From 50ee17cede6d3953dd6b940a55c82e013f32cd18 Mon Sep 17 00:00:00 2001 From: samou Date: Tue, 16 Jul 2024 07:39:16 +0000 Subject: [PATCH 01/13] sepolicy: remove duplicate policy Flag: EXEMPT refactor Bug: 349935208 Change-Id: Ib20bc0cc9af38ed481697420bb92ea12a917d594 Signed-off-by: samou --- whitechapel/vendor/google/file.te | 4 ---- whitechapel/vendor/google/genfs_contexts | 9 --------- 2 files changed, 13 deletions(-) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 8c985555..16c40446 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -114,10 +114,6 @@ type sysfs_chargelevel, sysfs_type, fs_type; # ODPM type powerstats_vendor_data_file, file_type, data_file_type; -type sysfs_odpm, sysfs_type, fs_type; - -# bcl -type sysfs_bcl, sysfs_type, fs_type; # Chosen type sysfs_chosen, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 7261590f..207c64e4 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -185,15 +185,6 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-me genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 -# bcl sysfs files -genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0 -genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_heavy_clk_ratio u:object_r:sysfs_bcl:s0 -genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/gpu_heavy_clk_ratio u:object_r:sysfs_bcl:s0 -genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/cpu2_heavy_clk_ratio u:object_r:sysfs_bcl:s0 -genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/cpu2_light_clk_ratio u:object_r:sysfs_bcl:s0 -genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_light_clk_ratio u:object_r:sysfs_bcl:s0 -genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/gpu_light_clk_ratio u:object_r:sysfs_bcl:s0 - # Chosen genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 From a6390dc3eaea6fcbcdfef476ebbf29a90b6cf696 Mon Sep 17 00:00:00 2001 From: samou Date: Wed, 17 Jul 2024 11:03:59 +0000 Subject: [PATCH 02/13] sepolicy: remove dump_gs101.sh Flag: EXEMPT refactor Bug: 349935208 Change-Id: I4f2d5ef40dc328237f62aac7e4116a1f1410516a Signed-off-by: samou --- whitechapel/vendor/google/file_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 69e0d3a9..97ff74cc 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -16,7 +16,6 @@ /(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 -/vendor/bin/dump/dump_gs101.sh u:object_r:dump_gs101_exec:s0 # # HALs From b8f3e01274005a5bc33b2e51b17c926a421209e8 Mon Sep 17 00:00:00 2001 From: samou Date: Tue, 13 Aug 2024 11:48:56 +0000 Subject: [PATCH 03/13] sepolicy: gs101: fix bm selinux - add odpm scale value path - add gpu cur_freq Flag: EXEMPT refactor Bug: 349935208 Change-Id: Ib5f4baf57c181f3ca2470514d256f307b7761403 Signed-off-by: samou --- whitechapel/vendor/google/genfs_contexts | 34 ++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 207c64e4..99875eb3 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -185,6 +185,39 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-me genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current7_scale u:object_r:sysfs_odpm:s0 + # Chosen genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 @@ -226,6 +259,7 @@ genfscon sysfs /devices/platform/1c500000.mali/dma_buf_gpu_mem genfscon sysfs /devices/platform/1c500000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1c500000.mali/kprcs u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1c500000.mali/power_policy u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1c500000.mali/cur_freq u:object_r:sysfs_gpu:s0 # nvmem (Non Volatile Memory layer) genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0050/8-00500/nvmem u:object_r:sysfs_memory:s0 From e0d8d912ec34ff10f0f9167d738932b53a79de44 Mon Sep 17 00:00:00 2001 From: attis Date: Mon, 26 Aug 2024 10:54:48 +0800 Subject: [PATCH 04/13] Label sysfs node power_mode as sysfs_display. Label power_mode to sysfs_panel to let it be allowed in dumpstate. avc log: 08-26 11:59:55.044 14700 14700 W dump_display: type=1400 audit(0.0:25): avc: denied { read } for name="power_mode" dev="sysfs" ino=83218 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/340722772 Test: ls -Z, adb bugreport. Flag: EXEMPT bugfix Bug: 358505990 Change-Id: Ia31964903b62f72237ae18cf07a2cef0138adeea Signed-off-by: attis --- whitechapel/vendor/google/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 7261590f..1e3d8bf0 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -152,6 +152,8 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_need_ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_mode u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/power_mode u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c300000.drmdecon/counters u:object_r:sysfs_display:s0 From f323bc8dc7d36a0a352f8965f7ca605017b6d5e0 Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Mon, 2 Sep 2024 14:46:32 +0800 Subject: [PATCH 05/13] Storage: label ufs firmware upgrade script Bug: 361093041 Test: local build Change-Id: I0f1c9222f16351bde2ef9dd478a5e0c143e49e5a Signed-off-by: Randall Huang --- whitechapel/vendor/google/device.te | 4 ++++ whitechapel/vendor/google/file.te | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te index 4662a075..1399788a 100644 --- a/whitechapel/vendor/google/device.te +++ b/whitechapel/vendor/google/device.te @@ -39,3 +39,7 @@ type st33spi_device, dev_type; # GPS type vendor_gnss_device, dev_type; + +# Storage firmware upgrade +type ufs_internal_block_device, dev_type; + diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 16c40446..ed633c69 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -75,6 +75,10 @@ type proc_f2fs, proc_type, fs_type; type bootdevice_sysdev, dev_type; +# Storage firmware upgrade +type ufs_firmware_update, domain; +type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type; + # ZRam type per_boot_file, file_type, data_file_type, core_data_file_type; From edf14e100ec320f9fcf0ab346c2ef065c5d069ad Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Wed, 4 Sep 2024 00:02:23 +0800 Subject: [PATCH 06/13] storage: move storage related device type to common folder Bug: 364225000 Test: forrest build Change-Id: I779edca2e5cecfb34ede65dccf93f207a3dbcf2f Signed-off-by: Randall Huang --- whitechapel/vendor/google/device.te | 6 ------ whitechapel/vendor/google/file.te | 5 +---- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te index 1399788a..1e1f25db 100644 --- a/whitechapel/vendor/google/device.te +++ b/whitechapel/vendor/google/device.te @@ -1,8 +1,5 @@ # Block Devices -type efs_block_device, dev_type; type modem_block_device, dev_type; -type modem_userdata_block_device, dev_type; -type persist_block_device, dev_type; type mfg_data_block_device, dev_type; # Exynos devices @@ -40,6 +37,3 @@ type st33spi_device, dev_type; # GPS type vendor_gnss_device, dev_type; -# Storage firmware upgrade -type ufs_internal_block_device, dev_type; - diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index ed633c69..db4d0570 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -75,10 +75,6 @@ type proc_f2fs, proc_type, fs_type; type bootdevice_sysdev, dev_type; -# Storage firmware upgrade -type ufs_firmware_update, domain; -type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type; - # ZRam type per_boot_file, file_type, data_file_type, core_data_file_type; @@ -165,3 +161,4 @@ type sysfs_bootctl, sysfs_type, fs_type; # WLC type sysfs_wlc, sysfs_type, fs_type; + From d3d5235b50256e7fadeab0067839e5d9e707c20e Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 4 Sep 2024 03:26:56 +0000 Subject: [PATCH 07/13] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 364446534 Flag: EXEMPT sepolicy bugFix Change-Id: I694b656e436ef9365ee1bbbac81f155dbf70ce60 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index a81c684d..e499aaa4 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,5 @@ +battery_mitigation sysfs file b/364446534 chre vendor_data_file dir b/301948771 dump_display sysfs file b/340722772 hal_power_default hal_power_default capability b/240632824 From 9a6384293800338301cb6a088565eb1dc76ee63b Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Thu, 12 Sep 2024 14:25:14 +0800 Subject: [PATCH 08/13] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 366116587 Test: scanBugreport Bug: 366115873 Bug: 366116435 Bug: 366116214 Test: scanAvcDeniedLogRightAfterReboot Bug: 366115457 Bug: 366115458 Flag: EXEMPT NDK Change-Id: I5f9c4f722ebcfc8fe14c9324d37106d9431accc4 --- tracking_denials/bug_map | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e499aaa4..0f17944e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -2,6 +2,8 @@ battery_mitigation sysfs file b/364446534 chre vendor_data_file dir b/301948771 dump_display sysfs file b/340722772 +dump_modem sscoredump_vendor_data_coredump_file dir b/366115873 +dump_modem sscoredump_vendor_data_logcat_file dir b/366115873 hal_power_default hal_power_default capability b/240632824 hal_sensors_default sysfs file b/340723303 hal_vibrator_default default_android_service service_manager b/317316478 @@ -15,6 +17,9 @@ rfsd vendor_cbd_prop file b/317734418 shell sysfs_net file b/329380904 ssr_detector_app default_prop file b/350831964 surfaceflinger selinuxfs file b/313804340 +system_server vendor_default_prop file b/366115457 +system_server vendor_default_prop file b/366116435 +system_server vendor_default_prop file b/366116587 untrusted_app nativetest_data_file dir b/305600845 untrusted_app shell_test_data_file dir b/305600845 untrusted_app system_data_root_file dir b/305600845 @@ -23,3 +28,5 @@ vendor_init debugfs_trace_marker file b/340723222 vendor_init default_prop file b/315104713 vendor_init default_prop file b/316817111 vendor_init default_prop property_service b/315104713 +vendor_init default_prop property_service b/366115458 +vendor_init default_prop property_service b/366116214 From cc79320f9a5b5c67d4aa712382ee1e85ffe62000 Mon Sep 17 00:00:00 2001 From: Prochin Wang Date: Thu, 12 Sep 2024 05:04:35 +0000 Subject: [PATCH 09/13] Change vendor_fingerprint_prop to vendor_restricted_prop This is to allow the fingerprint HAL to access the property. Bug: 366105474 Flag: build.RELEASE_PIXEL_BOOST_DATALAYER_PSA_ENABLED Test: mm Change-Id: Id15a6014d553bf91fd9ffe34c7c1000973ad5860 --- whitechapel/vendor/google/property.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 21bd8885..bbdce973 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -42,7 +42,7 @@ vendor_internal_prop(vendor_touchpanel_prop) vendor_internal_prop(vendor_tcpdump_log_prop) # Fingerprint -vendor_internal_prop(vendor_fingerprint_prop) +vendor_restricted_prop(vendor_fingerprint_prop) # Dynamic sensor vendor_internal_prop(vendor_dynamic_sensor_prop) From 9e9fa88ba6eead6b7ce743dc396c40d4c0d992ab Mon Sep 17 00:00:00 2001 From: Tej Singh Date: Fri, 20 Sep 2024 21:27:23 -0700 Subject: [PATCH 10/13] Make android.framework.stats-v2-ndk app reachable For libedgetpu Test: TH Bug: 354763040 Flag: EXEMPT bugfix Change-Id: I8a46aae725a9e912681068df9c219e5a91784305 --- whitechapel/vendor/google/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 97ff74cc..1639c3ae 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -372,5 +372,6 @@ # Statsd service to support EdgeTPU metrics logging service. /vendor/lib64/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/android\.frameworks\.stats-V2-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0 From f5714487a6fef93234cf677bf0dba619d95d2f34 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 25 Sep 2024 12:20:29 +0000 Subject: [PATCH 11/13] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 369537606 Bug: 369538457 Flag: EXEMPT NDK Change-Id: I01699bc42821ab8eabc7ed545119ba306e8a8e87 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 0f17944e..e44a6781 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -13,6 +13,8 @@ kernel dm_device blk_file b/315907959 kernel kernel capability b/340722537 kernel kernel capability b/340723030 kernel tmpfs chr_file b/315907959 +pixelstats_vendor block_device dir b/369537606 +ramdump ramdump capability b/369538457 rfsd vendor_cbd_prop file b/317734418 shell sysfs_net file b/329380904 ssr_detector_app default_prop file b/350831964 From 57c566b298ad1e36a423325ec4a3a86975586d36 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Thu, 26 Sep 2024 13:24:24 +0800 Subject: [PATCH 12/13] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 369735407 Test: scanBugreport Bug: 369735133 Test: scanAvcDeniedLogRightAfterReboot Bug: 369735170 Change-Id: I574ee785ee63bccaca15fa33879f8728d567e1d9 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e44a6781..4269fcb7 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -14,6 +14,7 @@ kernel kernel capability b/340722537 kernel kernel capability b/340723030 kernel tmpfs chr_file b/315907959 pixelstats_vendor block_device dir b/369537606 +pixelstats_vendor block_device dir b/369735407 ramdump ramdump capability b/369538457 rfsd vendor_cbd_prop file b/317734418 shell sysfs_net file b/329380904 @@ -32,3 +33,5 @@ vendor_init default_prop file b/316817111 vendor_init default_prop property_service b/315104713 vendor_init default_prop property_service b/366115458 vendor_init default_prop property_service b/366116214 +vendor_init default_prop property_service b/369735133 +vendor_init default_prop property_service b/369735170 From e746382d7834745023401c638e5367ed2b48a163 Mon Sep 17 00:00:00 2001 From: samou Date: Fri, 4 Oct 2024 12:20:16 +0000 Subject: [PATCH 13/13] sepolicy: allow dumpstate to execute dump_power 10-04 19:36:47.308 7141 7141 I android.hardwar: type=1400 audit(0.0:6974): avc: denied { execute_no_trans } for path="/vendor/bin/dump/dump_power" dev="overlay" ino=91 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6975): avc: denied { read } for name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6976): avc: denied { open } for path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6977): avc: denied { search } for name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6978): avc: denied { read } for name="core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6979): avc: denied { open } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6980): avc: denied { getattr } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.336 7141 7141 I dump_power: type=1400 audit(0.0:6981): avc: denied { read } for name="time_in_state" dev="sysfs" ino=50604 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:25): avc: denied { read } for name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:26): avc: denied { read } for name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:27): avc: denied { read } for name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:28): avc: denied { read } for name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:29): avc: denied { read } for name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:30): avc: denied { read } for name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:29): avc: denied { search } for name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:30): avc: denied { search } for name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:31): avc: denied { search } for name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:32): avc: denied { search } for name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:33): avc: denied { search } for name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18792): avc: denied { search } for name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18793): avc: denied { read } for name="uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18794): avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18795): avc: denied { getattr } for path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18796): avc: denied { search } for name="8-003c" dev="sysfs" ino=55942 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18797): avc: denied { read } for name="maxfg" dev="sysfs" ino=62568 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18798): avc: denied { read } for name="logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18799): avc: denied { open } for path="/dev/logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6191): avc: denied { search } for name="mitigation" dev="dm-50" ino=3758 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6192): avc: denied { read } for name="thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6193): avc: denied { open } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6194): avc: denied { getattr } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6195): avc: denied { search } for name="mitigation" dev="sysfs" ino=85222 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6196): avc: denied { read } for name="last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6197): avc: denied { open } for path="/sys/devices/virtual/pmic/mitigation/last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6198): avc: denied { read } for name="batoilo_count" dev="sysfs" ino=85287 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:875): avc: denied { read } for name="thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:876): avc: denied { open } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:877): avc: denied { getattr } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:878): avc: denied { read } for name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:879): avc: denied { open } for path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:880): avc: denied { search } for name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:881): avc: denied { read } for name="core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:882): avc: denied { open } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:883): avc: denied { getattr } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:884): avc: denied { read } for name="time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:885): avc: denied { open } for path="/sys/devices/platform/cpupm/cpupm/time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 Flag: EXEMPT refactor Bug: 364989823 Change-Id: I195f779cc6588c37ccdbe4bb8b29ee8f2edd861a Signed-off-by: samou --- whitechapel/vendor/google/dump_power.te | 15 +++++++++++++++ whitechapel/vendor/google/file_contexts | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 whitechapel/vendor/google/dump_power.te diff --git a/whitechapel/vendor/google/dump_power.te b/whitechapel/vendor/google/dump_power.te new file mode 100644 index 00000000..d745b20d --- /dev/null +++ b/whitechapel/vendor/google/dump_power.te @@ -0,0 +1,15 @@ +# Allow dumpstate to execute dump_power +pixel_bugreport(dump_power); + +allow dump_power sysfs_acpm_stats:dir r_dir_perms; +allow dump_power sysfs_acpm_stats:file r_file_perms; +allow dump_power sysfs_cpu:file r_file_perms; +allow dump_power sysfs_wlc:file r_file_perms; +allow dump_power sysfs_wlc:dir search; +allow dump_power sysfs_batteryinfo:dir r_dir_perms; +allow dump_power sysfs_batteryinfo:file r_file_perms; +allow dump_power logbuffer_device:chr_file r_file_perms; +allow dump_power mitigation_vendor_data_file:dir r_dir_perms; +allow dump_power mitigation_vendor_data_file:file r_file_perms; +allow dump_power sysfs_bcl:dir r_dir_perms; +allow dump_power sysfs_bcl:file r_file_perms; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 1639c3ae..e6dc12e1 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -16,7 +16,7 @@ /(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 - +/vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0 # # HALs #