec:s0 /vendor/bin/init\.display\.sh u:object_r:init-display-sh_exec:s0 # USB @@ -367,9 +366,6 @@ # battery history /dev/battery_history u:object_r:battery_history_device:s0 -# Vendor_kernel_modules -/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0 - # Display /vendor/lib(64)?/libion_google\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 diff --git a/whitechapel/vendor/google/init-insmod-sh.te b/whitechapel/vendor/google/init-insmod-sh.te deleted file mode 100644 index d345e193..00000000 --- a/whitechapel/vendor/google/init-insmod-sh.te +++ /dev/null @@ -1,20 +0,0 @@ -type init-insmod-sh, domain; -type init-insmod-sh_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(init-insmod-sh) - -allow init-insmod-sh self:capability sys_module; -allow init-insmod-sh sysfs_leds:dir r_dir_perms; -allow init-insmod-sh vendor_kernel_modules:system module_load; -allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans; - -allow init-insmod-sh self:capability sys_nice; -allow init-insmod-sh kernel:process setsched; - -set_prop(init-insmod-sh, vendor_device_prop) - -userdebug_or_eng(` - allow init-insmod-sh vendor_regmap_debugfs:dir search; -') - -dontaudit init-insmod-sh proc_cmdline:file r_file_perms; -dontaudit init-insmod-sh self:key write; diff --git a/whitechapel/vendor/google/insmod-sh.te b/whitechapel/vendor/google/insmod-sh.te new file mode 100644 index 00000000..3c430ffb --- /dev/null +++ b/whitechapel/vendor/google/insmod-sh.te @@ -0,0 +1,11 @@ +allow insmod-sh sysfs_leds:dir r_dir_perms; + +allow insmod-sh self:capability sys_nice; +allow insmod-sh kernel:process setsched; + +userdebug_or_eng(` + allow insmod-sh vendor_regmap_debugfs:dir search; +') + +dontaudit insmod-sh proc_cmdline:file r_file_perms; +dontaudit insmod-sh self:key write; diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 31ee4b8f..cac5e483 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -4,7 +4,6 @@ vendor_internal_prop(vendor_rcs_prop) vendor_internal_prop(vendor_rild_prop) vendor_internal_prop(sensors_prop) vendor_internal_prop(vendor_ssrdump_prop) -vendor_internal_prop(vendor_device_prop) vendor_internal_prop(vendor_usb_config_prop) vendor_internal_prop(vendor_secure_element_prop) vendor_internal_prop(vendor_cbd_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 5eba1f8d..e5a1d673 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -15,12 +15,6 @@ persist.vendor.sys.crash_rcu u:object_r:vendor_ramdump_prop:s0 vendor.debug.ssrdump. u:object_r:vendor_ssrdump_prop:s0 persist.vendor.sys.ssr. u:object_r:vendor_ssrdump_prop:s0 -# Kernel modules related -vendor.common.modules.ready u:object_r:vendor_device_prop:s0 -vendor.device.modules.ready u:object_r:vendor_device_prop:s0 -vendor.all.modules.ready u:object_r:vendor_device_prop:s0 -vendor.all.devices.ready u:object_r:vendor_device_prop:s0 - # for codec2 vendor.debug.c2.level u:object_r:vendor_codec2_debug_prop:s0 vendor.debug.c2.dump u:object_r:vendor_codec2_debug_prop:s0 From 3cd938479948f4a202d1b9dfcb0516d092d7aa3f Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 27 Sep 2022 17:03:38 +0800 Subject: [PATCH 030/116] dump f2fs in gs-common Bug: 248143736 Test: adb bugreport Change-Id: I902030f7960b2247e9b8e913e78d447741423efb --- whitechapel/vendor/google/file.te | 1 - whitechapel/vendor/google/genfs_contexts | 1 - whitechapel/vendor/google/hal_dumpstate_default.te | 3 --- 3 files changed, 5 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 479732e4..baf55b15 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -79,7 +79,6 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type mediadrm_vendor_data_file, file_type, data_file_type; # Storage Health HAL -type debugfs_f2fs, debugfs_type, fs_type; type proc_f2fs, proc_type, fs_type; type bootdevice_sysdev, dev_type; diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 5e7cd508..2c59fc03 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -62,7 +62,6 @@ genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0057/chg_stats genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 # Storage -genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0 genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0 genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0 genfscon sysfs /devices/platform/14700000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index ab010490..9ac16fe6 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -110,7 +110,6 @@ userdebug_or_eng(` allow hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms; ') -get_prop(hal_dumpstate_default, boottime_public_prop) get_prop(hal_dumpstate_default, vendor_gps_prop) set_prop(hal_dumpstate_default, vendor_modem_prop) get_prop(hal_dumpstate_default, vendor_rild_prop) @@ -157,8 +156,6 @@ userdebug_or_eng(` allow hal_dumpstate_default sysfs_bcl:lnk_file read; allow hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms; allow hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms; - allow hal_dumpstate_default debugfs_f2fs:dir r_dir_perms; - allow hal_dumpstate_default debugfs_f2fs:file r_file_perms; set_prop(hal_dumpstate_default, vendor_tcpdump_log_prop) ') From d19e0dded9ffb34b9d8e58923d749ddf888f7986 Mon Sep 17 00:00:00 2001 From: Xusong Wang Date: Fri, 13 May 2022 16:02:06 -0700 Subject: [PATCH 031/116] Configure Edge TPU DBA HAL sepolicy. Bug: 245792277 Test: edgetpu_dba_hal_test Change-Id: I567961327e00b728b1d188e07b6ae3f10f42d847 --- edgetpu/edgetpu_dba_service.te | 38 ++++++++++++++++++++++++++++++++++ edgetpu/file_contexts | 5 +++++ edgetpu/priv_app.te | 3 +++ edgetpu/service.te | 1 + edgetpu/service_contexts | 2 ++ 5 files changed, 49 insertions(+) create mode 100644 edgetpu/edgetpu_dba_service.te diff --git a/edgetpu/edgetpu_dba_service.te b/edgetpu/edgetpu_dba_service.te new file mode 100644 index 00000000..2e8f908a --- /dev/null +++ b/edgetpu/edgetpu_dba_service.te @@ -0,0 +1,38 @@ +# EdgeTPU DBA service. +type edgetpu_dba_server, domain; +type edgetpu_dba_server_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(edgetpu_dba_server) + +# The vendor service will use binder calls. +binder_use(edgetpu_dba_server); + +# The vendor service will serve a binder service. +binder_service(edgetpu_dba_server); + +# EdgeTPU DBA service to register the service to service_manager. +add_service(edgetpu_dba_server, edgetpu_dba_service); + +# Allow EdgeTPU DBA service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc. +allow edgetpu_dba_server edgetpu_device:chr_file rw_file_perms; + +# Allow EdgeTPU DBA service to request power hints from the Power Service. +hal_client_domain(edgetpu_dba_server, hal_power) + +# Allow EdgeTPU DBA service to access hardware buffers and ION memory. +allow edgetpu_dba_server hal_allocator:fd use; +allow edgetpu_dba_server hal_graphics_mapper_hwservice:hwservice_manager find; +allow edgetpu_dba_server hal_graphics_allocator:fd use; +allow edgetpu_dba_server gpu_device:chr_file rw_file_perms; +allow edgetpu_dba_server gpu_device:dir r_dir_perms; +allow edgetpu_dba_server ion_device:chr_file r_file_perms; + +# Allow EdgeTPU DBA service to read the overcommit_memory info. +allow edgetpu_dba_server proc_overcommit_memory:file r_file_perms; + +# Allow EdgeTPU DBA service to read the kernel version. +# This is done inside the InitGoogle. +allow edgetpu_dba_server proc_version:file r_file_perms; + +# Allow EdgeTPU DBA service to send trace packets to Perfetto with SELinux enabled +# under userdebug builds. +userdebug_or_eng(`perfetto_producer(edgetpu_dba_server)') diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts index 04f8491f..bfd5f608 100644 --- a/edgetpu/file_contexts +++ b/edgetpu/file_contexts @@ -25,3 +25,8 @@ # EdgeTPU metrics logging service. /vendor/lib64/libmetrics_logger\.so u:object_r:same_process_hal_file:s0 + +# EdgeTPU DBA service +/vendor/bin/hw/com\.google\.edgetpu.dba-service u:object_r:edgetpu_dba_server_exec:s0 +/vendor/lib64/com\.google\.edgetpu.dba-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libedgetpu_dba_hal\.so u:object_r:same_process_hal_file:s0 diff --git a/edgetpu/priv_app.te b/edgetpu/priv_app.te index db6e0a27..63f76b8a 100644 --- a/edgetpu/priv_app.te +++ b/edgetpu/priv_app.te @@ -10,3 +10,6 @@ allow priv_app edgetpu_device:chr_file { getattr read write ioctl map }; # Allows privileged applications to access the PowerHAL. hal_client_domain(priv_app, hal_power) + +# Allows privileged applications to discover the EdgeTPU DBA service. +allow priv_app edgetpu_dba_service:service_manager find; diff --git a/edgetpu/service.te b/edgetpu/service.te index 09fa9cba..08658685 100644 --- a/edgetpu/service.te +++ b/edgetpu/service.te @@ -3,3 +3,4 @@ type edgetpu_app_service, service_manager_type; type edgetpu_vendor_service, service_manager_type, hal_service_type; type edgetpu_nnapi_service, app_api_service, service_manager_type; +type edgetpu_dba_service, app_api_service, service_manager_type; diff --git a/edgetpu/service_contexts b/edgetpu/service_contexts index 76fe43da..23a0fab8 100644 --- a/edgetpu/service_contexts +++ b/edgetpu/service_contexts @@ -5,3 +5,5 @@ com.google.edgetpu.IEdgeTpuVendorService/default u:object_r:edgetpu_ve # TPU NNAPI Service android.hardware.neuralnetworks.IDevice/google-edgetpu u:object_r:edgetpu_nnapi_service:s0 +# EdgeTPU DBA Service +com.google.edgetpu.dba.IDevice/default u:object_r:edgetpu_dba_service:s0 From a190e33522012ff73bc9701a2ecb569ab1903aef Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 28 Sep 2022 13:20:33 +0800 Subject: [PATCH 032/116] move UFS dump to gs-common Bug: 248143736 Test: adb bugreport Change-Id: I3446ab420a0e8a0104dcc63c1cfd4c1a04060cdd --- whitechapel/vendor/google/hal_dumpstate_default.te | 3 --- 1 file changed, 3 deletions(-) diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 9ac16fe6..3889387f 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -92,9 +92,6 @@ allow hal_dumpstate_default sysfs_chip_id:file r_file_perms; allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans; allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans; -allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms; -allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms; - allow hal_dumpstate_default vendor_displaycolor_service:service_manager find; binder_call(hal_dumpstate_default, hal_graphics_composer_default); allow hal_dumpstate_default sysfs_display:dir r_dir_perms; From 2acd1c0e73e31a70af25fe58bc081ac65791c38b Mon Sep 17 00:00:00 2001 From: Rajesh Nyamagoud Date: Thu, 22 Sep 2022 20:42:30 +0000 Subject: [PATCH 033/116] Updated confirmationui HAL binary name. Ignore-AOSP-First: Dependent on internal change. Bug: b/205760172 Test: Run confirmation UI test using CTS Verifier Change-Id: I690f6eb49f47bdf2d2790b0a6c9b0c45ca819a31 --- confirmationui/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/confirmationui/file_contexts b/confirmationui/file_contexts index 49db4171..377857d0 100644 --- a/confirmationui/file_contexts +++ b/confirmationui/file_contexts @@ -1,4 +1,4 @@ /vendor/bin/securedpud\.slider u:object_r:securedpud_slider_exec:s0 -/vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service\.trusty\.vendor u:object_r:hal_confirmationui_default_exec:s0 +/vendor/bin/hw/android\.hardware\.confirmationui-service\.trusty\.vendor u:object_r:hal_confirmationui_default_exec:s0 /dev/tui-driver u:object_r:tui_device:s0 From d0af280f501bd17dc59b3529af7bd38cab1f5d8b Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 29 Sep 2022 15:17:08 +0800 Subject: [PATCH 034/116] move ramdump relate dumpstate to gs-common Bug: 248428203 Test: adb bugreport Change-Id: I16898410318dd8f396c68cd9096a4eb49358b784 --- whitechapel/vendor/google/hal_dumpstate_default.te | 4 ---- 1 file changed, 4 deletions(-) diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 3889387f..38e2abfc 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -103,8 +103,6 @@ allow hal_dumpstate_default proc_vendor_sched:file r_file_perms; userdebug_or_eng(` allow hal_dumpstate_default mnt_vendor_file:dir search; - allow hal_dumpstate_default ramdump_vendor_mnt_file:dir search; - allow hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms; ') get_prop(hal_dumpstate_default, vendor_gps_prop) @@ -193,8 +191,6 @@ dontaudit hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms; dontaudit hal_dumpstate_default vendor_votable_debugfs:file r_file_perms; dontaudit hal_dumpstate_default mnt_vendor_file:dir r_dir_perms; -dontaudit hal_dumpstate_default ramdump_vendor_mnt_file:dir search; -dontaudit hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms; dontaudit hal_dumpstate_default sysfs_bcl:dir r_dir_perms; dontaudit hal_dumpstate_default sysfs_bcl:file r_file_perms; From ac878d3f629291bc6229dad4315da40f7b372cc2 Mon Sep 17 00:00:00 2001 From: Vaibhav Devmurari Date: Mon, 3 Oct 2022 13:01:26 +0000 Subject: [PATCH 035/116] Add SePolicy for system_server accessing sysfs for USB devices Add SePolicy to allow Android input manager accessing sysfs nodes for external USB devices To support input device lights manager feature in frameworks, provide sysfs node access to system server process. DD: go/pk_backlight_control (For keyboard backlight control for external keyboards) Kernel provides a standardized LED interface to expose LED controls over sysfs: https://docs.kernel.org/leds/leds-class.html The feature will be provided for devices with kernel sysfs class led support and vendor kernel driver for input controllers that do have lights. The kernel sysfs class led support is a kernel config option (LEDS_CLASS), and an input device driver will create the sysfs class node interface. By giving system_server the access to these sysfs nodes, the feature will work on devices with the kernel option and kernel input/hid driver support. We do use CTS tests to enforce the kernel options and the input device drivers. What's already supported? - We already support access to UHID sysfs node which used for all bluetooth based external peripherals What's included in this CL? - Adding support to access sysfs nodes for USB based external devices Test: manual Bug: 245506418 Change-Id: Ieb55614ed651b85f0e6752a17d02f4d370fd1e6f --- whitechapel/vendor/google/genfs_contexts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 2c59fc03..aabe7653 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -259,6 +259,10 @@ genfscon proc /nvt_pen_diff genfscon proc /nvt_raw u:object_r:proc_touch:s0 genfscon proc /nvt_selftest u:object_r:proc_touch:s0 +# Input +genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 +genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 + # GPS genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0 genfscon sysfs /devices/virtual/pps/pps0/assert_elapsed u:object_r:sysfs_gps_assert:s0 From 6d2d8a991491294373cc6c8ce9b0e4ef4a7164bb Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 4 Oct 2022 09:06:15 +0800 Subject: [PATCH 036/116] move trusty dump from gs101 to gs-common Bug: 244504232 Test: adb bugreport Change-Id: I7a93c9ef7d07e92f0fd508c016a264c26a4e0b1e --- whitechapel/vendor/google/file_contexts | 1 - whitechapel/vendor/google/logd.te | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 3f10d22c..9d3df942 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -339,7 +339,6 @@ /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 /mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 /dev/sg1 u:object_r:sg_device:s0 -/dev/trusty-log0 u:object_r:logbuffer_device:s0 # Battery /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 diff --git a/whitechapel/vendor/google/logd.te b/whitechapel/vendor/google/logd.te index cc55e204..ca969d80 100644 --- a/whitechapel/vendor/google/logd.te +++ b/whitechapel/vendor/google/logd.te @@ -1,2 +1,4 @@ r_dir_file(logd, logbuffer_device) allow logd logbuffer_device:chr_file r_file_perms; +allow logd trusty_log_device:chr_file r_file_perms; + From 0508a69dbda819b7ae16296ccebb3d12b3f3f915 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 4 Oct 2022 12:56:28 +0800 Subject: [PATCH 037/116] move soc dump to gs-common Bug: 248428203 Test: adb bugreport Change-Id: I09c8279685626125ab1c5a6b73d1143de7ae2f1d --- whitechapel/vendor/google/genfs_contexts | 7 ------- whitechapel/vendor/google/hal_dumpstate_default.te | 1 - 2 files changed, 8 deletions(-) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 2c59fc03..e58f4441 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -366,13 +366,6 @@ genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/gpu_light_clk_ratio # Chosen genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 -genfscon sysfs /devices/system/chip-id/ap_hw_tune_str u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/evt_ver u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/lot_id u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/product_id u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/raw_str u:object_r:sysfs_chip_id:s0 - # OTA genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 38e2abfc..67d59413 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -87,7 +87,6 @@ allow hal_dumpstate_default proc_touch:file rw_file_perms; allow hal_dumpstate_default sysfs_batteryinfo:dir search; allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms; allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms; -allow hal_dumpstate_default sysfs_chip_id:file r_file_perms; allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans; allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans; From cba306cc3baf8601fb138b1300fdc02e314642b9 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 5 Oct 2022 10:30:09 +0800 Subject: [PATCH 038/116] move modem dump to gs-common Bug: 250475732 Test: adb bugreport Change-Id: I07bc213a6136d5803316062c3fddd55fc557c4b2 --- whitechapel/vendor/google/hal_dumpstate_default.te | 8 -------- 1 file changed, 8 deletions(-) diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 67d59413..ac963609 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -23,9 +23,6 @@ allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms; allow hal_dumpstate_default vendor_hwc_log_file:dir r_dir_perms; allow hal_dumpstate_default vendor_hwc_log_file:file r_file_perms; -allow hal_dumpstate_default vendor_rfsd_log_file:dir r_dir_perms; -allow hal_dumpstate_default vendor_rfsd_log_file:file r_file_perms; - # camera debugging dump file access allow hal_dumpstate_default vendor_camera_data_file:dir r_dir_perms; allow hal_dumpstate_default vendor_camera_data_file:file r_file_perms; @@ -43,9 +40,6 @@ userdebug_or_eng(` allow hal_dumpstate_default sensor_debug_data_file:file r_file_perms; ') -allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; -allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:file r_file_perms; - allow hal_dumpstate_default sysfs_acpm_stats:dir r_dir_perms; allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms; @@ -74,8 +68,6 @@ allow hal_dumpstate_default sysfs_thermal:lnk_file read; # Modem logs allow hal_dumpstate_default modem_efs_file:dir search; allow hal_dumpstate_default modem_efs_file:file r_file_perms; -allow hal_dumpstate_default modem_stat_data_file:dir r_dir_perms; -allow hal_dumpstate_default modem_stat_data_file:file r_file_perms; allow hal_dumpstate_default vendor_slog_file:file r_file_perms; allow hal_dumpstate_default block_device:dir r_dir_perms; From f15d1599ef63056498e1bce3644c113f6f534fcc Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 12 Oct 2022 11:31:57 +0800 Subject: [PATCH 039/116] remove redundant permission that has moved to gs-common Bug: 248426917 Test: adb bugreport Change-Id: I2b1f26164e9590dadd6eae4c14cb65a1c34197fa --- whitechapel/vendor/google/hal_dumpstate_default.te | 3 --- 1 file changed, 3 deletions(-) diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index ac963609..20981247 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -43,9 +43,6 @@ userdebug_or_eng(` allow hal_dumpstate_default sysfs_acpm_stats:dir r_dir_perms; allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms; -allow hal_dumpstate_default sysfs_aoc:dir r_dir_perms; -allow hal_dumpstate_default sysfs_aoc_dumpstate:file r_file_perms; - allow hal_dumpstate_default sysfs_spi:dir search; allow hal_dumpstate_default sysfs_spi:file rw_file_perms; From 2933a7f1057337477afac2292234c3e3973bd66e Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 12 Oct 2022 15:25:17 +0800 Subject: [PATCH 040/116] upgrade dumpstate from hidl to aidl Bug: 240530709 Test: adb bugreport Change-Id: If5f81174f7881100bff21462ff4aef9ff62357d4 --- whitechapel/vendor/google/file_contexts | 2 +- whitechapel/vendor/google/hal_dumpstate_default.te | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 9d3df942..63017f38 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -27,7 +27,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.1-service-brcm u:object_r:hal_gnss_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@2\.0-service-brcm u:object_r:hal_gnss_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service-brcm u:object_r:hal_gnss_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.1-service\.gs101 u:object_r:hal_dumpstate_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate-service\.gs101 u:object_r:hal_dumpstate_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.gs101 u:object_r:hal_power_stats_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 # Wireless charger HAL diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 20981247..b1f59800 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -7,6 +7,7 @@ allow hal_dumpstate_default sysfs_bcmdhd:file r_file_perms; allow hal_dumpstate_default sysfs_memory:file r_file_perms; allow hal_dumpstate_default sysfs_cpu:file r_file_perms; +binder_use(hal_dumpstate_default) vndbinder_use(hal_dumpstate_default) allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms; From ecd597b98adf0c6c0c3807708760b61fae57bfba Mon Sep 17 00:00:00 2001 From: timmyli Date: Fri, 14 Oct 2022 01:55:04 +0000 Subject: [PATCH 041/116] Add aoc_device access to P21 devices. Camera hal Since we plan to apply rls refactor to P21 devices as well. Add access to camera_hal to aoc_device for these devices. Bug: 253493159 Test: Compiles Change-Id: I43728c723e0cfc7cdde5377260af6075d4672e7b --- whitechapel/vendor/google/hal_camera_default.te | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/hal_camera_default.te b/whitechapel/vendor/google/hal_camera_default.te index 2e36e4a8..d78cf7ad 100644 --- a/whitechapel/vendor/google/hal_camera_default.te +++ b/whitechapel/vendor/google/hal_camera_default.te @@ -103,4 +103,7 @@ dontaudit hal_camera_default system_data_file:dir { search }; # google3 prebuilts attempt to connect to the wrong trace socket, ignore them. dontaudit hal_camera_default traced:unix_stream_socket { connectto }; -dontaudit hal_camera_default traced_producer_socket:sock_file { write }; \ No newline at end of file +dontaudit hal_camera_default traced_producer_socket:sock_file { write }; + +# Allow access to always-on compute device node +allow hal_camera_default aoc_device:chr_file rw_file_perms; From 4dc474a7b3ae6a52848bf4b36d6931f3126f018f Mon Sep 17 00:00:00 2001 From: Chungkai Mei Date: Wed, 12 Oct 2022 17:06:05 +0000 Subject: [PATCH 042/116] sepolicy: ignore and fix avc denial ignore and fix avc denial Bug: 228181404 Test: boot without avc denial Signed-off-by: Chungkai Mei Change-Id: I83640aae46bd1823c4e4dcf15f00e64fa7a87aef --- whitechapel/vendor/google/genfs_contexts | 306 +++++++++++++++++++---- whitechapel/vendor/google/kernel.te | 1 + 2 files changed, 257 insertions(+), 50 deletions(-) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 5e7cd508..e128cca5 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -31,7 +31,12 @@ genfscon sysfs /devices/platform/10d50000.hsi2c genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-7/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 - +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 @@ -56,6 +61,11 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-p9412 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d30000.spi/spi_master/spi10/spi10.0/uwb/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/0-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/1-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 @@ -86,9 +96,17 @@ genfscon sysfs /devices/platform/10d30000.spi/spi_master/spi10/spi10.0/ieee80215 genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/gadget/net u:object_r:sysfs_net:s0 # Vibrator +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/0-0043 u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/0-005a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/1-0043 u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/1-005a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/2-0043 u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/2-005a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/3-0043 u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/3-005a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-0043 u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0043 u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-005a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0043 u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-005a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/6-0043 u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/6-005a u:object_r:sysfs_vibrator:s0 @@ -96,7 +114,16 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/7-0043 u:object genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/7-005a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0043 u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-005a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-cs40l25a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-cs40l25a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-cs40l25a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-cs40l25a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-cs40l25a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-cs40l25a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-cs40l25a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-cs40l25a-dual u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l25a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l25a-dual u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l25a-dual u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l25a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l25a-dual u:object_r:sysfs_vibrator:s0 @@ -110,12 +137,31 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l25a u:object genfscon sysfs /devices/platform/odm/odm:fp_fpc1020 u:object_r:sysfs_fingerprint:s0 # System_suspend +genfscon sysfs /devices/platform/10960000.hsi2c/i2c-0/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10960000.hsi2c/i2c-1/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10960000.hsi2c/i2c-2/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-3/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-4/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-5/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-6/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-7/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-8/i2c-st21nfc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/1-0043/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-cs40l25a/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/i2c-p9412/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/1-0043/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-cs40l25a/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/i2c-p9412/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/2-0043/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-cs40l25a/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-p9412/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/3-0043/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-cs40l25a/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-p9412/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-0043/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l25a/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 @@ -137,6 +183,20 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l25a/wakeup genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-p9412/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/0-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/0-0057/power_supply/pca9468-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/0-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/0-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/i2c-max77759tcpc/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/1-0057/power_supply/pca9468-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/1-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/1-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/i2c-max77759tcpc/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-2/2-0057/power_supply/pca9468-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 @@ -214,22 +274,64 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/wake genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/0-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/0-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/0-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/0-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/0-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/0-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/2-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/3-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/4-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/5-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/6-002f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/cpif/wakeup u:object_r:sysfs_wakeup:s0 @@ -287,48 +389,14 @@ genfscon sysfs /devices/platform/cp-tm1/cp_temp u genfscon sysfs /devices/platform/175b0000.serial/serial0/serial0-0/bluetooth/hci0/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 # ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 - -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 - -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/0-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/0-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/0-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/0-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 @@ -337,6 +405,62 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mp genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/2-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/2-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/2-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/2-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/3-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/3-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/3-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/3-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/4-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/4-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/4-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/4-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/5-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/5-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/5-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/5-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/6-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/6-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/6-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/6-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 @@ -355,6 +479,79 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-mete genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/8-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/8-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/8-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/8-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 + # bcl sysfs files genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0 genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_heavy_clk_ratio u:object_r:sysfs_bcl:s0 @@ -429,6 +626,10 @@ genfscon sysfs /devices/platform/1c500000.mali/kprcs genfscon sysfs /devices/platform/1c500000.mali/power_policy u:object_r:sysfs_gpu:s0 # nvmem (Non Volatile Memory layer) +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/0-0050/0-00500/nvmem u:object_r:sysfs_memory:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/1-0050/1-00500/nvmem u:object_r:sysfs_memory:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/2-0050/2-00500/nvmem u:object_r:sysfs_memory:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/3-0050/3-00500/nvmem u:object_r:sysfs_memory:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-0050/4-00500/nvmem u:object_r:sysfs_memory:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0050/5-00500/nvmem u:object_r:sysfs_memory:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/6-0050/6-00500/nvmem u:object_r:sysfs_memory:s0 @@ -440,6 +641,9 @@ genfscon sysfs /module/bcmdhd4389 # Power Stats genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10960000.hsi2c/i2c-0/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10960000.hsi2c/i2c-1/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10960000.hsi2c/i2c-2/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-3/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-4/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/10960000.hsi2c/i2c-5/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0 @@ -510,6 +714,8 @@ genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0 # Extcon +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-0/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-1/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-2/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-3/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-4/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0 diff --git a/whitechapel/vendor/google/kernel.te b/whitechapel/vendor/google/kernel.te index c34e7f72..fa6c2fac 100644 --- a/whitechapel/vendor/google/kernel.te +++ b/whitechapel/vendor/google/kernel.te @@ -9,3 +9,4 @@ allow kernel self:capability2 perfmon; allow kernel self:perf_event cpu; dontaudit kernel vendor_battery_debugfs:dir search; +dontaudit kernel vendor_maxfg_debugfs:dir { search }; From 536b9a4ee6c901daaa7a18509a845c5ecffb5054 Mon Sep 17 00:00:00 2001 From: Michael Butler Date: Wed, 19 Oct 2022 10:29:23 -0700 Subject: [PATCH 043/116] Remove same_process_hal_file attribute from libedgetpu_dba_hal libedgetpu_dba_hal.so is changed from /vendor to /system_ext in this topic, so this CL removes the now-unnecessary same_process_hal_file attribute from libedgetpu_dba_hal and its AIDL interface. Bug: 245792277 Test: mma Test: atest edgetpu_dba_hal_test Change-Id: Ibbe58fa8c0992f28b54b69308345b3729d77ef90 --- edgetpu/file_contexts | 2 -- 1 file changed, 2 deletions(-) diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts index bfd5f608..62002307 100644 --- a/edgetpu/file_contexts +++ b/edgetpu/file_contexts @@ -28,5 +28,3 @@ # EdgeTPU DBA service /vendor/bin/hw/com\.google\.edgetpu.dba-service u:object_r:edgetpu_dba_server_exec:s0 -/vendor/lib64/com\.google\.edgetpu.dba-V1-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib64/libedgetpu_dba_hal\.so u:object_r:same_process_hal_file:s0 From 72aa5a98fc5c0bda216afa60dbf0cc962f20e270 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 20 Oct 2022 11:22:30 +0800 Subject: [PATCH 044/116] move aoc settings to gs-common Bug: 248426917 Test: boot with aoc launched Change-Id: I891767f10dfac7528b76e27fd2756b77ed46e45c --- whitechapel/vendor/google/aocd.te | 21 ----------- whitechapel/vendor/google/aocdump.te | 19 ---------- whitechapel/vendor/google/device.te | 6 --- whitechapel/vendor/google/file.te | 13 ------- whitechapel/vendor/google/file_contexts | 37 ------------------- whitechapel/vendor/google/genfs_contexts | 12 ------ .../vendor/google/hal_audio_default.te | 35 ------------------ .../google/hal_audiometricext_default.te | 12 ------ whitechapel/vendor/google/hwservice.te | 6 --- whitechapel/vendor/google/hwservice_contexts | 6 --- whitechapel/vendor/google/property.te | 4 -- whitechapel/vendor/google/property_contexts | 16 -------- 12 files changed, 187 deletions(-) delete mode 100644 whitechapel/vendor/google/aocd.te delete mode 100644 whitechapel/vendor/google/aocdump.te delete mode 100644 whitechapel/vendor/google/hal_audio_default.te delete mode 100644 whitechapel/vendor/google/hal_audiometricext_default.te diff --git a/whitechapel/vendor/google/aocd.te b/whitechapel/vendor/google/aocd.te deleted file mode 100644 index 69b0af0d..00000000 --- a/whitechapel/vendor/google/aocd.te +++ /dev/null @@ -1,21 +0,0 @@ -type aocd, domain; -type aocd_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(aocd) - -# access persist files -allow aocd mnt_vendor_file:dir search; -allow aocd persist_file:dir search; -r_dir_file(aocd, persist_aoc_file); - -# sysfs operations -allow aocd sysfs_aoc:dir search; -allow aocd sysfs_aoc_firmware:file w_file_perms; - -# dev operations -allow aocd aoc_device:chr_file rw_file_perms; - -# allow inotify to watch for additions/removals from /dev -allow aocd device:dir r_dir_perms; - -# set properties -set_prop(aocd, vendor_aoc_prop) diff --git a/whitechapel/vendor/google/aocdump.te b/whitechapel/vendor/google/aocdump.te deleted file mode 100644 index ca468a35..00000000 --- a/whitechapel/vendor/google/aocdump.te +++ /dev/null @@ -1,19 +0,0 @@ -type aocdump, domain; -type aocdump_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(aocdump) - -userdebug_or_eng(` - # Permit communication with AoC - allow aocdump aoc_device:chr_file rw_file_perms; - - allow aocdump radio_vendor_data_file:dir rw_dir_perms; - allow aocdump radio_vendor_data_file:file create_file_perms; - allow aocdump wifi_logging_data_file:dir create_dir_perms; - allow aocdump wifi_logging_data_file:file create_file_perms; - set_prop(aocdump, vendor_audio_prop); - r_dir_file(aocdump, proc_asound) - - allow aocdump self:unix_stream_socket create_stream_socket_perms; - allow aocdump property_socket:sock_file { write }; - allow aocdump audio_vendor_data_file:sock_file { create unlink }; -') diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te index 7a70e332..c2701d05 100644 --- a/whitechapel/vendor/google/device.te +++ b/whitechapel/vendor/google/device.te @@ -33,15 +33,9 @@ type faceauth_heap_device, dmabuf_heap_device_type, dev_type; #vscaler-secure DMA-BUF heap type vscaler_heap_device, dmabuf_heap_device_type, dev_type; -# AOC device -type aoc_device, dev_type; - # Fingerprint device type fingerprint_device, dev_type; -# AMCS device -type amcs_device, dev_type; - # Raw HID device type hidraw_device, dev_type; diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index baf55b15..3f3c8534 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -90,19 +90,6 @@ type per_boot_file, file_type, data_file_type, core_data_file_type; type proc_touch, proc_type, fs_type, mlstrustedobject; type sysfs_touch, sysfs_type, fs_type; -# AOC -type sysfs_aoc_dumpstate, sysfs_type, fs_type; -type sysfs_aoc_boottime, sysfs_type, fs_type; -type sysfs_aoc_firmware, sysfs_type, fs_type; -type sysfs_aoc, sysfs_type, fs_type; -type sysfs_aoc_reset, sysfs_type, fs_type; - -# Audio -type persist_audio_file, file_type, vendor_persist_type; -type persist_aoc_file, file_type, vendor_persist_type; -type audio_vendor_data_file, file_type, data_file_type; -type aoc_audio_file, file_type, vendor_file_type; - # RILD type rild_vendor_data_file, file_type, data_file_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 6077cd7a..98c76319 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -249,10 +249,6 @@ # Sensors /data/vendor/sensor(/.*)? u:object_r:sensor_vendor_data_file:s0 -/dev/acd-com.google.usf u:object_r:aoc_device:s0 -/dev/acd-com.google.usf.non_wake_up u:object_r:aoc_device:s0 -/dev/acd-logging u:object_r:aoc_device:s0 -/dev/aoc u:object_r:aoc_device:s0 # Contexthub /vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 @@ -266,9 +262,6 @@ /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 /data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 -# Audio logging -/vendor/bin/aocdump u:object_r:aocdump_exec:s0 - # modem_svc_sit files /vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0 /data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 @@ -302,33 +295,6 @@ /dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 /dev/logbuffer_tty16 u:object_r:logbuffer_device:s0 -# Audio -/mnt/vendor/persist/aoc(/.*)? u:object_r:persist_aoc_file:s0 -/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0 -/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0 -/vendor/etc/aoc(/.*)? u:object_r:aoc_audio_file:s0 -/dev/acd-audio_output_tuning u:object_r:aoc_device:s0 -/dev/acd-audio_bulk_tx u:object_r:aoc_device:s0 -/dev/acd-audio_bulk_rx u:object_r:aoc_device:s0 -/dev/acd-audio_input_tuning u:object_r:aoc_device:s0 -/dev/acd-audio_input_bulk_tx u:object_r:aoc_device:s0 -/dev/acd-audio_input_bulk_rx u:object_r:aoc_device:s0 -/dev/acd-sound_trigger u:object_r:aoc_device:s0 -/dev/acd-hotword_notification u:object_r:aoc_device:s0 -/dev/acd-hotword_pcm u:object_r:aoc_device:s0 -/dev/acd-ambient_pcm u:object_r:aoc_device:s0 -/dev/acd-model_data u:object_r:aoc_device:s0 -/dev/acd-debug u:object_r:aoc_device:s0 -/dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0 -/dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0 -/dev/acd-audio_ap_offload_rx u:object_r:aoc_device:s0 -/dev/acd-audio_ap_offload_tx u:object_r:aoc_device:s0 -/dev/amcs u:object_r:amcs_device:s0 - -# AudioMetric -/(vendor|system/vendor)/bin/hw/vendor\.google\.audiometricext@1\.0-service-vendor u:object_r:hal_audiometricext_default_exec:s0 - - # Trusty /vendor/bin/storageproxyd u:object_r:tee_exec:s0 /vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 @@ -343,9 +309,6 @@ # Battery /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -# AoC file contexts. -/vendor/bin/aocd u:object_r:aocd_exec:s0 - # GRIL /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 4b257a44..5c7b98c9 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -681,18 +681,6 @@ genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count # mediacodec genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_video:s0 -# pixelstat_vendor -genfscon sysfs /devices/platform/audiometrics/codec_state u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/hs_codec_state u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/speaker_impedance u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/speaker_excursion u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/speaker_heartbeat u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/hwinfo_part_number u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/ams_rate_read_once u:object_r:sysfs_pixelstats:s0 - # SJTAG genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0 genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0 diff --git a/whitechapel/vendor/google/hal_audio_default.te b/whitechapel/vendor/google/hal_audio_default.te deleted file mode 100644 index 0755cba1..00000000 --- a/whitechapel/vendor/google/hal_audio_default.te +++ /dev/null @@ -1,35 +0,0 @@ -vndbinder_use(hal_audio_default) -hwbinder_use(hal_audio_default) - -allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms; -allow hal_audio_default audio_vendor_data_file:file create_file_perms; - -r_dir_file(hal_audio_default, aoc_audio_file); -r_dir_file(hal_audio_default, mnt_vendor_file); -r_dir_file(hal_audio_default, persist_audio_file); - -allow hal_audio_default persist_file:dir search; -allow hal_audio_default aoc_device:file rw_file_perms; -allow hal_audio_default aoc_device:chr_file rw_file_perms; - -allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add }; - -allow hal_audio_default amcs_device:file rw_file_perms; -allow hal_audio_default amcs_device:chr_file rw_file_perms; -allow hal_audio_default sysfs_pixelstats:file rw_file_perms; - -#allow access to DMABUF Heaps for AAudio API -allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms; - -get_prop(hal_audio_default, vendor_audio_prop); - -hal_client_domain(hal_audio_default, hal_health); -hal_client_domain(hal_audio_default, hal_thermal); -allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find; - -userdebug_or_eng(` - allow hal_audio_default self:unix_stream_socket create_stream_socket_perms; - allow hal_audio_default audio_vendor_data_file:sock_file { create unlink }; -') - -wakelock_use(hal_audio_default); diff --git a/whitechapel/vendor/google/hal_audiometricext_default.te b/whitechapel/vendor/google/hal_audiometricext_default.te deleted file mode 100644 index 5358eac4..00000000 --- a/whitechapel/vendor/google/hal_audiometricext_default.te +++ /dev/null @@ -1,12 +0,0 @@ -type hal_audiometricext_default, domain; -type hal_audiometricext_default_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(hal_audiometricext_default) - -allow hal_audiometricext_default amcs_device:chr_file rw_file_perms; -allow hal_audiometricext_default sysfs_pixelstats:file rw_file_perms; - -get_prop(hal_audiometricext_default, vendor_audio_prop); -get_prop(hal_audiometricext_default, hwservicemanager_prop); - -hwbinder_use(hal_audiometricext_default); -add_hwservice(hal_audiometricext_default, hal_audiometricext_hwservice); diff --git a/whitechapel/vendor/google/hwservice.te b/whitechapel/vendor/google/hwservice.te index a3a3ead1..8afa89a5 100644 --- a/whitechapel/vendor/google/hwservice.te +++ b/whitechapel/vendor/google/hwservice.te @@ -10,15 +10,9 @@ type hal_exynos_rild_hwservice, hwservice_manager_type; # GRIL service type hal_radioext_hwservice, hwservice_manager_type; -# Audio -type hal_audio_ext_hwservice, hwservice_manager_type; - # WLC type hal_wlc_hwservice, hwservice_manager_type; # Fingerprint type hal_fingerprint_ext_hwservice, hwservice_manager_type; -# AudioMetric -type hal_audiometricext_hwservice, hwservice_manager_type; - diff --git a/whitechapel/vendor/google/hwservice_contexts b/whitechapel/vendor/google/hwservice_contexts index 30207772..baf720bf 100644 --- a/whitechapel/vendor/google/hwservice_contexts +++ b/whitechapel/vendor/google/hwservice_contexts @@ -17,15 +17,9 @@ android.hardware.media.c2::IConfigurable u:object_r:hal_c # GRIL HAL vendor.google.radioext::IRadioExt u:object_r:hal_radioext_hwservice:s0 -#Audio -vendor.google.whitechapel.audio.audioext::IAudioExt u:object_r:hal_audio_ext_hwservice:s0 - # Wireless charger hal vendor.google.wireless_charger::IWirelessCharger u:object_r:hal_wlc_hwservice:s0 # Fingerprint vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0 -#Audio -vendor.google.audiometricext::IAudioMetricExt u:object_r:hal_audiometricext_hwservice:s0 - diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index cac5e483..02c40756 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -14,7 +14,6 @@ vendor_internal_prop(vendor_persist_config_default_prop) vendor_internal_prop(vendor_sys_default_prop) vendor_internal_prop(vendor_ro_sys_default_prop) vendor_internal_prop(vendor_persist_sys_default_prop) -vendor_internal_prop(vendor_audio_prop) vendor_internal_prop(vendor_codec2_debug_prop) vendor_internal_prop(vendor_display_prop) vendor_internal_prop(vendor_camera_prop) @@ -28,9 +27,6 @@ vendor_internal_prop(vendor_battery_defender_prop) # Battery profile for harness mode vendor_internal_prop(vendor_battery_profile_prop) -# AoC -vendor_internal_prop(vendor_aoc_prop) - # Logger vendor_internal_prop(vendor_logger_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 1085b3b5..4c8eb701 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -46,19 +46,6 @@ vendor.sys. u:object_r:vendor_sys_default_prop:s0 ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0 persist.vendor.sys. u:object_r:vendor_persist_sys_default_prop:s0 - -# for audio -vendor.audio_hal.period_multiplier u:object_r:vendor_audio_prop:s0 -vendor.audiodump.enable u:object_r:vendor_audio_prop:s0 -persist.vendor.audio. u:object_r:vendor_audio_prop:s0 -vendor.audiodump.log.ondemand u:object_r:vendor_audio_prop:s0 -vendor.audiodump.log.config u:object_r:vendor_audio_prop:s0 -vendor.audiodump.output.dir u:object_r:vendor_audio_prop:s0 -vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0 -vendor.audiodump.log.cca.updated u:object_r:vendor_audio_prop:s0 -vendor.audiodump.cca.config u:object_r:vendor_audio_prop:s0 - - # for display ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0 @@ -84,9 +71,6 @@ vendor.battery.defender. u:object_r:vendor_battery_defend # test battery profile persist.vendor.testing_battery_profile u:object_r:vendor_battery_profile_prop:s0 -# AoC -vendor.aoc.firmware.version u:object_r:vendor_aoc_prop:s0 - # WiFi vendor.wlan.driver.version u:object_r:vendor_wifi_version:s0 vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s0 From 768196f828d63a613c94a15ead6597972ec1a4cb Mon Sep 17 00:00:00 2001 From: Sam Ou Date: Thu, 29 Sep 2022 06:59:27 +0000 Subject: [PATCH 045/116] sepolicy: fix odpm avc denials add wakeup permissions for odpm driver since we update acc_data based on alarmtimer Bug: 250813284 Change-Id: Id7f70d02475a03e53a206dde3b8efa584cacef85 Signed-off-by: Sam Ou --- whitechapel/vendor/google/genfs_contexts | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 5c7b98c9..38147d5f 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -555,6 +555,26 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/8-001f/s2mpg10-mete genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/8-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 + # bcl sysfs files genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0 genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_heavy_clk_ratio u:object_r:sysfs_bcl:s0 From 07a5f33a8dd3aaf013e0391dd0660343a3e609df Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 21 Oct 2022 12:19:44 +0800 Subject: [PATCH 046/116] move brcm gps solution to gs-common Bug: 254758553 Test: google map can locate on pixel Change-Id: Iaf954f3af043dc5080b0be473ed8b78b1c6d0e22 --- whitechapel/vendor/google/device.te | 3 ++- whitechapel/vendor/google/file.te | 2 -- whitechapel/vendor/google/file_contexts | 14 ----------- whitechapel/vendor/google/genfs_contexts | 4 ---- whitechapel/vendor/google/gpsd.te | 19 --------------- whitechapel/vendor/google/hal_gnss_default.te | 4 ---- whitechapel/vendor/google/lhd.te | 23 ------------------- whitechapel/vendor/google/scd.te | 17 -------------- 8 files changed, 2 insertions(+), 84 deletions(-) delete mode 100644 whitechapel/vendor/google/hal_gnss_default.te delete mode 100644 whitechapel/vendor/google/lhd.te delete mode 100644 whitechapel/vendor/google/scd.te diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te index c2701d05..17dede95 100644 --- a/whitechapel/vendor/google/device.te +++ b/whitechapel/vendor/google/device.te @@ -7,7 +7,6 @@ type sda_block_device, dev_type; type mfg_data_block_device, dev_type; # Exynos devices -type vendor_gnss_device, dev_type; type vendor_toe_device, dev_type; type custom_ab_block_device, dev_type; type devinfo_block_device, dev_type; @@ -43,3 +42,5 @@ type hidraw_device, dev_type; type st54spi_device, dev_type; type st33spi_device, dev_type; +# GPS +type vendor_gnss_device, dev_type; diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 3f3c8534..0eb457cb 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -124,8 +124,6 @@ type vendor_gps_file, file_type, data_file_type; userdebug_or_eng(` typeattribute vendor_gps_file mlstrustedobject; ') -type sysfs_gps, sysfs_type, fs_type; -type sysfs_gps_assert, sysfs_type, fs_type; # Backlight type sysfs_backlight, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 98c76319..79e381de 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -24,9 +24,6 @@ # HALs # /(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-2]-service-gs101 u:object_r:hal_bootctl_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.1-service-brcm u:object_r:hal_gnss_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@2\.0-service-brcm u:object_r:hal_gnss_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service-brcm u:object_r:hal_gnss_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate-service\.gs101 u:object_r:hal_dumpstate_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.gs101 u:object_r:hal_power_stats_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 @@ -83,9 +80,7 @@ # Exynos Devices # /dev/gnss_ipc u:object_r:vendor_gnss_device:s0 -/dev/bbd_control u:object_r:vendor_gnss_device:s0 /dev/bbd_pwrstat u:object_r:power_stats_device:s0 -/dev/ttyBCM u:object_r:vendor_gnss_device:s0 /dev/radio0 u:object_r:radio_device:s0 /dev/dri/card0 u:object_r:graphics_device:s0 /dev/fimg2d u:object_r:graphics_device:s0 @@ -134,20 +129,11 @@ # Exynos Daemon Exec # /(vendor|system/vendor)/bin/cbd u:object_r:cbd_exec:s0 -/(vendor|system/vendor)/bin/hw/scd u:object_r:scd_exec:s0 -/(vendor|system/vendor)/bin/hw/gpsd u:object_r:gpsd_exec:s0 -/(vendor|system/vendor)/bin/hw/lhd u:object_r:lhd_exec:s0 /(vendor|system/vendor)/bin/hw/rild_exynos u:object_r:rild_exec:s0 /(vendor|system/vendor)/bin/rfsd u:object_r:rfsd_exec:s0 /(vendor|system/vendor)/bin/sced u:object_r:sced_exec:s0 /(vendor|system/vendor)/bin/bipchmgr u:object_r:bipchmgr_exec:s0 -# -# Exynos Data Files -# -# gnss/gps data/log files -/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0 - # # Exynos Log Files # diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 5c7b98c9..cc39236d 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -365,10 +365,6 @@ genfscon proc /nvt_selftest genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 -# GPS -genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0 -genfscon sysfs /devices/virtual/pps/pps0/assert_elapsed u:object_r:sysfs_gps_assert:s0 - # Display genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 diff --git a/whitechapel/vendor/google/gpsd.te b/whitechapel/vendor/google/gpsd.te index 791a02e4..79055ecc 100644 --- a/whitechapel/vendor/google/gpsd.te +++ b/whitechapel/vendor/google/gpsd.te @@ -1,28 +1,9 @@ type gpsd, domain; type gpsd_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(gpsd) - # Allow gpsd access PixelLogger unix socket in debug build only userdebug_or_eng(` typeattribute gpsd mlstrustedsubject; allow gpsd logger_app:unix_stream_socket connectto; ') -# Allow gpsd to obtain wakelock -wakelock_use(gpsd) -# Allow gpsd access data vendor gps files -allow gpsd vendor_gps_file:dir create_dir_perms; -allow gpsd vendor_gps_file:file create_file_perms; -allow gpsd vendor_gps_file:fifo_file create_file_perms; - -# Allow gpsd to access rild -binder_call(gpsd, rild); -allow gpsd hal_exynos_rild_hwservice:hwservice_manager find; - -# Allow gpsd to access sensor service -binder_call(gpsd, system_server); -allow gpsd fwk_sensor_hwservice:hwservice_manager find; - -# Allow gpsd to access pps gpio -allow gpsd sysfs_gps_assert:file r_file_perms; diff --git a/whitechapel/vendor/google/hal_gnss_default.te b/whitechapel/vendor/google/hal_gnss_default.te deleted file mode 100644 index e3004237..00000000 --- a/whitechapel/vendor/google/hal_gnss_default.te +++ /dev/null @@ -1,4 +0,0 @@ -# Allow hal_gnss_default access data vendor gps files -allow hal_gnss_default vendor_gps_file:dir create_dir_perms; -allow hal_gnss_default vendor_gps_file:file create_file_perms; -allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms; diff --git a/whitechapel/vendor/google/lhd.te b/whitechapel/vendor/google/lhd.te deleted file mode 100644 index e980897c..00000000 --- a/whitechapel/vendor/google/lhd.te +++ /dev/null @@ -1,23 +0,0 @@ -type lhd, domain; -type lhd_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(lhd) - -# Allow lhd access PixelLogger unix socket in debug build only -userdebug_or_eng(` - typeattribute lhd mlstrustedsubject; - allow lhd logger_app:unix_stream_socket connectto; -') - -# Allow lhd access data vendor gps files -allow lhd vendor_gps_file:dir create_dir_perms; -allow lhd vendor_gps_file:file create_file_perms; -allow lhd vendor_gps_file:fifo_file create_file_perms; - -# Allow lhd to obtain wakelock -wakelock_use(lhd) - -# Allow lhd access /dev/bbd_control file -allow lhd vendor_gnss_device:chr_file rw_file_perms; - -# Allow lhd access nstandby gpio -allow lhd sysfs_gps:file rw_file_perms; diff --git a/whitechapel/vendor/google/scd.te b/whitechapel/vendor/google/scd.te deleted file mode 100644 index 28aaee0a..00000000 --- a/whitechapel/vendor/google/scd.te +++ /dev/null @@ -1,17 +0,0 @@ -type scd, domain; -type scd_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(scd) - -# Allow scd access PixelLogger unix socket in debug build only -userdebug_or_eng(` - typeattribute scd mlstrustedsubject; - allow scd logger_app:unix_stream_socket connectto; -') - -# Allow a base set of permissions required for network access. -net_domain(scd); - -# Allow scd access data vendor gps files -allow scd vendor_gps_file:dir create_dir_perms; -allow scd vendor_gps_file:file create_file_perms; -allow scd vendor_gps_file:fifo_file create_file_perms; From b00f9adf6157ff13dcb955b5e7827d48644e7121 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 8 Nov 2022 10:05:37 +0800 Subject: [PATCH 047/116] remove raven touch dump Bug: 256521567 Test: adb bugreport Change-Id: Idfa891c545994f457004b99be1ddda14f971142f --- whitechapel/vendor/google/genfs_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 12571aa4..0b0dabf3 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -348,7 +348,6 @@ genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0 genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0 genfscon proc /fts/driver_test u:object_r:proc_touch:s0 genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0 -genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0 genfscon sysfs /devices/virtual/input/input2 u:object_r:sysfs_touch:s0 genfscon sysfs /devices/virtual/input/input3 u:object_r:sysfs_touch:s0 genfscon sysfs /devices/virtual/input/nvt_touch u:object_r:sysfs_touch:s0 From 84b32a700f578e8a59def6b24745070e261bdde4 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 8 Nov 2022 13:15:28 +0800 Subject: [PATCH 048/116] move edgetpu to gs-common Bug: 258114806 Test: build pass Change-Id: Ie576f6511dc60db59bc44567ff0a929506224203 --- edgetpu/device.te | 2 - edgetpu/edgetpu_app_service.te | 38 ------------- edgetpu/edgetpu_logging.te | 15 ------ edgetpu/edgetpu_vendor_service.te | 31 ----------- edgetpu/file.te | 9 ---- edgetpu/file_contexts | 30 ----------- edgetpu/genfs_contexts | 4 -- edgetpu/hal_neuralnetworks_darwinn.te | 53 ------------------- edgetpu/priv_app.te | 15 ------ edgetpu/property.te | 4 -- edgetpu/property_contexts | 3 -- edgetpu/service.te | 6 --- edgetpu/service_contexts | 9 ---- edgetpu/untrusted_app_all.te | 7 --- edgetpu/vendor_init.te | 1 - .../vendor/google}/edgetpu_dba_service.te | 0 whitechapel/vendor/google/file_contexts | 7 +++ whitechapel/vendor/google/genfs_contexts | 4 ++ whitechapel/vendor/google/priv_app.te | 5 ++ whitechapel/vendor/google/service.te | 1 + whitechapel/vendor/google/service_contexts | 3 ++ 21 files changed, 20 insertions(+), 227 deletions(-) delete mode 100644 edgetpu/device.te delete mode 100644 edgetpu/edgetpu_app_service.te delete mode 100644 edgetpu/edgetpu_logging.te delete mode 100644 edgetpu/edgetpu_vendor_service.te delete mode 100644 edgetpu/file.te delete mode 100644 edgetpu/file_contexts delete mode 100644 edgetpu/genfs_contexts delete mode 100644 edgetpu/hal_neuralnetworks_darwinn.te delete mode 100644 edgetpu/priv_app.te delete mode 100644 edgetpu/property.te delete mode 100644 edgetpu/property_contexts delete mode 100644 edgetpu/service.te delete mode 100644 edgetpu/service_contexts delete mode 100644 edgetpu/untrusted_app_all.te delete mode 100644 edgetpu/vendor_init.te rename {edgetpu => whitechapel/vendor/google}/edgetpu_dba_service.te (100%) create mode 100644 whitechapel/vendor/google/priv_app.te diff --git a/edgetpu/device.te b/edgetpu/device.te deleted file mode 100644 index 9296ba50..00000000 --- a/edgetpu/device.te +++ /dev/null @@ -1,2 +0,0 @@ -# EdgeTPU device (DarwiNN) -type edgetpu_device, dev_type, mlstrustedobject; diff --git a/edgetpu/edgetpu_app_service.te b/edgetpu/edgetpu_app_service.te deleted file mode 100644 index 58ce2464..00000000 --- a/edgetpu/edgetpu_app_service.te +++ /dev/null @@ -1,38 +0,0 @@ -# EdgeTPU app server process which runs the EdgeTPU binder service. -type edgetpu_app_server, coredomain, domain; -type edgetpu_app_server_exec, exec_type, system_file_type, file_type; -init_daemon_domain(edgetpu_app_server) - -# The server will use binder calls. -binder_use(edgetpu_app_server); - -# The server will serve a binder service. -binder_service(edgetpu_app_server); - -# EdgeTPU server to register the service to service_manager. -add_service(edgetpu_app_server, edgetpu_app_service); - -# EdgeTPU service needs to access /dev/abrolhos. -allow edgetpu_app_server edgetpu_device:chr_file rw_file_perms; -allow edgetpu_app_server sysfs_edgetpu:dir r_dir_perms; -allow edgetpu_app_server sysfs_edgetpu:file rw_file_perms; - -# Applications are not allowed to open the EdgeTPU device directly. -neverallow appdomain edgetpu_device:chr_file { open }; - -# Allow EdgeTPU service to access the Package Manager service. -allow edgetpu_app_server package_native_service:service_manager find; -binder_call(edgetpu_app_server, system_server); - -# Allow EdgeTPU service to read EdgeTPU service related system properties. -get_prop(edgetpu_app_server, vendor_edgetpu_service_prop); - -# Allow EdgeTPU service to generate Perfetto traces. -perfetto_producer(edgetpu_app_server); - -# Allow EdgeTPU service to connect to the EdgeTPU vendor version of the service. -allow edgetpu_app_server edgetpu_vendor_service:service_manager find; -binder_call(edgetpu_app_server, edgetpu_vendor_server); - -# Allow EdgeTPU service to log to stats service. (metrics) -allow edgetpu_app_server fwk_stats_service:service_manager find; diff --git a/edgetpu/edgetpu_logging.te b/edgetpu/edgetpu_logging.te deleted file mode 100644 index 8c2f0dc7..00000000 --- a/edgetpu/edgetpu_logging.te +++ /dev/null @@ -1,15 +0,0 @@ -type edgetpu_logging, domain; -type edgetpu_logging_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(edgetpu_logging) - -# The logging service accesses /dev/abrolhos -allow edgetpu_logging edgetpu_device:chr_file rw_file_perms; - -# Allows the logging service to access /sys/class/edgetpu -allow edgetpu_logging sysfs_edgetpu:dir search; -allow edgetpu_logging sysfs_edgetpu:file rw_file_perms; - -# Allow TPU logging service to log to stats service. (metrics) -allow edgetpu_logging fwk_stats_service:service_manager find; -binder_call(edgetpu_logging, system_server); -binder_use(edgetpu_logging) diff --git a/edgetpu/edgetpu_vendor_service.te b/edgetpu/edgetpu_vendor_service.te deleted file mode 100644 index 10605107..00000000 --- a/edgetpu/edgetpu_vendor_service.te +++ /dev/null @@ -1,31 +0,0 @@ -# EdgeTPU vendor service. -type edgetpu_vendor_server, domain; -type edgetpu_vendor_server_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(edgetpu_vendor_server) - -# The vendor service will use binder calls. -binder_use(edgetpu_vendor_server); - -# The vendor service will serve a binder service. -binder_service(edgetpu_vendor_server); - -# EdgeTPU vendor service to register the service to service_manager. -add_service(edgetpu_vendor_server, edgetpu_vendor_service); - -# Allow communications between other vendor services. -allow edgetpu_vendor_server vndbinder_device:chr_file { read write open ioctl map }; - -# Allow EdgeTPU vendor service to access its data files. -allow edgetpu_vendor_server edgetpu_vendor_service_data_file:file create_file_perms; -allow edgetpu_vendor_server edgetpu_vendor_service_data_file:dir create_dir_perms; - -# Allow EdgeTPU vendor service to access Android shared memory allocated -# by the camera hal for on-device compilation. -allow edgetpu_vendor_server hal_camera_default:fd use; - -# Allow EdgeTPU vendor service to read the kernel version. -# This is done inside the InitGoogle. -allow edgetpu_vendor_server proc_version:file r_file_perms; - -# Allow EdgeTPU vendor service to read the overcommit_memory info. -allow edgetpu_vendor_server proc_overcommit_memory:file r_file_perms; diff --git a/edgetpu/file.te b/edgetpu/file.te deleted file mode 100644 index 2482dbf3..00000000 --- a/edgetpu/file.te +++ /dev/null @@ -1,9 +0,0 @@ -# EdgeTPU sysfs -type sysfs_edgetpu, sysfs_type, fs_type; - -# EdgeTPU hal data file -type hal_neuralnetworks_darwinn_data_file, file_type, data_file_type; - -# EdgeTPU vendor service data file -type edgetpu_vendor_service_data_file, file_type, data_file_type; - diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts deleted file mode 100644 index 62002307..00000000 --- a/edgetpu/file_contexts +++ /dev/null @@ -1,30 +0,0 @@ -# EdgeTPU logging service -/vendor/bin/hw/android\.hardware\.edgetpu\.logging@service-edgetpu-logging u:object_r:edgetpu_logging_exec:s0 - -# EdgeTPU device (DarwiNN) -/dev/abrolhos u:object_r:edgetpu_device:s0 - -# EdgeTPU service binaries and libraries -/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0 -/vendor/lib64/com\.google\.edgetpu_app_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0 - -# EdgeTPU vendor service -/vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service u:object_r:edgetpu_vendor_server_exec:s0 -/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0 - -# EdgeTPU runtime libraries -/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0 - -# EdgeTPU data files -/data/vendor/edgetpu(/.*)? u:object_r:edgetpu_vendor_service_data_file:s0 -/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0 - -# NeuralNetworks file contexts -/vendor/bin/hw/android\.hardware\.neuralnetworks@service-darwinn-aidl u:object_r:hal_neuralnetworks_darwinn_exec:s0 - -# EdgeTPU metrics logging service. -/vendor/lib64/libmetrics_logger\.so u:object_r:same_process_hal_file:s0 - -# EdgeTPU DBA service -/vendor/bin/hw/com\.google\.edgetpu.dba-service u:object_r:edgetpu_dba_server_exec:s0 diff --git a/edgetpu/genfs_contexts b/edgetpu/genfs_contexts deleted file mode 100644 index 345d2990..00000000 --- a/edgetpu/genfs_contexts +++ /dev/null @@ -1,4 +0,0 @@ -# EdgeTPU -genfscon sysfs /devices/platform/1ce00000.abrolhos u:object_r:sysfs_edgetpu:s0 -genfscon sysfs /devices/platform/abrolhos u:object_r:sysfs_edgetpu:s0 - diff --git a/edgetpu/hal_neuralnetworks_darwinn.te b/edgetpu/hal_neuralnetworks_darwinn.te deleted file mode 100644 index f301a729..00000000 --- a/edgetpu/hal_neuralnetworks_darwinn.te +++ /dev/null @@ -1,53 +0,0 @@ -type hal_neuralnetworks_darwinn, domain; -hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks) - -type hal_neuralnetworks_darwinn_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_neuralnetworks_darwinn) - -# The TPU HAL looks for TPU instance in /dev/abrolhos -allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms; - -# Allow DawriNN service to use a client-provided fd residing in /vendor/etc/. -allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms; - -# Allow DarwiNN service to access data files. -allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms; -allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms; - -# Allow DarwiNN service to access unix sockets for IPC. -allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create unlink rw_file_perms }; - -# Register to hwbinder service. -# add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te -hwbinder_use(hal_neuralnetworks_darwinn) -get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop) - -# Allow TPU HAL to read the kernel version. -# This is done inside the InitGoogle. -allow hal_neuralnetworks_darwinn proc_version:file r_file_perms; - -# Allow TPU NNAPI HAL to log to stats service. (metrics) -allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find; -binder_call(hal_neuralnetworks_darwinn, system_server); -binder_use(hal_neuralnetworks_darwinn) - -# Allow TPU NNAPI HAL to request power hints from the Power Service -hal_client_domain(hal_neuralnetworks_darwinn, hal_power) - -# TPU NNAPI to register the service to service_manager. -add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service); - -# Allow TPU NNAPI HAL to read the overcommit_memory info. -allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms; - -# Allows the logging service to access /sys/class/edgetpu -allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms; -allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms; - -# Allows the NNAPI HAL to access the edgetpu_app_service -allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find; -binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server); - -# Allow NNAPI HAL to send trace packets to Perfetto with SELinux enabled -# under userdebug builds. -userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)') diff --git a/edgetpu/priv_app.te b/edgetpu/priv_app.te deleted file mode 100644 index 63f76b8a..00000000 --- a/edgetpu/priv_app.te +++ /dev/null @@ -1,15 +0,0 @@ -# Allows privileged applications to discover the EdgeTPU service. -allow priv_app edgetpu_app_service:service_manager find; - -# Allows privileged applications to discover the NNAPI TPU service. -allow priv_app edgetpu_nnapi_service:service_manager find; - -# Allows privileged applications to access the EdgeTPU device, except open, -# which is guarded by the EdgeTPU service. -allow priv_app edgetpu_device:chr_file { getattr read write ioctl map }; - -# Allows privileged applications to access the PowerHAL. -hal_client_domain(priv_app, hal_power) - -# Allows privileged applications to discover the EdgeTPU DBA service. -allow priv_app edgetpu_dba_service:service_manager find; diff --git a/edgetpu/property.te b/edgetpu/property.te deleted file mode 100644 index ed93d448..00000000 --- a/edgetpu/property.te +++ /dev/null @@ -1,4 +0,0 @@ -# EdgeTPU service requires system public properties -# since it lives under /system_ext/. -system_public_prop(vendor_edgetpu_service_prop) - diff --git a/edgetpu/property_contexts b/edgetpu/property_contexts deleted file mode 100644 index 130cfefe..00000000 --- a/edgetpu/property_contexts +++ /dev/null @@ -1,3 +0,0 @@ -# for EdgeTPU -vendor.edgetpu.service. u:object_r:vendor_edgetpu_service_prop:s0 - diff --git a/edgetpu/service.te b/edgetpu/service.te deleted file mode 100644 index 08658685..00000000 --- a/edgetpu/service.te +++ /dev/null @@ -1,6 +0,0 @@ -# EdgeTPU binder service type declaration. -type edgetpu_app_service, service_manager_type; - -type edgetpu_vendor_service, service_manager_type, hal_service_type; -type edgetpu_nnapi_service, app_api_service, service_manager_type; -type edgetpu_dba_service, app_api_service, service_manager_type; diff --git a/edgetpu/service_contexts b/edgetpu/service_contexts deleted file mode 100644 index 23a0fab8..00000000 --- a/edgetpu/service_contexts +++ /dev/null @@ -1,9 +0,0 @@ -# EdgeTPU service -com.google.edgetpu.IEdgeTpuAppService/default u:object_r:edgetpu_app_service:s0 -com.google.edgetpu.IEdgeTpuVendorService/default u:object_r:edgetpu_vendor_service:s0 - -# TPU NNAPI Service -android.hardware.neuralnetworks.IDevice/google-edgetpu u:object_r:edgetpu_nnapi_service:s0 - -# EdgeTPU DBA Service -com.google.edgetpu.dba.IDevice/default u:object_r:edgetpu_dba_service:s0 diff --git a/edgetpu/untrusted_app_all.te b/edgetpu/untrusted_app_all.te deleted file mode 100644 index 9abec616..00000000 --- a/edgetpu/untrusted_app_all.te +++ /dev/null @@ -1,7 +0,0 @@ -# Allows applications to discover the EdgeTPU service. -allow untrusted_app_all edgetpu_app_service:service_manager find; - -# Allows applications to access the EdgeTPU device, except open, which is guarded -# by the EdgeTPU service. -allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map }; - diff --git a/edgetpu/vendor_init.te b/edgetpu/vendor_init.te deleted file mode 100644 index aec79583..00000000 --- a/edgetpu/vendor_init.te +++ /dev/null @@ -1 +0,0 @@ -set_prop(vendor_init, vendor_edgetpu_service_prop) diff --git a/edgetpu/edgetpu_dba_service.te b/whitechapel/vendor/google/edgetpu_dba_service.te similarity index 100% rename from edgetpu/edgetpu_dba_service.te rename to whitechapel/vendor/google/edgetpu_dba_service.te diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 5a9738a0..ca85bf7f 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -27,6 +27,10 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate-service\.gs101 u:object_r:hal_dumpstate_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.gs101 u:object_r:hal_power_stats_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 + +# EdgeTPU DBA service +/vendor/bin/hw/com\.google\.edgetpu.dba-service u:object_r:edgetpu_dba_server_exec:s0 + # Wireless charger HAL /(vendor|system/vendor)/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0 @@ -113,6 +117,9 @@ /dev/umts_dm0 u:object_r:radio_device:s0 /dev/umts_router u:object_r:radio_device:s0 +# EdgeTPU device (DarwiNN) +/dev/abrolhos u:object_r:edgetpu_device:s0 + # OEM IPC device /dev/oem_ipc[0-7] u:object_r:radio_device:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 12571aa4..ad4b887b 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -17,6 +17,10 @@ genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:ob genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 +# EdgeTPU +genfscon sysfs /devices/platform/1ce00000.abrolhos u:object_r:sysfs_edgetpu:s0 +genfscon sysfs /devices/platform/abrolhos u:object_r:sysfs_edgetpu:s0 + # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 # Battery diff --git a/whitechapel/vendor/google/priv_app.te b/whitechapel/vendor/google/priv_app.te new file mode 100644 index 00000000..9d2aa14d --- /dev/null +++ b/whitechapel/vendor/google/priv_app.te @@ -0,0 +1,5 @@ +# Allows privileged applications to access the PowerHAL. +hal_client_domain(priv_app, hal_power) + +# Allows privileged applications to discover the EdgeTPU DBA service. +allow priv_app edgetpu_dba_service:service_manager find; diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te index b87c99e1..7d105d49 100644 --- a/whitechapel/vendor/google/service.te +++ b/whitechapel/vendor/google/service.te @@ -1,2 +1,3 @@ type hal_pixel_display_service, service_manager_type, hal_service_type; type hal_uwb_vendor_service, service_manager_type, hal_service_type; +type edgetpu_dba_service, app_api_service, service_manager_type; diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts index 25108867..d00c633e 100644 --- a/whitechapel/vendor/google/service_contexts +++ b/whitechapel/vendor/google/service_contexts @@ -1,3 +1,6 @@ com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0 + +# EdgeTPU DBA Service +com.google.edgetpu.dba.IDevice/default u:object_r:edgetpu_dba_service:s0 From d140706db9bc8c39b9e560741db28b9e7cbab068 Mon Sep 17 00:00:00 2001 From: Rick Chen Date: Tue, 8 Nov 2022 22:41:26 +0800 Subject: [PATCH 049/116] Allow CHRE to use EPOLLWAKEUP avc: denied { block_suspend } for comm="UsfTransport" capability=36 scontext=u:r:chre:s0 tcontext=u:r:chre:s0 tclass=capability2 permissive=0 Bug: 238666865 Test: Check no chre avc denied. Change-Id: Ifd2c37c58c548aec46a2c46891a1fc4d1f83f9be Signed-off-by: Rick Chen --- whitechapel/vendor/google/chre.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/whitechapel/vendor/google/chre.te b/whitechapel/vendor/google/chre.te index 7cedce68..2531af89 100644 --- a/whitechapel/vendor/google/chre.te +++ b/whitechapel/vendor/google/chre.te @@ -27,3 +27,5 @@ binder_call(chre, stats_service_server) # Allow CHRE to use WakeLock wakelock_use(chre) +# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP. +allow chre self:global_capability2_class_set block_suspend; From ea632b0eb11dfeb13d391012dccbb286109cf9f0 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 10 Nov 2022 15:02:08 +0800 Subject: [PATCH 050/116] move sensors dump to gs-common Bug: 250475720 Test: adb bugreport Change-Id: I1cadc20635358c72c9571a2abaa7055efcc50adc --- whitechapel/vendor/google/file.te | 2 -- whitechapel/vendor/google/file_contexts | 2 -- whitechapel/vendor/google/hal_dumpstate_default.te | 8 -------- 3 files changed, 12 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 0eb457cb..0aa0ec1b 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -47,8 +47,6 @@ type vendor_fw_file, vendor_file_type, file_type; type sysfs_acpm_stats, sysfs_type, fs_type; # Vendor tools -type vendor_usf_stats, vendor_file_type, file_type; -type vendor_usf_reg_edit, vendor_file_type, file_type; type vendor_dumpsys, vendor_file_type, file_type; # Sensors diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index ca85bf7f..eb6ac79e 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -16,8 +16,6 @@ /(vendor|system/vendor)/lib(64)?/libdmabufheap\.so u:object_r:same_process_hal_file:s0 /(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 -/vendor/bin/usf_stats u:object_r:vendor_usf_stats:s0 -/vendor/bin/usf_reg_edit u:object_r:vendor_usf_reg_edit:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 # diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index b1f59800..0c461592 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -33,13 +33,7 @@ get_prop(hal_dumpstate_default, vendor_camera_debug_prop); allow hal_dumpstate_default vendor_log_file:dir search; -allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans; -allow hal_dumpstate_default vendor_usf_reg_edit:file execute_no_trans; allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans; -userdebug_or_eng(` - allow hal_dumpstate_default sensor_debug_data_file:dir r_dir_perms; - allow hal_dumpstate_default sensor_debug_data_file:file r_file_perms; -') allow hal_dumpstate_default sysfs_acpm_stats:dir r_dir_perms; allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms; @@ -47,9 +41,7 @@ allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms; allow hal_dumpstate_default sysfs_spi:dir search; allow hal_dumpstate_default sysfs_spi:file rw_file_perms; -allow hal_dumpstate_default device:dir r_dir_perms; allow hal_dumpstate_default logbuffer_device:chr_file r_file_perms; -allow hal_dumpstate_default aoc_device:chr_file rw_file_perms; allow hal_dumpstate_default sysfs_wifi:dir search; allow hal_dumpstate_default sysfs_wifi:file r_file_perms; From 36dc4e181da6e9d3493a68b5076d6b8a05fa8828 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 15 Nov 2022 14:02:15 +0800 Subject: [PATCH 051/116] move thermal dump to gs-common Bug: 257880034 Test: adb bugreport Change-Id: Ib3efb17fcc3f69fac565599cffb06eff83e7cc8e --- whitechapel/vendor/google/file_contexts | 5 ----- whitechapel/vendor/google/genfs_contexts | 3 --- whitechapel/vendor/google/hal_dumpstate_default.te | 4 ---- 3 files changed, 12 deletions(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index eb6ac79e..78b5983f 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -230,11 +230,6 @@ /vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0 /data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0 -# thermal sysfs files -/sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0 -/sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_thermal:s0 - - # IMS VoWiFi /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/vendor/VoWiFi(/.*)? u:object_r:vendor_ims_data_file:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index ad4b887b..210a4d6a 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -709,9 +709,6 @@ genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_ genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 -# thermal sysfs files -genfscon sysfs /module/gs101_thermal/parameters u:object_r:sysfs_thermal:s0 - # USB-C throttling stats genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0 genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 0c461592..d3cbd6d6 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -51,10 +51,6 @@ allow hal_dumpstate_default sysfs_touch:dir r_dir_perms; allow hal_dumpstate_default sysfs_touch:file rw_file_perms; allow hal_dumpstate_default proc_touch:file rw_file_perms; -allow hal_dumpstate_default sysfs_thermal:dir r_dir_perms; -allow hal_dumpstate_default sysfs_thermal:file r_file_perms; -allow hal_dumpstate_default sysfs_thermal:lnk_file read; - # Modem logs allow hal_dumpstate_default modem_efs_file:dir search; allow hal_dumpstate_default modem_efs_file:file r_file_perms; From 7aeb6fe8e79e7f3a8a3e65eab86b8fab46816c8f Mon Sep 17 00:00:00 2001 From: Stephen Crane Date: Tue, 22 Nov 2022 22:30:24 +0000 Subject: [PATCH 052/116] Allow Trusty storageproxy property Allows the Trusty storageproxyd to set ro.vendor.trusty.storage.fs_ready when the data filesystems are ready for use, and allows vendor init to query and wait on this property. Test: m raven-userdebug, flash, test app loading Bug: 258018785 Change-Id: If995d35be490fbca6c99ef9f73f2842f5c488bd4 --- whitechapel/vendor/google/property.te | 3 +++ whitechapel/vendor/google/property_contexts | 3 +++ whitechapel/vendor/google/storageproxyd.te | 2 ++ whitechapel/vendor/google/vendor_init.te | 3 +++ 4 files changed, 11 insertions(+) diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 02c40756..b792d530 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -50,3 +50,6 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # UWB calibration system_vendor_config_prop(vendor_uwb_calibration_prop) + +# Trusty storage FS ready +vendor_internal_prop(vendor_trusty_storage_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 38abacb3..b663df4b 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -95,3 +95,6 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor # uwb ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string + +# Trusty +ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 diff --git a/whitechapel/vendor/google/storageproxyd.te b/whitechapel/vendor/google/storageproxyd.te index 9b0289cc..e803c0c6 100644 --- a/whitechapel/vendor/google/storageproxyd.te +++ b/whitechapel/vendor/google/storageproxyd.te @@ -18,3 +18,5 @@ read_fstab(tee) # storageproxyd starts before /data is mounted. It handles /data not being there # gracefully. However, attempts to access /data trigger a denial. dontaudit tee unlabeled:dir { search }; + +set_prop(tee, vendor_trusty_storage_prop) diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index 9686bccb..8ebe5e52 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -38,3 +38,6 @@ set_prop(vendor_init, vendor_fingerprint_prop) # Display set_prop(vendor_init, vendor_display_prop) + +# Trusty storage FS ready +get_prop(vendor_init, vendor_trusty_storage_prop) From 702b5768e6447800dbc8b7518ddb8bc65fb39d6d Mon Sep 17 00:00:00 2001 From: Ziyi Cui Date: Thu, 17 Nov 2022 19:14:01 +0000 Subject: [PATCH 053/116] gs101-sepolicy: pixelstats: enable pixelstats access to temp-residency-metrics enable pixelstats access to sysfs path Bug: 246799997 Test: Verified the existence of atom and correctness of atom stats Change-Id: If329f2a65ed4cf347bd57150c637d38312f3dcb1 Signed-off-by: Ziyi Cui --- whitechapel/vendor/google/pixelstats_vendor.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te index f0cca685..ccc572d2 100644 --- a/whitechapel/vendor/google/pixelstats_vendor.te +++ b/whitechapel/vendor/google/pixelstats_vendor.te @@ -23,6 +23,10 @@ allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find; # Batery history allow pixelstats_vendor battery_history_device:chr_file r_file_perms; +#vendor-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) +allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; + # BCL allow pixelstats_vendor sysfs_bcl:dir search; allow pixelstats_vendor sysfs_bcl:file r_file_perms; From 3ed3d201333e686078b2c2f8dcd87ee41bf220d0 Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Wed, 23 Nov 2022 07:01:46 +0000 Subject: [PATCH 054/116] gps: nstandby path depend on platform Bug: 259353063 Test: no avc denied about nstandby Change-Id: Ia90cf2d66e4f6071f38db815d4458889b278f025 --- whitechapel/vendor/google/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 2e1084dc..26151e91 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -368,6 +368,9 @@ genfscon proc /nvt_selftest genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 +# GPS +genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0 + # Display genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 From 35492ad70f7d446954ec4c5d30215e9150d18edf Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 28 Nov 2022 14:08:51 +0800 Subject: [PATCH 055/116] use touch dump from gs-common Bug: 256521567 Test: adb bugreport Change-Id: I02a5831e6282eb431f2cbf89941ef188e801bd09 --- whitechapel/vendor/google/file.te | 4 ---- whitechapel/vendor/google/genfs_contexts | 17 ----------------- .../vendor/google/hal_dumpstate_default.te | 6 ------ 3 files changed, 27 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 0aa0ec1b..d76960c8 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -84,10 +84,6 @@ type bootdevice_sysdev, dev_type; # ZRam type per_boot_file, file_type, data_file_type, core_data_file_type; -# Touch -type proc_touch, proc_type, fs_type, mlstrustedobject; -type sysfs_touch, sysfs_type, fs_type; - # RILD type rild_vendor_data_file, file_type, data_file_type; diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 26151e91..72ba7811 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -347,23 +347,6 @@ genfscon sysfs /devices/platform/gpio_keys/wakeup genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 -# Touch -genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0 u:object_r:sysfs_touch:s0 -genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0 -genfscon proc /fts/driver_test u:object_r:proc_touch:s0 -genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0 -genfscon sysfs /devices/virtual/input/input2 u:object_r:sysfs_touch:s0 -genfscon sysfs /devices/virtual/input/input3 u:object_r:sysfs_touch:s0 -genfscon sysfs /devices/virtual/input/nvt_touch u:object_r:sysfs_touch:s0 -genfscon proc /nvt_baseline u:object_r:proc_touch:s0 -genfscon proc /nvt_cc_uniformity u:object_r:proc_touch:s0 -genfscon proc /nvt_diff u:object_r:proc_touch:s0 -genfscon proc /nvt_fw_version u:object_r:proc_touch:s0 -genfscon proc /nvt_heatmap u:object_r:proc_touch:s0 -genfscon proc /nvt_pen_diff u:object_r:proc_touch:s0 -genfscon proc /nvt_raw u:object_r:proc_touch:s0 -genfscon proc /nvt_selftest u:object_r:proc_touch:s0 - # Input genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index d3cbd6d6..10f9b38a 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -46,11 +46,6 @@ allow hal_dumpstate_default logbuffer_device:chr_file r_file_perms; allow hal_dumpstate_default sysfs_wifi:dir search; allow hal_dumpstate_default sysfs_wifi:file r_file_perms; -# Touch sysfs interface -allow hal_dumpstate_default sysfs_touch:dir r_dir_perms; -allow hal_dumpstate_default sysfs_touch:file rw_file_perms; -allow hal_dumpstate_default proc_touch:file rw_file_perms; - # Modem logs allow hal_dumpstate_default modem_efs_file:dir search; allow hal_dumpstate_default modem_efs_file:file r_file_perms; @@ -60,7 +55,6 @@ allow hal_dumpstate_default block_device:dir r_dir_perms; allow hal_dumpstate_default proc_f2fs:dir r_dir_perms; allow hal_dumpstate_default proc_f2fs:file r_file_perms; -allow hal_dumpstate_default proc_touch:file rw_file_perms; allow hal_dumpstate_default sysfs_batteryinfo:dir search; allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms; From dc7ea2f09b1fc164d2b5201fa134e99dc2fac651 Mon Sep 17 00:00:00 2001 From: Nicolas Geoffray Date: Mon, 28 Nov 2022 09:31:01 +0000 Subject: [PATCH 056/116] Allow ssr_detector_app writes to system_app_data_file. Bug: 260557058 Change-Id: I65697c3afb9cfd11d5235d15aa20633f1a96fdbb --- whitechapel/vendor/google/ssr_detector.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/ssr_detector.te b/whitechapel/vendor/google/ssr_detector.te index 934028e1..e638566d 100644 --- a/whitechapel/vendor/google/ssr_detector.te +++ b/whitechapel/vendor/google/ssr_detector.te @@ -4,7 +4,8 @@ app_domain(ssr_detector_app) allow ssr_detector_app app_api_service:service_manager find; allow ssr_detector_app radio_service:service_manager find; -allow ssr_detector_app system_app_data_file:dir r_dir_perms; +allow ssr_detector_app system_app_data_file:dir rw_dir_perms; +allow ssr_detector_app system_app_data_file:file rw_file_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; From 5a7fd4f558e868a4215646e06eb72921bf039617 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 5 Dec 2022 11:11:25 +0800 Subject: [PATCH 057/116] remove sysfs_touch setting spi6.0 was other devices' touch setting Bug: 256521567 Test: build pass Change-Id: I96120b4e4930b16dcf5cbc9eba68c6a150ff0306 --- whitechapel/vendor/google/euiccpixel_app.te | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel/vendor/google/euiccpixel_app.te b/whitechapel/vendor/google/euiccpixel_app.te index 8763117f..c276cb9b 100644 --- a/whitechapel/vendor/google/euiccpixel_app.te +++ b/whitechapel/vendor/google/euiccpixel_app.te @@ -24,6 +24,5 @@ userdebug_or_eng(` allow euiccpixel_app sysfs_st33spi:dir search; allow euiccpixel_app sysfs_st33spi:file rw_file_perms; - allow euiccpixel_app sysfs_touch:dir search; ') From 807f7b2efab6c29ba23f6ba01577fd3a4da21380 Mon Sep 17 00:00:00 2001 From: Taylor Nelms Date: Mon, 5 Dec 2022 16:32:21 +0000 Subject: [PATCH 058/116] Modify permissions to allow dumpstate process to access decon_counters node Bug: 240346564 Test: Build for Oriole device with "user" build, check bugreport for decon_counters content Change-Id: I71883632857e76cfead39b16560b3695e13a6746 Signed-off-by: Taylor Nelms --- whitechapel/vendor/google/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 72ba7811..92087feb 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -369,6 +369,9 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_need_ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c300000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c301000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c302000.drmdecon/counters u:object_r:sysfs_display:s0 # Modem genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 From 33f94a542800f590ee73ba7247dea8ac8ed8afec Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Fri, 16 Dec 2022 05:50:44 +0000 Subject: [PATCH 059/116] WLC: Add gs101 specific sepolicy for wireless_charger Bug: 237600973 Change-Id: If25a921ba9f0261c7f71cb88425526f307df9064 Signed-off-by: Ken Yang --- whitechapel/vendor/google/file.te | 3 --- whitechapel/vendor/google/platform_app.te | 6 +++--- whitechapel/vendor/google/system_app.te | 6 +++--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index d76960c8..c60ec008 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -101,9 +101,6 @@ allow modem_img_file self:filesystem associate; # TCP logging type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; -# Wireless -type sysfs_wlc, sysfs_type, fs_type; - # Pca type sysfs_pca, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/platform_app.te b/whitechapel/vendor/google/platform_app.te index 49fb531b..4f0f89a2 100644 --- a/whitechapel/vendor/google/platform_app.te +++ b/whitechapel/vendor/google/platform_app.te @@ -1,9 +1,6 @@ binder_call(platform_app, rild) allow platform_app hal_exynos_rild_hwservice:hwservice_manager find; -allow platform_app hal_wlc_hwservice:hwservice_manager find; -binder_call(platform_app, hal_wlc) - allow platform_app proc_vendor_sched:dir r_dir_perms; allow platform_app proc_vendor_sched:file w_file_perms; @@ -18,3 +15,6 @@ get_prop(platform_app, fingerprint_ghbm_prop) allow platform_app hal_pixel_display_service:service_manager find; binder_call(platform_app, hal_graphics_composer_default) + +allow platform_app hal_wireless_charger_service:service_manager find; +binder_call(platform_app, hal_wireless_charger) diff --git a/whitechapel/vendor/google/system_app.te b/whitechapel/vendor/google/system_app.te index 8c9d5345..735d1c67 100644 --- a/whitechapel/vendor/google/system_app.te +++ b/whitechapel/vendor/google/system_app.te @@ -1,8 +1,8 @@ allow system_app proc_vendor_sched:dir r_dir_perms; allow system_app proc_vendor_sched:file w_file_perms; -allow system_app hal_wlc_hwservice:hwservice_manager find; -binder_call(system_app, hal_wlc) - allow system_app fwk_stats_hwservice:hwservice_manager find; allow system_app hal_exynos_rild_hwservice:hwservice_manager find; + +allow system_app hal_wireless_charger_service:service_manager find; +binder_call(system_app, hal_wireless_charger) From 46285b5dd5dff706fd9872c37d267b039d7596bf Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 5 Jan 2023 11:04:58 +0800 Subject: [PATCH 060/116] Update SELinux error Test: scanBugreport Bug: 264483156 Change-Id: Ifa7de8df3b09eabee7df8008dbb381854e18f48f --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index f9fbf737..7046ab51 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -3,6 +3,7 @@ dumpstate hal_input_processor_default process b/238143262 dumpstate incident process b/238570971 dumpstate incident process b/238571324 dumpstate incident process b/238571420 +dumpstate system_data_file dir b/264483156 hal_drm_default default_prop file b/232714489 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 From afe63f78ccb3a15d911e9724bd7148c4e4299c34 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 5 Jan 2023 11:05:13 +0800 Subject: [PATCH 061/116] Update SELinux error Test: scanBugreport Bug: 264483673 Test: scanAvcDeniedLogRightAfterReboot Change-Id: I954f764f035fcffa06c1c940bece36f0d7e42711 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 7046ab51..6c50a280 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,6 +4,7 @@ dumpstate incident process b/238570971 dumpstate incident process b/238571324 dumpstate incident process b/238571420 dumpstate system_data_file dir b/264483156 +dumpstate system_data_file dir b/264483673 hal_drm_default default_prop file b/232714489 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 From f5ee8054e0d939bb5a314c3e3c02dffd39637d36 Mon Sep 17 00:00:00 2001 From: Chungkai Mei Date: Thu, 5 Jan 2023 09:36:24 +0000 Subject: [PATCH 062/116] sepolicy: fix avc denial fix avc denial when applying aosp/2333702 Bug: 261678056 Test: boot without avc denial Change-Id: I4674a5cb13f2f06f011c380699353b1a561ad290 Signed-off-by: Chungkai Mei --- whitechapel/vendor/google/genfs_contexts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 92087feb..fa8cf415 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -271,48 +271,56 @@ genfscon sysfs /devices/platform/175b0000.serial/serial0/serial0-0/wakeup genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/0-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/2-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/3-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/4-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/5-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/wakeup u:object_r:sysfs_wakeup:s0 From 902db3961f8d7bc78fda9d657e0f57f8867f1421 Mon Sep 17 00:00:00 2001 From: Kyle Zhang Date: Fri, 30 Dec 2022 01:03:59 +0000 Subject: [PATCH 063/116] Add hal_drm_widevine for Widevine exec sepolicy Bug: 243699259 Test: atp v2/widevine-eng/drm_compliance Change-Id: Ifede19e690cb7b7333016df08fb146a0ec8f7409 --- tracking_denials/hal_drm_default.te | 4 ---- tracking_denials/hal_drm_widevine.te | 4 ++++ whitechapel/vendor/google/file_contexts | 2 +- whitechapel/vendor/google/hal_drm_widevine.te | 12 ++++++++++++ 4 files changed, 17 insertions(+), 5 deletions(-) delete mode 100644 tracking_denials/hal_drm_default.te create mode 100644 tracking_denials/hal_drm_widevine.te create mode 100644 whitechapel/vendor/google/hal_drm_widevine.te diff --git a/tracking_denials/hal_drm_default.te b/tracking_denials/hal_drm_default.te deleted file mode 100644 index 872f5a0f..00000000 --- a/tracking_denials/hal_drm_default.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/223502652 -dontaudit hal_drm_default vndbinder_device:chr_file { read }; -# b/232714489 -dontaudit hal_drm_default default_prop:file { read }; diff --git a/tracking_denials/hal_drm_widevine.te b/tracking_denials/hal_drm_widevine.te new file mode 100644 index 00000000..01581ca2 --- /dev/null +++ b/tracking_denials/hal_drm_widevine.te @@ -0,0 +1,4 @@ +# b/223502652 +dontaudit hal_drm_widevine vndbinder_device:chr_file { read }; +# b/232714489 +dontaudit hal_drm_widevine default_prop:file { read }; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 78b5983f..8f010c5a 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -1,7 +1,7 @@ # # Exynos HAL # -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm(@[0-9]+\.[0-9]+)?-service\.widevine u:object_r:hal_drm_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.drm(@[0-9]+\.[0-9]+)?-service\.widevine u:object_r:hal_drm_widevine_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service32 u:object_r:hal_usb_default_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.ExynosHWCServiceTW@1\.0-service u:object_r:hal_vendor_hwcservice_default_exec:s0 diff --git a/whitechapel/vendor/google/hal_drm_widevine.te b/whitechapel/vendor/google/hal_drm_widevine.te new file mode 100644 index 00000000..753f5e66 --- /dev/null +++ b/whitechapel/vendor/google/hal_drm_widevine.te @@ -0,0 +1,12 @@ +type hal_drm_widevine, domain; +type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_drm_widevine) + +hal_server_domain(hal_drm_widevine, hal_drm) + +# L3 +allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms; +allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms; + +# L1 +allow hal_drm_widevine dmabuf_system_heap_device:chr_file r_file_perms; \ No newline at end of file From a49c3a54797192c87fbd2b52a81163bcab616008 Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Thu, 5 Jan 2023 09:24:08 +0000 Subject: [PATCH 064/116] WLC: Cleanup the sysfs_wlc policies The sepolicy must be self-contained without including wirelss_charger to avoid build break in AOSP Bug: 263830018 Change-Id: I4eee380ae61f83c5563ee8842a94fd1fb9e520ef Signed-off-by: Ken Yang --- usf/sensor_hal.te | 1 - whitechapel/vendor/google/file.te | 3 +++ whitechapel/vendor/google/hal_dumpstate_default.te | 3 --- whitechapel/vendor/google/hal_health_default.te | 1 - whitechapel/vendor/google/hal_wireless_charger.te | 2 ++ whitechapel/vendor/google/pixelstats_vendor.te | 3 --- whitechapel/vendor/google/service.te | 3 +++ whitechapel/vendor/google/service_contexts | 2 ++ whitechapel/vendor/google/shell.te | 1 - 9 files changed, 10 insertions(+), 9 deletions(-) create mode 100644 whitechapel/vendor/google/hal_wireless_charger.te diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te index 595aeef6..b54c1bb3 100644 --- a/usf/sensor_hal.te +++ b/usf/sensor_hal.te @@ -37,7 +37,6 @@ allow hal_sensors_default sysfs_leds:file rw_file_perms; # Allow access to the power supply files for MagCC. r_dir_file(hal_sensors_default, sysfs_batteryinfo) -allow hal_sensors_default sysfs_wlc:dir r_dir_perms; # Allow access to sensor service for sensor_listener. binder_call(hal_sensors_default, system_server); diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index c60ec008..cb5e495f 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -186,3 +186,6 @@ type radio_vendor_data_file, file_type, data_file_type; userdebug_or_eng(` typeattribute radio_vendor_data_file mlstrustedobject; ') + +# WLC +type sysfs_wlc, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 9f87b53e..4bc1bba7 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -13,9 +13,6 @@ vndbinder_use(hal_dumpstate_default) allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms; allow hal_dumpstate_default vendor_gps_file:file r_file_perms; -allow hal_dumpstate_default sysfs_wlc:dir search; -allow hal_dumpstate_default sysfs_wlc:file r_file_perms; - allow hal_dumpstate_default shell_data_file:file getattr; allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms; diff --git a/whitechapel/vendor/google/hal_health_default.te b/whitechapel/vendor/google/hal_health_default.te index a28e5c12..c371547c 100644 --- a/whitechapel/vendor/google/hal_health_default.te +++ b/whitechapel/vendor/google/hal_health_default.te @@ -9,7 +9,6 @@ r_dir_file(hal_health_default, sysfs_scsi_devices_0000) allow hal_health_default fwk_stats_service:service_manager find; binder_use(hal_health_default) -allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file w_file_perms; allow hal_health_default sysfs_thermal:dir search; allow hal_health_default sysfs_thermal:file w_file_perms; diff --git a/whitechapel/vendor/google/hal_wireless_charger.te b/whitechapel/vendor/google/hal_wireless_charger.te new file mode 100644 index 00000000..04b3e5e2 --- /dev/null +++ b/whitechapel/vendor/google/hal_wireless_charger.te @@ -0,0 +1,2 @@ +type hal_wireless_charger, domain; +type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type; diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te index 12234047..4d1a6677 100644 --- a/whitechapel/vendor/google/pixelstats_vendor.te +++ b/whitechapel/vendor/google/pixelstats_vendor.te @@ -10,9 +10,6 @@ allow pixelstats_vendor fwk_stats_service:service_manager find; allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms; allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; -# Wireless charge -allow pixelstats_vendor sysfs_wlc:dir search; -allow pixelstats_vendor sysfs_wlc:file rw_file_perms; # Pca charge allow pixelstats_vendor sysfs_pca:file rw_file_perms; diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te index 7d105d49..08f5ad82 100644 --- a/whitechapel/vendor/google/service.te +++ b/whitechapel/vendor/google/service.te @@ -1,3 +1,6 @@ type hal_pixel_display_service, service_manager_type, hal_service_type; type hal_uwb_vendor_service, service_manager_type, hal_service_type; type edgetpu_dba_service, app_api_service, service_manager_type; + +# WLC +type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts index d00c633e..3569b943 100644 --- a/whitechapel/vendor/google/service_contexts +++ b/whitechapel/vendor/google/service_contexts @@ -4,3 +4,5 @@ android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_se # EdgeTPU DBA Service com.google.edgetpu.dba.IDevice/default u:object_r:edgetpu_dba_service:s0 + +vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 diff --git a/whitechapel/vendor/google/shell.te b/whitechapel/vendor/google/shell.te index e13e744e..f982424d 100644 --- a/whitechapel/vendor/google/shell.te +++ b/whitechapel/vendor/google/shell.te @@ -8,4 +8,3 @@ userdebug_or_eng(` dontaudit shell proc_vendor_sched:dir search; dontaudit shell proc_vendor_sched:file write; -dontaudit shell sysfs_wlc:dir search; From 5eea830c6e7eadbc4b7249fe78760050d5341136 Mon Sep 17 00:00:00 2001 From: Victor Barr Date: Wed, 21 Dec 2022 21:57:04 +0000 Subject: [PATCH 065/116] Move Support for DBA HAL in common edgetpu packages Previously supported in some cases. Now extend it to all common cases. Bug: 263394888 Test: Built and ran DBA HAL on Android Device Change-Id: I70db1fae6b9f5787c635bb2fcbabc7ee0e064a9f --- .../vendor/google/edgetpu_dba_service.te | 38 ------------------- whitechapel/vendor/google/file_contexts | 3 -- whitechapel/vendor/google/priv_app.te | 3 -- whitechapel/vendor/google/service.te | 2 - whitechapel/vendor/google/service_contexts | 4 -- 5 files changed, 50 deletions(-) delete mode 100644 whitechapel/vendor/google/edgetpu_dba_service.te diff --git a/whitechapel/vendor/google/edgetpu_dba_service.te b/whitechapel/vendor/google/edgetpu_dba_service.te deleted file mode 100644 index 2e8f908a..00000000 --- a/whitechapel/vendor/google/edgetpu_dba_service.te +++ /dev/null @@ -1,38 +0,0 @@ -# EdgeTPU DBA service. -type edgetpu_dba_server, domain; -type edgetpu_dba_server_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(edgetpu_dba_server) - -# The vendor service will use binder calls. -binder_use(edgetpu_dba_server); - -# The vendor service will serve a binder service. -binder_service(edgetpu_dba_server); - -# EdgeTPU DBA service to register the service to service_manager. -add_service(edgetpu_dba_server, edgetpu_dba_service); - -# Allow EdgeTPU DBA service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc. -allow edgetpu_dba_server edgetpu_device:chr_file rw_file_perms; - -# Allow EdgeTPU DBA service to request power hints from the Power Service. -hal_client_domain(edgetpu_dba_server, hal_power) - -# Allow EdgeTPU DBA service to access hardware buffers and ION memory. -allow edgetpu_dba_server hal_allocator:fd use; -allow edgetpu_dba_server hal_graphics_mapper_hwservice:hwservice_manager find; -allow edgetpu_dba_server hal_graphics_allocator:fd use; -allow edgetpu_dba_server gpu_device:chr_file rw_file_perms; -allow edgetpu_dba_server gpu_device:dir r_dir_perms; -allow edgetpu_dba_server ion_device:chr_file r_file_perms; - -# Allow EdgeTPU DBA service to read the overcommit_memory info. -allow edgetpu_dba_server proc_overcommit_memory:file r_file_perms; - -# Allow EdgeTPU DBA service to read the kernel version. -# This is done inside the InitGoogle. -allow edgetpu_dba_server proc_version:file r_file_perms; - -# Allow EdgeTPU DBA service to send trace packets to Perfetto with SELinux enabled -# under userdebug builds. -userdebug_or_eng(`perfetto_producer(edgetpu_dba_server)') diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 8f010c5a..d09d288b 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -26,9 +26,6 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.gs101 u:object_r:hal_power_stats_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 -# EdgeTPU DBA service -/vendor/bin/hw/com\.google\.edgetpu.dba-service u:object_r:edgetpu_dba_server_exec:s0 - # Wireless charger HAL /(vendor|system/vendor)/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0 diff --git a/whitechapel/vendor/google/priv_app.te b/whitechapel/vendor/google/priv_app.te index 9d2aa14d..a6e6bb68 100644 --- a/whitechapel/vendor/google/priv_app.te +++ b/whitechapel/vendor/google/priv_app.te @@ -1,5 +1,2 @@ # Allows privileged applications to access the PowerHAL. hal_client_domain(priv_app, hal_power) - -# Allows privileged applications to discover the EdgeTPU DBA service. -allow priv_app edgetpu_dba_service:service_manager find; diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te index 08f5ad82..62b0b767 100644 --- a/whitechapel/vendor/google/service.te +++ b/whitechapel/vendor/google/service.te @@ -1,6 +1,4 @@ type hal_pixel_display_service, service_manager_type, hal_service_type; type hal_uwb_vendor_service, service_manager_type, hal_service_type; -type edgetpu_dba_service, app_api_service, service_manager_type; - # WLC type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts index 3569b943..32ac11bd 100644 --- a/whitechapel/vendor/google/service_contexts +++ b/whitechapel/vendor/google/service_contexts @@ -1,8 +1,4 @@ com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0 - -# EdgeTPU DBA Service -com.google.edgetpu.dba.IDevice/default u:object_r:edgetpu_dba_service:s0 - vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 From fc3e9e0070e259bb4508ab435b9a72f1257f1f87 Mon Sep 17 00:00:00 2001 From: Long Ling Date: Thu, 26 Jan 2023 18:40:19 -0800 Subject: [PATCH 066/116] display: set context for sysfs file refresh_rate Bug: 263821118 Change-Id: I125f8d0ed2f9197041f0913097d15a696c01a516 --- display/gs101/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/display/gs101/genfs_contexts b/display/gs101/genfs_contexts index 8ea3b669..99badab8 100644 --- a/display/gs101/genfs_contexts +++ b/display/gs101/genfs_contexts @@ -1,11 +1,13 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /firmware/devicetree/base/drmdsim@0x1C2C0000/panel@0/compatible u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /firmware/devicetree/base/drmdsim@0x1C2D0000/panel@0/compatible u:object_r:sysfs_display:s0 genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 From fcb9c033a1caafa185eb01e986b0d166b36ccaec Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Tue, 31 Jan 2023 15:02:51 +0000 Subject: [PATCH 067/116] WLC: Add required sysfs_wlc sepolicies The sysfs_wlc is still required for certain services like hal_health_default. Add these sepolicies to pass the tests. Bug: 267171670 Change-Id: Ic4dca7a34e8ed9b096a650b1df4bb58290425117 Signed-off-by: Ken Yang --- usf/sensor_hal.te | 1 + whitechapel/vendor/google/hal_dumpstate_default.te | 4 ++++ whitechapel/vendor/google/hal_health_default.te | 2 ++ whitechapel/vendor/google/pixelstats_vendor.te | 3 +++ whitechapel/vendor/google/shell.te | 1 + 5 files changed, 11 insertions(+) diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te index b54c1bb3..595aeef6 100644 --- a/usf/sensor_hal.te +++ b/usf/sensor_hal.te @@ -37,6 +37,7 @@ allow hal_sensors_default sysfs_leds:file rw_file_perms; # Allow access to the power supply files for MagCC. r_dir_file(hal_sensors_default, sysfs_batteryinfo) +allow hal_sensors_default sysfs_wlc:dir r_dir_perms; # Allow access to sensor service for sensor_listener. binder_call(hal_sensors_default, system_server); diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 4bc1bba7..dbb17904 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -13,6 +13,10 @@ vndbinder_use(hal_dumpstate_default) allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms; allow hal_dumpstate_default vendor_gps_file:file r_file_perms; +allow hal_dumpstate_default sysfs_wlc:dir search; +allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms; +allow hal_dumpstate_default sysfs_wlc:file r_file_perms; + allow hal_dumpstate_default shell_data_file:file getattr; allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms; diff --git a/whitechapel/vendor/google/hal_health_default.te b/whitechapel/vendor/google/hal_health_default.te index c371547c..85b10163 100644 --- a/whitechapel/vendor/google/hal_health_default.te +++ b/whitechapel/vendor/google/hal_health_default.te @@ -14,3 +14,5 @@ allow hal_health_default sysfs_thermal:dir search; allow hal_health_default sysfs_thermal:file w_file_perms; allow hal_health_default sysfs_thermal:lnk_file read; allow hal_health_default thermal_link_device:dir search; + +allow hal_health_default sysfs_wlc:dir search; diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te index 4d1a6677..12234047 100644 --- a/whitechapel/vendor/google/pixelstats_vendor.te +++ b/whitechapel/vendor/google/pixelstats_vendor.te @@ -10,6 +10,9 @@ allow pixelstats_vendor fwk_stats_service:service_manager find; allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms; allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; # Pca charge allow pixelstats_vendor sysfs_pca:file rw_file_perms; diff --git a/whitechapel/vendor/google/shell.te b/whitechapel/vendor/google/shell.te index f982424d..e13e744e 100644 --- a/whitechapel/vendor/google/shell.te +++ b/whitechapel/vendor/google/shell.te @@ -8,3 +8,4 @@ userdebug_or_eng(` dontaudit shell proc_vendor_sched:dir search; dontaudit shell proc_vendor_sched:file write; +dontaudit shell sysfs_wlc:dir search; From 8835275413daef98f1c0c7cc723a053bc137ffdc Mon Sep 17 00:00:00 2001 From: sukiliu Date: Fri, 10 Feb 2023 10:20:35 +0800 Subject: [PATCH 068/116] Update SELinux error Test: scanBugreport Bug: 268411073 Bug: 268147283 Bug: 268146971 Change-Id: I60fdc8e3d44da7632522f57adc01c0e6879be83c --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 6c50a280..20de156b 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,5 @@ +dump_pixel_metrics sysfs file b/268411073 +dump_stm sysfs_spi dir b/268147283 dumpstate app_zygote process b/238263438 dumpstate hal_input_processor_default process b/238143262 dumpstate incident process b/238570971 @@ -8,4 +10,5 @@ dumpstate system_data_file dir b/264483673 hal_drm_default default_prop file b/232714489 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 +incidentd incidentd anon_inode b/268146971 su modem_img_file filesystem b/238825802 From d48a10f9b089aab9ec4c77247140c33bd839ca09 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Mon, 13 Feb 2023 10:41:23 +0800 Subject: [PATCH 069/116] Update SELinux error Test: scanBugreport Bug: 269045042 Change-Id: I6291a7d3fd3b75d68548bd2fb7287b8ff754684a --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 20de156b..dded4c93 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,5 +1,6 @@ dump_pixel_metrics sysfs file b/268411073 dump_stm sysfs_spi dir b/268147283 +dump_trusty radio_vendor_data_file file b/269045042 dumpstate app_zygote process b/238263438 dumpstate hal_input_processor_default process b/238143262 dumpstate incident process b/238570971 From 9a7bb8df869d6512dbfceed29cd310db3e535dc0 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 13 Feb 2023 14:56:30 +0800 Subject: [PATCH 070/116] Move memory dump to gs-common Bug: 240530709 Test: adb bugreport Change-Id: I78433d8d170af54a4daee6c9a9218ce35e78e730 --- whitechapel/vendor/google/dumpstate.te | 1 - whitechapel/vendor/google/file.te | 2 -- whitechapel/vendor/google/genfs_contexts | 2 -- whitechapel/vendor/google/hal_dumpstate_default.te | 10 ---------- 4 files changed, 15 deletions(-) diff --git a/whitechapel/vendor/google/dumpstate.te b/whitechapel/vendor/google/dumpstate.te index cdf6e8ef..e715ad95 100644 --- a/whitechapel/vendor/google/dumpstate.te +++ b/whitechapel/vendor/google/dumpstate.te @@ -14,4 +14,3 @@ allow dumpstate modem_img_file:dir getattr; allow dumpstate modem_userdata_file:dir getattr; allow dumpstate fuse:dir search; -dontaudit dumpstate vendor_dmabuf_debugfs:file r_file_perms; diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index cb5e495f..e20541cc 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -23,8 +23,6 @@ type vendor_rpmbmock_data_file, file_type, data_file_type; # Exynos debugfs type vendor_ion_debugfs, fs_type, debugfs_type; -type vendor_dmabuf_debugfs, fs_type, debugfs_type; -type vendor_page_pinner_debugfs, fs_type, debugfs_type; type vendor_mali_debugfs, fs_type, debugfs_type; type vendor_dri_debugfs, fs_type, debugfs_type; type vendor_pm_genpd_debugfs, fs_type, debugfs_type; diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index fa8cf415..78ca2633 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -670,10 +670,8 @@ genfscon sysfs /devices/platform/14520000.pcie/power_stats genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /maxfg_flip u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /dma_buf/bufinfo u:object_r:vendor_dmabuf_debugfs:s0 genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0 genfscon debugfs /ion u:object_r:vendor_ion_debugfs:s0 -genfscon debugfs /page_pinner u:object_r:vendor_page_pinner_debugfs:s0 genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index dbb17904..be51f49a 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -86,9 +86,6 @@ userdebug_or_eng(` allow hal_dumpstate_default vendor_ion_debugfs:dir r_dir_perms; allow hal_dumpstate_default vendor_ion_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_page_pinner_debugfs:dir search; - allow hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; - allow hal_dumpstate_default sysfs_pixel_stat:dir r_dir_perms; allow hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; @@ -100,8 +97,6 @@ userdebug_or_eng(` allow hal_dumpstate_default vendor_usb_debugfs:dir r_dir_perms; allow hal_dumpstate_default vendor_usb_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_regmap_debugfs:dir r_dir_perms; allow hal_dumpstate_default vendor_regmap_debugfs:file r_file_perms; @@ -133,9 +128,6 @@ userdebug_or_eng(` dontaudit hal_dumpstate_default vendor_ion_debugfs:dir r_dir_perms; dontaudit hal_dumpstate_default vendor_ion_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:dir search; -dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; - dontaudit hal_dumpstate_default sysfs_pixel_stat:dir r_dir_perms; dontaudit hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; @@ -150,8 +142,6 @@ dontaudit hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms; dontaudit hal_dumpstate_default vendor_usb_debugfs:dir r_dir_perms; dontaudit hal_dumpstate_default vendor_usb_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms; - dontaudit hal_dumpstate_default vendor_regmap_debugfs:dir r_dir_perms; dontaudit hal_dumpstate_default vendor_regmap_debugfs:file r_file_perms; From 14c66190df25a0e0694144e0445a24f3b4125c33 Mon Sep 17 00:00:00 2001 From: leochuang Date: Tue, 14 Feb 2023 15:46:17 +0800 Subject: [PATCH 071/116] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 269218654 Test: scanBugreport Bug: 269218638 Change-Id: If7d4633aa4f4f10cf3b56640ae6661a2a9b20b91 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index dded4c93..2efceedb 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,5 @@ +dump_lsi radio_vendor_data_file file b/269218638 +dump_lsi vendor_slog_file file b/269218638 dump_pixel_metrics sysfs file b/268411073 dump_stm sysfs_spi dir b/268147283 dump_trusty radio_vendor_data_file file b/269045042 @@ -12,4 +14,5 @@ hal_drm_default default_prop file b/232714489 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 incidentd incidentd anon_inode b/268146971 +rfsd vendor_rild_prop property_service b/269218654 su modem_img_file filesystem b/238825802 From e5b2d04476813ee256a01490cae960affa61e421 Mon Sep 17 00:00:00 2001 From: leochuang Date: Wed, 15 Feb 2023 10:25:40 +0800 Subject: [PATCH 072/116] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 269218654 Test: scanBugreport Bug: 269370106 Bug: 269045042 Change-Id: Ief58a1f19580251476c71602951550388015df01 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 2efceedb..42d06011 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,5 +1,6 @@ dump_lsi radio_vendor_data_file file b/269218638 dump_lsi vendor_slog_file file b/269218638 +dump_modem radio_vendor_data_file file b/269370106 dump_pixel_metrics sysfs file b/268411073 dump_stm sysfs_spi dir b/268147283 dump_trusty radio_vendor_data_file file b/269045042 @@ -11,6 +12,7 @@ dumpstate incident process b/238571420 dumpstate system_data_file dir b/264483156 dumpstate system_data_file dir b/264483673 hal_drm_default default_prop file b/232714489 +hal_dumpstate_default dump_lsi process b/269045042 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 incidentd incidentd anon_inode b/268146971 From 5a70bbb33573d00484596b0a023f2a79728fe503 Mon Sep 17 00:00:00 2001 From: Lucas Wei Date: Tue, 14 Feb 2023 14:25:37 +0800 Subject: [PATCH 073/116] votable: Update don't audit file entry Test: No votable avc errors in dmesg Bug: 247905787 Change-Id: I95ab4dd7750e9b0f26d41fece50dc6d0aa73dd41 Signed-off-by: Lucas Wei --- tracking_denials/kernel.te | 2 -- whitechapel/vendor/google/kernel.te | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 100644 tracking_denials/kernel.te diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te deleted file mode 100644 index 45ce8edc..00000000 --- a/tracking_denials/kernel.te +++ /dev/null @@ -1,2 +0,0 @@ -#b/247905787 -dontaudit kernel vendor_votable_debugfs:dir { search }; diff --git a/whitechapel/vendor/google/kernel.te b/whitechapel/vendor/google/kernel.te index fa6c2fac..c1d73c68 100644 --- a/whitechapel/vendor/google/kernel.te +++ b/whitechapel/vendor/google/kernel.te @@ -10,3 +10,4 @@ allow kernel self:perf_event cpu; dontaudit kernel vendor_battery_debugfs:dir search; dontaudit kernel vendor_maxfg_debugfs:dir { search }; +dontaudit kernel vendor_votable_debugfs:dir { search }; From 6964113b1ce0cca046005a50994d09a0cdf721c4 Mon Sep 17 00:00:00 2001 From: Ken Tsou Date: Thu, 16 Feb 2023 10:35:10 +0800 Subject: [PATCH 074/116] hal_health_default: allow to access persist.vendor.shutdown.* msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0' Bug: 266181615 Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4 Signed-off-by: Ken Tsou --- whitechapel/vendor/google/hal_health_default.te | 1 + whitechapel/vendor/google/property.te | 3 +++ whitechapel/vendor/google/property_contexts | 1 + 3 files changed, 5 insertions(+) diff --git a/whitechapel/vendor/google/hal_health_default.te b/whitechapel/vendor/google/hal_health_default.te index 85b10163..9954bee0 100644 --- a/whitechapel/vendor/google/hal_health_default.te +++ b/whitechapel/vendor/google/hal_health_default.te @@ -4,6 +4,7 @@ allow hal_health_default persist_battery_file:file create_file_perms; allow hal_health_default persist_battery_file:dir rw_dir_perms; set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) r_dir_file(hal_health_default, sysfs_scsi_devices_0000) allow hal_health_default fwk_stats_service:service_manager find; diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index b792d530..cec78c3a 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -27,6 +27,9 @@ vendor_internal_prop(vendor_battery_defender_prop) # Battery profile for harness mode vendor_internal_prop(vendor_battery_profile_prop) +# hal_health +vendor_internal_prop(vendor_shutdown_prop) + # Logger vendor_internal_prop(vendor_logger_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index b663df4b..8a3f95dc 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -68,6 +68,7 @@ persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 # Battery vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 +persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 # test battery profile persist.vendor.testing_battery_profile u:object_r:vendor_battery_profile_prop:s0 From 4fe64170d372f699d54b9e2dfdb769d8cb5b1967 Mon Sep 17 00:00:00 2001 From: leochuang Date: Wed, 22 Feb 2023 10:30:02 +0800 Subject: [PATCH 075/116] Update SELinux error Test: scanBugreport Bug: 270247432 Change-Id: Ia5e76ee1c027ac2b1cbbbc6a20a20f3ea609a1b7 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d40544ac..979cfabb 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -10,6 +10,7 @@ dumpstate system_data_file dir b/264483156 dumpstate system_data_file dir b/264483673 hal_drm_default default_prop file b/232714489 hal_dumpstate_default dump_lsi process b/269045042 +hal_dumpstate_default dump_thermal process b/270247432 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 incidentd incidentd anon_inode b/268146971 From 7d3f25d95bc8e7e6857ccee3e63991d23e7f6962 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 7 Mar 2023 13:01:05 +0800 Subject: [PATCH 076/116] Move display dump to gs-common Bug: 269212897 Test: adb bugreport Change-Id: Id40661687bbd04d7eba4790dc5fe17ca5c79e47d --- whitechapel/vendor/google/file.te | 2 -- whitechapel/vendor/google/file_contexts | 1 - whitechapel/vendor/google/genfs_contexts | 1 - whitechapel/vendor/google/hal_dumpstate_default.te | 14 -------------- whitechapel/vendor/google/vndservice.te | 1 - whitechapel/vendor/google/vndservice_contexts | 1 - 6 files changed, 20 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index e20541cc..b6248205 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -7,7 +7,6 @@ type vendor_media_data_file, file_type, data_file_type; type vendor_log_file, file_type, data_file_type; type vendor_cbd_log_file, file_type, data_file_type; type vendor_dmd_log_file, file_type, data_file_type; -type vendor_hwc_log_file, file_type, data_file_type; type vendor_rfsd_log_file, file_type, data_file_type; type vendor_dump_log_file, file_type, data_file_type; type vendor_rild_log_file, file_type, data_file_type; @@ -24,7 +23,6 @@ type vendor_rpmbmock_data_file, file_type, data_file_type; # Exynos debugfs type vendor_ion_debugfs, fs_type, debugfs_type; type vendor_mali_debugfs, fs_type, debugfs_type; -type vendor_dri_debugfs, fs_type, debugfs_type; type vendor_pm_genpd_debugfs, fs_type, debugfs_type; type vendor_regmap_debugfs, fs_type, debugfs_type; type vendor_usb_debugfs, fs_type, debugfs_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index c2e8117a..aa0f2f78 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -143,7 +143,6 @@ /data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 /data/vendor/log/cbd(/.*)? u:object_r:vendor_cbd_log_file:s0 /data/vendor/log/dmd(/.*)? u:object_r:vendor_dmd_log_file:s0 -/data/vendor/log/hwc(/.*)? u:object_r:vendor_hwc_log_file:s0 /data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 /data/vendor/log/dump(/.*)? u:object_r:vendor_dump_log_file:s0 /data/vendor/log/rild(/.*)? u:object_r:vendor_rild_log_file:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 78ca2633..1c6c211e 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -670,7 +670,6 @@ genfscon sysfs /devices/platform/14520000.pcie/power_stats genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /maxfg_flip u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0 genfscon debugfs /ion u:object_r:vendor_ion_debugfs:s0 genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index be51f49a..86e5f6de 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -22,9 +22,6 @@ allow hal_dumpstate_default shell_data_file:file getattr; allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms; allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms; -allow hal_dumpstate_default vendor_hwc_log_file:dir r_dir_perms; -allow hal_dumpstate_default vendor_hwc_log_file:file r_file_perms; - # camera debugging dump file access allow hal_dumpstate_default vendor_camera_data_file:dir r_dir_perms; allow hal_dumpstate_default vendor_camera_data_file:file r_file_perms; @@ -64,11 +61,6 @@ allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms; allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans; allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans; -allow hal_dumpstate_default vendor_displaycolor_service:service_manager find; -binder_call(hal_dumpstate_default, hal_graphics_composer_default); -allow hal_dumpstate_default sysfs_display:dir r_dir_perms; -allow hal_dumpstate_default sysfs_display:file r_file_perms; - allow hal_dumpstate_default proc_vendor_sched:file read; allow hal_dumpstate_default proc_vendor_sched:dir r_dir_perms; allow hal_dumpstate_default proc_vendor_sched:file r_file_perms; @@ -89,9 +81,6 @@ userdebug_or_eng(` allow hal_dumpstate_default sysfs_pixel_stat:dir r_dir_perms; allow hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; - allow hal_dumpstate_default vendor_dri_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_dri_debugfs:dir search; - allow hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms; allow hal_dumpstate_default vendor_usb_debugfs:dir r_dir_perms; @@ -134,9 +123,6 @@ dontaudit hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; dontaudit hal_dumpstate_default sysfs_vendor_metrics:dir search; dontaudit hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; -dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default vendor_dri_debugfs:dir search; - dontaudit hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms; dontaudit hal_dumpstate_default vendor_usb_debugfs:dir r_dir_perms; diff --git a/whitechapel/vendor/google/vndservice.te b/whitechapel/vendor/google/vndservice.te index f70a26fe..bd59e836 100644 --- a/whitechapel/vendor/google/vndservice.te +++ b/whitechapel/vendor/google/vndservice.te @@ -1,4 +1,3 @@ type rls_service, vndservice_manager_type; type vendor_surfaceflinger_vndservice, vndservice_manager_type; -type vendor_displaycolor_service, vndservice_manager_type; type eco_service, vndservice_manager_type; diff --git a/whitechapel/vendor/google/vndservice_contexts b/whitechapel/vendor/google/vndservice_contexts index d44e1cb8..d272fe16 100644 --- a/whitechapel/vendor/google/vndservice_contexts +++ b/whitechapel/vendor/google/vndservice_contexts @@ -1,4 +1,3 @@ Exynos.HWCService u:object_r:vendor_surfaceflinger_vndservice:s0 rlsservice u:object_r:rls_service:s0 -displaycolor u:object_r:vendor_displaycolor_service:s0 media.ecoservice u:object_r:eco_service:s0 From b2635623608505714d2b2e8a309e9b0f11858086 Mon Sep 17 00:00:00 2001 From: Jasmine Cha Date: Thu, 9 Mar 2023 10:10:18 +0800 Subject: [PATCH 077/116] audio: move sepolicy about audio to gs-common Bug: 259161622 Test: build pass and check with audio ext hidl/aidl Change-Id: Ie1499be82e405c2ddf4cd1a62ee7ff2823befd8e Signed-off-by: Jasmine Cha --- whitechapel/vendor/google/rild.te | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te index 78b14e51..2f1d8ff9 100644 --- a/whitechapel/vendor/google/rild.te +++ b/whitechapel/vendor/google/rild.te @@ -30,7 +30,6 @@ binder_call(rild, logger_app) # for hal service add_hwservice(rild, hal_exynos_rild_hwservice) -allow rild hal_audio_ext_hwservice:hwservice_manager find; # Allow rild to access files on modem img. allow rild modem_img_file:dir r_dir_perms; From 4d9aa0b28f2e1d7caf73c4f8b4520467382059e9 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 21 Mar 2023 12:41:23 +0800 Subject: [PATCH 078/116] use devfreq dump from gs-common Bug: 273380985 Test: adb bugreport Change-Id: I0ea6767fd7640c2ee1be66f659f94c15cb4766cd --- whitechapel/vendor/google/file.te | 5 ----- whitechapel/vendor/google/genfs_contexts | 13 ------------- whitechapel/vendor/google/hal_dumpstate_default.te | 3 --- 3 files changed, 21 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index b6248205..0a615415 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -32,8 +32,6 @@ type vendor_votable_debugfs, fs_type, debugfs_type; type vendor_battery_debugfs, fs_type, debugfs_type; # Exynos sysfs -type sysfs_exynos_bts, sysfs_type, fs_type; -type sysfs_exynos_bts_stats, sysfs_type, fs_type; type sysfs_ota, sysfs_type, fs_type; # Exynos Firmware @@ -133,9 +131,6 @@ type sysfs_spi, sysfs_type, fs_type; # Battery type persist_battery_file, file_type, vendor_persist_type; -# CPU -type sysfs_cpu, sysfs_type, fs_type; - # Fabric type sysfs_fabric, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 1c6c211e..59e5b2f9 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -591,22 +591,9 @@ genfscon sysfs /devices/platform/acpm_stats genfscon sysfs /devices/platform/10d40000.spi/spi_master u:object_r:sysfs_spi:s0 -# Exynos -genfscon sysfs /devices/platform/exynos-bts u:object_r:sysfs_exynos_bts:s0 -genfscon sysfs /devices/platform/exynos-bts/bts_stats u:object_r:sysfs_exynos_bts_stats:s0 - # CPU -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/time_in_state u:object_r:sysfs_cpu:s0 genfscon sysfs /devices/platform/1c500000.mali/time_in_state u:object_r:sysfs_cpu:s0 genfscon sysfs /devices/platform/1c500000.mali/uid_time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/time_in_state u:object_r:sysfs_cpu:s0 genfscon sysfs /devices/system/chip-id/unique_id u:object_r:sysfs_soc:s0 genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 86e5f6de..6ef848c7 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -1,6 +1,3 @@ -allow hal_dumpstate_default sysfs_exynos_bts:dir search; -allow hal_dumpstate_default sysfs_exynos_bts_stats:file r_file_perms; - allow hal_dumpstate_default sysfs_bcmdhd:dir search; allow hal_dumpstate_default sysfs_bcmdhd:file r_file_perms; From cb6bad65e7f05b4b2bf840a3b654d1eeea4505a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Wagner?= Date: Tue, 27 Dec 2022 08:55:27 +0000 Subject: [PATCH 079/116] Update Mali DDK to r40 : Additional SELinux settings Expose DDK's dynamic configuration options through the Android Sysprop interface, following recommendations from Arm's Android Integration Manual. Bug: 261718474 (cherry picked from commit 74d31a156821c8f7f2c1bf263ab36ddea6ebfc05) Merged-In: I5c69a8bafe3a4c738c124facb1f437ec721cc3ea Change-Id: I7e6734cb79b38898eb65a0194b37381a1367fc36 --- whitechapel/vendor/google/domain.te | 4 ++++ whitechapel/vendor/google/property.te | 4 ++++ whitechapel/vendor/google/property_contexts | 3 +++ whitechapel/vendor/google/vendor_init.te | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/whitechapel/vendor/google/domain.te b/whitechapel/vendor/google/domain.te index fd876e09..ad32036f 100644 --- a/whitechapel/vendor/google/domain.te +++ b/whitechapel/vendor/google/domain.te @@ -1,2 +1,6 @@ allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms; allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms; + +# Mali +get_prop(domain, vendor_arm_runtime_option_prop) + diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index cec78c3a..0c34c631 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -56,3 +56,7 @@ system_vendor_config_prop(vendor_uwb_calibration_prop) # Trusty storage FS ready vendor_internal_prop(vendor_trusty_storage_prop) + +# Mali Integration +vendor_public_prop(vendor_arm_runtime_option_prop) + diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 8a3f95dc..d952d5d3 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -99,3 +99,6 @@ ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibratio # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 + +# Mali GPU driver configuration and debug options +vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index 8ebe5e52..928bc021 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -41,3 +41,7 @@ set_prop(vendor_init, vendor_display_prop) # Trusty storage FS ready get_prop(vendor_init, vendor_trusty_storage_prop) + +# Mali +set_prop(vendor_init, vendor_arm_runtime_option_prop) + From d678ee322642eeb99b1d5fd66677b13fb74492a5 Mon Sep 17 00:00:00 2001 From: Kris Chen Date: Tue, 21 Mar 2023 20:18:28 +0800 Subject: [PATCH 080/116] Allow fingerprint hal to read sysfs_leds Fix the following avc denials: avc: denied { search } for name="backlight" dev="sysfs" ino=79316 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1 avc: denied { read } for name="state" dev="sysfs" ino=79365 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1 Bug: 271072126 Test: Authenticate fingerprint. Change-Id: I67f5502bc7b4b1d6e14cf493f1bc6575980bcd0d --- whitechapel/vendor/google/hal_fingerprint_default.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/whitechapel/vendor/google/hal_fingerprint_default.te index aee24633..69549701 100644 --- a/whitechapel/vendor/google/hal_fingerprint_default.te +++ b/whitechapel/vendor/google/hal_fingerprint_default.te @@ -33,3 +33,7 @@ allow hal_fingerprint_default sysfs_trusty:file rw_file_perms; # Allow fingerprint to access display hal allow hal_fingerprint_default hal_pixel_display_service:service_manager find; binder_call(hal_fingerprint_default, hal_graphics_composer_default) + +# allow fingerprint to read sysfs_leds +allow hal_fingerprint_default sysfs_leds:file r_file_perms; +allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; From e7ea94d8e1bc2cbae2e774247f62617d56e7f417 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 24 Mar 2023 13:52:34 +0800 Subject: [PATCH 081/116] Move cma dump to itself Bug: 273380985 Test: adb bugreport Change-Id: I40ecb631c7fbbea216f5c56857b92152c997e466 --- whitechapel/vendor/google/dump_gs101.te | 5 +++++ whitechapel/vendor/google/file_contexts | 1 + 2 files changed, 6 insertions(+) create mode 100644 whitechapel/vendor/google/dump_gs101.te diff --git a/whitechapel/vendor/google/dump_gs101.te b/whitechapel/vendor/google/dump_gs101.te new file mode 100644 index 00000000..8192ce33 --- /dev/null +++ b/whitechapel/vendor/google/dump_gs101.te @@ -0,0 +1,5 @@ +pixel_bugreport(dump_gs101) +allow dump_gs101 sysfs_pixel_stat:dir r_dir_perms; +allow dump_gs101 sysfs_pixel_stat:file r_file_perms; +allow dump_gs101 vendor_toolbox_exec:file execute_no_trans; + diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index aa0f2f78..662c143b 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -17,6 +17,7 @@ /(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 +/vendor/bin/dump/dump_gs101.sh u:object_r:dump_gs101_exec:s0 # # HALs From 2bd6ae14f355640d8a142e3757d581c54fd9f1ab Mon Sep 17 00:00:00 2001 From: chenkris Date: Fri, 24 Mar 2023 04:15:14 +0000 Subject: [PATCH 082/116] Remove tracking_denials/hal_fingerprint_default.te Bug: 187015705 Bug: 183338543 Test: build and test fingerprint on device. Test: no fingerprint avc denials in logcat. Change-Id: I1dde2c0d8c8ab2610c2b8147c15ac5c9f813345a --- tracking_denials/hal_fingerprint_default.te | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 tracking_denials/hal_fingerprint_default.te diff --git a/tracking_denials/hal_fingerprint_default.te b/tracking_denials/hal_fingerprint_default.te deleted file mode 100644 index 9a2d37e5..00000000 --- a/tracking_denials/hal_fingerprint_default.te +++ /dev/null @@ -1,9 +0,0 @@ -# b/183338543 -dontaudit hal_fingerprint_default system_data_root_file:file { read }; -dontaudit hal_fingerprint_default default_prop:file { getattr }; -dontaudit hal_fingerprint_default default_prop:file { map }; -dontaudit hal_fingerprint_default default_prop:file { open }; -dontaudit hal_fingerprint_default default_prop:file { read }; -dontaudit hal_fingerprint_default system_data_root_file:file { open }; -# b/187015705 -dontaudit hal_fingerprint_default property_socket:sock_file write; From 5bfe1bdd6d554d8ec1d9b95d9c2821df5e169137 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 27 Mar 2023 10:37:02 +0800 Subject: [PATCH 083/116] Move camera text dump to dump_gs101 Bug: 273380985 Test: adb bugreport Change-Id: Iba138e608885a1215515ec8cc5f5e997dfcfcf3f --- whitechapel/vendor/google/dump_gs101.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/dump_gs101.te b/whitechapel/vendor/google/dump_gs101.te index 8192ce33..7c10cd68 100644 --- a/whitechapel/vendor/google/dump_gs101.te +++ b/whitechapel/vendor/google/dump_gs101.te @@ -3,3 +3,6 @@ allow dump_gs101 sysfs_pixel_stat:dir r_dir_perms; allow dump_gs101 sysfs_pixel_stat:file r_file_perms; allow dump_gs101 vendor_toolbox_exec:file execute_no_trans; +allow dump_gs101 vendor_camera_data_file:dir r_dir_perms; +allow dump_gs101 vendor_camera_data_file:file r_file_perms; + From 7cc3817f71007ac547b6b763b798114fd2b2f4ef Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 28 Mar 2023 14:52:04 +0800 Subject: [PATCH 084/116] Move power dump text section out of hal_dumpstate_default Bug: 273380985 Test: adb bugreport Change-Id: I77b59ea719055972429b2b8a1349e52e0e1fe395 --- whitechapel/vendor/google/dump_gs101.te | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/dump_gs101.te b/whitechapel/vendor/google/dump_gs101.te index 7c10cd68..a624ee96 100644 --- a/whitechapel/vendor/google/dump_gs101.te +++ b/whitechapel/vendor/google/dump_gs101.te @@ -2,7 +2,30 @@ pixel_bugreport(dump_gs101) allow dump_gs101 sysfs_pixel_stat:dir r_dir_perms; allow dump_gs101 sysfs_pixel_stat:file r_file_perms; allow dump_gs101 vendor_toolbox_exec:file execute_no_trans; - allow dump_gs101 vendor_camera_data_file:dir r_dir_perms; allow dump_gs101 vendor_camera_data_file:file r_file_perms; +allow dump_gs101 sysfs_acpm_stats:dir r_dir_perms; +allow dump_gs101 sysfs_acpm_stats:file r_file_perms; +allow dump_gs101 sysfs_batteryinfo:dir r_dir_perms; +allow dump_gs101 sysfs_bcl:dir r_dir_perms; +allow dump_gs101 sysfs_bcl:file r_file_perms; +allow dump_gs101 sysfs_cpu:file r_file_perms; +allow dump_gs101 logbuffer_device:chr_file r_file_perms; +allow dump_gs101 sysfs_batteryinfo:file r_file_perms; +allow dump_gs101 sysfs:dir r_dir_perms; +allow dump_gs101 sysfs_wlc:dir r_dir_perms; +allow dump_gs101 sysfs_wlc:file r_file_perms; +userdebug_or_eng(` + allow dump_gs101 vendor_battery_debugfs:dir r_dir_perms; + allow dump_gs101 vendor_battery_debugfs:file r_file_perms; + allow dump_gs101 vendor_charger_debugfs:dir r_dir_perms; + allow dump_gs101 vendor_charger_debugfs:file r_file_perms; + allow dump_gs101 vendor_pm_genpd_debugfs:file r_file_perms; + allow dump_gs101 vendor_usb_debugfs:dir r_dir_perms; + allow dump_gs101 vendor_usb_debugfs:file r_file_perms; + allow dump_gs101 debugfs:dir r_dir_perms; + allow dump_gs101 vendor_maxfg_debugfs:dir r_dir_perms; + allow dump_gs101 vendor_votable_debugfs:dir r_dir_perms; + allow dump_gs101 vendor_votable_debugfs:file r_file_perms; +') From 28afe7393f5cd36158262c7b604f30e6d21dac39 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 24 Mar 2023 11:11:57 +0800 Subject: [PATCH 085/116] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 275002227 Change-Id: If2133d83efbfa00ee9643a25047f465c60d2d3c4 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 979cfabb..419ffd2a 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -8,6 +8,8 @@ dumpstate app_zygote process b/238263438 dumpstate hal_input_processor_default process b/238143262 dumpstate system_data_file dir b/264483156 dumpstate system_data_file dir b/264483673 +hal_camera_default boot_status_prop file b/275002227 +hal_camera_default edgetpu_app_service service_manager b/275002227 hal_drm_default default_prop file b/232714489 hal_dumpstate_default dump_lsi process b/269045042 hal_dumpstate_default dump_thermal process b/270247432 From accb299d5d8042b27189836ddee72f2f788032d3 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 31 Mar 2023 10:55:58 +0800 Subject: [PATCH 086/116] Update SELinux error Test: scanBugreport Bug: 276385941 Change-Id: I54627db892f95ac7ee6e9b08762b7a72793d4a00 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 979cfabb..aa3c13c1 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -2,6 +2,8 @@ dump_lsi radio_vendor_data_file file b/269218638 dump_lsi vendor_slog_file file b/269218638 dump_modem radio_vendor_data_file file b/269370106 dump_pixel_metrics sysfs file b/268411073 +dump_ramdump radio_vendor_data_file file b/276385941 +dump_ramdump vendor_camera_data_file file b/276385941 dump_stm sysfs_spi dir b/268147283 dump_trusty radio_vendor_data_file file b/269045042 dumpstate app_zygote process b/238263438 From a55bb8682ce605763fc04aab0e550dc04f3b0df0 Mon Sep 17 00:00:00 2001 From: Victor Liu Date: Thu, 27 Oct 2022 12:22:27 -0700 Subject: [PATCH 087/116] uwb: add permission for ccc ranging Bug: 255649425 Change-Id: I05aac586146bf25569b5f6251d2fd62b921631be --- whitechapel/vendor/google/hal_nfc_default.te | 1 + whitechapel/vendor/google/property.te | 2 ++ whitechapel/vendor/google/property_contexts | 1 + whitechapel/vendor/google/uwb_vendor_app.te | 3 +++ 4 files changed, 7 insertions(+) diff --git a/whitechapel/vendor/google/hal_nfc_default.te b/whitechapel/vendor/google/hal_nfc_default.te index 247ca3d7..56b6e2e2 100644 --- a/whitechapel/vendor/google/hal_nfc_default.te +++ b/whitechapel/vendor/google/hal_nfc_default.te @@ -13,3 +13,4 @@ allow hal_nfc_default uwb_data_vendor:file r_file_perms; # allow nfc to read uwb calibration file get_prop(hal_nfc_default, vendor_uwb_calibration_prop) +get_prop(hal_nfc_default, vendor_uwb_calibration_country_code) diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 0c34c631..58fd5dbb 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -53,6 +53,8 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # UWB calibration system_vendor_config_prop(vendor_uwb_calibration_prop) +# Country code must be vendor_public to be written by UwbVendorService and read by NFC HAL +vendor_internal_prop(vendor_uwb_calibration_country_code) # Trusty storage FS ready vendor_internal_prop(vendor_trusty_storage_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index d952d5d3..272b086d 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -96,6 +96,7 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor # uwb ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string +vendor.uwb.calibration.country_code u:object_r:vendor_uwb_calibration_country_code:s0 exact string # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 diff --git a/whitechapel/vendor/google/uwb_vendor_app.te b/whitechapel/vendor/google/uwb_vendor_app.te index 68edcb1b..9db45475 100644 --- a/whitechapel/vendor/google/uwb_vendor_app.te +++ b/whitechapel/vendor/google/uwb_vendor_app.te @@ -15,7 +15,10 @@ allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms; allow hal_uwb_vendor_default self:global_capability_class_set { sys_nice }; allow hal_uwb_vendor_default kernel:process { setsched }; +# UwbVendorService must be able to read USRA version from vendor_secure_element_prop get_prop(uwb_vendor_app, vendor_secure_element_prop) +# UwbVendorService must be able to write country code prop +set_prop(uwb_vendor_app, vendor_uwb_calibration_country_code) binder_call(uwb_vendor_app, hal_uwb_vendor_default) ') From 78386038280d7a059493d811ed2bcd5a08a6e228 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 31 Mar 2023 12:57:10 +0000 Subject: [PATCH 088/116] Use restricted vendor property for ARM runtime options They need to be read by everything that links with libmali, but we don't expect anybody to actually write to them. Bug: b/272740524 Test: CtsDeqpTestCases (dEQP-VK.protected_memory.stack.stacksize_*) Change-Id: I963fb55fb92ef5f91426dbec913c901e58cacf64 --- whitechapel/vendor/google/property.te | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 0c34c631..c1884200 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -58,5 +58,4 @@ system_vendor_config_prop(vendor_uwb_calibration_prop) vendor_internal_prop(vendor_trusty_storage_prop) # Mali Integration -vendor_public_prop(vendor_arm_runtime_option_prop) - +vendor_restricted_prop(vendor_arm_runtime_option_prop) From 391f954d5d6fe39547e5984e006b96565c93aba4 Mon Sep 17 00:00:00 2001 From: feiyuchen Date: Tue, 4 Apr 2023 21:31:28 +0000 Subject: [PATCH 089/116] Allow camera HAL to access edgetpu_app_service in gs101 We are seeing SELinux error b/276911450. It turns out that I only added the SE policy for 2023 device ag/22248613, but I forgot to add it for gs101 and gs201. So I created this CL. See more background in ag/22248613. Test: For gs201, I tested on my Pixel7 and I saw no more error. For gs101, I just did mm. Bug: 275016466 Bug: 276911450 Change-Id: I3d691128daa2d7115f80c378f7b42de334cd8ed5 --- whitechapel/vendor/google/hal_camera_default.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/hal_camera_default.te b/whitechapel/vendor/google/hal_camera_default.te index d78cf7ad..07789692 100644 --- a/whitechapel/vendor/google/hal_camera_default.te +++ b/whitechapel/vendor/google/hal_camera_default.te @@ -23,6 +23,10 @@ allow hal_camera_default sysfs_edgetpu:dir r_dir_perms; allow hal_camera_default sysfs_edgetpu:file r_file_perms; allow hal_camera_default edgetpu_vendor_service:service_manager find; binder_call(hal_camera_default, edgetpu_vendor_server) +# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging +# library has a dependency on edgetpu_app_service, see b/275016466. +allow hal_camera_default edgetpu_app_service:service_manager find; +binder_call(hal_camera_default, edgetpu_app_server) # Allow access to data files used by the camera HAL allow hal_camera_default mnt_vendor_file:dir search; From 240c4351743a63c710645b55886bc33c24bcc382 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 29 Mar 2023 14:16:02 +0800 Subject: [PATCH 090/116] use dumpsate from gs-common Bug: 273380985 Test: adb bugreport Change-Id: I9092e2e004e3ad0b3667b948ed4d633cd50d088c --- whitechapel/vendor/google/file.te | 7 - whitechapel/vendor/google/file_contexts | 3 - .../vendor/google/hal_dumpstate_default.te | 153 ------------------ whitechapel/vendor/google/property.te | 4 - whitechapel/vendor/google/property_contexts | 2 - 5 files changed, 169 deletions(-) delete mode 100644 whitechapel/vendor/google/hal_dumpstate_default.te diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 0a615415..bae11314 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -101,7 +101,6 @@ type sysfs_pca, sysfs_type, fs_type; # Camera type persist_camera_file, file_type; type vendor_camera_tuning_file, vendor_file_type, file_type; -type vendor_camera_data_file, file_type, data_file_type; type sysfs_camera, sysfs_type, fs_type; # GPS @@ -172,11 +171,5 @@ type sysfs_trusty, sysfs_type, fs_type; # BootControl type sysfs_bootctl, sysfs_type, fs_type; -# Radio -type radio_vendor_data_file, file_type, data_file_type; -userdebug_or_eng(` - typeattribute radio_vendor_data_file mlstrustedobject; -') - # WLC type sysfs_wlc, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 662c143b..232d332f 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -161,7 +161,6 @@ /vendor/lib64/camera/slider_.*\.binarypb u:object_r:vendor_camera_tuning_file:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 /mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 -/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0 /vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 @@ -379,5 +378,3 @@ # Raw HID device /dev/hidraw[0-9]* u:object_r:hidraw_device:s0 -# Radio files. -/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te deleted file mode 100644 index 6ef848c7..00000000 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ /dev/null @@ -1,153 +0,0 @@ -allow hal_dumpstate_default sysfs_bcmdhd:dir search; -allow hal_dumpstate_default sysfs_bcmdhd:file r_file_perms; - -allow hal_dumpstate_default sysfs_memory:file r_file_perms; -allow hal_dumpstate_default sysfs_cpu:file r_file_perms; - -binder_use(hal_dumpstate_default) -vndbinder_use(hal_dumpstate_default) - -allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms; -allow hal_dumpstate_default vendor_gps_file:file r_file_perms; - -allow hal_dumpstate_default sysfs_wlc:dir search; -allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms; -allow hal_dumpstate_default sysfs_wlc:file r_file_perms; - -allow hal_dumpstate_default shell_data_file:file getattr; - -allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms; -allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms; - -# camera debugging dump file access -allow hal_dumpstate_default vendor_camera_data_file:dir r_dir_perms; -allow hal_dumpstate_default vendor_camera_data_file:file r_file_perms; - -# camera prop access -get_prop(hal_dumpstate_default, vendor_camera_debug_prop); - -allow hal_dumpstate_default vendor_log_file:dir search; - -allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans; - -allow hal_dumpstate_default sysfs_acpm_stats:dir r_dir_perms; -allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms; - -allow hal_dumpstate_default sysfs_spi:dir search; -allow hal_dumpstate_default sysfs_spi:file rw_file_perms; - -allow hal_dumpstate_default logbuffer_device:chr_file r_file_perms; - -allow hal_dumpstate_default sysfs_wifi:dir search; -allow hal_dumpstate_default sysfs_wifi:file r_file_perms; - -# Modem logs -allow hal_dumpstate_default modem_efs_file:dir search; -allow hal_dumpstate_default modem_efs_file:file r_file_perms; -allow hal_dumpstate_default vendor_slog_file:file r_file_perms; - -allow hal_dumpstate_default block_device:dir r_dir_perms; - -allow hal_dumpstate_default proc_f2fs:dir r_dir_perms; -allow hal_dumpstate_default proc_f2fs:file r_file_perms; - -allow hal_dumpstate_default sysfs_batteryinfo:dir search; -allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms; -allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms; - -allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans; -allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans; - -allow hal_dumpstate_default proc_vendor_sched:file read; -allow hal_dumpstate_default proc_vendor_sched:dir r_dir_perms; -allow hal_dumpstate_default proc_vendor_sched:file r_file_perms; - -userdebug_or_eng(` - allow hal_dumpstate_default mnt_vendor_file:dir search; -') - -get_prop(hal_dumpstate_default, vendor_gps_prop) -set_prop(hal_dumpstate_default, vendor_modem_prop) -get_prop(hal_dumpstate_default, vendor_rild_prop) -set_prop(hal_dumpstate_default, vendor_logger_prop) - -userdebug_or_eng(` - allow hal_dumpstate_default vendor_ion_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_ion_debugfs:file r_file_perms; - - allow hal_dumpstate_default sysfs_pixel_stat:dir r_dir_perms; - allow hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; - - allow hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms; - - allow hal_dumpstate_default vendor_usb_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_usb_debugfs:file r_file_perms; - - allow hal_dumpstate_default vendor_regmap_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_regmap_debugfs:file r_file_perms; - - allow hal_dumpstate_default vendor_maxfg_debugfs:dir search; - allow hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms; - - allow hal_dumpstate_default sysfs_vendor_metrics:dir search; - allow hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; - - allow hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_charger_debugfs:file r_file_perms; - - allow hal_dumpstate_default debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_battery_debugfs:file r_file_perms; - - allow hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_votable_debugfs:file r_file_perms; - - allow hal_dumpstate_default sysfs_bcl:dir r_dir_perms; - allow hal_dumpstate_default sysfs_bcl:file r_file_perms; - allow hal_dumpstate_default sysfs_bcl:lnk_file read; - allow hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms; - allow hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms; - - set_prop(hal_dumpstate_default, vendor_tcpdump_log_prop) -') - -dontaudit hal_dumpstate_default vendor_ion_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_ion_debugfs:file r_file_perms; - -dontaudit hal_dumpstate_default sysfs_pixel_stat:dir r_dir_perms; -dontaudit hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; - -dontaudit hal_dumpstate_default sysfs_vendor_metrics:dir search; -dontaudit hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; - -dontaudit hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms; - -dontaudit hal_dumpstate_default vendor_usb_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_usb_debugfs:file r_file_perms; - -dontaudit hal_dumpstate_default vendor_regmap_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_regmap_debugfs:file r_file_perms; - -dontaudit hal_dumpstate_default vendor_maxfg_debugfs:dir search; -dontaudit hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms; - -dontaudit hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_charger_debugfs:file r_file_perms; - -dontaudit hal_dumpstate_default debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_battery_debugfs:file r_file_perms; - -dontaudit hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_votable_debugfs:file r_file_perms; - -dontaudit hal_dumpstate_default mnt_vendor_file:dir r_dir_perms; - -dontaudit hal_dumpstate_default sysfs_bcl:dir r_dir_perms; -dontaudit hal_dumpstate_default sysfs_bcl:file r_file_perms; - -dontaudit hal_dumpstate_default rootfs:dir r_dir_perms; - -dontaudit hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms; -dontaudit hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms; -dontaudit hal_dumpstate_default vendor_tcpdump_log_prop:file r_file_perms; diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 58fd5dbb..2255c49c 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -17,7 +17,6 @@ vendor_internal_prop(vendor_persist_sys_default_prop) vendor_internal_prop(vendor_codec2_debug_prop) vendor_internal_prop(vendor_display_prop) vendor_internal_prop(vendor_camera_prop) -vendor_internal_prop(vendor_camera_debug_prop) vendor_internal_prop(vendor_camera_fatp_prop) vendor_internal_prop(vendor_gps_prop) @@ -30,9 +29,6 @@ vendor_internal_prop(vendor_battery_profile_prop) # hal_health vendor_internal_prop(vendor_shutdown_prop) -# Logger -vendor_internal_prop(vendor_logger_prop) - # NFC vendor_internal_prop(vendor_nfc_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 272b086d..4c01239d 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -27,7 +27,6 @@ vendor.usb. u:object_r:vendor_usb_config_prop:s0 # for logger app vendor.pixellogger. u:object_r:vendor_logger_prop:s0 persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0 -persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0 # for cbd vendor.cbd. u:object_r:vendor_cbd_prop:s0 @@ -53,7 +52,6 @@ persist.vendor.display. u:object_r:vendor_display_prop:s0 # for camera persist.vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera. u:object_r:vendor_camera_prop:s0 -vendor.camera.debug. u:object_r:vendor_camera_debug_prop:s0 vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 # for gps From 816622f35218b73827abce52efb72e4525aeaa86 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 7 Apr 2023 14:56:08 +0800 Subject: [PATCH 091/116] Update error on ROM 9891405 Bug: 277155042 Test: pts-tradefed run pts -m PtsSELinuxTest Change-Id: Ic2129188db52ec85a8afaf92c507a42695e82804 --- tracking_denials/dumpstate.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te index ffb8518c..7f51e2b5 100644 --- a/tracking_denials/dumpstate.te +++ b/tracking_denials/dumpstate.te @@ -1,2 +1,4 @@ # b/185723618 dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find }; +# b/277155042 +dontaudit dumpstate default_android_service:service_manager { find }; From c41cb55d4ffa6726c7caa15738fd9b6e10a27655 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 10 Apr 2023 11:02:52 +0800 Subject: [PATCH 092/116] Update SELinux error Test: scanBugreport Bug: 277528855 Change-Id: Ia59cd4045433f2e82a602672fe533e27e87b0275 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 0279d66c..2c22c60c 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,6 +4,8 @@ dump_modem radio_vendor_data_file file b/269370106 dump_pixel_metrics sysfs file b/268411073 dump_ramdump radio_vendor_data_file file b/276385941 dump_ramdump vendor_camera_data_file file b/276385941 +dump_sensors radio_vendor_data_file file b/277528855 +dump_sensors vendor_camera_data_file file b/277528855 dump_stm sysfs_spi dir b/268147283 dump_trusty radio_vendor_data_file file b/269045042 dumpstate app_zygote process b/238263438 From b46b936df8f77905f15d47f3a4e5e51b21d0d849 Mon Sep 17 00:00:00 2001 From: Mike McTernan Date: Tue, 4 Apr 2023 22:59:45 +0100 Subject: [PATCH 093/116] confirmationui: Allow securedpud to access the systemsuspend HAL. In order to use a wakelock, securedpud needs access to binder and the system_suspend_service HAL. Bug: 274851247 Test: manual, trigger TUI and check for AVC denials Change-Id: Ibd27d32e092269f91d6557ebddcd27d4ccf1355a --- confirmationui/securedpud.slider.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/confirmationui/securedpud.slider.te b/confirmationui/securedpud.slider.te index fd553a30..e0d272f1 100644 --- a/confirmationui/securedpud.slider.te +++ b/confirmationui/securedpud.slider.te @@ -3,6 +3,8 @@ type securedpud_slider_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(securedpud_slider) +wakelock_use(securedpud_slider) + allow securedpud_slider dmabuf_heap_device:chr_file r_file_perms; allow securedpud_slider ion_device:chr_file r_file_perms; allow securedpud_slider tee_device:chr_file rw_file_perms; From 26e3d2abd0545f2eedae173d3457aa038170c5ac Mon Sep 17 00:00:00 2001 From: jimsun Date: Fri, 17 Mar 2023 13:17:51 +0800 Subject: [PATCH 094/116] rild: allow rild to ptrace 06-20 18:47:41.940000 8708 8708 I auditd : type=1400 audit(0.0:7): avc: denied { ptrace } for comm="libmemunreachab" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=process permissive=0 06-20 18:47:41.940000 8708 8708 W libmemunreachab: type=1400 audit(0.0:7): avc: denied { ptrace } for scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=process permissive=0 Bug: 263757077 Test: manual Change-Id: I35ad31e6cc4e2942c671e51720f28a9abce3dcca --- whitechapel/vendor/google/rild.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te index 2f1d8ff9..5108b452 100644 --- a/whitechapel/vendor/google/rild.te +++ b/whitechapel/vendor/google/rild.te @@ -35,3 +35,8 @@ add_hwservice(rild, hal_exynos_rild_hwservice) allow rild modem_img_file:dir r_dir_perms; allow rild modem_img_file:file r_file_perms; allow rild modem_img_file:lnk_file r_file_perms; + +# Allow rild to ptrace for memory leak detection +userdebug_or_eng(` +allow rild self:process ptrace; +') From 843b0ad6b4043aabd04fc2bb106a42823696e006 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 24 Apr 2023 09:58:14 +0800 Subject: [PATCH 095/116] Update error on ROM 9930000 Bug: 277989397 Bug: 277155042 Bug: 277989067 Test: scanBugreport Change-Id: I38a3f852e2f5f0f6895db15141825909361a267d Merged-In: I38a3f852e2f5f0f6895db15141825909361a267d --- tracking_denials/dumpstate.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te index 7f51e2b5..f7b2ebd4 100644 --- a/tracking_denials/dumpstate.te +++ b/tracking_denials/dumpstate.te @@ -1,3 +1,5 @@ +# b/277155042 +dontaudit dumpstate app_zygote:process { signal }; # b/185723618 dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find }; # b/277155042 From ac6f4e0d00b5c42b007ea996873155cd13c583a0 Mon Sep 17 00:00:00 2001 From: Joseph Jang Date: Mon, 24 Apr 2023 08:09:23 +0000 Subject: [PATCH 096/116] Move recovery.te to device/google/gs-common/dauntless/sepolicy Bug: 279381809 Change-Id: If41449f97e729053caa98930cc7f2ef9fd6d844e --- whitechapel/vendor/google/fastbootd.te | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel/vendor/google/fastbootd.te b/whitechapel/vendor/google/fastbootd.te index e350e0f3..d6cf7315 100644 --- a/whitechapel/vendor/google/fastbootd.te +++ b/whitechapel/vendor/google/fastbootd.te @@ -5,5 +5,4 @@ allow fastbootd devinfo_block_device:blk_file rw_file_perms; allow fastbootd sda_block_device:blk_file rw_file_perms; allow fastbootd sysfs_ota:file rw_file_perms; allow fastbootd custom_ab_block_device:blk_file rw_file_perms; -allow fastbootd citadel_device:chr_file rw_file_perms; ') From a66855541904bbeaafcfc9170e048a584174e489 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 13:49:34 +0000 Subject: [PATCH 097/116] Add ArmNN config sysprops SELinux rules Bug: 205202540 Bug: 264489188 Test: manual - reboot device and check the absence of AVC denials (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0f99f3e63450befc661d38827e9afc853ca9257a) Merged-In: I70c89dcc4b2bbe665d69cc4be1ac2f6cf8155a10 Change-Id: I70c89dcc4b2bbe665d69cc4be1ac2f6cf8155a10 --- whitechapel/vendor/google/property.te | 3 +++ whitechapel/vendor/google/property_contexts | 3 +++ whitechapel/vendor/google/vendor_init.te | 2 ++ 3 files changed, 8 insertions(+) diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 934e13a9..34f17a70 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -57,3 +57,6 @@ vendor_internal_prop(vendor_trusty_storage_prop) # Mali Integration vendor_restricted_prop(vendor_arm_runtime_option_prop) + +# ArmNN configuration +vendor_internal_prop(vendor_armnn_config_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 4c01239d..17e9af59 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -101,3 +101,6 @@ ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + +# ArmNN configuration +ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index 928bc021..1707ef8b 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -45,3 +45,5 @@ get_prop(vendor_init, vendor_trusty_storage_prop) # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) +# ArmNN +set_prop(vendor_init, vendor_armnn_config_prop) From b4001ec206a8318ce1e4aa95811f6a8a836db384 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 10:38:27 +0000 Subject: [PATCH 098/116] Remove 'hal_neuralnetworks_armnn' sysprop exceptions Bug: 205202540 Bug: 264489188 Test: manual - reboot device and check the absence of AVC denials (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e4254a16aa516f5960f48732b078aad4ed63df6f) Merged-In: Ied38dc6b323911aa909f4f42b66ee404fc7062fa Change-Id: Ied38dc6b323911aa909f4f42b66ee404fc7062fa --- tracking_denials/hal_neuralnetworks_armnn.te | 2 -- 1 file changed, 2 deletions(-) diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te index 120510fd..04941460 100644 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ b/tracking_denials/hal_neuralnetworks_armnn.te @@ -1,5 +1,3 @@ # b/180550063 dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; -# b/190563897 -dontaudit hal_neuralnetworks_armnn default_prop:file read; From 9702cb57f20ed964d6cecf3f4b2396d1c2caa06d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 15:20:15 +0000 Subject: [PATCH 099/116] Remove 'hal_neuralnetworks_armnn' '/data' access exception The mali driver has been configured not to look there anymore. Bug: 205779871 Bug: 264489188 Test: manual - reboot device and check the absence of AVC denials (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:347dfbe925e2218189d82d37697540af25401a22) Merged-In: Ic8bf0d51414461689ee5768821a2a1acda923c41 Change-Id: Ic8bf0d51414461689ee5768821a2a1acda923c41 --- tracking_denials/hal_neuralnetworks_armnn.te | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 tracking_denials/hal_neuralnetworks_armnn.te diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te deleted file mode 100644 index 04941460..00000000 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/180550063 -dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; -dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; From 6be45972bbc5ecc94468e5d20d9b5c93152d741a Mon Sep 17 00:00:00 2001 From: martinwu Date: Mon, 24 Apr 2023 16:26:22 +0000 Subject: [PATCH 100/116] Remove tcpdump sepolicy from gs101 and move sepolicy to gs-common Bug: 264490014 Test: 1. Enable tcpdump_logger always-on function 2. Dump bugreport 3. Pull dumpstate_board.bin and chagne it to zip 4. Unzip dumpstate_board.zip and check if tcpdump files are there. Change-Id: I3d0cb388cf9b7c96d2856f46c0440b4017477480 --- whitechapel/vendor/google/file.te | 3 --- whitechapel/vendor/google/file_contexts | 1 - 2 files changed, 4 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index bae11314..d8cce99a 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -92,9 +92,6 @@ type persist_modem_file, file_type, vendor_persist_type; type modem_img_file, contextmount_type, file_type, vendor_file_type; allow modem_img_file self:filesystem associate; -# TCP logging -type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; - # Pca type sysfs_pca, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 232d332f..961d9c27 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -243,7 +243,6 @@ # TCP logging /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 # modem_svc_sit files /vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0 From e30ee618d6c59f36e3d520014563d62622fbde87 Mon Sep 17 00:00:00 2001 From: Martin Wu Date: Thu, 27 Apr 2023 02:20:48 +0000 Subject: [PATCH 101/116] Revert "Remove tcpdump sepolicy from gs101 and move sepolicy to ..." Revert submission 22814097-Fix-tcpdump-sepolicy Reason for revert: build break Reverted changes: /q/submissionid:22814097-Fix-tcpdump-sepolicy Change-Id: I3d47d22250b435416c4ca44ff1956569662591ee --- whitechapel/vendor/google/file.te | 3 +++ whitechapel/vendor/google/file_contexts | 1 + 2 files changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index d8cce99a..bae11314 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -92,6 +92,9 @@ type persist_modem_file, file_type, vendor_persist_type; type modem_img_file, contextmount_type, file_type, vendor_file_type; allow modem_img_file self:filesystem associate; +# TCP logging +type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; + # Pca type sysfs_pca, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 961d9c27..232d332f 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -243,6 +243,7 @@ # TCP logging /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 # modem_svc_sit files /vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0 From 42a0c820659d811932a58ed1e66478ee9556cecc Mon Sep 17 00:00:00 2001 From: Jinyoung Jeong Date: Wed, 26 Apr 2023 06:00:46 +0000 Subject: [PATCH 102/116] Fix SELinux error for com.google.android.euicc bug: 279548423 Test: http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed Change-Id: I00bdf71f04eec985147189eb1b474c7ff6797023 --- private/property.te | 8 +++++++ private/property_contexts | 2 ++ .../vendor/google/certs/EuiccGoogle.x509.pem | 23 +++++++++++++++++++ whitechapel/vendor/google/euicc_app.te | 15 ++++++++++++ whitechapel/vendor/google/keys.conf | 3 +++ whitechapel/vendor/google/mac_permissions.xml | 3 +++ whitechapel/vendor/google/seapp_contexts | 3 +++ 7 files changed, 57 insertions(+) create mode 100644 private/property.te create mode 100644 private/property_contexts create mode 100644 whitechapel/vendor/google/certs/EuiccGoogle.x509.pem create mode 100644 whitechapel/vendor/google/euicc_app.te diff --git a/private/property.te b/private/property.te new file mode 100644 index 00000000..a6bee3b3 --- /dev/null +++ b/private/property.te @@ -0,0 +1,8 @@ +product_restricted_prop(masterclear_esim_prop) +product_restricted_prop(euicc_seamless_transfer_prop) + +neverallow { domain -init } masterclear_esim_prop:property_service set; +neverallow { domain -init } euicc_seamless_transfer_prop:property_service set; + +get_prop(appdomain, masterclear_esim_prop) +get_prop(appdomain, euicc_seamless_transfer_prop) diff --git a/private/property_contexts b/private/property_contexts new file mode 100644 index 00000000..843f2976 --- /dev/null +++ b/private/property_contexts @@ -0,0 +1,2 @@ +masterclear.allow_retain_esim_profiles_after_fdr u:object_r:masterclear_esim_prop:s0 exact bool +euicc.seamless_transfer_enabled_in_non_qs u:object_r:euicc_seamless_transfer_prop:s0 exact bool diff --git a/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem b/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem new file mode 100644 index 00000000..be6c715c --- /dev/null +++ b/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIJAOZ2d46ckK9JMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW +aWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEUMBIG +A1UEAwwLRXVpY2NHb29nbGUwHhcNMTYxMjE3MDEyMTEzWhcNNDQwNTA0MDEyMTEz +WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN +TW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNVBAsMB0Fu +ZHJvaWQxFDASBgNVBAMMC0V1aWNjR29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA1S7b8bGk4fNm3cckWJx2sbnvC39BroHNwk6am6jVP4MZAYuc +PN6QQ7/2s7hvtn91w6VbeGi2fryIMc7jXjlixheotD2Ns+/7qsPpQ+ZovfaQO5Xw +/c4J+1CfiqrLtd4TyO+4uFGTCO/vs4qhMH58QrhnYPZUqeuq0Zs1Irp0FlVFe1qm +1heU2zJy5locjb9UJXY33sVc9vfWy+sM8TLX40nWxIXGdbzJHJNyjjr/NA+0+drx +anJCtac6+evehH6o8+t8RQBU44PEZiyGkM8poNgRTAcFdRFXU8pitZXp3QZQk6HO +JsVuqqADwsfxGSdVyHFmOW7gxpkB9+IuJJEmkQIDAQABo1AwTjAdBgNVHQ4EFgQU +lVkGDn/XmF7HjP0K3ykCNnnZ8jMwHwYDVR0jBBgwFoAUlVkGDn/XmF7HjP0K3ykC +NnnZ8jMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkDOpQMXcuKwt +CPu5/tdskpfoBMrpYJOwfvpj/JwrudnXUHZXnBnH9PtHprghGtNiWPXHTbZSzKUS +Aojpo1Lev7DtowFILA54oY6d1NqbCIJy+Knwt3W5H7Rg8u8LqvzkpX5CBKAhRwkQ +0t3yrlEkI7kx805vg484gAe+AXyBx0dGe6ov4/yrzv9E+1jhIgP7tF/f+x8zX6Tr +mDCjzz4mgKahMbmsHQg430wlbZczrciMMfPiRc3xEHKLUqGL0ARtE01hJiJ4TY/X +iL/8QUA3nBcpUyEwHFwUao40Gjca9xteKd7MtmiZ6BM2JJSQ4nSNkcwQW8PU/7Qb +0QMwPRPLbQ== +-----END CERTIFICATE----- diff --git a/whitechapel/vendor/google/euicc_app.te b/whitechapel/vendor/google/euicc_app.te new file mode 100644 index 00000000..d7259159 --- /dev/null +++ b/whitechapel/vendor/google/euicc_app.te @@ -0,0 +1,15 @@ +type euicc_app, domain; +app_domain(euicc_app) + +allow euicc_app activity_service:service_manager find; +allow euicc_app radio_service:service_manager find; +allow euicc_app content_capture_service:service_manager find; +allow euicc_app virtual_device_service:service_manager find; +allow euicc_app game_service:service_manager find; +allow euicc_app netstats_service:service_manager find; +allow euicc_app registry_service:service_manager find; + +get_prop(euicc_app, setupwizard_esim_prop) +get_prop(euicc_app, bootloader_prop) +get_prop(euicc_app, exported_default_prop) +get_prop(euicc_app, vendor_modem_prop) diff --git a/whitechapel/vendor/google/keys.conf b/whitechapel/vendor/google/keys.conf index fb6e52b6..d609a05d 100644 --- a/whitechapel/vendor/google/keys.conf +++ b/whitechapel/vendor/google/keys.conf @@ -6,3 +6,6 @@ ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb [@EUICCSUPPORTPIXEL] ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem + +[@EUICCGOOGLE] +ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem diff --git a/whitechapel/vendor/google/mac_permissions.xml b/whitechapel/vendor/google/mac_permissions.xml index 6cb7113c..e4658cc5 100644 --- a/whitechapel/vendor/google/mac_permissions.xml +++ b/whitechapel/vendor/google/mac_permissions.xml @@ -30,4 +30,7 @@ + + + diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts index e724de28..e84832b6 100644 --- a/whitechapel/vendor/google/seapp_contexts +++ b/whitechapel/vendor/google/seapp_contexts @@ -52,5 +52,8 @@ user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_ # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all +# Domain for EuiccGoogle +user=_app isPrivApp=true seinfo=EuiccGoogle name=com.google.android.euicc domain=euicc_app type=app_data_file levelFrom=all + # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all From 3785b0d271758391034cdd1add11d89221831751 Mon Sep 17 00:00:00 2001 From: martinwu Date: Mon, 24 Apr 2023 16:26:22 +0000 Subject: [PATCH 103/116] [TSV2] Remove tcpdump sepolicy from gs101 and move sepolicy to gs-common Bug: 264490014 Test: 1. Enable tcpdump_logger always-on function 2. Dump bugreport 3. Pull dumpstate_board.bin and chagne it to zip 4. Unzip dumpstate_board.zip and check if tcpdump files are there. Change-Id: Iea67de1e645592c6993a3ee6f2ca8e6bf3c6c949 Merged-In: Iea67de1e645592c6993a3ee6f2ca8e6bf3c6c949 --- whitechapel/vendor/google/file.te | 3 --- whitechapel/vendor/google/file_contexts | 1 - 2 files changed, 4 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index bae11314..d8cce99a 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -92,9 +92,6 @@ type persist_modem_file, file_type, vendor_persist_type; type modem_img_file, contextmount_type, file_type, vendor_file_type; allow modem_img_file self:filesystem associate; -# TCP logging -type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; - # Pca type sysfs_pca, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 232d332f..961d9c27 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -243,7 +243,6 @@ # TCP logging /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 # modem_svc_sit files /vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0 From d3a021480143531414341b26403cce8c6b65eae5 Mon Sep 17 00:00:00 2001 From: Jinyoung Jeong Date: Tue, 2 May 2023 10:14:29 +0000 Subject: [PATCH 104/116] Fix LPA crash due to selinux denial Bug: 280336861 Test: No crash found during LPA basic tests: download eSIM, enable/disalbe eSIM. Change-Id: I15227415993ef3975e183f500711416f8eb8e62c --- whitechapel/vendor/google/euicc_app.te | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/whitechapel/vendor/google/euicc_app.te b/whitechapel/vendor/google/euicc_app.te index d7259159..2e36435b 100644 --- a/whitechapel/vendor/google/euicc_app.te +++ b/whitechapel/vendor/google/euicc_app.te @@ -1,14 +1,12 @@ type euicc_app, domain; app_domain(euicc_app) +net_domain(euicc_app) -allow euicc_app activity_service:service_manager find; +allow euicc_app app_api_service:service_manager find; allow euicc_app radio_service:service_manager find; -allow euicc_app content_capture_service:service_manager find; -allow euicc_app virtual_device_service:service_manager find; -allow euicc_app game_service:service_manager find; -allow euicc_app netstats_service:service_manager find; -allow euicc_app registry_service:service_manager find; +allow euicc_app cameraserver_service:service_manager find; +get_prop(euicc_app, camera_config_prop) get_prop(euicc_app, setupwizard_esim_prop) get_prop(euicc_app, bootloader_prop) get_prop(euicc_app, exported_default_prop) From 38640e48ddc13ac996ba69fb31637905bd9cdaed Mon Sep 17 00:00:00 2001 From: sashwinbalaji Date: Mon, 8 May 2023 12:59:36 +0800 Subject: [PATCH 105/116] thermal: thermal_metrics: Update selinux to reset stats Bug: 193833982 Test: Local build and verify statsD logs adb shell cmd stats print-logs && adb logcat -b all | grep -i 105045 Change-Id: I79710aa05ff52caf9d08f21fa7a36c46a1b2a3d9 --- whitechapel/vendor/google/pixelstats_vendor.te | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te index 12234047..7496a7ce 100644 --- a/whitechapel/vendor/google/pixelstats_vendor.te +++ b/whitechapel/vendor/google/pixelstats_vendor.te @@ -29,6 +29,7 @@ allow pixelstats_vendor battery_history_device:chr_file r_file_perms; #vendor-metrics r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; +allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; # BCL allow pixelstats_vendor sysfs_bcl:dir search; From 20364fe3b3b68cd7ac93c6404a2c5dd1bf829737 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 10 May 2023 20:01:52 +0800 Subject: [PATCH 106/116] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 281814691 Change-Id: I2f73f5b75aec1145dee615499a7442400defbf8a --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 2c22c60c..03d8f7b9 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -22,3 +22,4 @@ incidentd debugfs_wakeup_sources file b/238263568 incidentd incidentd anon_inode b/268146971 rfsd vendor_rild_prop property_service b/269218654 su modem_img_file filesystem b/238825802 +system_server system_userdir_file dir b/281814691 From a1f81bef7a5d273afae14228f5e7047f6bc21518 Mon Sep 17 00:00:00 2001 From: allieliu Date: Fri, 12 May 2023 08:04:59 +0000 Subject: [PATCH 107/116] vendor_init: add esim_modem_prop Bug: 279988311 Change-Id: I5f8759baff65073b758ce335772e72a383827d05 Signed-off-by: allieliu --- whitechapel/vendor/google/vendor_init.te | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index 1707ef8b..b03c7bb5 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -13,6 +13,7 @@ set_prop(vendor_init, vendor_ro_config_default_prop) get_prop(vendor_init, vendor_touchpanel_prop) set_prop(vendor_init, vendor_tcpdump_log_prop) set_prop(vendor_init, vendor_logger_prop) +set_prop(vendor_init, esim_modem_prop) allow vendor_init proc_dirty:file w_file_perms; allow vendor_init proc_sched:file write; From d569008b77d108dcdde0156ca5958d318159bd92 Mon Sep 17 00:00:00 2001 From: Jin Jeong Date: Fri, 12 May 2023 04:18:25 +0000 Subject: [PATCH 108/116] Revert "Fix LPA crash due to selinux denial" Revert submission 22955599-euicc_selinux_fix2 Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Bug: 279988311 Reverted changes: /q/submissionid:22955599-euicc_selinux_fix2 Change-Id: I6421319ba280fb11d05f2e107754449e54e5afa4 --- whitechapel/vendor/google/euicc_app.te | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/whitechapel/vendor/google/euicc_app.te b/whitechapel/vendor/google/euicc_app.te index 2e36435b..d7259159 100644 --- a/whitechapel/vendor/google/euicc_app.te +++ b/whitechapel/vendor/google/euicc_app.te @@ -1,12 +1,14 @@ type euicc_app, domain; app_domain(euicc_app) -net_domain(euicc_app) -allow euicc_app app_api_service:service_manager find; +allow euicc_app activity_service:service_manager find; allow euicc_app radio_service:service_manager find; -allow euicc_app cameraserver_service:service_manager find; +allow euicc_app content_capture_service:service_manager find; +allow euicc_app virtual_device_service:service_manager find; +allow euicc_app game_service:service_manager find; +allow euicc_app netstats_service:service_manager find; +allow euicc_app registry_service:service_manager find; -get_prop(euicc_app, camera_config_prop) get_prop(euicc_app, setupwizard_esim_prop) get_prop(euicc_app, bootloader_prop) get_prop(euicc_app, exported_default_prop) From 15e18323961765f09824e43decbf5bfff50b18da Mon Sep 17 00:00:00 2001 From: Jin Jeong Date: Fri, 12 May 2023 04:17:26 +0000 Subject: [PATCH 109/116] Revert "Fix SELinux error for com.google.android.euicc" Revert submission 22899490-euicc_selinux_fix Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Bug: 279988311 Reverted changes: /q/submissionid:22899490-euicc_selinux_fix Change-Id: I72da756853a540d6251e074313b1880c9c9038e8 --- private/property.te | 8 ------- private/property_contexts | 2 -- .../vendor/google/certs/EuiccGoogle.x509.pem | 23 ------------------- whitechapel/vendor/google/euicc_app.te | 15 ------------ whitechapel/vendor/google/keys.conf | 3 --- whitechapel/vendor/google/mac_permissions.xml | 3 --- whitechapel/vendor/google/seapp_contexts | 3 --- 7 files changed, 57 deletions(-) delete mode 100644 private/property.te delete mode 100644 private/property_contexts delete mode 100644 whitechapel/vendor/google/certs/EuiccGoogle.x509.pem delete mode 100644 whitechapel/vendor/google/euicc_app.te diff --git a/private/property.te b/private/property.te deleted file mode 100644 index a6bee3b3..00000000 --- a/private/property.te +++ /dev/null @@ -1,8 +0,0 @@ -product_restricted_prop(masterclear_esim_prop) -product_restricted_prop(euicc_seamless_transfer_prop) - -neverallow { domain -init } masterclear_esim_prop:property_service set; -neverallow { domain -init } euicc_seamless_transfer_prop:property_service set; - -get_prop(appdomain, masterclear_esim_prop) -get_prop(appdomain, euicc_seamless_transfer_prop) diff --git a/private/property_contexts b/private/property_contexts deleted file mode 100644 index 843f2976..00000000 --- a/private/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -masterclear.allow_retain_esim_profiles_after_fdr u:object_r:masterclear_esim_prop:s0 exact bool -euicc.seamless_transfer_enabled_in_non_qs u:object_r:euicc_seamless_transfer_prop:s0 exact bool diff --git a/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem b/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem deleted file mode 100644 index be6c715c..00000000 --- a/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIJAOZ2d46ckK9JMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW -aWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEUMBIG -A1UEAwwLRXVpY2NHb29nbGUwHhcNMTYxMjE3MDEyMTEzWhcNNDQwNTA0MDEyMTEz -WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN -TW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNVBAsMB0Fu -ZHJvaWQxFDASBgNVBAMMC0V1aWNjR29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA1S7b8bGk4fNm3cckWJx2sbnvC39BroHNwk6am6jVP4MZAYuc -PN6QQ7/2s7hvtn91w6VbeGi2fryIMc7jXjlixheotD2Ns+/7qsPpQ+ZovfaQO5Xw -/c4J+1CfiqrLtd4TyO+4uFGTCO/vs4qhMH58QrhnYPZUqeuq0Zs1Irp0FlVFe1qm -1heU2zJy5locjb9UJXY33sVc9vfWy+sM8TLX40nWxIXGdbzJHJNyjjr/NA+0+drx -anJCtac6+evehH6o8+t8RQBU44PEZiyGkM8poNgRTAcFdRFXU8pitZXp3QZQk6HO -JsVuqqADwsfxGSdVyHFmOW7gxpkB9+IuJJEmkQIDAQABo1AwTjAdBgNVHQ4EFgQU -lVkGDn/XmF7HjP0K3ykCNnnZ8jMwHwYDVR0jBBgwFoAUlVkGDn/XmF7HjP0K3ykC -NnnZ8jMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkDOpQMXcuKwt -CPu5/tdskpfoBMrpYJOwfvpj/JwrudnXUHZXnBnH9PtHprghGtNiWPXHTbZSzKUS -Aojpo1Lev7DtowFILA54oY6d1NqbCIJy+Knwt3W5H7Rg8u8LqvzkpX5CBKAhRwkQ -0t3yrlEkI7kx805vg484gAe+AXyBx0dGe6ov4/yrzv9E+1jhIgP7tF/f+x8zX6Tr -mDCjzz4mgKahMbmsHQg430wlbZczrciMMfPiRc3xEHKLUqGL0ARtE01hJiJ4TY/X -iL/8QUA3nBcpUyEwHFwUao40Gjca9xteKd7MtmiZ6BM2JJSQ4nSNkcwQW8PU/7Qb -0QMwPRPLbQ== ------END CERTIFICATE----- diff --git a/whitechapel/vendor/google/euicc_app.te b/whitechapel/vendor/google/euicc_app.te deleted file mode 100644 index d7259159..00000000 --- a/whitechapel/vendor/google/euicc_app.te +++ /dev/null @@ -1,15 +0,0 @@ -type euicc_app, domain; -app_domain(euicc_app) - -allow euicc_app activity_service:service_manager find; -allow euicc_app radio_service:service_manager find; -allow euicc_app content_capture_service:service_manager find; -allow euicc_app virtual_device_service:service_manager find; -allow euicc_app game_service:service_manager find; -allow euicc_app netstats_service:service_manager find; -allow euicc_app registry_service:service_manager find; - -get_prop(euicc_app, setupwizard_esim_prop) -get_prop(euicc_app, bootloader_prop) -get_prop(euicc_app, exported_default_prop) -get_prop(euicc_app, vendor_modem_prop) diff --git a/whitechapel/vendor/google/keys.conf b/whitechapel/vendor/google/keys.conf index d609a05d..fb6e52b6 100644 --- a/whitechapel/vendor/google/keys.conf +++ b/whitechapel/vendor/google/keys.conf @@ -6,6 +6,3 @@ ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb [@EUICCSUPPORTPIXEL] ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem - -[@EUICCGOOGLE] -ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem diff --git a/whitechapel/vendor/google/mac_permissions.xml b/whitechapel/vendor/google/mac_permissions.xml index e4658cc5..6cb7113c 100644 --- a/whitechapel/vendor/google/mac_permissions.xml +++ b/whitechapel/vendor/google/mac_permissions.xml @@ -30,7 +30,4 @@ - - - diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts index e84832b6..e724de28 100644 --- a/whitechapel/vendor/google/seapp_contexts +++ b/whitechapel/vendor/google/seapp_contexts @@ -52,8 +52,5 @@ user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_ # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all -# Domain for EuiccGoogle -user=_app isPrivApp=true seinfo=EuiccGoogle name=com.google.android.euicc domain=euicc_app type=app_data_file levelFrom=all - # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all From b6d74a5196dfeab2d34a6d55ee8d3d3fb00a21d1 Mon Sep 17 00:00:00 2001 From: Jinyoung Jeong Date: Mon, 15 May 2023 10:18:11 +0000 Subject: [PATCH 110/116] [GS101][eSIM] Add system properties rule Bug: 279988311 Test: https://fusion2.corp.google.com/d517f34a-3242-40b1-adf6-acb6035ff2cb , b/282901698 Change-Id: I6caed744d2bba7882f80f8ace229f6c4b4133c65 --- system_ext/private/euicc_app.te | 13 +++++++++++++ system_ext/private/property.te | 5 +++++ system_ext/private/property_contexts | 3 +++ system_ext/private/seapp_contexts | 2 ++ system_ext/public/property.te | 3 +++ 5 files changed, 26 insertions(+) create mode 100644 system_ext/private/euicc_app.te create mode 100644 system_ext/private/property.te create mode 100644 system_ext/private/seapp_contexts diff --git a/system_ext/private/euicc_app.te b/system_ext/private/euicc_app.te new file mode 100644 index 00000000..842f1ec7 --- /dev/null +++ b/system_ext/private/euicc_app.te @@ -0,0 +1,13 @@ +type euicc_app, domain, coredomain; +app_domain(euicc_app) +net_domain(euicc_app) +bluetooth_domain(euicc_app) + +allow euicc_app app_api_service:service_manager find; +allow euicc_app radio_service:service_manager find; +allow euicc_app cameraserver_service:service_manager find; + +get_prop(euicc_app, camera_config_prop) +get_prop(euicc_app, bootloader_prop) +get_prop(euicc_app, exported_default_prop) +get_prop(euicc_app, esim_modem_prop) diff --git a/system_ext/private/property.te b/system_ext/private/property.te new file mode 100644 index 00000000..714108b1 --- /dev/null +++ b/system_ext/private/property.te @@ -0,0 +1,5 @@ +neverallow { + domain + -init + -vendor_init +} esim_modem_prop:property_service set; diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 9cf97280..790ba63b 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -6,3 +6,6 @@ persist.bootanim.color1 u:object_r:bootanim_system_prop:s0 exact int persist.bootanim.color2 u:object_r:bootanim_system_prop:s0 exact int persist.bootanim.color3 u:object_r:bootanim_system_prop:s0 exact int persist.bootanim.color4 u:object_r:bootanim_system_prop:s0 exact int + +# Properties for euicc +persist.modem.esim_profiles_exist u:object_r:esim_modem_prop:s0 exact string diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts new file mode 100644 index 00000000..8c2178a8 --- /dev/null +++ b/system_ext/private/seapp_contexts @@ -0,0 +1,2 @@ +# Domain for EuiccGoogle +user=_app isPrivApp=true name=com.google.android.euicc domain=euicc_app type=privapp_data_file levelFrom=user diff --git a/system_ext/public/property.te b/system_ext/public/property.te index 8908e485..bb07d927 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -1,2 +1,5 @@ # Fingerprint (UDFPS) GHBM/LHBM toggle system_vendor_config_prop(fingerprint_ghbm_prop) + +# eSIM properties +system_vendor_config_prop(esim_modem_prop) From 59c1582928f2065cc9656da722efcd7b15286a88 Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Wed, 24 May 2023 16:51:22 +0200 Subject: [PATCH 111/116] Allow vendor_init to fix permissions of TEE data file Background: * vendor_init needs to be able to possibly fix ownership of tee_data_file Bug: 280325952 Test: Changed permissions and confirmed user transitions Change-Id: I26aaf70548a3ad132e5d0da2c10a2753a0954ffc Signed-off-by: Donnie Pollitz --- whitechapel/vendor/google/vendor_init.te | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index b03c7bb5..43e2056c 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -42,6 +42,7 @@ set_prop(vendor_init, vendor_display_prop) # Trusty storage FS ready get_prop(vendor_init, vendor_trusty_storage_prop) +allow vendor_init tee_data_file:lnk_file read; # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) From 03c6806df93dcc9f0c9b448a42ca04af352a9aca Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Tue, 6 Jun 2023 16:32:12 +0800 Subject: [PATCH 112/116] Add permissions for read maxfg debugfs Bug: 286001476 Change-Id: I787a8af17963c612dbbb9172fc539172f6633ca2 Signed-off-by: Jenny Ho --- whitechapel/vendor/google/dump_gs101.te | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel/vendor/google/dump_gs101.te b/whitechapel/vendor/google/dump_gs101.te index a624ee96..d1eb528c 100644 --- a/whitechapel/vendor/google/dump_gs101.te +++ b/whitechapel/vendor/google/dump_gs101.te @@ -25,6 +25,7 @@ userdebug_or_eng(` allow dump_gs101 vendor_usb_debugfs:file r_file_perms; allow dump_gs101 debugfs:dir r_dir_perms; allow dump_gs101 vendor_maxfg_debugfs:dir r_dir_perms; + allow dump_gs101 vendor_maxfg_debugfs:file r_file_perms; allow dump_gs101 vendor_votable_debugfs:dir r_dir_perms; allow dump_gs101 vendor_votable_debugfs:file r_file_perms; ') From c1034c26c107fadb12e31f5a1877a164c2a14698 Mon Sep 17 00:00:00 2001 From: Seongsik Kim Date: Fri, 12 May 2023 20:18:34 +0900 Subject: [PATCH 113/116] Enable PacketRouter to use radio device Bug: 279716766 Test: Patch verified by CP crash testing. VoWiFi can re-register successfully Change-Id: I86b307d5269232ee290431264ab2f28fd21a922f Signed-off-by: Seongsik Kim --- telephony/pktrouter/pktrouter.te | 1 + 1 file changed, 1 insertion(+) diff --git a/telephony/pktrouter/pktrouter.te b/telephony/pktrouter/pktrouter.te index e06c8db6..b7d2e112 100644 --- a/telephony/pktrouter/pktrouter.te +++ b/telephony/pktrouter/pktrouter.te @@ -6,6 +6,7 @@ net_domain(pktrouter) domain_auto_trans(pktrouter, netutils_wrapper_exec, netutils_wrapper); allow pktrouter pktrouter_device:chr_file rw_file_perms; +allow pktrouter radio_device:chr_file r_file_perms; allow pktrouter self:netlink_route_socket nlmsg_write; allow pktrouter self:packet_socket { bind create read write getattr shutdown}; allow pktrouter self:capability net_raw; From 12abc8ef4aa73a849d72f13ab18bf901b2543703 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 14 Jun 2023 15:30:31 +0800 Subject: [PATCH 114/116] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 287169829 Change-Id: I0a245d81ae243a0461c19583e19912566062bb71 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 03d8f7b9..69c51137 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -22,4 +22,5 @@ incidentd debugfs_wakeup_sources file b/238263568 incidentd incidentd anon_inode b/268146971 rfsd vendor_rild_prop property_service b/269218654 su modem_img_file filesystem b/238825802 +system_app proc_pagetypeinfo file b/287169829 system_server system_userdir_file dir b/281814691 From 115679f21199c31b9af9c112c0b4832d6037117a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 4 Sep 2023 15:33:41 +0800 Subject: [PATCH 115/116] Update SELinux error Bug: 290766628 Merged-In: Ieecf2602f481d8c45d6b213aff8c390c3a32d68c Change-Id: I13d2fb464c80b0be2d6524a58b441fcd8eaaa830 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 69c51137..4df791a3 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -24,3 +24,4 @@ rfsd vendor_rild_prop property_service b/269218654 su modem_img_file filesystem b/238825802 system_app proc_pagetypeinfo file b/287169829 system_server system_userdir_file dir b/281814691 +platform_app hal_uwb_vendor_service find b/290766628 From 3770a8a19c012877750124df7fc212d694dd0b37 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Fri, 4 Aug 2023 14:26:21 +0900 Subject: [PATCH 116/116] Move coredomain seapp ctx and types to system_ext Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble violation. Bug: 280547417 Test: build bluejay and boot test (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb3a11636618dbb044e567716ff2984b25117bc5) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:87b9095bd5d9811c0b37887e980b057453894dea) Merged-In: I48441749de4eb1de90ce5a307b1d47ae3cb9592d Change-Id: I48441749de4eb1de90ce5a307b1d47ae3cb9592d --- system_ext/private/con_monitor.te | 7 +++++++ system_ext/private/hbmsvmanager_app.te | 11 +++++++++++ system_ext/private/seapp_contexts | 6 ++++++ system_ext/public/con_monitor.te | 2 ++ system_ext/public/hbmsvmanager_app.te | 1 + whitechapel/vendor/google/con_monitor.te | 11 ----------- whitechapel/vendor/google/hbmsvmanager_app.te | 15 --------------- whitechapel/vendor/google/seapp_contexts | 6 ------ 8 files changed, 27 insertions(+), 32 deletions(-) create mode 100644 system_ext/private/con_monitor.te create mode 100644 system_ext/private/hbmsvmanager_app.te create mode 100644 system_ext/public/con_monitor.te create mode 100644 system_ext/public/hbmsvmanager_app.te diff --git a/system_ext/private/con_monitor.te b/system_ext/private/con_monitor.te new file mode 100644 index 00000000..c68ec1f8 --- /dev/null +++ b/system_ext/private/con_monitor.te @@ -0,0 +1,7 @@ +typeattribute con_monitor_app coredomain; + +app_domain(con_monitor_app) + +set_prop(con_monitor_app, radio_prop) +allow con_monitor_app app_api_service:service_manager find; +allow con_monitor_app radio_service:service_manager find; diff --git a/system_ext/private/hbmsvmanager_app.te b/system_ext/private/hbmsvmanager_app.te new file mode 100644 index 00000000..6f5ff7ac --- /dev/null +++ b/system_ext/private/hbmsvmanager_app.te @@ -0,0 +1,11 @@ +typeattribute hbmsvmanager_app coredomain; + +app_domain(hbmsvmanager_app); + +allow hbmsvmanager_app proc_vendor_sched:dir r_dir_perms; +allow hbmsvmanager_app proc_vendor_sched:file w_file_perms; + +# Standard system services +allow hbmsvmanager_app app_api_service:service_manager find; + +allow hbmsvmanager_app cameraserver_service:service_manager find; diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts index 8c2178a8..6ac71499 100644 --- a/system_ext/private/seapp_contexts +++ b/system_ext/private/seapp_contexts @@ -1,2 +1,8 @@ # Domain for EuiccGoogle user=_app isPrivApp=true name=com.google.android.euicc domain=euicc_app type=privapp_data_file levelFrom=user + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# HbmSVManager +user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all diff --git a/system_ext/public/con_monitor.te b/system_ext/public/con_monitor.te new file mode 100644 index 00000000..6a4d1dac --- /dev/null +++ b/system_ext/public/con_monitor.te @@ -0,0 +1,2 @@ +# ConnectivityMonitor app +type con_monitor_app, domain; diff --git a/system_ext/public/hbmsvmanager_app.te b/system_ext/public/hbmsvmanager_app.te new file mode 100644 index 00000000..4fcf2bdb --- /dev/null +++ b/system_ext/public/hbmsvmanager_app.te @@ -0,0 +1 @@ +type hbmsvmanager_app, domain; diff --git a/whitechapel/vendor/google/con_monitor.te b/whitechapel/vendor/google/con_monitor.te index ab17c826..32c2056d 100644 --- a/whitechapel/vendor/google/con_monitor.te +++ b/whitechapel/vendor/google/con_monitor.te @@ -1,13 +1,2 @@ -# ConnectivityMonitor app -type con_monitor_app, domain, coredomain; - -# TODO(b/296512193): move con_monitor_app out of vendor sepolicy -typeattribute con_monitor_app vendor_seapp_assigns_coredomain_violators; - -app_domain(con_monitor_app) - -set_prop(con_monitor_app, radio_prop) -allow con_monitor_app app_api_service:service_manager find; -allow con_monitor_app radio_service:service_manager find; allow con_monitor_app radio_vendor_data_file:dir rw_dir_perms; allow con_monitor_app radio_vendor_data_file:file create_file_perms; diff --git a/whitechapel/vendor/google/hbmsvmanager_app.te b/whitechapel/vendor/google/hbmsvmanager_app.te index 2acbaa8a..bbedea8c 100644 --- a/whitechapel/vendor/google/hbmsvmanager_app.te +++ b/whitechapel/vendor/google/hbmsvmanager_app.te @@ -1,17 +1,2 @@ -type hbmsvmanager_app, domain, coredomain; - -# TODO(b/296512193): move hbmsvmanager_app out of vendor sepolicy -typeattribute hbmsvmanager_app vendor_seapp_assigns_coredomain_violators; - -app_domain(hbmsvmanager_app); - -allow hbmsvmanager_app proc_vendor_sched:dir r_dir_perms; -allow hbmsvmanager_app proc_vendor_sched:file w_file_perms; - allow hbmsvmanager_app hal_pixel_display_service:service_manager find; binder_call(hbmsvmanager_app, hal_graphics_composer_default) - -# Standard system services -allow hbmsvmanager_app app_api_service:service_manager find; - -allow hbmsvmanager_app cameraserver_service:service_manager find; diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts index e724de28..7711c447 100644 --- a/whitechapel/vendor/google/seapp_contexts +++ b/whitechapel/vendor/google/seapp_contexts @@ -24,18 +24,12 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d # grilservice user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all -# HbmSVManager -user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all - # Domain for omadm user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all # Modem Diagnostic System user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user -# Domain for connectivity monitor -user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all - # RIL Config Service user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file