Commit graph

3410 commits

Author SHA1 Message Date
Cyan Hsieh
6e1c9d88cd Merge "Add pvmfw to custom_ab_block_device" 2021-12-20 03:22:22 +00:00
Cyan_Hsieh
0b5b4a9692 Add pvmfw to custom_ab_block_device
Bug: 211070100
Change-Id: Icd8f6d1837b8124bd8cd7b3d59d43b755455bae6
2021-12-20 10:10:46 +08:00
TreeHugger Robot
899faa57e4 Merge "Allow vendor init to read gesture_prop." 2021-12-15 09:01:23 +00:00
Stephen Crane
3f9a11fa0b Allow TEE storageproxyd permissions needed for DSU handling
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
2021-12-14 14:33:56 -08:00
Xin Li
0d05632eb8 Merge Android 12 QPR1
Bug: 210511427
Merged-In: Ie31b278a639fd5a9e249ca934d543de770fb3217
Change-Id: I0daddb05e061916c60055b7df00164a76c69ebd2
2021-12-14 08:38:59 -08:00
Super Liu
8f356044ff Allow vendor init to read gesture_prop.
Bug: 209713977
Bug: 193467627
Test: local test.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: I7f061f550bcf6c3a61b5528e8c21eae8567e677b
2021-12-13 09:28:02 +08:00
Cliff Wu
11c8ad745a Update the sepolicy for exo_camera_injection v1.1
- Update exo_camera_injection hal service from 1.0 to 1.1.
- Selinux avc log:
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs"
ino=152 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_prop:s0 tclass=file permissive=0.

Bug: 202092371
Test: Verified exo_camera_injection provider service use cases function
as expected; no denials.

Change-Id: Ica94a00db580356158d94af2ae6dbe9c9a81be0a
2021-12-11 05:26:06 +00:00
Chris Kuiper
178337b449 selinux: Allow sensor HAL to access the display service HAL am: 734d79bdaf am: 3ce470c235
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16376281

Change-Id: Ic98462405b50b5ae86477d799d0497e00f41c450
2021-12-10 18:08:12 +00:00
Chris Kuiper
3ce470c235 selinux: Allow sensor HAL to access the display service HAL am: 734d79bdaf
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16376281

Change-Id: Ib3f0609b74dbb05a7e4936fa2055a1e050777b3e
2021-12-10 17:44:16 +00:00
Chris Kuiper
734d79bdaf selinux: Allow sensor HAL to access the display service HAL
Add necessary permissions.

Bug: b/204471211
Test: Testing with corresponding sensor HAL changes and sensor_test commands.
Change-Id: I01774210693ceb4a6d0d4dee4fb5e905117774d3
2021-12-10 11:00:07 +08:00
TreeHugger Robot
8e9e3a4375 [automerger skipped] Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev am: f7db23e139 -s ours am: 65a718976e -s ours
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 8d4e8a65d6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16302392

Change-Id: I840471543fece99908a58003235b0ab8ad3f4f43
2021-12-08 02:12:07 +00:00
TreeHugger Robot
65a718976e [automerger skipped] Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev am: f7db23e139 -s ours
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 8d4e8a65d6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16302392

Change-Id: Ib87c387438c8ada00867ef1422dfa6bc2c4c6df9
2021-12-08 01:57:41 +00:00
TreeHugger Robot
f7db23e139 Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev 2021-12-08 01:40:06 +00:00
joenchen
85626ab654 [automerger skipped] Label min_vrefresh and idle_delay_ms as sysfs_display am: 8d4e8a65d6 -s ours
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 02a20e025f is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16406482

Change-Id: I1bff1b6dfa65252c54755f0453f2e90955a4051e
2021-12-07 19:25:59 +00:00
joenchen
8d4e8a65d6 Label min_vrefresh and idle_delay_ms as sysfs_display
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
2021-12-07 03:42:52 +00:00
joenchen
bef2d7397c Label min_vrefresh and idle_delay_ms as sysfs_display
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
2021-12-06 02:45:51 +00:00
joenchen
02a20e025f Label min_vrefresh and idle_delay_ms as sysfs_display
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
2021-12-04 17:18:46 +00:00
Albert Wang
2caa560163 Allow suspend_control to access xHCI wakeup node am: a506ed1e06 am: 43bde53275
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946

Change-Id: I6b86ed75839021c860f8f556f25caedd4443fc84
2021-12-02 02:29:37 +00:00
Albert Wang
43bde53275 Allow suspend_control to access xHCI wakeup node am: a506ed1e06
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946

Change-Id: I17198ed93403abe1b6526b385218847616b52c5b
2021-12-02 01:53:59 +00:00
Albert Wang
a506ed1e06 Allow suspend_control to access xHCI wakeup node
This is a WORKAROUND to avoid the xHCI wakeup node permission problem,
since system will automatically allocated device ID.

Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: Ia2ca04618f950bdded4aea76c897579eb4b92daf
2021-12-01 23:45:19 +08:00
Rick Yiu
10bd8547d7 Merge "gs101-sepolicy: Fix avc denials" 2021-11-26 10:40:43 +00:00
Rick Yiu
4075287498 gs101-sepolicy: Fix avc denials
Fix below and other potential denials

11-21 10:10:43.984  3417  3417 I auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm=4173796E635461736B202332 path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.pixel.setupwizard

11-21 10:10:44.840  3976  3976 I auditd  : type=1400 audit(0.0:10): avc: denied { write } for comm="StallDetector-1" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:untrusted_app_30:s0:c170,c256,c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.inputmethod.latin

11-21 18:10:51.280  5595  5595 I auditd  : type=1400 audit(0.0:102): avc: denied { write } for comm="SharedPreferenc" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.gms

Bug: 206970384
Test: make selinux_policy pass
Change-Id: I7c981ef0516dc5be93ec825768de57c15786b4bd
2021-11-25 14:26:35 +00:00
TreeHugger Robot
27e7eeb875 Merge "aoc: add audio property for audio aocdump feature" 2021-11-25 07:05:25 +00:00
Randall Huang
68ffcb774d Fix health HAL avc denied when running idle-maint
Log:
avc: denied { read } for comm="android.hardwar" name="wb_avail_buf"
dev="sysfs" ino=59061 scontext=u:r:hal_health_storage_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 206741894
Test: adb shell sm idle-maint run
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I79e7763df16816e6799f288d2f8b7e26c204cbc4
2021-11-23 03:17:54 +00:00
Xin Li
f7cbb95722 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours am: 4613d25f07 -s ours am: 50628a78a8 -s ours
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: I1833320006dedc84f6f5ef8a3809f256369b5cfd
2021-11-18 22:37:51 +00:00
Xin Li
50628a78a8 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours am: 4613d25f07 -s ours
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: Ib19bc7987a5b32c39431ebdce2923541a944f608
2021-11-18 22:25:11 +00:00
Xin Li
4613d25f07 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: I3f0e4f5e9f26b048b89f495b7d79d9ceffb61f80
2021-11-18 22:00:55 +00:00
chenpaul
d7947930ec Remove wifi_logger related sepolicy settings
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.

Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202
2021-11-17 17:24:59 +08:00
Albert Wang
05ce6e603d [automerger skipped] [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d am: 8bdcb60170 -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250

Change-Id: I3b44efc984435e14dbdce60c7fbf7f0bfe4e4b82
2021-11-17 09:07:56 +00:00
Albert Wang
8bdcb60170 [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250

Change-Id: If82693c02020cc701953dcb12412fa0fe132f16b
2021-11-17 08:51:05 +00:00
Albert Wang
e6fb90425d [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
Merged-In: I6e012fea56c50656c8f26216199459092dcfc0f9
2021-11-17 07:18:29 +00:00
yixuanjiang
002907fb12 aoc: add audio property for audio aocdump feature
Bug: 204080552
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I79b960cf5e88856c37f7901d718ac8f14e44b812
2021-11-16 14:55:26 +08:00
Albert Wang
c0ad9b7e8a Allow suspend_control to access xHCI wakeup node
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
2021-11-16 12:23:33 +08:00
chenpaul
37d4cfa648 Remove wifi_logger related sepolicy settings
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.

Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202
2021-11-15 02:05:06 +00:00
Michael Ayoubi
d44433c07a Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0 am: 11bb305754
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16244622

Change-Id: I8051477b4e70d61b8d137823bb22411fbddf647f
2021-11-12 05:18:53 +00:00
Michael Ayoubi
11bb305754 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16233414

Change-Id: Ibac4fbebf2f14157e1ac32585e4da68b61acea19
2021-11-12 01:48:47 +00:00
Michael Ayoubi
e7a17433a0 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev 2021-11-12 01:24:43 +00:00
Oleg Matcovschi
0684e81d5f gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02 am: 2eced57692
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498

Change-Id: Id2054c9819186424a08e6f4836042dde5ce36c62
2021-11-11 23:33:41 +00:00
Oleg Matcovschi
2eced57692 gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498

Change-Id: I80dc34c15c60f80ddde869c6895d1afe53e8bf3e
2021-11-11 23:14:23 +00:00
Oleg Matcovschi
63d04e1e02 gs101:ssr_detector: Allow access to aoc properties in user builds
Bug: 205755422
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I684590a2ee91cf6d1edfc8a606f3a9e6672ca46f
2021-11-11 06:13:44 +00:00
Michael Ayoubi
a8e745039f Allow uwb_vendor_app to get SE properties
Bug: 205770401
Test: Build and flash on device.
Change-Id: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
Merged-In: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
2021-11-11 00:50:08 +00:00
Michael Ayoubi
18d2a96a11 Allow uwb_vendor_app to get SE properties
Bug: 205770401
Test: Build and flash on device.
Change-Id: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
2021-11-11 00:48:21 +00:00
Xin Li
856fe3d040 Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918
Bug: 205056467
Merged-In: I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c
Change-Id: Ie31b278a639fd5a9e249ca934d543de770fb3217
2021-11-10 08:06:11 +00:00
Sean Wang
4c314ece36 Merge "Grant selinux permission to com.google.edgetpu_vendor_service-V2-ndk.so" 2021-11-08 03:33:51 +00:00
Ted Lin
2a0ec83aad Using dontaudit to fix the avc on boot test am: 3d463050a2 am: ee9b913bb7
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16175460

Change-Id: I95f9c6fdeea59ace0dc0b41a4a244383b24e0ac4
2021-11-04 17:07:40 +00:00
Ted Lin
ee9b913bb7 Using dontaudit to fix the avc on boot test am: 3d463050a2
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16175460

Change-Id: I00cfd7b47b7e2c6718e8211809e1ddb20e19656b
2021-11-04 16:46:45 +00:00
Ted Lin
3d463050a2 Using dontaudit to fix the avc on boot test
avc: denied { search } for comm="kworker/6:2" name="google_battery" dev="debugfs" ino=32648 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_battery_debugfs:s0 tclass=dir permissive=1

Bug:200739262
Test: Check bugreport
Change-Id: I50a96bab88f564fef0eda9a23bb77dc6ffed357f
Signed-off-by: Ted Lin <tedlin@google.com>
(cherry picked from commit 951ce82739)
2021-11-03 03:20:45 +00:00
Sean Wang
9a94f84d7b Grant selinux permission to com.google.edgetpu_vendor_service-V2-ndk.so
This change is related to ag/16062268 with modifications to the edgetpu_vendor_service

Bug: 198131843
Test: tested on oriole
Change-Id: Ic512e5878a4d6af3aeaa939868b07dd449948f45
2021-11-02 09:06:16 +00:00
Automerger Merge Worker
626001e1c4 Merge "Label GPU power_policy sysfs node am: a7aa46862d am: 3e1bd82949" into sc-v2-dev-plus-aosp am: 16a5af35e1
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105

Change-Id: I24b7373a260bfe94c6ea1f42959f0c63aa7a3df0
2021-11-02 05:28:32 +00:00
Siddharth Kapoor
6e8c9ad774 Label GPU power_policy sysfs node am: a7aa46862d am: 00ceb78ed2 am: 7ff374ff1f
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105

Change-Id: I0bf19341373059bc50fb5f937eb4132d1cf144ac
2021-11-02 05:28:12 +00:00