Cyan Hsieh
6e1c9d88cd
Merge "Add pvmfw to custom_ab_block_device"
2021-12-20 03:22:22 +00:00
Cyan_Hsieh
0b5b4a9692
Add pvmfw to custom_ab_block_device
...
Bug: 211070100
Change-Id: Icd8f6d1837b8124bd8cd7b3d59d43b755455bae6
2021-12-20 10:10:46 +08:00
TreeHugger Robot
899faa57e4
Merge "Allow vendor init to read gesture_prop."
2021-12-15 09:01:23 +00:00
Stephen Crane
3f9a11fa0b
Allow TEE storageproxyd permissions needed for DSU handling
...
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.
Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
2021-12-14 14:33:56 -08:00
Xin Li
0d05632eb8
Merge Android 12 QPR1
...
Bug: 210511427
Merged-In: Ie31b278a639fd5a9e249ca934d543de770fb3217
Change-Id: I0daddb05e061916c60055b7df00164a76c69ebd2
2021-12-14 08:38:59 -08:00
Super Liu
8f356044ff
Allow vendor init to read gesture_prop.
...
Bug: 209713977
Bug: 193467627
Test: local test.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: I7f061f550bcf6c3a61b5528e8c21eae8567e677b
2021-12-13 09:28:02 +08:00
Cliff Wu
11c8ad745a
Update the sepolicy for exo_camera_injection v1.1
...
- Update exo_camera_injection hal service from 1.0 to 1.1.
- Selinux avc log:
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs"
ino=152 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_prop:s0 tclass=file permissive=0.
Bug: 202092371
Test: Verified exo_camera_injection provider service use cases function
as expected; no denials.
Change-Id: Ica94a00db580356158d94af2ae6dbe9c9a81be0a
2021-12-11 05:26:06 +00:00
Chris Kuiper
178337b449
selinux: Allow sensor HAL to access the display service HAL am: 734d79bdaf
am: 3ce470c235
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16376281
Change-Id: Ic98462405b50b5ae86477d799d0497e00f41c450
2021-12-10 18:08:12 +00:00
Chris Kuiper
3ce470c235
selinux: Allow sensor HAL to access the display service HAL am: 734d79bdaf
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16376281
Change-Id: Ib3f0609b74dbb05a7e4936fa2055a1e050777b3e
2021-12-10 17:44:16 +00:00
Chris Kuiper
734d79bdaf
selinux: Allow sensor HAL to access the display service HAL
...
Add necessary permissions.
Bug: b/204471211
Test: Testing with corresponding sensor HAL changes and sensor_test commands.
Change-Id: I01774210693ceb4a6d0d4dee4fb5e905117774d3
2021-12-10 11:00:07 +08:00
TreeHugger Robot
8e9e3a4375
[automerger skipped] Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev am: f7db23e139
-s ours am: 65a718976e
-s ours
...
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 8d4e8a65d6
is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16302392
Change-Id: I840471543fece99908a58003235b0ab8ad3f4f43
2021-12-08 02:12:07 +00:00
TreeHugger Robot
65a718976e
[automerger skipped] Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev am: f7db23e139
-s ours
...
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 8d4e8a65d6
is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16302392
Change-Id: Ib87c387438c8ada00867ef1422dfa6bc2c4c6df9
2021-12-08 01:57:41 +00:00
TreeHugger Robot
f7db23e139
Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev
2021-12-08 01:40:06 +00:00
joenchen
85626ab654
[automerger skipped] Label min_vrefresh and idle_delay_ms as sysfs_display am: 8d4e8a65d6
-s ours
...
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 02a20e025f
is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16406482
Change-Id: I1bff1b6dfa65252c54755f0453f2e90955a4051e
2021-12-07 19:25:59 +00:00
joenchen
8d4e8a65d6
Label min_vrefresh and idle_delay_ms as sysfs_display
...
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
2021-12-07 03:42:52 +00:00
joenchen
bef2d7397c
Label min_vrefresh and idle_delay_ms as sysfs_display
...
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
2021-12-06 02:45:51 +00:00
joenchen
02a20e025f
Label min_vrefresh and idle_delay_ms as sysfs_display
...
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
2021-12-04 17:18:46 +00:00
Albert Wang
2caa560163
Allow suspend_control to access xHCI wakeup node am: a506ed1e06
am: 43bde53275
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946
Change-Id: I6b86ed75839021c860f8f556f25caedd4443fc84
2021-12-02 02:29:37 +00:00
Albert Wang
43bde53275
Allow suspend_control to access xHCI wakeup node am: a506ed1e06
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946
Change-Id: I17198ed93403abe1b6526b385218847616b52c5b
2021-12-02 01:53:59 +00:00
Albert Wang
a506ed1e06
Allow suspend_control to access xHCI wakeup node
...
This is a WORKAROUND to avoid the xHCI wakeup node permission problem,
since system will automatically allocated device ID.
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: Ia2ca04618f950bdded4aea76c897579eb4b92daf
2021-12-01 23:45:19 +08:00
Rick Yiu
10bd8547d7
Merge "gs101-sepolicy: Fix avc denials"
2021-11-26 10:40:43 +00:00
Rick Yiu
4075287498
gs101-sepolicy: Fix avc denials
...
Fix below and other potential denials
11-21 10:10:43.984 3417 3417 I auditd : type=1400 audit(0.0:4): avc: denied { write } for comm=4173796E635461736B202332 path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.pixel.setupwizard
11-21 10:10:44.840 3976 3976 I auditd : type=1400 audit(0.0:10): avc: denied { write } for comm="StallDetector-1" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:untrusted_app_30:s0:c170,c256,c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.inputmethod.latin
11-21 18:10:51.280 5595 5595 I auditd : type=1400 audit(0.0:102): avc: denied { write } for comm="SharedPreferenc" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.gms
Bug: 206970384
Test: make selinux_policy pass
Change-Id: I7c981ef0516dc5be93ec825768de57c15786b4bd
2021-11-25 14:26:35 +00:00
TreeHugger Robot
27e7eeb875
Merge "aoc: add audio property for audio aocdump feature"
2021-11-25 07:05:25 +00:00
Randall Huang
68ffcb774d
Fix health HAL avc denied when running idle-maint
...
Log:
avc: denied { read } for comm="android.hardwar" name="wb_avail_buf"
dev="sysfs" ino=59061 scontext=u:r:hal_health_storage_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Bug: 206741894
Test: adb shell sm idle-maint run
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I79e7763df16816e6799f288d2f8b7e26c204cbc4
2021-11-23 03:17:54 +00:00
Xin Li
f7cbb95722
[automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040
-s ours am: 4613d25f07
-s ours am: 50628a78a8
-s ours
...
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53
is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444
Change-Id: I1833320006dedc84f6f5ef8a3809f256369b5cfd
2021-11-18 22:37:51 +00:00
Xin Li
50628a78a8
[automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040
-s ours am: 4613d25f07
-s ours
...
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53
is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444
Change-Id: Ib19bc7987a5b32c39431ebdce2923541a944f608
2021-11-18 22:25:11 +00:00
Xin Li
4613d25f07
[automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040
-s ours
...
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53
is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444
Change-Id: I3f0e4f5e9f26b048b89f495b7d79d9ceffb61f80
2021-11-18 22:00:55 +00:00
chenpaul
d7947930ec
Remove wifi_logger related sepolicy settings
...
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.
Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202
2021-11-17 17:24:59 +08:00
Albert Wang
05ce6e603d
[automerger skipped] [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d
am: 8bdcb60170
-s ours
...
am skip reason: subject contains skip directive
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250
Change-Id: I3b44efc984435e14dbdce60c7fbf7f0bfe4e4b82
2021-11-17 09:07:56 +00:00
Albert Wang
8bdcb60170
[RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250
Change-Id: If82693c02020cc701953dcb12412fa0fe132f16b
2021-11-17 08:51:05 +00:00
Albert Wang
e6fb90425d
[RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node
...
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
Merged-In: I6e012fea56c50656c8f26216199459092dcfc0f9
2021-11-17 07:18:29 +00:00
yixuanjiang
002907fb12
aoc: add audio property for audio aocdump feature
...
Bug: 204080552
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I79b960cf5e88856c37f7901d718ac8f14e44b812
2021-11-16 14:55:26 +08:00
Albert Wang
c0ad9b7e8a
Allow suspend_control to access xHCI wakeup node
...
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
2021-11-16 12:23:33 +08:00
chenpaul
37d4cfa648
Remove wifi_logger related sepolicy settings
...
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.
Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202
2021-11-15 02:05:06 +00:00
Michael Ayoubi
d44433c07a
Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0
am: 11bb305754
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16244622
Change-Id: I8051477b4e70d61b8d137823bb22411fbddf647f
2021-11-12 05:18:53 +00:00
Michael Ayoubi
11bb305754
Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16233414
Change-Id: Ibac4fbebf2f14157e1ac32585e4da68b61acea19
2021-11-12 01:48:47 +00:00
Michael Ayoubi
e7a17433a0
Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev
2021-11-12 01:24:43 +00:00
Oleg Matcovschi
0684e81d5f
gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02
am: 2eced57692
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498
Change-Id: Id2054c9819186424a08e6f4836042dde5ce36c62
2021-11-11 23:33:41 +00:00
Oleg Matcovschi
2eced57692
gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498
Change-Id: I80dc34c15c60f80ddde869c6895d1afe53e8bf3e
2021-11-11 23:14:23 +00:00
Oleg Matcovschi
63d04e1e02
gs101:ssr_detector: Allow access to aoc properties in user builds
...
Bug: 205755422
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I684590a2ee91cf6d1edfc8a606f3a9e6672ca46f
2021-11-11 06:13:44 +00:00
Michael Ayoubi
a8e745039f
Allow uwb_vendor_app to get SE properties
...
Bug: 205770401
Test: Build and flash on device.
Change-Id: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
Merged-In: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
2021-11-11 00:50:08 +00:00
Michael Ayoubi
18d2a96a11
Allow uwb_vendor_app to get SE properties
...
Bug: 205770401
Test: Build and flash on device.
Change-Id: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
2021-11-11 00:48:21 +00:00
Xin Li
856fe3d040
Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918
...
Bug: 205056467
Merged-In: I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c
Change-Id: Ie31b278a639fd5a9e249ca934d543de770fb3217
2021-11-10 08:06:11 +00:00
Sean Wang
4c314ece36
Merge "Grant selinux permission to com.google.edgetpu_vendor_service-V2-ndk.so"
2021-11-08 03:33:51 +00:00
Ted Lin
2a0ec83aad
Using dontaudit to fix the avc on boot test am: 3d463050a2
am: ee9b913bb7
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16175460
Change-Id: I95f9c6fdeea59ace0dc0b41a4a244383b24e0ac4
2021-11-04 17:07:40 +00:00
Ted Lin
ee9b913bb7
Using dontaudit to fix the avc on boot test am: 3d463050a2
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16175460
Change-Id: I00cfd7b47b7e2c6718e8211809e1ddb20e19656b
2021-11-04 16:46:45 +00:00
Ted Lin
3d463050a2
Using dontaudit to fix the avc on boot test
...
avc: denied { search } for comm="kworker/6:2" name="google_battery" dev="debugfs" ino=32648 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_battery_debugfs:s0 tclass=dir permissive=1
Bug:200739262
Test: Check bugreport
Change-Id: I50a96bab88f564fef0eda9a23bb77dc6ffed357f
Signed-off-by: Ted Lin <tedlin@google.com>
(cherry picked from commit 951ce82739
)
2021-11-03 03:20:45 +00:00
Sean Wang
9a94f84d7b
Grant selinux permission to com.google.edgetpu_vendor_service-V2-ndk.so
...
This change is related to ag/16062268 with modifications to the edgetpu_vendor_service
Bug: 198131843
Test: tested on oriole
Change-Id: Ic512e5878a4d6af3aeaa939868b07dd449948f45
2021-11-02 09:06:16 +00:00
Automerger Merge Worker
626001e1c4
Merge "Label GPU power_policy sysfs node am: a7aa46862d
am: 3e1bd82949
" into sc-v2-dev-plus-aosp am: 16a5af35e1
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105
Change-Id: I24b7373a260bfe94c6ea1f42959f0c63aa7a3df0
2021-11-02 05:28:32 +00:00
Siddharth Kapoor
6e8c9ad774
Label GPU power_policy sysfs node am: a7aa46862d
am: 00ceb78ed2
am: 7ff374ff1f
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105
Change-Id: I0bf19341373059bc50fb5f937eb4132d1cf144ac
2021-11-02 05:28:12 +00:00