Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
381 commits 1 branch 0 tags 494 MiB
Commit graph

381 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yu-Chi Cheng
021fe39d69 Merge "Allowed EdgeTPU service to read system properties related to vendor." into sc-dev am: 26cc7d6499 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14042450

Change-Id: I650b24c2e44106b738dd9149eda59ed9ab9b0aac
 2021-04-06 06:28:04 +00:00
Yu-Chi Cheng
26cc7d6499 Merge "Allowed EdgeTPU service to read system properties related to vendor." into sc-dev 2021-04-06 05:40:44 +00:00
Grace Chen
63bf6d5ea6 Merge "Add selinux permissions for NFC/eSIM fw upgrade" into sc-dev am: 404937b03b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14015608

Change-Id: Ib0b584200641b8b14150c64e5a783515124fe1d9
 2021-04-06 01:05:34 +00:00
Vova Sharaienko
153de8ba1f Merge "exo: updated sepolicy" into sc-dev am: 25f19371aa 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14065696

Change-Id: I3ea11a6661f28a4b3c56d9b6045b4334bf1c5985
 2021-04-06 01:05:11 +00:00
Grace Chen
404937b03b Merge "Add selinux permissions for NFC/eSIM fw upgrade" into sc-dev 2021-04-06 00:28:22 +00:00
Vova Sharaienko
25f19371aa Merge "exo: updated sepolicy" into sc-dev 2021-04-06 00:27:04 +00:00
Grace Chen
a4b253476c Add selinux permissions for NFC/eSIM fw upgrade 
Bug: 183709811
Test: Confirm no selinux permissions errors.
Change-Id: Ibd98558a2446567d4beb1f6b88acafc05c3c1951
 2021-04-05 15:38:59 -07:00
Cheng Gu
5ddabea73a Merge "gs101-sepolicy: Allow rlsservice to access range sensor" into sc-dev am: ce42ee4660 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14077743

Change-Id: Iac5f745c35fcdcf77169d77660e538ed52639b75
 2021-04-05 21:35:12 +00:00
Cheng Gu
ce42ee4660 Merge "gs101-sepolicy: Allow rlsservice to access range sensor" into sc-dev 2021-04-05 20:45:08 +00:00
TreeHugger Robot
46dac40fc2 Merge "Grant GPU and Fabric node access" into sc-dev am: 71e96842ca 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14078302

Change-Id: I004916c1aace1af25a5a110d01350f6de774dd9b
 2021-04-03 00:01:54 +00:00
TreeHugger Robot
71e96842ca Merge "Grant GPU and Fabric node access" into sc-dev 2021-04-02 22:59:18 +00:00
Cheng Gu
72011a8a87 gs101-sepolicy: Allow rlsservice to access range sensor 
Fix: 184295618
Test: rlsservice_test
Change-Id: Iee4cc5376e0eb67e75ae94cd15b5211a7ec819ef
 2021-04-02 22:27:48 +00:00
Wei Wang
852d1dc3c1 Grant GPU and Fabric node access 
Bug: 183626384
Test: boot
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: Ibb700110795f81a2da4358352111f61ef987c29b
 2021-04-02 14:22:37 -07:00
Vova Sharaienko
ceafb82c02 exo: updated sepolicy 
This allows the Exo to access AIDL Stats service

Bug: 181892307
Test: Build, flash, boot & and logcat | grep "IStats"
Change-Id: I6ae1c37505b312617376bc3c954720c8a1f223d2
 2021-04-02 19:13:12 +00:00
Steve Pfetsch
ec75ec5676 Merge "Add new ITouchContextService interface to twoshay" into sc-dev am: 48f88fb26b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13959947

Change-Id: I78f7639e542b60c68deb2651dc43c26a2da6eb98
 2021-04-02 18:18:07 +00:00
Steve Pfetsch
48f88fb26b Merge "Add new ITouchContextService interface to twoshay" into sc-dev 2021-04-02 18:01:02 +00:00
Krzysztof Kosiński
3feab91f9a Mark libGralloc4Wrapper.so as same-process HAL. am: 8a1f0bed01 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14065699

Change-Id: I8bbfefe1a144c621dc963e8e84d305c02f7e3a3d
 2021-04-02 17:31:59 +00:00
Krzysztof Kosiński
8a1f0bed01 Mark libGralloc4Wrapper.so as same-process HAL. 
Updating the library name after upgrade to gralloc version 4.

Bug: 178656396
Test: GCA on oriole
Change-Id: I638b3cd0d7f4759f89a62a1d102cc98d9a3db622
 2021-04-01 22:21:44 -07:00
SalmaxChang
977d5bc22a e2fs: Fix avc errors am: e277259f08 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14057402

Change-Id: If45de2ed7b5537fdff112867048c33ec1ced880b
 2021-04-02 03:39:03 +00:00
SalmaxChang
e277259f08 e2fs: Fix avc errors 
avc: denied { read } for comm="mke2fs" name="sda5" dev="tmpfs" ino=574 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file
avc: denied { ioctl } for comm="mke2fs" path="/dev/block/sda5" dev="tmpfs" ino=510 ioctlcmd=0x127b scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file

Bug: 184221482
Change-Id: Ic0c697bb591135d9830cd9e32e110cb5b5eb1504
 2021-04-02 01:13:27 +00:00
Michael Wright
98c223e862 Add new ITouchContextService interface to twoshay 
Bug: 174626987
Test: boot, see no denials

Change-Id: I963d5b77969571182b94c4265653c5d22e124247
 2021-04-01 23:32:19 +00:00
TreeHugger Robot
72e640e63d Merge "gs101-sepolicy: Allow binder call rlsservice from camera" into sc-dev am: 8948e498c8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14065690

Change-Id: I6a641820adbdbbf5a6e488dd1fc55b82538f53c2
 2021-04-01 21:34:20 +00:00
TreeHugger Robot
8948e498c8 Merge "gs101-sepolicy: Allow binder call rlsservice from camera" into sc-dev 2021-04-01 21:04:11 +00:00
Cheng Gu
765e8e2374 gs101-sepolicy: Allow binder call rlsservice from camera 
This is to fix below avc denial:
  E SELinux : avc:  denied  { find } for pid=28954 uid=1000
  name=rlsservice scontext=u:r:hal_camera_default:s0
  tcontext=u:object_r:rls_service:s0 tclass=service_manager permissive=0

The solution is similar to ag/7253836 (coral) and ag/10232101 (redbull).

Fix: 183620858
Test: adb shell setprop persist.vendor.camera.dump_range_data 1 &&
      adb shell pkill -f camera, then retest camera
Change-Id: I6bb743c15ee64e3c4ecb8359126b238554aa649e
 2021-04-01 21:03:02 +00:00
Yu-Chi Cheng
f27370db65 Allowed EdgeTPU service to read system properties related to vendor. 
The EdgeTPU service will read properties including
"vendor.edgetpu.service.allow_unlisted_app". This change added the
related SELinux rule for it.

Bug: 182209462
Test: tested on local Oriole + GCA
Change-Id: I8e7f7975bf144593d00a305554d75a5e0200a428
 2021-04-01 11:40:36 -07:00
TreeHugger Robot
025ddae3f5 Merge "remove obsolete entries" into sc-dev am: 3504d25fb6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14057401

Change-Id: I43b31230b9a17bab788d6bb12dceab0874f1c27a
 2021-04-01 08:37:51 +00:00
TreeHugger Robot
3504d25fb6 Merge "remove obsolete entries" into sc-dev 2021-04-01 08:05:31 +00:00
Charlie Chen
df4340620f Merge "SELinux error coming from mediacodec when using GCA and secure playback" into sc-dev am: 1a03008756 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14057389

Change-Id: Ia11cf3a7b21e91b79450fb73f32b4016d6bfca91
 2021-04-01 07:15:31 +00:00
Adam Shih
f96f0c79a3 remove obsolete entries 
Bug: 183560282
Bug: 180858511
Bug: 183161715
Bug: 178331791
Bug: 178433597
Test: pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: Iba208b69389450b8ef69aaecfb799ef696515669
 2021-04-01 15:02:46 +08:00
Charlie Chen
1a03008756 Merge "SELinux error coming from mediacodec when using GCA and secure playback" into sc-dev 2021-04-01 06:48:14 +00:00
Gillian Lin
acbe8fea4a Merge "Fix SELinux error from vendor_init" into sc-dev am: cdfffb7213 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14048486

Change-Id: Ibe02e5539c1d72b924489efd818014be29b2ce94
 2021-04-01 05:42:24 +00:00
Gillian Lin
cdfffb7213 Merge "Fix SELinux error from vendor_init" into sc-dev 2021-04-01 05:08:50 +00:00
Charlie Chen
5602dfde45 SELinux error coming from mediacodec when using GCA and secure playback 
Fixes the following denials:

avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { search } for name="video6" dev="sysfs" ino=64587 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_video:s0 \
tclass=dir permissive=0

Bug: 182525521
Bug: 184145552
Test: GCA recording works properly, \
      Netflix and ExoPlayer can play videos
Change-Id: Ib7220feedc5031fb0e5c05a2b487da2ddf8b98cd
 2021-04-01 02:53:24 +00:00
Eddie Tashjian
e13fc96b1f Merge "Allow radio vendor apps to modify slog props." into sc-dev am: 6171dc4503 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14056485

Change-Id: I0434283eaf0c403548a96da40c050653be779b63
 2021-04-01 02:36:46 +00:00
gillianlin
52a776889c Fix SELinux error from vendor_init 
03-17 09:12:55.380     1     1 I /system/bin/init: type=1107 audit(0.0:3): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=mfgapi.touchpanel.permission pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1'

Bug: 182954248
Change-Id: I9ffff1aab20577950cb43c35d788e6a9c9acd571
 2021-04-01 10:16:41 +08:00
Eddie Tashjian
6171dc4503 Merge "Allow radio vendor apps to modify slog props." into sc-dev 2021-04-01 01:32:04 +00:00
Ilya Matyukhin
881763c14e Merge "Add sepolicy for Goodix AIDL HAL" into sc-dev am: 52a4f701c1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13990421

Change-Id: I98013d8691da399355ea0f3746d0f239d105f5b2
 2021-03-31 22:40:05 +00:00
Ilya Matyukhin
52a4f701c1 Merge "Add sepolicy for Goodix AIDL HAL" into sc-dev 2021-03-31 21:57:29 +00:00
Eddie Tashjian
022de778ed Allow radio vendor apps to modify slog props. 
Radio vendor silent logging app needs access to the vendor slog
properties in order to configure logging.

Bug: 184102091
Test: Check vendor silent logging app works.
Change-Id: I1a7c590b80d94c0b147743372ba3cd1a0817baf3
 2021-03-31 20:57:31 +00:00
Eddie Tashjian
964eb91728 Merge "Add sepolicy for CBRS setup app." into sc-dev am: 606a9ea28d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13990414

Change-Id: If299e9dc9732742f75f26385c82b342caf765cef
 2021-03-31 18:47:55 +00:00
Eddie Tashjian
606a9ea28d Merge "Add sepolicy for CBRS setup app." into sc-dev 2021-03-31 18:23:07 +00:00
Zhijun He
1e4b402323 Merge "Revert "Allow Exoplayer access to the vstream-secure heap for secure playback"" into sc-dev am: a7d3992396 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14048500

Change-Id: Ide1c51c17bce737ba9132bb0d58c6aa994d62dcc
 2021-03-31 16:24:51 +00:00
Zhijun He
a7d3992396 Merge "Revert "Allow Exoplayer access to the vstream-secure heap for secure playback"" into sc-dev 2021-03-31 15:38:31 +00:00
Charlie Chen
ac3d49d41d Revert "Allow Exoplayer access to the vstream-secure heap for secure playback" 
This reverts commit 7c92613185.

Reason for revert: This commit breaks camera recording

Bug: 184154831
Change-Id: Ia4286dab9c5d44c59a3b224e0e24c191eb2be84b
 2021-03-31 15:37:48 +00:00
Yu-Chi Cheng
62e7f60757 Merge "Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version." into sc-dev am: f9668d2b94 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14035811

Change-Id: Iec2f2d735c6c44e655ef15a0a660a7189e368422
 2021-03-31 15:04:44 +00:00
Yu-Chi Cheng
5157e0dc04 Merge "Labelled EdgeTPU service libraries as SP-HAL." into sc-dev am: 53982a4372 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14026058

Change-Id: I1a1a0fd94e4e613c964598de6bb615608fd1a6c5
 2021-03-31 15:03:56 +00:00
Yu-Chi Cheng
f9668d2b94 Merge "Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version." into sc-dev 2021-03-31 14:26:10 +00:00
Yu-Chi Cheng
53982a4372 Merge "Labelled EdgeTPU service libraries as SP-HAL." into sc-dev 2021-03-31 14:24:54 +00:00
millerliang
7532dd7d1f Fix MMAP audio avc denied am: f01cb384d8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14029670

Change-Id: I6700779ed0c8077b21054f24296e8088b812bf16
 2021-03-31 09:43:37 +00:00
TreeHugger Robot
bb571e8736 Merge "remove obsolete entries" into sc-dev am: 6bcc46cec5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14041327

Change-Id: I01fe41955f235712bcb04bf48c7e7c59c699ccd4
 2021-03-31 07:52:42 +00:00