Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3861 commits 1 branch 0 tags 494 MiB
Commit graph

29 commits

Author SHA1 Message Date
Jin Jeong
15e1832396 Revert "Fix SELinux error for com.google.android.euicc" 
Revert submission 22899490-euicc_selinux_fix

Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Bug: 279988311
Reverted changes: /q/submissionid:22899490-euicc_selinux_fix

Change-Id: I72da756853a540d6251e074313b1880c9c9038e8
 2023-05-16 12:18:21 +00:00
Jinyoung Jeong
42a0c82065 Fix SELinux error for com.google.android.euicc 
bug: 279548423
Test: http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Change-Id: I00bdf71f04eec985147189eb1b474c7ff6797023
 2023-04-28 13:39:35 +00:00
Nicolas Geoffray
677dcd1685 Also put .ShannonImsService in the vendor_ims_app domain. am: 356b4a4755 am: 5db7a3cc58 am: ed07258d24 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2335444

Change-Id: I1a44378cddf8b63c5a67e34786cfc76c75492f73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-08 21:07:53 +00:00
Nicolas Geoffray
356b4a4755 Also put .ShannonImsService in the vendor_ims_app domain. 
For consistency when running com.shannon.imsservice code.

Test: m
Bug: 260557058
Change-Id: I5242479d32eb9362326544516c06e6a52cd30a6e
 2022-12-08 14:39:19 +00:00
Denny cy Lee
ea1580002f HwInfo: Move hardware info sepolicy to pixel common 
Bug: 215271971
Test: no sepolicy for hardware info

Signed-off-by: Denny cy Lee <dennycylee@google.com>
Change-Id: Ia7bfd171fe724848e9a6f0c1adab59402d2788a9
 2022-08-02 07:43:56 +00:00
Roshan Pius
34c5b9b239 gs-sepolicy(uwb): Changes for new UCI stack 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Test: Manual Tests
Change-Id: I2c7c2466f42317d643634e24b1efb1855e673d09
 2022-03-06 18:15:16 -08:00
Myung-jong Kim
99e75b6ab9 [RCS] Update sepolicy for RCS 
Fix seapp_contexts sepolicy for shannon-rcs, where
:shannonrcsservice process exceptions are not handled

Bug: 190581528
Signed-off-by: Myung-jong Kim <mj610.kim@samsung.com>
Change-Id: I15cbf103cea70f6db878305a8fca6b35aa521f9b
 2021-07-07 10:57:12 -07:00
Sungwoo choi
5aaa0f6044 gs101-sepolicy: add oemrilservice_app.te 
Seperate oemrilservice_app.te from vendor_telephony_app.te.
  - target process: com.samsung.slsi.telephony.oemril
  - selabel: oemrilservice_app
  - allow to find app_api_service
  - allow to find radio_service
  - allow to find vendor HAL
  - a binder communication with rild

Bug: 191830874
Test: Manual

Signed-off-by: Sungwoo choi <sungwoo48.choi@samsung.com>
Change-Id: I5e31b4a16f0b4d25bf4889da0150084937354808
 2021-06-23 16:51:57 +08:00
Srinivas Patibandla
51c891fa7b Update time sync seinfo to not use platform signature 
Bug: b/190695230
Change-Id: I2dbee2e624c8794b3aa9ff85d8985a15ee159a0f
 2021-06-21 14:47:28 +00:00
TreeHugger Robot
77cbbc1237 Merge "Add CccDkTimeSyncService" into sc-dev 2021-06-04 21:23:24 +00:00
jznpark
3d127f9224 [RCS] Add sepolicy for RCS as non-system app 
As shannon-rcs has been changed from system app
to non-system app, sepolicy has to be updated.

Bug: 186135775
Bug: 189707387
Test: sanity test
Signed-off-by: jznpark <jzn.park@samsung.com>
Change-Id: I32cce90611c619494136a6b1d01b3fb48330d169
 2021-06-03 13:30:26 -07:00
Harpreet Eli Sangha
e952c414ec Add CccDkTimeSyncService 
Bug: 183676280
Test: Build and run example client.
Signed-off-by: Harpreet Eli Sangha <eliptus@google.com>
Change-Id: I862d5f3e8be3cf7d23489be374fabf26e29e0ca5
 2021-05-26 16:59:51 +00:00
Grace Chen
4b59c5b98e Add selinux permissions for NFC/eSIM firmware upgrade and recovery 
Bug: 181246088
Test: Confirm selinux permissions.
Change-Id: I71c59d1afc50e273b840cd2df7600b4e806c0661
 2021-05-12 10:07:55 -07:00
Thierry Strudel
03f4884884 com.qorvo.uwb: signed with dedicated key and running as android.uid.uwb uid 
Test:
05-11 21:05:48.077   786   786 I qorvo.uwb.main: UWB HAL start
05-11 21:05:48.078   412   412 I servicemanager: Found hardware.qorvo.uwb.IUwb/default in device VINTF manifest.
05-11 21:05:50.960  1639  1639 W PackageSettings: Missing permission state for package: com.qorvo.uwbtestapp.system
05-11 21:05:53.530  1639  1639 V StorageManagerService: Package com.qorvo.uwb does not have legacy storage
05-11 21:05:53.548  1639  1639 V StorageManagerService: Package com.qorvo.uwbtestapp.system does not have legacy storage
05-11 21:05:56.571  1639  1902 I am_proc_start: [0,3055,1083,com.qorvo.uwb,added application,com.qorvo.uwb]
05-11 21:05:56.571  1639  1902 I ActivityManager: Start proc 3055:com.qorvo.uwb/1083 for added application com.qorvo.uwb
05-11 21:05:56.653  1639  2264 I am_proc_bound: [0,3055,com.qorvo.uwb]
05-11 21:05:56.709  3055  3055 I TetheringManager: registerTetheringEventCallback:com.qorvo.uwb
05-11 21:05:56.710  3055  3055 V GraphicsEnvironment: ANGLE Developer option for 'com.qorvo.uwb' set to: 'default'
05-11 21:06:05.045  1639  1900 I am_pss  : [3055,1083,com.qorvo.uwb,5719040,4239360,0,88702976,2,0,6]
05-11 21:06:07.233  1639  1981 I am_compact: [3055,com.qorvo.uwb,all,84816,39052,44628,0,-816,0,-816,816,26,0,0,-800,0,1921532,-768]
05-11 21:06:38.442   786   786 I qorvo.Uwb: open
05-11 21:06:38.443   786   786 I qorvo.uwb.McpsUtils: ListHardware
05-11 21:06:38.443   786   786 I qorvo.uwb.NlSocket: SendAndAwaitResponse
05-11 21:06:38.443   786   786 I qorvo.uwb.NlSocket: SendAndAwaitResponse: Read message
05-11 21:06:38.443   786   786 I qorvo.uwb.IeeeUtils: ListDevices
05-11 21:06:38.443   786   786 I qorvo.uwb.NlSocket: SendAndAwaitResponse
05-11 21:06:38.443   786   786 I qorvo.uwb.NlSocket: SendAndAwaitResponse: Read message
05-11 21:06:38.443   786   786 I qorvo.uwb.UwbIface: Load calibration on wpan0, hw index: 0
05-11 21:06:38.445   786   786 I qorvo.uwb.NlSocket: SendAndAwaitResponse
05-11 21:06:38.445   786   786 I qorvo.uwb.NlSocket: SendAndAwaitResponse: Read message
05-11 21:06:38.445   786   786 I qorvo.uwb.UwbIface: Load properties on wpan0, hw index: 0
05-11 21:06:38.446   786   786 I qorvo.Uwb: getIface
05-11 21:06:38.449   786   786 I qorvo.uwb.UwbIface: firaController
05-11 21:06:38.449   786   786 I qorvo.Uwb: listHardwareIndex
05-11 21:06:38.449   786   786 I qorvo.uwb.McpsUtils: ListHardware
05-11 21:06:38.449   786   786 I qorvo.uwb.NlSocket: SendAndAwaitResponse
05-11 21:06:38.450   786   786 I qorvo.uwb.NlSocket: SendAndAwaitResponse: Read message
05-11 21:06:38.450   786   786 I qorvo.Uwb: getIface
05-11 21:06:38.450   786   786 I qorvo.uwb.UwbIface: cccController

Bug: 187766150
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Change-Id: Ie667a666a445e907aa99542f1c52046522b5dd02
 2021-05-12 04:07:58 +00:00
Seungah Lim
72e6339123 iwlan: update sepolicy for qualifiednetworksservice 
Bug: 185942456
Test: VoLTE/VoWifi

Change-Id: I352bb933e577b11bb052a297d17776ff0a5f3a75
Signed-off-by: Seungah Lim <sss.lim@samsung.com>
 2021-05-07 17:14:00 +08:00
Taesoon Park
b6f2b0bad9 Remove platform certification from imsservice 
The platform certification is removed form com.shannon.imsservice.
So, remove seinfo from com.shannon.imsservice item.

Bug: 186135657
Test: VoLTE and VoWiFi

Signed-off-by: Taesoon Park <ts89.park@samsung.com>
Change-Id: Ie493abfd7a146766ad819bb7a5240d9f1e2f1d0e
 2021-04-29 11:28:08 +08:00
Roshan Pius
8119d482ed Uwb: Create a new Uwb system service 
Move the vendor service to a different name which will be used by AOSP
uwb service.

Also, create a new domain for the UWB vendor app which can expose this
vendor service.

Denials:
04-12 16:38:38.282   411   411 E SELinux : avc:  denied  { find } for pid=2964
uid=1000 name=tethering scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=0

04-12 17:56:49.320   411   411 E SELinux : avc:  denied  { find } for pid=2964
uid=1000 name=hardware.qorvo.uwb.IUwb/default scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:hal_uwb_service:s0 tclass=service_manager permissive=0

04-12 20:13:37.952  3034  3034 W com.qorvo.uwb: type=1400 audit(0.0:8): avc: denied
{ getattr } for path="/data/user/0/com.qorvo.uwb" dev="dm-11" ino=7176
scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0
tclass=dir permissive=0

04-12 20:13:38.003   408   408 E SELinux : avc:  denied  { find } for pid=3034
uid=1000 name=content_capture scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=0

04-12 21:25:03.244  2992  2992 W com.qorvo.uwb: type=1400 audit(0.0:7): avc: denied
{ getattr } for path="/data/user/0/com.qorvo.uwb" dev="dm-11" ino=7176
scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768 tcontext=u:object_r:
system_app_data_file:s0:c232,c259,c512,c768 tclass=dir permissive=0

Bug: 183904955
Test: atest android.uwb.cts.UwbManagerTest
Change-Id: Iecb871902ebe7d110f2deb9ddb960c1a3945d8e9
 2021-04-13 17:54:42 -07:00
TreeHugger Robot
421bee976b Merge "logger_app: Remove Pixelize rule" into sc-dev 2021-04-13 11:54:20 +00:00
jimsun
17f08b3cba gs101: fix grilservice context 
The app is no longer signed with the platform key.

Bug: 162313924
Test: verify gril service function works normally
Change-Id: I9bf0494e65cafca9432665be199c30508d36417e
 2021-04-09 02:48:30 +00:00
chenpaul
7376656ff4 logger_app: Remove Pixelize rule 
In original design, pixellogger was included in Pixelize mk file,
but the sepolicy are defined by the product specific te file.
These are not aligned and have dependency concern if add new sepolicy rule
in Pixelize te file.

This change remove the Pixelize rule from the device specifc te file.
And the Pixelize rule will be defined by
hardware/google/pixel-sepolicy/logger_app/logger_app.te

Bug: 159650456
Test: Pixel Logger is workable
Change-Id: If13e05b7979f7be02a728b40f8032b81f7c53e06
 2021-04-07 21:31:32 +08:00
Grace Chen
a4b253476c Add selinux permissions for NFC/eSIM fw upgrade 
Bug: 183709811
Test: Confirm no selinux permissions errors.
Change-Id: Ibd98558a2446567d4beb1f6b88acafc05c3c1951
 2021-04-05 15:38:59 -07:00
Eddie Tashjian
44799a27ba Add sepolicy for CBRS setup app. 
Bug: 182519609
Test: Test CBRS setup
Change-Id: I3ee27dd80eb0484c9cf2c6be0c63aee996383f7f
 2021-03-30 18:06:14 -07:00
Adam Shih
692faeedaf fix reset problem caused by ims 
Bug: 183209764
Test: unplug device, reboot, enter sim code and survived
Change-Id: I23c39290731a76ec4a364e4f92d3994254d70eae
 2021-03-24 14:31:31 +08:00
Hongbo Zeng
4211025746 Fix denials for ril_config_service_app 
- RilConfigService is a common google project in vendor/google/tools,
  sync related rules from the previous project(ag/6697240, ag/7153946)
  to allow it to:
  (1) receive intents
  (2) update database files under /data/vendor/radio
  (3) update RIL properties
- Two new denials found in this project only:
  avc: denied { search } for name="data" dev="dm-7" ino=93
      scontext=u:r:ril_config_service_app:s0
      tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=1
  avc: denied { search } for name="0" dev="dm-7" ino=192
      scontext=u:r:ril_config_service_app:s0
      tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=1

Bug: 182715439
Test: apply these rules and check there is no denial for
      RilConfigService finally
Change-Id: Icfb0e121d0d11600bda900dff0511187518105ab
 2021-03-23 17:22:33 +08:00
Hsiaoan Hsu
46fedc2148 Add Sepolicy rule for connectivity monitor app 
sync sepolicy from previous projects.

Bug: 182715920
Test: build pass. connetivity monitor service running successfully.
Change-Id: Id5606b5db74fbf672ac41549862a83557734ac57
 2021-03-16 15:48:53 +08:00
SalmaxChang
b70e0bebdd MDS: Fix avc errors 
avc: denied { search } for name="vendor" dev="tmpfs" ino=2 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { search } for name="vendor" dev="tmpfs" ino=2 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { search } for comm=4173796E635461736B202332 name="radio" dev="dm-9" ino=242 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { call } for comm=4173796E635461736B202331 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=1 app=com.google.mds
avc: denied { write } for name="property_service" dev="tmpfs" ino=316 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1 app=com.google.mds
avc: denied { read } for name="u:object_r:vendor_modem_prop:s0" dev="tmpfs" ino=289 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=file permissive=1 app=com.google.mds
avc: denied { search } for comm=4173796E635461736B202331 name="chosen" dev="sysfs" ino=9330 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs_chosen:s0 tclass=dir permissive=1 app=com.google.mds

Bug: 181185131
Bug: 179110848

Change-Id: I1ac00b68e2db44cc86f6b5c70001cda78264ff6e
 2021-03-16 02:27:54 +00:00
Calvin Pan
47bf48c03b Fix avc denied in OMA DM 
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:493): avc: denied { search } for comm="IntentService[D" name="radio" dev="dm-6" ino=242 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:493): avc: denied { search } for name="radio" dev="dm-6" ino=242 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:494): avc: denied { getattr } for comm="IntentService[D" path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:494): avc: denied { getattr } for path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:495): avc: denied { setattr } for comm="IntentService[D" name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:495): avc: denied { setattr } for name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:496): avc: denied { append } for comm="IntentService[D" name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:496): avc: denied { append } for name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:497): avc: denied { open } for comm="IntentService[D" path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:497): avc: denied { open } for path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service

03-10 11:57:07.155   386   386 E SELinux : avc:  denied  { find } for pid=8406 uid=10141 name=autofill scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
03-10 11:57:07.155   386   386 I auditd  : avc:  denied  { find } for pid=8406 uid=10141 name=autofill scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1

03-10 12:26:05.904   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=activity scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.904   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=activity scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.931   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=activity_task scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.931   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=activity_task scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.960   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=SurfaceFlinger scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.960   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=SurfaceFlinger scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.960   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=gpu scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.960   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=gpu scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
03-10 12:26:06.041   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=audio scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
03-10 12:26:06.041   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=audio scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1

03-10 12:35:40.653   387   387 E SELinux : avc:  denied  { find } for pid=8328 uid=10141 name=tethering scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=1
03-10 12:35:40.654   387   387 I auditd  : avc:  denied  { find } for pid=8328 uid=10141 name=tethering scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=1
03-10 12:35:40.658   387   387 E SELinux : avc:  denied  { find } for pid=8328 uid=10141 name=isub scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1
03-10 12:35:40.658   387   387 I auditd  : avc:  denied  { find } for pid=8328 uid=10141 name=isub scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1

Bug: 173990082
Test: Trigger OMA DM
Change-Id: Ie66ecd1c9d80f7b12a4545f3651dd2c5f02b119b
 2021-03-10 15:54:08 +08:00
Aaron Tsai
5e63caa568 Fix selinux error for vendor_telephony_app 
// b/174961423
[   43.295540] type=1400 audit(1607136492.652:21): avc: denied { open } for comm="y.silentlogging" path="/dev/__properties__/u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=261 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1
[   43.295445] type=1400 audit(1607136492.652:20): avc: denied { read } for comm="y.silentlogging" name="u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=261 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1
[   43.290494] type=1400 audit(1607136492.648:19): avc: denied { search } for comm="y.silentlogging" name="com.samsung.slsi.telephony.silentlogging" dev="dm-6" ino=3751 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=1
[   43.267396] type=1400 audit(1607136492.624:18): avc: denied { getattr } for comm="y.silentlogging" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-6" ino=3751 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=1
[   43.267076] type=1400 audit(1607136492.624:17): avc: denied { search } for comm="y.silentlogging" name="data" dev="dm-6" ino=87 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=1

// b/176868380
[   44.640326] type=1400 audit(1609377760.052:32): avc: denied { search } for comm="y.silentlogging" name="0" dev="dm-6" ino=181 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=1
[   44.705763] type=1400 audit(1609377760.120:36): avc: denied { search } for comm="ephony.testmode" name="0" dev="dm-6" ino=181 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=1
[   44.649879] type=1400 audit(1609377760.064:33): avc: denied { getattr } for comm="y.silentlogging" path="/dev/__properties__/u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=261 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1
[   44.649981] type=1400 audit(1609377760.064:34): avc: denied { map } for comm="y.silentlogging" path="/dev/__properties__/u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=261 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1
[   44.650286] type=1400 audit(1609377760.064:35): avc: denied { search } for comm="y.silentlogging" name="slog" dev="dm-6" ino=228 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=1

// b/177176900
[   46.609809] type=1400 audit(1610075109.964:21): avc: denied { getattr } for comm="ephony.testmode" path="/dev/__properties__/u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=266 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1
[   46.609747] type=1400 audit(1610075109.964:20): avc: denied { open } for comm="ephony.testmode" path="/dev/__properties__/u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=266 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1
[   46.609580] type=1400 audit(1610075109.960:19): avc: denied { read } for comm="ephony.testmode" name="u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=266 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1
[   46.609867] type=1400 audit(1610075109.964:22): avc: denied { map } for comm="ephony.testmode" path="/dev/__properties__/u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=266 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1

// b/179437464
02-05 09:46:38.796   376   376 E SELinux : avc:  denied  { find } for pid=9609 uid=1000 name=activity scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
02-05 09:46:38.894   376   376 E SELinux : avc:  denied  { find } for pid=9631 uid=1000 name=thermalservice scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
02-05 09:46:38.825   376   376 E SELinux : avc:  denied  { find } for pid=9609 uid=1000 name=tethering scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=1


Bug: 174961423
Bug: 176868380
Bug: 177176900
Bug: 179437464

Test: verified with the forrest ROM and error log gone
Change-Id: Ibd2dfb61eb58b381504ac43595e99695a5e21b7e
 2021-03-08 15:48:34 +08:00
Robin Peng
5009efa776 Move slider-sepolicy into gs101-sepolicy 
from: 71e609c24c97fc8d44843af30527cbeb90d5dcdf

Bug: 167996145
Change-Id: Ie00e7e0983a3ca695bbd5140c929d07a80144301
 2021-03-06 16:15:39 +08:00