Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3861 commits 1 branch 0 tags 494 MiB
Commit graph

47 commits

Author SHA1 Message Date
Bruno BELANYI
a668555419 Add ArmNN config sysprops SELinux rules 
Bug: 205202540
Bug: 264489188
Test: manual - reboot device and check the absence of AVC denials
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0f99f3e63450befc661d38827e9afc853ca9257a)
Merged-In: I70c89dcc4b2bbe665d69cc4be1ac2f6cf8155a10
Change-Id: I70c89dcc4b2bbe665d69cc4be1ac2f6cf8155a10
 2023-04-26 08:12:54 +00:00
Adam Shih
240c435174 use dumpsate from gs-common 
Bug: 273380985
Test: adb bugreport
Change-Id: I9092e2e004e3ad0b3667b948ed4d633cd50d088c
 2023-04-07 13:02:21 +08:00
Victor Liu
a55bb8682c uwb: add permission for ccc ranging 
Bug: 255649425
Change-Id: I05aac586146bf25569b5f6251d2fd62b921631be
 2023-03-31 14:04:13 -07:00
Jörg Wagner
cb6bad65e7 Update Mali DDK to r40 : Additional SELinux settings 
Expose DDK's dynamic configuration options through the Android Sysprop
interface, following recommendations from Arm's Android Integration
Manual.

Bug: 261718474

(cherry picked from commit 74d31a1568)
Merged-In: I5c69a8bafe3a4c738c124facb1f437ec721cc3ea
Change-Id: I7e6734cb79b38898eb65a0194b37381a1367fc36
 2023-03-21 10:31:51 +00:00
Ken Tsou
6964113b1c hal_health_default: allow to access persist.vendor.shutdown.* 
msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 266181615
Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4
Signed-off-by: Ken Tsou <kentsou@google.com>
 2023-02-17 07:02:01 +00:00
Stephen Crane
7aeb6fe8e7 Allow Trusty storageproxy property 
Allows the Trusty storageproxyd to set ro.vendor.trusty.storage.fs_ready
when the data filesystems are ready for use, and allows vendor init to
query and wait on this property.

Test: m raven-userdebug, flash, test app loading
Bug: 258018785
Change-Id: If995d35be490fbca6c99ef9f73f2842f5c488bd4
 2022-11-22 22:30:32 +00:00
joenchen
c180105dfd RRS: Apply the default config from persist prop am: 90aeb6e15c am: a5060e6616 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19881052

Change-Id: I62394d9d4f6304bf747be63a52635f65b48e4684
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-16 10:15:18 +00:00
joenchen
a5060e6616 RRS: Apply the default config from persist prop am: 90aeb6e15c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19881052

Change-Id: I393898918b9d0a6d93f8f8d891527f59925ed3ad
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-16 09:43:12 +00:00
joenchen
90aeb6e15c RRS: Apply the default config from persist prop 
vendor_config plays as another role to control the display config during
the boot time. To change the default configuration of the user selected
mode, we use persist config to store the value.

Bug: 244492960
Test: Boot w/ and w/o user selected configs and check the resolution
Change-Id: Ic3eb4e1c8a2c5eed83d10799a1965dd7a6be58e1
 2022-11-08 14:09:00 +00:00
Adam Shih
72aa5a98fc move aoc settings to gs-common 
Bug: 248426917
Test: boot with aoc launched
Change-Id: I891767f10dfac7528b76e27fd2756b77ed46e45c
 2022-10-20 11:41:19 +08:00
TreeHugger Robot
3aaefbe1fc Merge "aoc: add audio property for pixellogger update control" into tm-qpr-dev am: 75f908a8ed am: a106f636f8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19533964

Change-Id: I86804c96c940ced146e25a411560fe7ac06e5e77
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-14 02:54:01 +00:00
Adam Shih
c08f9cf882 move insert module script sepolicy to gs-common 
Bug: 243763292
Test: boot to home with no relevant SELinux error
Change-Id: I52fe6631b3ec806a5624375457874d9248927b00
 2022-09-06 10:40:01 +08:00
yixuanjiang
0bbfb98cac aoc: add audio property for pixellogger update control 
Bug: 241059471
Test: local verify
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I13df2ea88b884756d3a872da545e877ed6b1e033
 2022-08-08 03:48:21 +00:00
TreeHugger Robot
4e91f5530e Merge "sepolicy: Add policy for persist.vendor.udfps" into tm-dev 2022-04-12 10:56:32 +00:00
TreeHugger Robot
85f293ab62 Merge "gs-sepolicy(uwb): Changes for new UCI stack" into tm-dev 2022-03-14 16:09:09 +00:00
eddielan
17f6a0a1ba sepolicy: Add policy for persist.vendor.udfps 
Bug: 222175797
Test: Build Pass
Change-Id: I978325adb5cf25a590b307a38ce2deac4034e656
 2022-03-14 10:57:53 +08:00
Roshan Pius
34c5b9b239 gs-sepolicy(uwb): Changes for new UCI stack 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Test: Manual Tests
Change-Id: I2c7c2466f42317d643634e24b1efb1855e673d09
 2022-03-06 18:15:16 -08:00
Kris Chen
e0c6120237 Add sepolicy rules for fingerprint hal 
Fix the following avc denial:
avc: denied { set } for property=vendor.gf.cali.state pid=1152 uid=1000 gid=1000 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 219372997
Bug: 220263520
Test: No above avc denial in logcat.
Change-Id: I93ace30c67e04bc836bfba050028a1f25af641d5
 2022-03-01 15:05:42 +08:00
Junkyu Kang
b9ad182d4a Add persist.vendor.gps to sepolicy 
Bug: 196002632
Test: PixelLogger can modify persist.vendor.gps.*
Change-Id: I3fdaf564eacec340003eed0b5845a2c08922362c
 2022-01-26 08:02:27 +00:00
yixuanjiang
002907fb12 aoc: add audio property for audio aocdump feature 
Bug: 204080552
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I79b960cf5e88856c37f7901d718ac8f14e44b812
 2021-11-16 14:55:26 +08:00
Erik Staats
e42a4ed3be Allow the sensor HAL to access dynamic sensor properties. 
Bug: 195964858
Test: Verified dynamic sensor manager is present in sensor list and that
 no SELinux violations occur on sc-v2-dev and master.
Test: See details in testing done comment in
 https://googleplex-android-review.git.corp.google.com/15905607 .
Change-Id: I2f1c05ec0d840f6ebae1e5356f668b3f9431fd25
 2021-09-24 05:53:35 -07:00
Erik Staats
aef1a206a7 Revert "Allow the sensor HAL to access dynamic sensor properties." 
Revert "dynamic_sensor: Add sensor manager init to sub-HAL 2.1."

Revert submission 15874906-bug_195964858.2

Reason for revert: b/200815351
Reverted Changes:
I76a60f7fb:Allow the sensor HAL to access dynamic sensor prop...
I5d587dc46:dynamic_sensor: Add sensor manager init to sub-HAL...

Change-Id: Ib29649b058ec6f329958e1dfcba0c2e35ea79306
 2021-09-22 17:53:58 +00:00
Erik Staats
fba4a09331 Allow the sensor HAL to access dynamic sensor properties. 
Bug: 195964858
Test: Verified dynamic sensor manager is present in sensor list and that
 no SELinux violations occur.
Test: See details in testing done comment in
 https://googleplex-android-review.git.corp.google.com/15874927 .
Change-Id: I76a60f7fbd113059156ccaea2c4f98580cb0836a
 2021-09-20 16:53:16 -07:00
neoyu
93944a8b1c Fix avc denied for getprop "vendor.radio.call_end_reason" 
06-10 11:13:02.867 10224  2377  2377 W libc    : Access denied finding property "vendor.radio.call_end_reason"

Bug: 191204793
Test: error is gone with this fix
Change-Id: I50c1d21ba4e2343aa2cee0c533b8c3dbe535e4b5
 2021-06-29 01:18:12 +00:00
Adam Shih
99bfde4f38 Merge "modularize dmd" into sc-dev 2021-06-25 01:12:50 +00:00
TreeHugger Robot
655f5cfd8f Merge "vendor_init/dumpstate: Grant to access logger prop" into sc-dev 2021-06-24 10:02:11 +00:00
Adam Shih
8b326703e1 modularize dmd 
Bug: 190331463
Test: build ROM and make sure dmd is launched
Change-Id: If1e51b6bc100e870a15a40f5e0d93a75fe68bac3
 2021-06-24 14:17:29 +08:00
Adam Shih
a70819d2f0 modularize pktrouter 
Bug: 190331212
Test: make sure pktrouter gets initialized
06-23 13:21:19.372  1 1 I init : Parsing file /vendor/etc/init/pktrouter.rc...
06-23 13:21:23.510     1     1 I init    : processing action (vendor.pktrouter=1) from (/vendor/etc/init/pktrouter.rc:7)
06-23 13:21:23.510     1     1 I init    : starting service 'pktrouter'...
Change-Id: Icc7ab88505aea47cfed5ffc5182d0625b7a7609d
 2021-06-23 05:24:01 +00:00
SalmaxChang
a926055749 vendor_init/dumpstate: Grant to access logger prop 
Bug: 176176656
Change-Id: I551ccfac57d983aab95aa23e1f350f78ee0a159f
 2021-06-23 10:06:09 +08:00
Adam Shih
e7ed46c52c organize EdgeTPU modules and sepolicy 
Bug: 190331327
Bug: 190331548
Bug: 189895600
Bug: 190331108
Bug: 182524105
Bug: 183935302
Test: build ROM and check if the modules and sepolicy are still there
Change-Id: I40391a239a16c4fe79d58fab209dcbd1a8f25ede
 2021-06-09 10:39:04 +08:00
Kris Chen
00e1b9a704 Add sepolicy for the UDFPS antispoof property 
Fixes the following avc denial:
/system/bin/init: type=1107 audit(0.0:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=fingerprint.disable.fake pid=364 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=0'
android.hardwar: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:vendor_fingerprint_fake_prop:s0" dev="tmpfs" ino=307 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_fingerprint_fake_prop:s0 tclass=file permissive=0

Bug: 187394838
Bug: 187562932
Test: Antispoof is disabled by default.
Test: Use the following adb command to manully turn on antispoof.
      "setprop persist.vendor.fingerprint.disable.fake.override 0"
Change-Id: I90d6ea70d5e0e1a125efb902f1fd61ff4b51baa2
 2021-05-12 09:48:48 +08:00
Jenny Ho
4510c55091 set sepolicy for testing_battery_profile 
need run /vendor/bin/sh before setprop

Bug: 180511460
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: I3dbaa984407c82662dea537da671745851035fa2
 2021-05-03 15:47:14 +08:00
Lida Wang
bb7ae85a0d change persist.camera to persit.vendor.camera 
Bug: 186670529
Change-Id: I3a6d4202ec2b90cc0ce9cc9ba62d2cf2ce3a5c29
 2021-04-29 13:18:01 -07:00
SalmaxChang
3c692b942a Create vendor_logger_prop 
Bug: 178744858
Change-Id: I4abb6f73b068c5ed265979c3190bcc2feac76f94
 2021-04-16 06:06:36 +00:00
SalmaxChang
f23a4423c4 Add more modem properties 
init    : Do not have permissions to set 'ro.vendor.sys.modem.logging.loc' to '/data/vendor/slog' in property file '/vendor/build.prop': SELinux permission check failed

Bug: 184101903
Change-Id: I8c2dfd48e177e4a5127c1efd977c0f6c18b50379
 2021-04-14 04:46:32 +00:00
Aaron Tsai
06b410dc4a Fix avc denied for Silent Logging 
04-06 15:18:31.513  root     1     1 E init    : Do not have permissions to set 'persist.vendor.sys.silentlog.tcp' to 'On' in property file '/vendor/build.prop': SELinux permission check failed
04-06 15:20:17.988  root     1     1 W /system/bin/init: type=1107 audit(0.0:33): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.ap pid=8917 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:20:23.256  root     1     1 W /system/bin/init: type=1107 audit(0.0:38): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.cp pid=9025 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:20:51.340  root     1     1 W /system/bin/init: type=1107 audit(0.0:43): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog pid=9291 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:21:03.608  root     1     1 W /system/bin/init: type=1107 audit(0.0:54): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.tcp pid=9473 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'

04-06 20:17:08.060  1000  5754  5754 W Thread-3: type=1400 audit(0.0:21): avc: denied { write } for name="slog" dev="dm-7" ino=245 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0
04-06 20:17:09.194  1000   398   398 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 pid=5754 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=0
04-06 21:07:18.376  7458  7458 I auditd  : type=1400 audit(0.0:20): avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=0

04-06 21:16:53.200  8873  8873 W Thread-4: type=1400 audit(0.0:85): avc: denied { create } for name="NNEXT_PROFILE.nprf" scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0:c232,c259,c512,c768 tclass=file permissive=0


Bug: 184608648
Test: verified with the forrest ROM and error log gone
Change-Id: Id9cdf15478c751de92a9a84bcfdc8233d6e9d294
 2021-04-09 04:33:13 +00:00
Eddie Tashjian
5bbdd82a4e Merge "Add TCP dump permissions." into sc-dev 2021-04-08 18:25:30 +00:00
Craig Dooley
cd888e847f Merge "Fix SELinux errors with aocd" into sc-dev 2021-04-08 17:27:56 +00:00
Craig Dooley
3d4d9159c9 Fix SELinux errors with aocd 
Add inotify support for /dev
Fix the aoc vendor property

Bug: 184173298
Change-Id: I40a71edd56b2d51f848085c43ae1d10a4c2c0c4b
 2021-04-08 03:59:23 +00:00
Eddie Tashjian
b2fb9cdace Add TCP dump permissions. 
Copy selinux policy for tcp dump binary from previous Pixel to support
TCP logging on P21 through PixelLogger.

Bug: 184777243
Test: Check PixelLogger TCP dump works.
Change-Id: Id958c8a3e6375a7aae569d6fc94deb9f8072b57b
 2021-04-08 03:13:55 +00:00
yixuanjiang
7e8fca8041 whitechapel: add permission for pixellogger set audio property 
Bug: 184708066
Test: local test
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I6a43959fc3565db8d2a1679ce722c11f58398794
 2021-04-07 07:06:53 +00:00
Yu-Chi Cheng
f27370db65 Allowed EdgeTPU service to read system properties related to vendor. 
The EdgeTPU service will read properties including
"vendor.edgetpu.service.allow_unlisted_app". This change added the
related SELinux rule for it.

Bug: 182209462
Test: tested on local Oriole + GCA
Change-Id: I8e7f7975bf144593d00a305554d75a5e0200a428
 2021-04-01 11:40:36 -07:00
gillianlin
52a776889c Fix SELinux error from vendor_init 
03-17 09:12:55.380     1     1 I /system/bin/init: type=1107 audit(0.0:3): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=mfgapi.touchpanel.permission pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1'

Bug: 182954248
Change-Id: I9ffff1aab20577950cb43c35d788e6a9c9acd571
 2021-04-01 10:16:41 +08:00
millerliang
f01cb384d8 Fix MMAP audio avc denied 
03-30 16:45:16.840   738   738 I auditd  : type=1400 audit(0.0:76): avc:
denied { read } for comm="HwBinder:738_2"
name="u:object_r:audio_prop:s0" dev="tmpfs" ino=87
scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:audio_prop:s0
tclass=file permissive=0
03-30 16:45:16.980   644   644 I auditd  : type=1400 audit(0.0:78): avc:
denied { map } for comm="audioserver" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=977 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0

Bug: 165737390
Test: verified with the forrest ROM and error log gone
Change-Id: I1c8721a051844d3410cffa23411a434c832b416e
 2021-03-31 15:51:32 +08:00
SalmaxChang
2797490192 Update vendor_modem_prop and add rules for mds 
Bug: 181185131
Change-Id: Ie709e08152d23428a687c949359316206843b9fa
 2021-03-18 04:48:19 +00:00
Isaac Chiou
73ce34397a Wifi: Add sepolicy files for wifi_ext service 
This commit adds the sepolicy related files for wifi_ext service.

Bug: 171944352
Bug: 177966433
Bug: 177673356
Test: Manual
Change-Id: I1613e396fd4c904ed563dfd533fb4b8f807f9657
 2021-03-08 19:36:29 +08:00
Robin Peng
5009efa776 Move slider-sepolicy into gs101-sepolicy 
from: 71e609c24c97fc8d44843af30527cbeb90d5dcdf

Bug: 167996145
Change-Id: Ie00e7e0983a3ca695bbd5140c929d07a80144301
 2021-03-06 16:15:39 +08:00