Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
561 commits 1 branch 0 tags 494 MiB
Commit graph

561 commits

This branch
This branch
All branches
Author SHA1 Message Date
Wenhao Wang
a16b1668be Merge "Fix selinux for RPMB daemon" into sc-dev 2021-04-20 17:20:50 +00:00
TreeHugger Robot
77725ac5f8 Merge "sepolicy: add cs40l26 haptics modules" into sc-dev 2021-04-20 11:49:51 +00:00
Tai Kuo
0e9abb4ef2 sepolicy: add cs40l26 haptics modules 
Fix the following avc denial:
avc: denied { module_load } for comm="insmod" path="/vendor_dlkm/lib/modules/cl_dsp.ko" dev="overlay" ino=41 scontext=u:r:init-insmod-sh:s0 tcontext=u:object_r:vendor_file:s0 tclass=system permissive=1

Bug: 184610991
Test: Full built. Check if the avc denial was gone.
Signed-off-by: Tai Kuo <taikuo@google.com>
Change-Id: Ic41ea6a6add818bfdf95e71e20df77b9e06db6c1
 2021-04-20 11:43:03 +00:00
TreeHugger Robot
a0fbe1508d Merge "remove obsolete entry" into sc-dev 2021-04-20 07:52:18 +00:00
Adam Shih
93b498ea78 remove obsolete entry 
Bug: 182531832
Test: do bugreport with no dumpstate related error
Change-Id: I3f19f82f37b11221f4816d958797336da23b14b4
 2021-04-20 14:42:55 +08:00
Ted Wang
4233336296 Grant sepolicy for Bluetooth Ccc Timesync feature 
Add sepolicy rules for Bluetooth Ccc Timessync

Bug: 175836015
Test: make
Change-Id: If2d3f953a5899cd5ea0695a57132dd69a2a29675
 2021-04-20 06:32:49 +00:00
Adam Shih
a2f8a45c46 suppress logs created by userdebug-only features 
Bug: 185439604
Test: cts-tradefed run commandAndExit cts -m CtsSecurityHostTestCases
Change-Id: I8d993154e8e6c3205e1e83c6b81d4d9064dc3171
 2021-04-20 06:17:20 +00:00
Wenhao Wang
f5277482c1 Fix selinux for RPMB daemon 
Secure persistent storage has been moved to persist root.
The corresponding pathes on SELinux policy has to be updated.

Bug: 173971240
Bug: 173032298
Test: Trusty storage tests
Change-Id: I0e7756f3b4d5c6be705a87e1d7d80247df1ec4bb
 2021-04-20 13:01:23 +08:00
Wei Wang
0ae24df58d Merge "Grant Fabric node access for memory min frequency setting" into sc-dev 2021-04-20 02:14:18 +00:00
Taeju Park
3e824702f2 Grant Fabric node access for memory min frequency setting 
Bug: 170510392
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: Ia96c8d9e890251a4f82bf8c8bb042ae6ce57182b
 2021-04-20 00:46:32 +00:00
Salmax Chang
854e4dfd60 Merge "dumpstate/incident: Fix avc errors" into sc-dev 2021-04-19 10:00:10 +00:00
SalmaxChang
1b17b0fbaa dumpstate/incident: Fix avc errors 
avc: denied { append } for path="/storage/emulated/0/Android/data/com.android.pixellogger/files/bugreport-oriole-MASTER-2021-04-19-14-57-22.zip" dev="dm-7" ino=35424 scontext=u:r:dumpstate:s0 tcontext=u:object_r:media_rw_data_file:s0:c28,c257,c512,c768 tclass=file
avc: denied { use } for path="/storage/emulated/0/Android/data/com.android.pixellogger/files/bugreport-oriole-MASTER-2021-04-19-14-57-22.zip" dev="dm-7" ino=35424 scontext=u:r:incident:s0 tcontext=u:r:logger_app:s0:c28,c257,c512,c768 tclass=fd
avc: denied { append } for path="/storage/emulated/0/Android/data/com.android.pixellogger/files/bugreport-oriole-MASTER-2021-04-19-16-30-05.zip" dev="dm-7" ino=12639 scontext=u:r:incident:s0 tcontext=u:object_r:media_rw_data_file:s0:c30,c257,c512,c768 tclass=file

Bug: 178744858
Change-Id: I07eb1f4abf6cb9b399c773854ca6f47fcd5e2f37
 2021-04-19 08:34:57 +00:00
Hongbo Zeng
8b9e2b3834 allow RilConfigService to call oemrilhook api 
04-15 21:19:42.312   373   373 E SELinux : avc:  denied  { find } for pid=10245 uid=1001 name=telephony.oem.oemrilhook scontext=u:r:ril_config_service_app:s0 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0

Bug: 185747692
Test: after apply the rule, the denial log is gone
Change-Id: I447c9c695f48ee3b528190ff33261ca3e9cd69df
 2021-04-19 16:26:59 +08:00
TreeHugger Robot
8c30e63758 Merge "Add sepolicy rules when PowerAnomalyDataDetection service enabled" into sc-dev 2021-04-19 06:03:11 +00:00
TreeHugger Robot
07121f1245 Merge "remove obsolete domains" into sc-dev 2021-04-19 05:56:38 +00:00
Rios Kao
1b25799252 Merge "Allow ssr_detector to read aoc version property" into sc-dev 2021-04-19 04:19:34 +00:00
Adam Shih
99988c4c5f remove obsolete domains 
Bug: 168013500
Test: Check that abox and rpmbd are not in ROM anywhere in oriole, raven user,
userdebug and factory ROM

Change-Id: Ie091a1036ba6c25a3c7f0ef0b8f69cc9fc4e306a
 2021-04-19 11:14:54 +08:00
Adam Shih
59a1c3f04a update error on ROM 7293525 
Bug: 185723618
Bug: 185723492
Bug: 185723694
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I5cc12384aca5dcc2658b914e5c7783f2e1e70b5d
 2021-04-19 09:52:55 +08:00
TreeHugger Robot
96ed3bb51c Merge "sepolicy: fix fingerprint sepolicy" into sc-dev 2021-04-16 09:25:33 +00:00
eddielan
75a9ea1ee4 sepolicy: fix fingerprint sepolicy 
04-16 01:56:07.948  1039  1039 W fingerprint@2.1: type=1400 audit(0.0:110):
avc: denied { write } for name="wakeup_enable" dev="sysfs" ino=69197
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs:s0
tclass=file permissive=0

Bug: 185538163
Test: Build Pass
Change-Id: I8f75daf22577e6a68f3b2a0250eebebd1873ea28
 2021-04-16 15:17:20 +08:00
SalmaxChang
3c692b942a Create vendor_logger_prop 
Bug: 178744858
Change-Id: I4abb6f73b068c5ed265979c3190bcc2feac76f94
 2021-04-16 06:06:36 +00:00
Hsiaoan Hsu
0790114826 Add sepolicy rules when PowerAnomalyDataDetection service enabled 
- Fix avc denied when Power anomaly data detection enable.

Bug: 185544799
Test: Verified Pass
Change-Id: I7b81e09842acb71767f60df18fd0ca4a95e0ff09
 2021-04-16 13:37:04 +08:00
TreeHugger Robot
ca24e70422 Merge "Update sepolicy for the egetpu_logging service to access the sysfs." into sc-dev 2021-04-16 02:15:58 +00:00
qinyiyan
4585613637 Update sepolicy for the egetpu_logging service to access the sysfs. 
Test: make selinux_policy -j128 and pushed sepolicy modules to the
device. The avc denials are gone.
Bug:185448476

Change-Id: Ibff482b64a6cdbc5a7967bb8cc4281c8bd0b5b98
 2021-04-15 23:57:32 +00:00
Max Shi
55bd05960f Add sepolicy for sensor HAL accessing AOC reset sysfs node. 
Bug: 184858369
Test: Verify sensor HAL process can write to the sysfs node.
Change-Id: I9700323bafa413b88f25e4117499bcc936bce9c6
 2021-04-15 23:37:15 +00:00
Ahmed ElArabawy
4a5d646504 Merge "ssr_detector: provide wlan firmware version" into sc-dev 2021-04-15 23:32:26 +00:00
rioskao
a0a4a7f2a2 Allow ssr_detector to read aoc version property 
sst_detector would need firmware version in order to
parse dump information with corresponding symbol of the version

04-15 13:05:39.196 28845 28864 W libc    : Access denied finding property "vendor.aoc.firmware.version"

Bug: 185473950
Test: validate by force ramdump of aoc.

Change-Id: Iebf62b97897ccc2a84a174dafca90f446b771915
 2021-04-15 22:53:18 +08:00
Jenny Ho
9ec58d031a Merge "Allow to dump pps-dc" into sc-dev 2021-04-15 10:26:57 +00:00
Roger Wang
da8122c867 ssr_detector: provide wlan firmware version 
In this commit, we allow ssr_detector to collect
wlan firmware version from property. This information
is useful for doing SSR statistic.

avc log:
avc: denied { read } for comm="FileObserver" name="u:object_r:vendor_wifi_version:s0" dev="tmpfs" ino=324 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_wifi_version:s0 tclass=file permissive=0

Bug: 185457155
Test: check firmware version can be collected.
ssrInfo SSRInfo{mSubsystem='wlan', mCrashReason='Dongle_Trap_traptest+0x8_pcidev_handle_user_disconnect+0xbb', mRamdumpFile='coredump_wlan_2021-04-15_18-01-54.bin', mTimeStamp='2021-04-15_18-01-54', mBuildVersion='20.25.423.4', mUID='05a6029c-4f74-3172-9a3f-7fa8e8bcc6c4', mExtraBuildVersion=''}, uid 05a6029c-4f74-3172-9a3f-7fa8e8bcc6c4

Change-Id: Ibf2ce8f0c7a7dd752963c738bf28da14034cc209
 2021-04-15 18:08:52 +08:00
Charlie Chen
742daf873c Merge changes from topic "remove_video_system_heap" into sc-dev 
* changes:
  Formatting file_contexts
  remove video_system_heap
 2021-04-15 07:56:19 +00:00
TreeHugger Robot
a4d458026a Merge "Allow power stats HAL read uwb power_stats sysfs node" into sc-dev 2021-04-15 06:26:00 +00:00
TeYuan Wang
66fd237730 thermal: add sepolicy rule to access ODPM sysfs 
Bug: 170653634
Test: test thermal behavior under enforcing mode
Change-Id: I37500de957cc2375213f1d0416a88356f36d2367
 2021-04-15 05:55:10 +00:00
Benjamin Schwartz
948f48997b Merge "Allow power stats HAL to read gnss stats" into sc-dev 2021-04-15 05:08:16 +00:00
Vova Sharaienko
d7e81afb35 Merge "Stats: removed obsolete IStats HIDL sepolicies" into sc-dev 2021-04-15 05:01:22 +00:00
Charlie Chen
01a33d0cb7 Formatting file_contexts 
Test: Youtube playback, video recording, ExoPlayer playback
Bug: 181380463
Change-Id: I9eeb08987794336aafa7945a9d648a38f0e7989a
 2021-04-15 11:08:10 +08:00
Taehwan Kim
9d20b97534 remove video_system_heap 
Test: Youtube playback, video recording, ExoPlayer playback
Bug: 181380463
Signed-off-by: Taehwan Kim <t_h.kim@samsung.com>
Change-Id: If2aad557365755156e4c088048dc351bc66df281
 2021-04-15 11:07:20 +08:00
Chris Lu
86582e6ce0 display: remove dontaudit for hal_memtrack_default 
Bug: 181913683
Test: make pts -j60 pts-tradefed run pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: I72963aed5aff9bcbf2de16b11b16033ca594d7f0
 2021-04-15 10:12:01 +08:00
Vova Sharaienko
a0a8cb2dff Stats: removed obsolete IStats HIDL sepolicies 
Bug: 181887265
Test: Build, flash, and logcat for sepolicies messages
Change-Id: I702a8d59fadf04658addd6e3acf3a126a0a4cae7
 2021-04-15 01:42:45 +00:00
Benjamin Schwartz
dde4b6bf1f Allow power stats HAL to read gnss stats 
Bug: 181577366
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: Iea8c332f9b73358e1a6464d69cbef6af4a603f84
 2021-04-14 17:28:02 -07:00
Benjamin Schwartz
a791d93318 Allow power stats HAL read uwb power_stats sysfs node 
Bug: 180956351
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: Id157c1e10f4d9491ae54dd1babb82e6f282c257c
 2021-04-14 15:35:53 -07:00
Aaron Tsai
204dc05aa4 Fix avc denied for Silent Logging 
04-08 23:18:20.684   920   920 I HwBinder:920_1: type=1400 audit(0.0:486): avc: denied { call } for scontext=u:r:sced:s0 tcontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tclass=binder permissive=1
04-08 22:51:36.312  1000  6890  6890 I Thread-2: type=1400 audit(0.0:1390): avc: denied { call } for scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:r:sced:s0 tclass=binder permissive=1

04-08 23:18:20.684  7099  7099 I auditd  : type=1400 audit(0.0:487): avc: denied { execute } for comm="HwBinder:920_1" name="sh" dev="dm-0" ino=464 scontext=u:r:sced:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
04-08 23:18:20.684  7099  7099 I auditd  : type=1400 audit(0.0:488): avc: denied { read open } for comm="HwBinder:920_1" path="/system/bin/sh" dev="overlay" ino=464 scontext=u:r:sced:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1

04-08 22:51:36.312  1000  8554  8554 I HwBinder:908_1: type=1400 audit(0.0:1391): avc: denied { execute_no_trans } for path="/vendor/bin/sh" dev="overlay" ino=377 scontext=u:r:sced:s0 tcontext=u:object_r:vendor_shell_exec:s0 tclass=file permissive=1
04-08 22:51:36.324  1000   908   908 I HwBinder:908_1: type=1400 audit(0.0:1392): avc: denied { search } for name="slog" dev="dm-7" ino=245 scontext=u:r:sced:s0 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=1
04-08 22:51:36.324  1000   908   908 I HwBinder:908_1: type=1400 audit(0.0:1393): avc: denied { write } for name="slog" dev="dm-7" ino=245 scontext=u:r:sced:s0 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=1
04-08 22:51:36.324  1000   908   908 I HwBinder:908_1: type=1400 audit(0.0:1394): avc: denied { add_name } for name="tcplog_20210408225136.pcap" scontext=u:r:sced:s0 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=1
04-08 22:52:24.720  1000   908   908 I HwBinder:908_1: type=1400 audit(0.0:1427): avc: denied { create } for name="tcplog_20210408225224.pcap" scontext=u:r:sced:s0 tcontext=u:object_r:vendor_slog_file:s0 tclass=file permissive=1

04-08 23:18:23.160  7099  7099 I auditd  : type=1400 audit(0.0:505): avc: denied { getopt } for comm="tcpdump" scontext=u:r:sced:s0 tcontext=u:r:sced:s0 tclass=packet_socket permissive=1
04-08 23:18:23.160  7099  7099 I tcpdump : type=1400 audit(0.0:505): avc: denied { getopt } for scontext=u:r:sced:s0 tcontext=u:r:sced:s0 tclass=packet_socket permissive=1
04-08 23:18:23.160  7099  7099 I auditd  : type=1400 audit(0.0:506): avc: denied { setopt } for comm="tcpdump" scontext=u:r:sced:s0 tcontext=u:r:sced:s0 tclass=packet_socket permissive=1
04-08 23:18:23.160  7099  7099 I tcpdump : type=1400 audit(0.0:506): avc: denied { setopt } for scontext=u:r:sced:s0 tcontext=u:r:sced:s0 tclass=packet_socket permissive=1

04-08 23:58:53.664  8514  8514 I auditd  : type=1400 audit(0.0:500): avc: denied { getattr } for comm="sh" path="/system/bin/tcpdump" dev="overlay" ino=502 scontext=u:r:sced:s0 tcontext=u:object_r:tcpdump_exec:s0 tclass=file permissive=1
04-08 23:58:53.664  8514  8514 I auditd  : type=1400 audit(0.0:501): avc: denied { execute } for comm="sh" name="tcpdump" dev="dm-0" ino=502 scontext=u:r:sced:s0 tcontext=u:object_r:tcpdump_exec:s0 tclass=file permissive=1
04-08 23:58:53.664  8514  8514 I auditd  : type=1400 audit(0.0:502): avc: denied { read open } for comm="sh" path="/system/bin/tcpdump" dev="overlay" ino=502 scontext=u:r:sced:s0 tcontext=u:object_r:tcpdump_exec:s0 tclass=file permissive=1
04-08 23:58:53.668  8514  8514 I auditd  : type=1400 audit(0.0:503): avc: denied { execute_no_trans } for comm="sh" path="/system/bin/tcpdump" dev="overlay" ino=502 scontext=u:r:sced:s0 tcontext=u:object_r:tcpdump_exec:s0 tclass=file permissive=1
04-08 23:58:53.668  8514  8514 I auditd  : type=1400 audit(0.0:504): avc: denied { map } for comm="tcpdump" path="/system/bin/tcpdump" dev="overlay" ino=502 scontext=u:r:sced:s0 tcontext=u:object_r:tcpdump_exec:s0 tclass=file permissive=1

04-08 23:58:53.680  8514  8514 I auditd  : type=1400 audit(0.0:505): avc: denied { create } for comm="tcpdump" scontext=u:r:sced:s0 tcontext=u:r:sced:s0 tclass=packet_socket permissive=1
04-08 23:58:53.680  8514  8514 I auditd  : type=1400 audit(0.0:506): avc: denied { net_raw } for comm="tcpdump" capability=13 scontext=u:r:sced:s0 tcontext=u:r:sced:s0 tclass=capability permissive=1
04-08 23:58:53.680  8514  8514 I auditd  : type=1400 audit(0.0:507): avc: denied { ioctl } for comm="tcpdump" path="socket:[96140]" dev="sockfs" ino=96140 ioctlcmd=0x8933 scontext=u:r:sced:s0 tcontext=u:r:sced:s0 tclass=packet_socket permissive=1

04-13 19:19:38.493  1000   403   403 I auditd  : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:sced:s0 pid=909 scontext=u:r:sced:s0 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=0
04-13 21:40:13.054   404   404 I auditd  : avc:  denied  { add } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:sced:s0 pid=911 scontext=u:r:sced:s0 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=1
04-13 21:40:13.055   404   404 I auditd  : avc:  denied  { add } for interface=android.hidl.base::IBase sid=u:r:sced:s0 pid=911 scontext=u:r:sced:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1


Bug: 184921478
Test: manual test
Change-Id: I39eb403272a8a4fba0728c9f8eab5ea23096a540
 2021-04-14 18:18:55 +08:00
Adam Shih
65355b49a3 Merge "change assigned bug" into sc-dev 2021-04-14 07:09:32 +00:00
Ray Chi
f4589fecba usb: Add sepolicy for extcon access 
USB gadget hal will access extcon folder so that this patch
will add new rule to allow USB gadget hal to access extcon.

Bug: 185302867
Test: apply the rule and verify it
Change-Id: I0bc44dbf89a02c4fa5b561baf1c0c1c43d5183e9
 2021-04-14 14:36:44 +08:00
SalmaxChang
f23a4423c4 Add more modem properties 
init    : Do not have permissions to set 'ro.vendor.sys.modem.logging.loc' to '/data/vendor/slog' in property file '/vendor/build.prop': SELinux permission check failed

Bug: 184101903
Change-Id: I8c2dfd48e177e4a5127c1efd977c0f6c18b50379
 2021-04-14 04:46:32 +00:00
Roshan Pius
8119d482ed Uwb: Create a new Uwb system service 
Move the vendor service to a different name which will be used by AOSP
uwb service.

Also, create a new domain for the UWB vendor app which can expose this
vendor service.

Denials:
04-12 16:38:38.282   411   411 E SELinux : avc:  denied  { find } for pid=2964
uid=1000 name=tethering scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=0

04-12 17:56:49.320   411   411 E SELinux : avc:  denied  { find } for pid=2964
uid=1000 name=hardware.qorvo.uwb.IUwb/default scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:hal_uwb_service:s0 tclass=service_manager permissive=0

04-12 20:13:37.952  3034  3034 W com.qorvo.uwb: type=1400 audit(0.0:8): avc: denied
{ getattr } for path="/data/user/0/com.qorvo.uwb" dev="dm-11" ino=7176
scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0
tclass=dir permissive=0

04-12 20:13:38.003   408   408 E SELinux : avc:  denied  { find } for pid=3034
uid=1000 name=content_capture scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=0

04-12 21:25:03.244  2992  2992 W com.qorvo.uwb: type=1400 audit(0.0:7): avc: denied
{ getattr } for path="/data/user/0/com.qorvo.uwb" dev="dm-11" ino=7176
scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768 tcontext=u:object_r:
system_app_data_file:s0:c232,c259,c512,c768 tclass=dir permissive=0

Bug: 183904955
Test: atest android.uwb.cts.UwbManagerTest
Change-Id: Iecb871902ebe7d110f2deb9ddb960c1a3945d8e9
 2021-04-13 17:54:42 -07:00
Ilya Matyukhin
75d0cce94f Merge "Add sepolicy for SystemUIGoogle to write to lhbm" into sc-dev 2021-04-14 00:16:35 +00:00
Vova Sharaienko
72f80a3c90 wirelesscharger-adapter: updated sepolicy 
This allows the wirelesscharger-adapter to access AIDL Stats service

Bug: 181892307
Test: Build, flash, boot & and logcat | grep "platform_app"
Change-Id: I801e801133e4c7a0977f6c1e816b7c64135f59a3
 2021-04-13 19:26:01 +00:00
Ilya Matyukhin
acf6b1f5ae Add sepolicy for SystemUIGoogle to write to lhbm 
Bug: 184768835
Bug: 182520014
Test: adb logcat | grep "avc: denied"
Change-Id: Ia200983c87e0b826a0b62052e65cc731453a632f
 2021-04-13 11:26:34 -07:00
TreeHugger Robot
421bee976b Merge "logger_app: Remove Pixelize rule" into sc-dev 2021-04-13 11:54:20 +00:00
TreeHugger Robot
f7c08818e6 Merge "Fix Android GPU Inspector (AGI) support" into sc-dev 2021-04-13 10:27:29 +00:00