From 4943a19244e0156d4637e4f60ff6be17a4e524ee Mon Sep 17 00:00:00 2001 From: Daniel Chapin Date: Wed, 24 Jul 2024 20:17:20 +0000 Subject: [PATCH 01/20] Revert "trusty: storageproxy: add fs_ready_rw property context" Revert submission 28318041-rw_storage Reason for revert: Droidfood blocking bug b/355163562 Reverted changes: /q/submissionid:28318041-rw_storage (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7bc5a6b183feca0de5970360a7c120e25fe11fa2) Merged-In: I3846d284bb6810ed3adea0070ac663babf6bb966 Change-Id: I3846d284bb6810ed3adea0070ac663babf6bb966 --- whitechapel/vendor/google/property_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 5c320194..ba41d6a9 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -96,7 +96,6 @@ vendor.uwb.calibration.country_code u:object_r:vendor_uwb_calibratio # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 -ro.vendor.trusty.storage.fs_ready_rw u:object_r:vendor_trusty_storage_prop:s0 # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix From faa7886bec01740f7d2e7a64ee9e74a5e0f84678 Mon Sep 17 00:00:00 2001 From: Daniel Chapin Date: Wed, 24 Jul 2024 20:17:20 +0000 Subject: [PATCH 02/20] Revert "trusty: storageproxy: add fs_ready_rw property context" Revert submission 28318041-rw_storage Reason for revert: Droidfood blocking bug b/355163562 Reverted changes: /q/submissionid:28318041-rw_storage (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7bc5a6b183feca0de5970360a7c120e25fe11fa2) Merged-In: I3846d284bb6810ed3adea0070ac663babf6bb966 Change-Id: I3846d284bb6810ed3adea0070ac663babf6bb966 --- whitechapel/vendor/google/property_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 5c320194..ba41d6a9 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -96,7 +96,6 @@ vendor.uwb.calibration.country_code u:object_r:vendor_uwb_calibratio # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 -ro.vendor.trusty.storage.fs_ready_rw u:object_r:vendor_trusty_storage_prop:s0 # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix From bc766489dce017b17c442169d55b4351d3313861 Mon Sep 17 00:00:00 2001 From: samou Date: Fri, 4 Oct 2024 12:20:16 +0000 Subject: [PATCH 03/20] sepolicy: allow dumpstate to execute dump_power 10-04 19:36:47.308 7141 7141 I android.hardwar: type=1400 audit(0.0:6974): avc: denied { execute_no_trans } for path="/vendor/bin/dump/dump_power" dev="overlay" ino=91 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6975): avc: denied { read } for name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6976): avc: denied { open } for path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6977): avc: denied { search } for name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6978): avc: denied { read } for name="core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6979): avc: denied { open } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6980): avc: denied { getattr } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.336 7141 7141 I dump_power: type=1400 audit(0.0:6981): avc: denied { read } for name="time_in_state" dev="sysfs" ino=50604 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:25): avc: denied { read } for name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:26): avc: denied { read } for name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:27): avc: denied { read } for name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:28): avc: denied { read } for name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:29): avc: denied { read } for name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:30): avc: denied { read } for name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:29): avc: denied { search } for name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:30): avc: denied { search } for name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:31): avc: denied { search } for name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:32): avc: denied { search } for name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:33): avc: denied { search } for name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18792): avc: denied { search } for name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18793): avc: denied { read } for name="uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18794): avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18795): avc: denied { getattr } for path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18796): avc: denied { search } for name="8-003c" dev="sysfs" ino=55942 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18797): avc: denied { read } for name="maxfg" dev="sysfs" ino=62568 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18798): avc: denied { read } for name="logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18799): avc: denied { open } for path="/dev/logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6191): avc: denied { search } for name="mitigation" dev="dm-50" ino=3758 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6192): avc: denied { read } for name="thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6193): avc: denied { open } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6194): avc: denied { getattr } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6195): avc: denied { search } for name="mitigation" dev="sysfs" ino=85222 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6196): avc: denied { read } for name="last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6197): avc: denied { open } for path="/sys/devices/virtual/pmic/mitigation/last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6198): avc: denied { read } for name="batoilo_count" dev="sysfs" ino=85287 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:875): avc: denied { read } for name="thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:876): avc: denied { open } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:877): avc: denied { getattr } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:878): avc: denied { read } for name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:879): avc: denied { open } for path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:880): avc: denied { search } for name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:881): avc: denied { read } for name="core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:882): avc: denied { open } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:883): avc: denied { getattr } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:884): avc: denied { read } for name="time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:885): avc: denied { open } for path="/sys/devices/platform/cpupm/cpupm/time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 Flag: EXEMPT refactor Bug: 364989823 Signed-off-by: samou (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e746382d7834745023401c638e5367ed2b48a163) Merged-In: I195f779cc6588c37ccdbe4bb8b29ee8f2edd861a Change-Id: I195f779cc6588c37ccdbe4bb8b29ee8f2edd861a --- whitechapel/vendor/google/dump_power.te | 15 +++++++++++++++ whitechapel/vendor/google/file_contexts | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 whitechapel/vendor/google/dump_power.te diff --git a/whitechapel/vendor/google/dump_power.te b/whitechapel/vendor/google/dump_power.te new file mode 100644 index 00000000..d745b20d --- /dev/null +++ b/whitechapel/vendor/google/dump_power.te @@ -0,0 +1,15 @@ +# Allow dumpstate to execute dump_power +pixel_bugreport(dump_power); + +allow dump_power sysfs_acpm_stats:dir r_dir_perms; +allow dump_power sysfs_acpm_stats:file r_file_perms; +allow dump_power sysfs_cpu:file r_file_perms; +allow dump_power sysfs_wlc:file r_file_perms; +allow dump_power sysfs_wlc:dir search; +allow dump_power sysfs_batteryinfo:dir r_dir_perms; +allow dump_power sysfs_batteryinfo:file r_file_perms; +allow dump_power logbuffer_device:chr_file r_file_perms; +allow dump_power mitigation_vendor_data_file:dir r_dir_perms; +allow dump_power mitigation_vendor_data_file:file r_file_perms; +allow dump_power sysfs_bcl:dir r_dir_perms; +allow dump_power sysfs_bcl:file r_file_perms; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 1639c3ae..e6dc12e1 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -16,7 +16,7 @@ /(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 - +/vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0 # # HALs # From c025f4915b97e08fc884a491d2c3f7f00db7cfe3 Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Fri, 1 Nov 2024 15:23:25 +0000 Subject: [PATCH 04/20] sepolicy: allow dump_power to read debugfs 11-01 11:59:42.836 11781 11781 W dump_power: type=1400 audit(0.0:46): avc: denied { search } for name="usb" dev="debugfs" ino=2059 scontext=u:r:dump_power:s0 tcontext=u:object_r:vendor_usb_debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:47): avc: denied { search } for name="google_battery" dev="debugfs" ino=18509 scontext=u:r:dump_power:s0 tcontext=u:object_r:vendor_battery_debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:48): avc: denied { read } for name="maxfg" dev="debugfs" ino=16428 scontext=u:r:dump_power:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:49): avc: denied { read } for name="/" dev="debugfs" ino=1 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:50): avc: denied { read } for name="/" dev="debugfs" ino=1 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:51): avc: denied { read } for name="/" dev="debugfs" ino=1 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=dir permissive=0 Bug: 376080915 Test: adb bugreport without audit Flag: EXEMPT bugfix Change-Id: I7ae11300cd45f7e8c05c0dcf46d5dfda5c777400 Signed-off-by: Spade Lee --- whitechapel/vendor/google/dump_power.te | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/whitechapel/vendor/google/dump_power.te b/whitechapel/vendor/google/dump_power.te index d745b20d..cf7c14ed 100644 --- a/whitechapel/vendor/google/dump_power.te +++ b/whitechapel/vendor/google/dump_power.te @@ -13,3 +13,12 @@ allow dump_power mitigation_vendor_data_file:dir r_dir_perms; allow dump_power mitigation_vendor_data_file:file r_file_perms; allow dump_power sysfs_bcl:dir r_dir_perms; allow dump_power sysfs_bcl:file r_file_perms; + +userdebug_or_eng(` + r_dir_file(dump_power, vendor_battery_debugfs) + r_dir_file(dump_power, vendor_maxfg_debugfs) + r_dir_file(dump_power, vendor_charger_debugfs) + r_dir_file(dump_power, vendor_votable_debugfs) + allow dump_power debugfs:dir r_dir_perms; + allow dump_power vendor_usb_debugfs:dir { search }; +') From 1df8457f5eeb98fd3cfb606612b4b903229eccf5 Mon Sep 17 00:00:00 2001 From: Boon Jun Date: Mon, 11 Nov 2024 06:57:02 +0000 Subject: [PATCH 05/20] Update ldaf sensor device filename LDAF sensor device filename changed after kernel upgrade from v5.10 to v6.1 in some of our in-market devices. We need to update the device filename to access the LDAF with this new kernel version. Bug: 378045567 Test: Open camera, and observe available LDAF sensor in logs Flag: EXEMPT bugfix Change-Id: I1d366ea6a104fcf2cb1393ad26d3c6c6d39ff910 --- whitechapel/vendor/google/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index fc845ff6..975652e5 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -167,7 +167,7 @@ /vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 -/dev/stmvl53l1_ranging u:object_r:rls_device:s0 +/dev/ispolin_ranging u:object_r:rls_device:s0 /dev/lwis-act0 u:object_r:lwis_device:s0 /dev/lwis-act1 u:object_r:lwis_device:s0 From 4e105e14dc447f2d01a44c79bf01ecf5d6368fef Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Fri, 15 Nov 2024 15:13:27 +0800 Subject: [PATCH 06/20] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 379226761 Bug: 379226710 Bug: 379227275 Bug: 379226644 Flag: EXEMPT NDK Change-Id: I8ef5317b2e63571ea6437014e4ae5cc281a1a5b9 --- tracking_denials/bug_map | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e01f4cfa..6c4f508f 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,5 +1,6 @@ battery_mitigation sysfs file b/364446534 +bluetooth audio_config_prop file b/379226761 chre vendor_data_file dir b/301948771 dump_display sysfs file b/340722772 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873 @@ -18,6 +19,8 @@ pixelstats_vendor block_device dir b/369537606 pixelstats_vendor block_device dir b/369735407 platform_app vendor_fw_file dir b/372122654 platform_app vendor_rild_prop file b/372122654 +priv_app audio_config_prop file b/379226710 +radio audio_config_prop file b/379227275 ramdump ramdump capability b/369538457 rfsd vendor_cbd_prop file b/317734418 shell sysfs_net file b/329380904 @@ -26,6 +29,7 @@ surfaceflinger selinuxfs file b/313804340 system_server vendor_default_prop file b/366115457 system_server vendor_default_prop file b/366116435 system_server vendor_default_prop file b/366116587 +untrusted_app audio_config_prop file b/379226644 untrusted_app nativetest_data_file dir b/305600845 untrusted_app shell_test_data_file dir b/305600845 untrusted_app system_data_root_file dir b/305600845 From a6019b0cb049c2c7b73b83aac48694baac578336 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Fri, 15 Nov 2024 18:29:38 +0800 Subject: [PATCH 07/20] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 379246143 Bug: 379245675 Bug: 379246066 Bug: 379246340 Bug: 379248992 Bug: 379249291 Flag: EXEMPT NDK Change-Id: Ibc136376c0a0734a2cdac3e543b90f1932e6e4c3 --- tracking_denials/bug_map | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 6c4f508f..45b44467 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,6 +1,7 @@ battery_mitigation sysfs file b/364446534 bluetooth audio_config_prop file b/379226761 +bluetooth audio_config_prop file b/379245675 chre vendor_data_file dir b/301948771 dump_display sysfs file b/340722772 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873 @@ -10,6 +11,7 @@ hal_sensors_default sysfs file b/340723303 hal_vibrator_default default_android_service service_manager b/317316478 incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 +init init capability b/379248992 kernel dm_device blk_file b/315907959 kernel kernel capability b/340722537 kernel kernel capability b/340723030 @@ -20,6 +22,7 @@ pixelstats_vendor block_device dir b/369735407 platform_app vendor_fw_file dir b/372122654 platform_app vendor_rild_prop file b/372122654 priv_app audio_config_prop file b/379226710 +priv_app audio_config_prop file b/379246066 radio audio_config_prop file b/379227275 ramdump ramdump capability b/369538457 rfsd vendor_cbd_prop file b/317734418 @@ -30,10 +33,12 @@ system_server vendor_default_prop file b/366115457 system_server vendor_default_prop file b/366116435 system_server vendor_default_prop file b/366116587 untrusted_app audio_config_prop file b/379226644 +untrusted_app audio_config_prop file b/379246340 untrusted_app nativetest_data_file dir b/305600845 untrusted_app shell_test_data_file dir b/305600845 untrusted_app system_data_root_file dir b/305600845 untrusted_app userdebug_or_eng_prop file b/305600845 +untrusted_app_29 audio_config_prop file b/379246143 vendor_init debugfs_trace_marker file b/340723222 vendor_init default_prop file b/315104713 vendor_init default_prop file b/316817111 @@ -42,3 +47,4 @@ vendor_init default_prop property_service b/366115458 vendor_init default_prop property_service b/366116214 vendor_init default_prop property_service b/369735133 vendor_init default_prop property_service b/369735170 +zygote zygote capability b/379249291 From c8cc2683b5bebf469e54dc54b359d54ca3d6cff1 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Mon, 18 Nov 2024 14:36:20 +0800 Subject: [PATCH 08/20] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 379591559 Bug: 379591519 Flag: EXEMPT NDK Change-Id: Ia18661bf52755dec67b0551b217124b0485bdd6e --- tracking_denials/bug_map | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 45b44467..9b21d336 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -11,7 +11,7 @@ hal_sensors_default sysfs file b/340723303 hal_vibrator_default default_android_service service_manager b/317316478 incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 -init init capability b/379248992 +init init capability b/379591559 kernel dm_device blk_file b/315907959 kernel kernel capability b/340722537 kernel kernel capability b/340723030 @@ -47,4 +47,4 @@ vendor_init default_prop property_service b/366115458 vendor_init default_prop property_service b/366116214 vendor_init default_prop property_service b/369735133 vendor_init default_prop property_service b/369735170 -zygote zygote capability b/379249291 +zygote zygote capability b/379591519 From 94e8fa7a6a9c20d13c9272e8d81671db3cc29b78 Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Wed, 20 Nov 2024 08:15:36 +0000 Subject: [PATCH 09/20] modem_svc: move shared_modem_platform related sepolicy to gs-common Bug: 372400955 Change-Id: I52d2a6dacb59dd796d008c4a48cdea218fd11a27 Flag: NONE local testing only --- gs101-sepolicy.mk | 2 +- whitechapel/vendor/google/file_contexts | 1 - whitechapel/vendor/google/modem_svc_sit.te | 3 --- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk index 3e8c9022..c13b325e 100644 --- a/gs101-sepolicy.mk +++ b/gs101-sepolicy.mk @@ -1,5 +1,5 @@ # sepolicy that are shared among devices using whitechapel -BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/tracking_denials diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 975652e5..5b77f135 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -245,7 +245,6 @@ /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 # shared_modem_platform files -/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 /data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 # modem mnt files diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te index e0379a8a..467e8799 100644 --- a/whitechapel/vendor/google/modem_svc_sit.te +++ b/whitechapel/vendor/google/modem_svc_sit.te @@ -32,9 +32,6 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) -# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. -hal_server_domain(modem_svc_sit, hal_shared_modem_platform) - # Modem property set_prop(modem_svc_sit, vendor_modem_prop) From 9d43b259d2992363caa16c6596c92f97c9bbf083 Mon Sep 17 00:00:00 2001 From: "Liana Kazanova (xWF)" Date: Thu, 21 Nov 2024 17:53:56 +0000 Subject: [PATCH 10/20] Revert "modem_svc: move shared_modem_platform related sepolicy t..." Revert submission 30519089-move_modem_sepolicy Reason for revert: DroidMonitor: Potential culprit for http://b/380274930 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted. Reverted changes: /q/submissionid:30519089-move_modem_sepolicy Change-Id: Iadc8ec2e01336d746a7b34c8b05bd51df440c422 --- gs101-sepolicy.mk | 2 +- whitechapel/vendor/google/file_contexts | 1 + whitechapel/vendor/google/modem_svc_sit.te | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk index c13b325e..3e8c9022 100644 --- a/gs101-sepolicy.mk +++ b/gs101-sepolicy.mk @@ -1,5 +1,5 @@ # sepolicy that are shared among devices using whitechapel -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google +BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/tracking_denials diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 5b77f135..975652e5 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -245,6 +245,7 @@ /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 # shared_modem_platform files +/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 /data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 # modem mnt files diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te index 467e8799..e0379a8a 100644 --- a/whitechapel/vendor/google/modem_svc_sit.te +++ b/whitechapel/vendor/google/modem_svc_sit.te @@ -32,6 +32,9 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) +# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. +hal_server_domain(modem_svc_sit, hal_shared_modem_platform) + # Modem property set_prop(modem_svc_sit, vendor_modem_prop) From 4a732d5e796e24f291416fbdf603958f44b76b8f Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Thu, 5 Dec 2024 10:49:46 +0800 Subject: [PATCH 11/20] Update SELinux error Remove b/317316478 as it is closed Flag: EXEMPT sepolicy Test: SELinuxUncheckedDenialBootTest Bug: 382362462 Change-Id: I84b9676e21243e68aeae7eed787d43d537c3fdc8 --- tracking_denials/bluetooth.te | 2 ++ tracking_denials/bug_map | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 tracking_denials/bluetooth.te diff --git a/tracking_denials/bluetooth.te b/tracking_denials/bluetooth.te new file mode 100644 index 00000000..fa48fcb3 --- /dev/null +++ b/tracking_denials/bluetooth.te @@ -0,0 +1,2 @@ +# b/382362462 +dontaudit bluetooth default_android_service:service_manager { find }; diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 9b21d336..96ac2d94 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -8,7 +8,6 @@ dump_modem sscoredump_vendor_data_coredump_file dir b/366115873 dump_modem sscoredump_vendor_data_logcat_file dir b/366115873 hal_power_default hal_power_default capability b/240632824 hal_sensors_default sysfs file b/340723303 -hal_vibrator_default default_android_service service_manager b/317316478 incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 init init capability b/379591559 From f20c8a9072cc10081aa3214d448dea065aa75ab2 Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Sun, 8 Dec 2024 06:51:47 +0000 Subject: [PATCH 12/20] modem_svc: move shared_modem_platform related sepolicy to gs-common Bug: 372400955 Change-Id: I10410974041146ad508ca6748549507183cc1239 Flag: NONE local testing only --- gs101-sepolicy.mk | 2 +- whitechapel/vendor/google/file_contexts | 1 - whitechapel/vendor/google/modem_svc_sit.te | 3 --- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk index 3e8c9022..c13b325e 100644 --- a/gs101-sepolicy.mk +++ b/gs101-sepolicy.mk @@ -1,5 +1,5 @@ # sepolicy that are shared among devices using whitechapel -BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/tracking_denials diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 975652e5..5b77f135 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -245,7 +245,6 @@ /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 # shared_modem_platform files -/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 /data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 # modem mnt files diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te index e0379a8a..467e8799 100644 --- a/whitechapel/vendor/google/modem_svc_sit.te +++ b/whitechapel/vendor/google/modem_svc_sit.te @@ -32,9 +32,6 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) -# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. -hal_server_domain(modem_svc_sit, hal_shared_modem_platform) - # Modem property set_prop(modem_svc_sit, vendor_modem_prop) From 5f17f078a90aa35cea69e0f66785a72ed70de63f Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Mon, 9 Dec 2024 11:26:24 +0800 Subject: [PATCH 13/20] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 383013727 Flag: EXEMPT sepolicy Change-Id: Ie3297ad375423764a7ac504d60bf87c67c728aae --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 96ac2d94..2574e7cf 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -6,6 +6,7 @@ chre vendor_data_file dir b/301948771 dump_display sysfs file b/340722772 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873 dump_modem sscoredump_vendor_data_logcat_file dir b/366115873 +hal_camera_default aconfig_storage_metadata_file dir b/383013727 hal_power_default hal_power_default capability b/240632824 hal_sensors_default sysfs file b/340723303 incidentd debugfs_wakeup_sources file b/282626428 From a920c3e87541c198e8245d3aba3a0ead5300205d Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Fri, 13 Dec 2024 14:34:57 +0800 Subject: [PATCH 14/20] Update SELinux error Test: SELinuxUncheckedDenialBootTest Flag: EXEMPT sepolicy Bug: 383949055 Change-Id: Ibb64328a31a16fb930f459a6c4f299b40ce2af92 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 2574e7cf..e1cab32f 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -47,4 +47,5 @@ vendor_init default_prop property_service b/366115458 vendor_init default_prop property_service b/366116214 vendor_init default_prop property_service b/369735133 vendor_init default_prop property_service b/369735170 +zygote aconfig_storage_metadata_file dir b/383949055 zygote zygote capability b/379591519 From 5c7033096b762fb3322c1c8c34f783c78afad928 Mon Sep 17 00:00:00 2001 From: timmyli Date: Mon, 16 Dec 2024 06:50:39 +0000 Subject: [PATCH 15/20] Remove hal_camera_default aconfig_storage_metadata_file from bugmap Bug: 383013727 Test: compiles Flag: EXEMPT refactor Change-Id: I67c8f502e590297a1720ffb64d2c402a23ad7806 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e1cab32f..04900a68 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -6,7 +6,6 @@ chre vendor_data_file dir b/301948771 dump_display sysfs file b/340722772 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873 dump_modem sscoredump_vendor_data_logcat_file dir b/366115873 -hal_camera_default aconfig_storage_metadata_file dir b/383013727 hal_power_default hal_power_default capability b/240632824 hal_sensors_default sysfs file b/340723303 incidentd debugfs_wakeup_sources file b/282626428 From 99e1afe75d5b638c7e18905f80b09836dd7a39c6 Mon Sep 17 00:00:00 2001 From: Timmy Li Date: Mon, 16 Dec 2024 16:34:50 -0800 Subject: [PATCH 16/20] Revert "Remove hal_camera_default aconfig_storage_metadata_file ..." Revert submission 30930671-hal_camera_default_ aconfig_storage_metadata_file2 Reason for revert: b/384580942 Reverted changes: /q/submissionid:30930671-hal_camera_default_+aconfig_storage_metadata_file2 Change-Id: Ic505a8cdb84c48dd622e51ba0193ae1a4141784c --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 04900a68..e1cab32f 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -6,6 +6,7 @@ chre vendor_data_file dir b/301948771 dump_display sysfs file b/340722772 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873 dump_modem sscoredump_vendor_data_logcat_file dir b/366115873 +hal_camera_default aconfig_storage_metadata_file dir b/383013727 hal_power_default hal_power_default capability b/240632824 hal_sensors_default sysfs file b/340723303 incidentd debugfs_wakeup_sources file b/282626428 From efcb01f9a301988ee29fd2a55a1b67f962080483 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Wed, 25 Dec 2024 11:14:29 +0800 Subject: [PATCH 17/20] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 385977809 Flag: EXEMPT bugfix Change-Id: I0882cc3e0cbb2fa3761811f1492158e1ca62eb9d --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e1cab32f..b3373b51 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -25,6 +25,7 @@ priv_app audio_config_prop file b/379226710 priv_app audio_config_prop file b/379246066 radio audio_config_prop file b/379227275 ramdump ramdump capability b/369538457 +ramdump_app privapp_data_file lnk_file b/385977809 rfsd vendor_cbd_prop file b/317734418 shell sysfs_net file b/329380904 ssr_detector_app default_prop file b/350831964 From 5dbf8b9836efc121aea96e2ee1ada089e3fb9d41 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 26 Dec 2024 08:27:37 +0000 Subject: [PATCH 18/20] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 386149238 Flag: EXEMPT update sepolicy Change-Id: I903a71b445af846a3fc290c572c9a7faba1a0e47 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index b3373b51..cd2c30da 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -25,6 +25,7 @@ priv_app audio_config_prop file b/379226710 priv_app audio_config_prop file b/379246066 radio audio_config_prop file b/379227275 ramdump ramdump capability b/369538457 +ramdump_app default_prop file b/386149238 ramdump_app privapp_data_file lnk_file b/385977809 rfsd vendor_cbd_prop file b/317734418 shell sysfs_net file b/329380904 From b807c761ffd89ed66e28f91167de5cb3c4f5a0ea Mon Sep 17 00:00:00 2001 From: YiKai Peng Date: Thu, 19 Dec 2024 22:24:43 -0800 Subject: [PATCH 19/20] sepolicy: gs101: add genfscon wireless into sysfs_batteryinfo Bug: 377264254 Flag: EXEMPT bugfix Test: ABTD Change-Id: Iaaa20ac86422fe4052c9f4c263a23b06a9a5bcf3 Signed-off-by: YiKai Peng --- whitechapel/vendor/google/genfs_contexts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 2a0642d1..6813a393 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -33,6 +33,10 @@ genfscon sysfs /devices/platform/google,dock/power_supply/dock genfscon sysfs /devices/platform/10d50000.hsi2c u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 + # Slider genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-0/0-003c u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 From 276946c2654a3e2d7b29f63ed59f5f9388ea5b4d Mon Sep 17 00:00:00 2001 From: chenkris Date: Fri, 3 Jan 2025 04:29:02 +0000 Subject: [PATCH 20/20] whi: Add selinux permission for fth Fix the following avc denials: avc: denied { open } for path="/dev/fth_fd" dev="tmpfs" ino=1575 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 avc: denied { read } for name="wakeup96" dev="sysfs" ino=101698 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0 Bug: 383048849 Test: ls -lZ /sys/devices/platform/odm//odm:fps_touch_handler/wakeup Test: authenticate fingerprint Flag: EXEMPT NDK Change-Id: I97305f6ac077e114624674e18b5d0718771a5e3a --- whitechapel/vendor/google/file_contexts | 1 + whitechapel/vendor/google/genfs_contexts | 3 +++ 2 files changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 5b77f135..196d0dd7 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -359,6 +359,7 @@ /dev/bigocean u:object_r:video_device:s0 # Fingerprint +/dev/fth_fd u:object_r:fingerprint_device:s0 /dev/goodix_fp u:object_r:fingerprint_device:s0 /data/vendor/fingerprint(/.*)? u:object_r:fingerprint_vendor_data_file:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 6813a393..ec02ff21 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -132,6 +132,9 @@ genfscon sysfs /devices/platform/sound-aoc/wakeup genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/wakeup u:object_r:sysfs_wakeup:s0 + # Input genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0