Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2906 commits 1 branch 0 tags 494 MiB
Commit graph

2906 commits

This branch
This branch
All branches
Author SHA1 Message Date
Hana Kim
060b562310 Sepolicy: add permission to allow create, connect udp socket 
Bug: 226412527
Test: The tester verified IMS didn't crash and no avc denied log
Signed-off-by: Hana Kim <hanaa.kim@samsung.com>
Change-Id: Id9ba79ba87010326c53b6aec408e5cdb291122a6
Merged-In: Id9ba79ba87010326c53b6aec408e5cdb291122a6
 2022-09-19 04:58:00 +00:00
Jinhee Kim
908a8fcf14 sepolicy: gs101: allowed permissions required for network access 
avc: denied { write } for comm="Thread-102" name="dnsproxyd" dev="tmpfs" ino=1022 scontext=u:r:vendor_ims_app:s0:c251,c256,c512,c768 tcontext=u:object_r:dnsproxyd_socket:s0 tclass=sock_file permissive=0 app=com.shannon.imsservice
avc: denied { node_bind } for comm="Thread-102" src=50174 scontext=u:r:vendor_ims_app:s0:c251,c256,c512,c768 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=0 app=com.shannon.imsservice

Bug: 242231557
Test: The tester verified IMS didn't crash and no avc denied log
Change-Id: Icc3762cef7f9766d845f1e1a56af1315fc97163b
Signed-off-by: Jinhee Kim <jinhee.k@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Merged-In: Icc3762cef7f9766d845f1e1a56af1315fc97163b
 2022-09-16 08:51:52 +00:00
matthuang
c96220c282 Add security context for com.google.usf.non_wake_up/wakeup. 
Bug: 195077076
Test: Confirm there is no avc denied log.
Change-Id: I8600283d9ff2ebcb45df95e5259484a60921fb1a
 2022-07-18 15:12:45 +08:00
SalmaxChang
2455329536 hal_dumpstate_default: fix avc error 
avc: denied { search } for comm="dumpstate@1.1-s" name="modem_stat" dev="dm-44" ino=341 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:modem_stat_data_file:s0 tclass=dir

Bug: 235963885
Change-Id: Ib9625eefc367738bcd6594884b1f3b5e3ab5be54
Merged-In: Ib9625eefc367738bcd6594884b1f3b5e3ab5be54
 2022-07-08 03:24:01 +00:00
TreeHugger Robot
59d6e09682 Merge "Add acd-com.google.usf.non_wake_up file to AoC file context." into tm-qpr-dev 2022-07-01 02:15:21 +00:00
SalmaxChang
a9157994c3 modem_svc: Fix avc error 
avc: denied { write } for comm="modem_svc_sit" name="modem_stat" dev="dm-42" ino=331 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 234844823
Change-Id: I51db41d73be317cc7fc84981ac5f04e254a360d0
Merged-In: I51db41d73be317cc7fc84981ac5f04e254a360d0
 2022-06-22 04:21:37 +00:00
TreeHugger Robot
263a6b0f8a Merge "allow rlsservice read vendor camera property" into tm-dev am: b20c0652ad am: 2948419ca7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18849046

Change-Id: Ia303c50a81833a4abe489682f9ce4755f5660a88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-16 12:36:40 +00:00
TreeHugger Robot
2948419ca7 Merge "allow rlsservice read vendor camera property" into tm-dev am: b20c0652ad 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18849046

Change-Id: Ibe17ec9f6c2a396dc5f7b6e35e1b07b3b6b3356a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-16 12:19:33 +00:00
TreeHugger Robot
b20c0652ad Merge "allow rlsservice read vendor camera property" into tm-dev 2022-06-16 12:02:28 +00:00
matthuang
bf1333f881 Add acd-com.google.usf.non_wake_up file to AoC file context. 
Bug: 195077076
Test: ls -lZ dev/acd-com.google.usf.non_wake_up
Change-Id: If9add3528bde47a618bd884ce28121b6fa32754c
 2022-06-14 10:00:35 +00:00
JimiChen
143668225a allow rlsservice read vendor camera property 
Bug: 233020488
Test: no avc denied
Change-Id: I96dee4482d4c0ff5b7852db635dc100a7ea4874c
 2022-06-11 15:39:19 +08:00
Krzysztof Kosiński
fd0bf19589 gs101: Add dontaudit statements to camera HAL policy. am: fbcf66a04a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18817845

Change-Id: Ib4b8f284129e9c32dc5c4d4a145634f46ea346eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 21:04:37 +00:00
Krzysztof Kosiński
fbcf66a04a gs101: Add dontaudit statements to camera HAL policy. 
The autogenerated dontaudit statements in tracking_denials are
actually the correct policy. Move them to the correct file and
add comments.

Fix: 178980085
Fix: 180567725
Fix: 218585004
Test: build & camera check on raven
Change-Id: I3f3a1f64d403182d4f592f1cacc6ef8d1418062d
(cherry picked from commit b71d24d62c)
 2022-06-09 20:53:05 +00:00
Jidong Sun
4f67f60276 gs101: Allow BootControl to access sysfs blow_ar am: f276625942 am: 1745c41b8a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18740593

Change-Id: I8629636e059bf5c2a58c1c91dd10c9a1da7b2109
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 21:23:49 +00:00
Jidong Sun
1745c41b8a gs101: Allow BootControl to access sysfs blow_ar am: f276625942 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18740593

Change-Id: Idb48be108f2ebc98d802edf93e13d4359d164821
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 20:32:07 +00:00
Jidong Sun
f276625942 gs101: Allow BootControl to access sysfs blow_ar 
Bug: 232277507
Signed-off-by: Jidong Sun <jidong@google.com>
Change-Id: I120672722a5ab8b5cadf0dce6d872e00c9fae642
 2022-06-04 01:23:40 +00:00
George Chang
16cc944791 Merge "Update nfc from hidl to aidl service" into tm-qpr-dev 2022-06-01 06:19:39 +00:00
Kyle Tso
5cd6559689 Add logbuffer_pogo_transfer file_contexts am: 7347d18b73 am: caa8dc57b3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18400416

Change-Id: I181abe83407195830c74490f4f5ca9790f1925c3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 01:25:51 +00:00
Kyle Tso
caa8dc57b3 Add logbuffer_pogo_transfer file_contexts am: 7347d18b73 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18400416

Change-Id: Ie065459ae6edfb07701cc5d53758f248f6e0ea3c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 00:53:51 +00:00
Kyle Tso
7347d18b73 Add logbuffer_pogo_transfer file_contexts 
Bug: 232556226
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: I1037d39f4187807e6aa9753339fae29e3bc89359
Merged-In: I1037d39f4187807e6aa9753339fae29e3bc89359
 2022-05-21 15:25:58 +00:00
Joner Lin
41026aeae6 Merge "Grant policy for BluetoothHal Extionsion feature" into tm-dev am: 5a222bc64e am: 9955721f73 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18349808

Change-Id: I513959f3ff0e5d1bcb81257538281e2b40f473af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 12:54:05 +00:00
Joner Lin
9955721f73 Merge "Grant policy for BluetoothHal Extionsion feature" into tm-dev am: 5a222bc64e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18349808

Change-Id: If769c5b2f24bbb04f842c65e1e71bf21e86c4078
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 12:20:46 +00:00
Joner Lin
5a222bc64e Merge "Grant policy for BluetoothHal Extionsion feature" into tm-dev 2022-05-20 05:06:32 +00:00
jonerlin
9f214e0453 Grant policy for BluetoothHal Extionsion feature 
Bug: 228943442
Test: Manually
Change-Id: I00b37c1f74ca9b904df2319d2c58d34228e9678b
 2022-05-19 09:59:56 +08:00
George Chang
d479f730b0 Update nfc from hidl to aidl service 
Bug: 216290344
Test: atest NfcNciInstrumentationTests
Test: atest VtsAidlHalNfcTargetTest
Merged-In: I288474f691670655516728fe0e164a3e5689875c
Change-Id: I288474f691670655516728fe0e164a3e5689875c
 2022-05-17 04:14:57 +00:00
TreeHugger Robot
a48761315f Merge "Allow mediacodec to access vendor_data_file" into tm-dev am: c0d38cbc9f am: ed1ec96363 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18186340

Change-Id: I294f324c4c26521cb7d8553e6127281826c30a1d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 10:39:44 +00:00
TreeHugger Robot
ed1ec96363 Merge "Allow mediacodec to access vendor_data_file" into tm-dev am: c0d38cbc9f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18186340

Change-Id: Iffeee5071854c1f2af2cad5c7a5783421980b153
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 09:49:23 +00:00
TreeHugger Robot
c0d38cbc9f Merge "Allow mediacodec to access vendor_data_file" into tm-dev 2022-05-13 09:24:01 +00:00
Lily Lin
ca85474dbe Merge "Add selinux permissions to r/w sysfs st33spi_state" into tm-dev am: e910a12468 am: 5389123249 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17988448

Change-Id: I619b1afeebbe51d58ba0b60fbe3dc2ac3733bc23
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-11 02:25:08 +00:00
Will McVicker
3dbfde7852 genfs_contexts: fix more i2c raw paths am: 9cbc9eceec am: 6c256f9fee 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18192191

Change-Id: I4e9c3bf9cbe7e3d5d34fa0bda3d4260cc40cc479
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-11 02:25:02 +00:00
Lily Lin
5389123249 Merge "Add selinux permissions to r/w sysfs st33spi_state" into tm-dev am: e910a12468 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17988448

Change-Id: Ib4dd93e176fe6bf1ead64e4ed55999d4afa2fd59
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-11 01:58:06 +00:00
Will McVicker
6c256f9fee genfs_contexts: fix more i2c raw paths am: 9cbc9eceec 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18192191

Change-Id: Ia370a2ce14f323d16f3e34a8e4d0ef9ff9fd12d8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-11 01:57:53 +00:00
Lily Lin
e910a12468 Merge "Add selinux permissions to r/w sysfs st33spi_state" into tm-dev 2022-05-11 01:22:36 +00:00
Jerry Huang
a5e9b426eb Allow mediacodec to access vendor_data_file 
For dumping output buffer of HDR to SDR fliter.

This patch fixes the following denial:

05-06 15:26:54.248  1046   856   856 W HwBinder:856_4: type=1400 audit(0.0:174404): avc: denied { getattr } for name="/" dev="dmabuf" ino=1 scontext=u:r:mediacodec:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=0

Bug: 229360116
Change-Id: I41acb29407a7ddb27279a834e27c5ee515efe666
 2022-05-10 09:22:12 +00:00
Lily Lin
59f29edf92 Add selinux permissions to r/w sysfs st33spi_state 
Bug: 228655141
Test: Confirm can read/write st33spi_state
Change-Id: I65299414d6268580dc532170759459147378418b
 2022-05-10 16:32:45 +08:00
Richard Hsu
7284f35989 Merge "[SELinux] Allow NNAPI HAL to log traces to perfetto under userdebug builds" into tm-d1-dev am: 4f5bb2c0aa 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18214742

Change-Id: I15d01edffa53fe35c8b81698b1a9b6ffb69f688a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-09 18:49:57 +00:00
Richard Hsu
4f5bb2c0aa Merge "[SELinux] Allow NNAPI HAL to log traces to perfetto under userdebug builds" into tm-d1-dev 2022-05-09 17:55:47 +00:00
Richard Hsu
5675757d41 [SELinux] Allow NNAPI HAL to log traces to perfetto under userdebug builds 
Allows DarwiNN NNAPI HAL to log traces to perfetto only under userdebug builds. This is similar to the camera HAL fix in ag/17080874

Error message:
TracingMuxer: type=1400 audit(0.0:486): avc: denied { write } for name="traced_producer" dev="tmpfs" ino=1116 scontext=u:r:hal_neuralnetworks_darwinn:s0

This rule is common for EdgeTPU in both WHI and PRO.

Bug: 231838536

Test: tested on PRO before and after the change, and the traces now shows up.

Example: https://ui.perfetto.dev/#!/?s=ab911b3972bc16a1a831e148a7446c09757a08426bbe3c3b16d31a728b1d923
https://screenshot.googleplex.com/3roWETkTFyiDjW9

Change-Id: I8d4a57e262087aa4ec6670a487d7b06d2f2cde69
 2022-05-07 22:28:22 -07:00
Will McVicker
9cbc9eceec genfs_contexts: fix more i2c raw paths 
These were added in commit 8a19d8be9c ("genfs_contexts: fix path for
i2c peripheral devices") to address missing i2c paths when kernel
modules are loaded in parallel. The raw i2c paths were not added in that
commit. So add them here in order to fix a vibrator crash for
P21-mainline due to not having the named i2c paths.

Bug: 231637004
Fixes: 8a19d8be9c ("genfs_contexts: fix path for i2c peripheral devices")
Change-Id: I02dfff504704f761c99c328b39595789c2cbeef5
 2022-05-05 16:04:31 -07:00
TreeHugger Robot
bbe95c3a79 Merge changes from topic "gs101-move-dwc3-irq" into tm-dev am: 36f7fe941d am: 82a83b366a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18164764

Change-Id: Ia31705514741c26b3ab34ecc21edb45e57ef89c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 08:46:04 +00:00
Ray Chi
d924169220 Allow hal_usb_gadget_impl to access proc_irq am: 7ac349e932 am: b5c3f6e0ba 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17313628

Change-Id: I96ba2776bb32556b1a3f01cf83cc3d0da63ea7fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 08:46:02 +00:00
TreeHugger Robot
82a83b366a Merge changes from topic "gs101-move-dwc3-irq" into tm-dev am: 36f7fe941d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18164764

Change-Id: Ie610b6f31e218dece80fb0dc52b66050382d4e26
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 07:27:14 +00:00
Ray Chi
b5c3f6e0ba Allow hal_usb_gadget_impl to access proc_irq am: 7ac349e932 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17313628

Change-Id: I12709e8375ab34a1ed08ae48ce2db522d98f188c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 07:27:12 +00:00
TreeHugger Robot
36f7fe941d Merge changes from topic "gs101-move-dwc3-irq" into tm-dev 
* changes:
  Revert "add sepolicy for set_usb_irq.sh"
  Allow hal_usb_gadget_impl to access proc_irq
 2022-05-05 07:08:20 +00:00
Yichi Chen
43d6af291c Merge "Allow hal_fingerprint_default to access hal_pixel_display_service" into tm-dev am: 650209645c am: b2c0884cd9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17823364

Change-Id: I0c12bd8decf007033f42c492d149d6afb0a1244f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 02:44:17 +00:00
Yichi Chen
b2c0884cd9 Merge "Allow hal_fingerprint_default to access hal_pixel_display_service" into tm-dev am: 650209645c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17823364

Change-Id: I3053433540b747906ef69eed537d9eb600923a2a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 02:19:25 +00:00
Yichi Chen
650209645c Merge "Allow hal_fingerprint_default to access hal_pixel_display_service" into tm-dev 2022-05-05 02:03:49 +00:00
William McVicker
d5094282b6 Merge "genfs_contexts: add raw i2c-s2mpg10mfd and i2c-s2mpg11mfd nodes" into tm-dev am: e6250cd86e am: 18cb713b62 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18123741

Change-Id: Ie615dcd13480e7cc91195c8726ebbc13e2225342
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-04 17:12:51 +00:00
William McVicker
18cb713b62 Merge "genfs_contexts: add raw i2c-s2mpg10mfd and i2c-s2mpg11mfd nodes" into tm-dev am: e6250cd86e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18123741

Change-Id: I8abb96731bc5d3b3f95168607dcfe8932d3f3727
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-04 16:39:32 +00:00
William McVicker
e6250cd86e Merge "genfs_contexts: add raw i2c-s2mpg10mfd and i2c-s2mpg11mfd nodes" into tm-dev 2022-05-04 16:10:16 +00:00