Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
360 commits 1 branch 0 tags 494 MiB
Commit graph

360 commits

This branch
This branch
All branches
Author SHA1 Message Date
Adam Shih
a346a7fa34 remove wildcard on kernel modules 
Bug: 170786122
Test: Boot with all kernal modules loaded
Change-Id: I0d1d861af290181231223630497788c051c83ecb
 2021-04-07 14:10:00 +08:00
Sriram Kashyap M S
dcd42938da Allow EdgeTPU NNAPI HAL to access socket files for IPC. 
Bug: 182524105
Test: ./scripts/run_tests.sh on Oriole.
Change-Id: I85106f004fcee2cccc44609584165a0e2ce654e3
 2021-04-07 05:58:58 +00:00
Adam Shih
59ba0f97aa grant debugfs access to insmod under userdebug 
Bug: 182086611
Test: boot with the error gone
Change-Id: I555c12b4ccbb61266dc289aac577d0240bde4d28
 2021-04-07 11:56:49 +08:00
Adam Shih
58b693aff0 Merge "remove obsolete mobicore operations" into sc-dev 2021-04-07 00:48:11 +00:00
Eddie Tashjian
8066a9f471 Fix modem logging configuration. 
Missing binder configuration for dmd to return responses to modem
logging control binary, for cases when it needs to get log mask
configuration information.

Bug: 184605350
Test: Check logging works with selinux enabled.
Change-Id: Ia9a80870927fd890266f702b091343b4b4018673
 2021-04-06 16:42:03 -07:00
Yabin Cui
05825886f4 Move vendor_kernel_modules to public. 
Bug: 166559473
Bug: 183135316
Test: build
Change-Id: Ib62080d3d12aa197571a0697c17f6fd5d981d653
 2021-04-06 21:46:27 +00:00
Krzysztof Kosiński
2a96bc108c Merge "camera: allow the camera hal to set fatp prop" into sc-dev 2021-04-06 06:23:53 +00:00
Adam Shih
f2d78c7d14 Merge "update error on ROM 7260355" into sc-dev 2021-04-06 05:42:40 +00:00
Yu-Chi Cheng
26cc7d6499 Merge "Allowed EdgeTPU service to read system properties related to vendor." into sc-dev 2021-04-06 05:40:44 +00:00
yixuanjiang
1a25f34051 audio: add support for aocdump to aceess audio state 
check audio state for SSR usage

Test: local with enforcing mode
Bug: 184239981
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I45db556434251576a1d691f1aebf2940fff283fe
 2021-04-06 12:41:24 +08:00
Adam Shih
fc69c665ee update error on ROM 7260355 
Bug: 184593993
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I49fb702a81f2fcd17e395954f24cd69ab2d272fc
 2021-04-06 11:08:59 +08:00
Adam Shih
91c7813ea8 remove obsolete mobicore operations 
Bug: 183935443
Test: boot to home with no related avc error
Change-Id: Ief907a7a77f721e58820670e9f37570fd640b473
 2021-04-06 10:31:16 +08:00
Grace Chen
404937b03b Merge "Add selinux permissions for NFC/eSIM fw upgrade" into sc-dev 2021-04-06 00:28:22 +00:00
Vova Sharaienko
25f19371aa Merge "exo: updated sepolicy" into sc-dev 2021-04-06 00:27:04 +00:00
Zhijun He
60872ac2e9 camera: allow the camera hal to set fatp prop 
Test: camera tests
Bug: 184572956
Change-Id: Ie8bc386aa60cf2e46732f2f68c8cb7e86733cb53
 2021-04-05 16:37:20 -07:00
Grace Chen
a4b253476c Add selinux permissions for NFC/eSIM fw upgrade 
Bug: 183709811
Test: Confirm no selinux permissions errors.
Change-Id: Ibd98558a2446567d4beb1f6b88acafc05c3c1951
 2021-04-05 15:38:59 -07:00
Cheng Gu
ce42ee4660 Merge "gs101-sepolicy: Allow rlsservice to access range sensor" into sc-dev 2021-04-05 20:45:08 +00:00
TreeHugger Robot
71e96842ca Merge "Grant GPU and Fabric node access" into sc-dev 2021-04-02 22:59:18 +00:00
Cheng Gu
72011a8a87 gs101-sepolicy: Allow rlsservice to access range sensor 
Fix: 184295618
Test: rlsservice_test
Change-Id: Iee4cc5376e0eb67e75ae94cd15b5211a7ec819ef
 2021-04-02 22:27:48 +00:00
Wei Wang
852d1dc3c1 Grant GPU and Fabric node access 
Bug: 183626384
Test: boot
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: Ibb700110795f81a2da4358352111f61ef987c29b
 2021-04-02 14:22:37 -07:00
Vova Sharaienko
ceafb82c02 exo: updated sepolicy 
This allows the Exo to access AIDL Stats service

Bug: 181892307
Test: Build, flash, boot & and logcat | grep "IStats"
Change-Id: I6ae1c37505b312617376bc3c954720c8a1f223d2
 2021-04-02 19:13:12 +00:00
Steve Pfetsch
48f88fb26b Merge "Add new ITouchContextService interface to twoshay" into sc-dev 2021-04-02 18:01:02 +00:00
Krzysztof Kosiński
8a1f0bed01 Mark libGralloc4Wrapper.so as same-process HAL. 
Updating the library name after upgrade to gralloc version 4.

Bug: 178656396
Test: GCA on oriole
Change-Id: I638b3cd0d7f4759f89a62a1d102cc98d9a3db622
 2021-04-01 22:21:44 -07:00
SalmaxChang
e277259f08 e2fs: Fix avc errors 
avc: denied { read } for comm="mke2fs" name="sda5" dev="tmpfs" ino=574 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file
avc: denied { ioctl } for comm="mke2fs" path="/dev/block/sda5" dev="tmpfs" ino=510 ioctlcmd=0x127b scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file

Bug: 184221482
Change-Id: Ic0c697bb591135d9830cd9e32e110cb5b5eb1504
 2021-04-02 01:13:27 +00:00
Michael Wright
98c223e862 Add new ITouchContextService interface to twoshay 
Bug: 174626987
Test: boot, see no denials

Change-Id: I963d5b77969571182b94c4265653c5d22e124247
 2021-04-01 23:32:19 +00:00
TreeHugger Robot
8948e498c8 Merge "gs101-sepolicy: Allow binder call rlsservice from camera" into sc-dev 2021-04-01 21:04:11 +00:00
Cheng Gu
765e8e2374 gs101-sepolicy: Allow binder call rlsservice from camera 
This is to fix below avc denial:
  E SELinux : avc:  denied  { find } for pid=28954 uid=1000
  name=rlsservice scontext=u:r:hal_camera_default:s0
  tcontext=u:object_r:rls_service:s0 tclass=service_manager permissive=0

The solution is similar to ag/7253836 (coral) and ag/10232101 (redbull).

Fix: 183620858
Test: adb shell setprop persist.vendor.camera.dump_range_data 1 &&
      adb shell pkill -f camera, then retest camera
Change-Id: I6bb743c15ee64e3c4ecb8359126b238554aa649e
 2021-04-01 21:03:02 +00:00
Yu-Chi Cheng
f27370db65 Allowed EdgeTPU service to read system properties related to vendor. 
The EdgeTPU service will read properties including
"vendor.edgetpu.service.allow_unlisted_app". This change added the
related SELinux rule for it.

Bug: 182209462
Test: tested on local Oriole + GCA
Change-Id: I8e7f7975bf144593d00a305554d75a5e0200a428
 2021-04-01 11:40:36 -07:00
TreeHugger Robot
3504d25fb6 Merge "remove obsolete entries" into sc-dev 2021-04-01 08:05:31 +00:00
Adam Shih
f96f0c79a3 remove obsolete entries 
Bug: 183560282
Bug: 180858511
Bug: 183161715
Bug: 178331791
Bug: 178433597
Test: pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: Iba208b69389450b8ef69aaecfb799ef696515669
 2021-04-01 15:02:46 +08:00
Charlie Chen
1a03008756 Merge "SELinux error coming from mediacodec when using GCA and secure playback" into sc-dev 2021-04-01 06:48:14 +00:00
Gillian Lin
cdfffb7213 Merge "Fix SELinux error from vendor_init" into sc-dev 2021-04-01 05:08:50 +00:00
Charlie Chen
5602dfde45 SELinux error coming from mediacodec when using GCA and secure playback 
Fixes the following denials:

avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { search } for name="video6" dev="sysfs" ino=64587 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_video:s0 \
tclass=dir permissive=0

Bug: 182525521
Bug: 184145552
Test: GCA recording works properly, \
      Netflix and ExoPlayer can play videos
Change-Id: Ib7220feedc5031fb0e5c05a2b487da2ddf8b98cd
 2021-04-01 02:53:24 +00:00
gillianlin
52a776889c Fix SELinux error from vendor_init 
03-17 09:12:55.380     1     1 I /system/bin/init: type=1107 audit(0.0:3): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=mfgapi.touchpanel.permission pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1'

Bug: 182954248
Change-Id: I9ffff1aab20577950cb43c35d788e6a9c9acd571
 2021-04-01 10:16:41 +08:00
Eddie Tashjian
6171dc4503 Merge "Allow radio vendor apps to modify slog props." into sc-dev 2021-04-01 01:32:04 +00:00
Ilya Matyukhin
52a4f701c1 Merge "Add sepolicy for Goodix AIDL HAL" into sc-dev 2021-03-31 21:57:29 +00:00
Eddie Tashjian
022de778ed Allow radio vendor apps to modify slog props. 
Radio vendor silent logging app needs access to the vendor slog
properties in order to configure logging.

Bug: 184102091
Test: Check vendor silent logging app works.
Change-Id: I1a7c590b80d94c0b147743372ba3cd1a0817baf3
 2021-03-31 20:57:31 +00:00
Eddie Tashjian
606a9ea28d Merge "Add sepolicy for CBRS setup app." into sc-dev 2021-03-31 18:23:07 +00:00
Zhijun He
a7d3992396 Merge "Revert "Allow Exoplayer access to the vstream-secure heap for secure playback"" into sc-dev 2021-03-31 15:38:31 +00:00
Charlie Chen
ac3d49d41d Revert "Allow Exoplayer access to the vstream-secure heap for secure playback" 
This reverts commit 7c92613185.

Reason for revert: This commit breaks camera recording

Bug: 184154831
Change-Id: Ia4286dab9c5d44c59a3b224e0e24c191eb2be84b
 2021-03-31 15:37:48 +00:00
Yu-Chi Cheng
f9668d2b94 Merge "Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version." into sc-dev 2021-03-31 14:26:10 +00:00
Yu-Chi Cheng
53982a4372 Merge "Labelled EdgeTPU service libraries as SP-HAL." into sc-dev 2021-03-31 14:24:54 +00:00
millerliang
f01cb384d8 Fix MMAP audio avc denied 
03-30 16:45:16.840   738   738 I auditd  : type=1400 audit(0.0:76): avc:
denied { read } for comm="HwBinder:738_2"
name="u:object_r:audio_prop:s0" dev="tmpfs" ino=87
scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:audio_prop:s0
tclass=file permissive=0
03-30 16:45:16.980   644   644 I auditd  : type=1400 audit(0.0:78): avc:
denied { map } for comm="audioserver" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=977 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0

Bug: 165737390
Test: verified with the forrest ROM and error log gone
Change-Id: I1c8721a051844d3410cffa23411a434c832b416e
 2021-03-31 15:51:32 +08:00
TreeHugger Robot
6bcc46cec5 Merge "remove obsolete entries" into sc-dev 2021-03-31 07:35:51 +00:00
Charlie Chen
c0066d5cce Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev 2021-03-31 07:03:16 +00:00
Adam Shih
fc7c2e2c3a remove obsolete entries 
Bug: 183560076
Bug: 183338483
Bug: 183467306
Bug: 171760597
Test: pts-tradefed run commandAndExit pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: Ib35a05176fccd251dfea8b58304a68b0e9bd6412
 2021-03-31 14:28:29 +08:00
Adam Shih
4166a4d03b Merge "allow vendor_init to set logpersist" into sc-dev 2021-03-31 06:03:04 +00:00
Adam Shih
00f6651d46 Merge "update error on ROM" into sc-dev 2021-03-31 06:02:36 +00:00
Charlie Chen
7c92613185 Allow Exoplayer access to the vstream-secure heap for secure playback 
Fixes the following denials:

avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

Bug: 182525521
Test: no more denials and able to play video via ExoPlayer App
Change-Id: I21033bc78858fd407c16d2cd2df4549f97273221
 2021-03-31 05:41:26 +00:00
Adam Shih
1db99c759f allow vendor_init to set logpersist 
Bug: 184093803
Test: boot with the permission error gone
03-31 11:11:19.447     1     1 E init    : Do not have permissions to
set ...

Change-Id: Idc4023b2fa1b04ae4a4b95a2e105700e89e9dffa
 2021-03-31 11:34:12 +08:00