From ae39e117c1d2d796819839716b516f178746caa9 Mon Sep 17 00:00:00 2001 From: Taylor Nelms Date: Mon, 5 Dec 2022 16:32:21 +0000 Subject: [PATCH 1/4] Modify permissions to allow dumpstate process to access decon_counters node Bug: 240346564 Test: Build for Oriole device with "user" build, check bugreport for decon_counters content Merged-In: I71883632857e76cfead39b16560b3695e13a6746 Change-Id: I010a9e8809192a5a1ee5842d5ac973d874836cea Signed-off-by: Taylor Nelms --- whitechapel/vendor/google/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 8bb12c67..bd291349 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -279,6 +279,9 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_need_ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c300000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c301000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c302000.drmdecon/counters u:object_r:sysfs_display:s0 # Modem genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 From 9828cc747a31ce31f5c6c687356dc1a302a8f90a Mon Sep 17 00:00:00 2001 From: Ray Chi Date: Thu, 2 Feb 2023 15:21:35 +0800 Subject: [PATCH 2/4] [ DO NOT MERGE ] usb: Add sepolicy for extcon access USB gadget hal will access extcon folder so that this patch will add new rule to allow USB gadget hal to access extcon. Bug: 263435622 Test: verified pass Change-Id: I8c265919f7ae4b18aa304b0a584536d2a0f4b27a --- whitechapel/vendor/google/hal_usb_gadget_impl.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/hal_usb_gadget_impl.te b/whitechapel/vendor/google/hal_usb_gadget_impl.te index 7eb0f632..31216c98 100644 --- a/whitechapel/vendor/google/hal_usb_gadget_impl.te +++ b/whitechapel/vendor/google/hal_usb_gadget_impl.te @@ -19,3 +19,6 @@ allow hal_usb_gadget_impl proc_interrupts:file r_file_perms; # change irq to other cores allow hal_usb_gadget_impl proc_irq:dir r_dir_perms; allow hal_usb_gadget_impl proc_irq:file w_file_perms; + +# allow gadget hal to access extcon node +allow hal_usb_gadget_impl sysfs_extcon:file r_file_perms; From 3194ab09f9c4efe20b9c8f6f6ed230fa014f22ea Mon Sep 17 00:00:00 2001 From: Ken Tsou Date: Thu, 16 Feb 2023 10:35:10 +0800 Subject: [PATCH 3/4] [DO NOT MERGE] hal_health_default: access persist.vendor.shutdown.* msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0' Bug: 266181615 Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4 Signed-off-by: Ken Tsou --- whitechapel/vendor/google/hal_health_default.te | 1 + whitechapel/vendor/google/property.te | 3 +++ whitechapel/vendor/google/property_contexts | 1 + 3 files changed, 5 insertions(+) diff --git a/whitechapel/vendor/google/hal_health_default.te b/whitechapel/vendor/google/hal_health_default.te index a28e5c12..65a5d483 100644 --- a/whitechapel/vendor/google/hal_health_default.te +++ b/whitechapel/vendor/google/hal_health_default.te @@ -4,6 +4,7 @@ allow hal_health_default persist_battery_file:file create_file_perms; allow hal_health_default persist_battery_file:dir rw_dir_perms; set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) r_dir_file(hal_health_default, sysfs_scsi_devices_0000) allow hal_health_default fwk_stats_service:service_manager find; diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 70c72b68..f1430adf 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -29,6 +29,9 @@ vendor_internal_prop(vendor_battery_defender_prop) # Battery profile for harness mode vendor_internal_prop(vendor_battery_profile_prop) +# hal_health +vendor_internal_prop(vendor_shutdown_prop) + # AoC vendor_internal_prop(vendor_aoc_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 0dd3d463..c9e16156 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -87,6 +87,7 @@ persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 # Battery vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 +persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 # test battery profile persist.vendor.testing_battery_profile u:object_r:vendor_battery_profile_prop:s0 From 893d8ddff7f4eb0018c5248384ac42a3c5c9e259 Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Fri, 10 Mar 2023 15:20:15 +0800 Subject: [PATCH 4/4] SSRestarDetector: modify the SELinux policy to allow access files owned by system for Whitechapel. It needs to access a file pushed by hosts of test suites (details: http://go/pd-client-for-lab#heading=h.wtp07hbqvwgx) Bug: 234359369 Design: http://go/pd-client-for-lab Test: manual (http://b/271555983#comment3) Change-Id: I1c9544ca2ebe1857c439f00c4589f739aca8e157 --- whitechapel/vendor/google/ssr_detector.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/ssr_detector.te b/whitechapel/vendor/google/ssr_detector.te index 934028e1..f27fcc5b 100644 --- a/whitechapel/vendor/google/ssr_detector.te +++ b/whitechapel/vendor/google/ssr_detector.te @@ -4,7 +4,8 @@ app_domain(ssr_detector_app) allow ssr_detector_app app_api_service:service_manager find; allow ssr_detector_app radio_service:service_manager find; -allow ssr_detector_app system_app_data_file:dir r_dir_perms; +allow ssr_detector_app system_app_data_file:dir create_dir_perms; +allow ssr_detector_app system_app_data_file:file create_file_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;