Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3861 commits 1 branch 0 tags 494 MiB
Commit graph

1434 commits

Author SHA1 Message Date
Darren Hsu
f11f53a3ae Allow hal_power_stats to read sysfs_aoc_dumpstate 
avc: denied { read } for comm="android.hardwar" name="restart_count"
dev="sysfs" ino=72823 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs_aoc_dumpstate:s0 tclass=file permissive=0

Bug: 226173008
Test: check bugreport without avc denials
Change-Id: Ife3a7e00a1ffbcbed7fd8b744f2ac8910931a5fb
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-25 11:19:20 +08:00
Darren Hsu
22def09e8a Allow hal_power_stats to read sysfs_aoc_dumpstate 
avc: denied { read } for comm="android.hardwar" name="restart_count"
dev="sysfs" ino=72823 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs_aoc_dumpstate:s0 tclass=file permissive=0

Bug: 226173008
Test: check bugreport without avc denials
Change-Id: Iccd8e4475ba6055d07aedc43de72bd39e6674469
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-24 14:53:24 +08:00
Stephane Lee
282c77a88f Fix off-mode (charger) sepolicy for the health interface am: 84a06151a3 am: c35357078d am: 620e6038e2 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2039624

Change-Id: I1da177501cfa887962e7a8133e4b568db9624025
 2022-03-24 05:14:06 +00:00
Stephane Lee
620e6038e2 Fix off-mode (charger) sepolicy for the health interface am: 84a06151a3 am: c35357078d 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2039624

Change-Id: Ia59f2cdb6b014a802edad3b76f135a69c21002e9
 2022-03-24 04:37:58 +00:00
Jack Wu
d43cfef11c sepolicy: gs101: fix charger_vendor permission denied am: b67138e8ae am: 28efee70de 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2039623

Change-Id: I1802a01e50797f41a63ba0073f5f032a8d49939b
 2022-03-24 04:37:57 +00:00
Stephane Lee
84a06151a3 Fix off-mode (charger) sepolicy for the health interface 
Bug: 223537397
Test: Ensure that there are no selinux errors for sysfs_batteryinfo in
   off-mode charging

Change-Id: I46fa1b7552eb0655d0545538142131465a337f23
Merged-In: I46fa1b7552eb0655d0545538142131465a337f23
 2022-03-23 11:30:31 -07:00
Jack Wu
b67138e8ae sepolicy: gs101: fix charger_vendor permission denied 
[   27.025458][  T443] type=1400 audit(1644391560.640:11): avc: denied { search } for comm="android.hardwar" name="vendor" dev="tmpfs" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0
[   26.563658][  T447] type=1400 audit(1644397622.588:5): avc: denied { search } for comm="android.hardwar" name="/" dev="sda1" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
[   27.198144][  T442] type=1400 audit(1644398156.152:5): avc: denied { search } for comm="android.hardwar" name="battery" dev="sda1" ino=12 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=dir permissive=0
[   27.327035][  T443] type=1400 audit(1644398785.276:5): avc: denied { read } for comm="android.hardwar" name="defender_active_time" dev="sda1" ino=17 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=file permissive=0
[   27.355009][  T443] type=1400 audit(1644398785.276:6): avc: denied { write } for comm="android.hardwar" name="defender_charger_time" dev="sda1" ino=16 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=file permissive=0
[   26.771705][  T444] type=1400 audit(1644379988.804:4): avc: denied { read } for comm="android.hardwar" name="specification_version" dev="sysfs" ino=56257 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0
[   27.898684][  T445] type=1400 audit(1644392754.928:8): avc: denied { read } for comm="android.hardwar" name="thermal_zone6" dev="sysfs" ino=15901 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=lnk_file permissive=0
[   29.180076][  T447] type=1400 audit(1644397625.200:9): avc: denied { write } for comm="android.hardwar" name="mode" dev="sysfs" ino=15915 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0
[   27.043845][  T444] type=1400 audit(1644379988.808:9): avc: denied { search } for comm="android.hardwar" name="thermal" dev="tmpfs" ino=899 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=0
[   27.064916][  T444] type=1400 audit(1644379988.808:10): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_battery_defender_prop:s0" dev="tmpfs" ino=306 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=file permissive=0
[   27.356266][  T444] type=1107 audit(1644404450.376:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.battery.defender.state pid=457 uid=1000 gid=1000 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=property_service permissive=0'

Bug: 218485039
Test: manually test, no avc: denied
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I091dbbca35fb833e59fdbc234d74b90bfe74014c
Merged-In: I091dbbca35fb833e59fdbc234d74b90bfe74014c
 2022-03-23 11:27:45 -07:00
Roshan Pius
3ffd8035a2 gs-policy: Remove obsolete uwb vendor service rules 
This service no longer exists in the UCI stack.

Bug: 186585880
Test: Manual UWB tests
Change-Id: I198a20f85cb24f9e38035fa037609d6541640d9e
 2022-03-21 09:19:16 -07:00
Darren Hsu
186f2306d7 sepolicy: reorder genfs labels for system suspend am: 2018f942a7 am: 83e88065fc 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2026063

Change-Id: I732b1d982c15846e2b9ae1365894b4d0ea0f424f
 2022-03-17 03:55:26 +00:00
samou
753edef5f6 Move ODPM file rule to pixel sepolicy 
Bug: 213257759
Change-Id: Ic9a89950a609efe5434dfedc0aa023312c4192d9
 2022-03-16 06:05:52 +00:00
Darren Hsu
2018f942a7 sepolicy: reorder genfs labels for system suspend 
Bug: 223683748
Test: check bugreport without relevant avc denials
Change-Id: I66ede69d94bb3cb1a446e1cd5f3250b6f9b7f7e9
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-15 11:48:39 +08:00
TreeHugger Robot
e4dfe23d99 Merge "sepolicy: reorder genfs labels for system suspend" into tm-dev 2022-03-15 02:52:34 +00:00
TreeHugger Robot
85f293ab62 Merge "gs-sepolicy(uwb): Changes for new UCI stack" into tm-dev 2022-03-14 16:09:09 +00:00
TeYuan Wang
6052118e99 Move libperfmgr thermal rules to pixel-sepolicy am: f7aba10674 am: fe826745b3 am: faec59da79 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2020535

Change-Id: I44c643184de6294c407c9fc1670b0631faac3e45
 2022-03-14 06:22:59 +00:00
TeYuan Wang
faec59da79 Move libperfmgr thermal rules to pixel-sepolicy am: f7aba10674 am: fe826745b3 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2020535

Change-Id: I919c688388bcd8cc320068f6139432b58b3f0ea4
 2022-03-14 06:02:51 +00:00
eddielan
17f6a0a1ba sepolicy: Add policy for persist.vendor.udfps 
Bug: 222175797
Test: Build Pass
Change-Id: I978325adb5cf25a590b307a38ce2deac4034e656
 2022-03-14 10:57:53 +08:00
TeYuan Wang
f7aba10674 Move libperfmgr thermal rules to pixel-sepolicy 
Bug: 213257759
Bug: 188579571
Test: build
Change-Id: I9893d53055594bfb4e4dba3d68b53f0fe132617d
 2022-03-10 21:28:33 +08:00
Kris Chen
9b54bf3665 Allow hal_fingerprint_default to access fwk_sensor_hwservice 
Fix the following avc denial:
avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_fingerprint_default:s0 pid=1258 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 197789721
Test: build and test fingerprint on device.
Change-Id: I7494f28e69e5a1b660dc7fbaa528b1088048723b
 2022-03-10 16:53:22 +08:00
Darren Hsu
44fcba7efd sepolicy: reorder genfs labels for system suspend 
Bug: 223683748
Test: check bugreport without relevant avc denials
Change-Id: I66ede69d94bb3cb1a446e1cd5f3250b6f9b7f7e9
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-10 09:19:31 +08:00
Michael Eastwood
ecb7a69d78 Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" am: 82a110ba3b am: a45d075fd0 am: ada03db5e0 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2016899

Change-Id: Ic6e51b5ea87b5d682f406a9711d39d80c4b29a9c
 2022-03-09 18:55:19 +00:00
Michael Eastwood
ada03db5e0 Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" am: 82a110ba3b am: a45d075fd0 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2016899

Change-Id: I2b73c3f4576a4f42f76afbf7b8e75fd3be838107
 2022-03-09 18:32:59 +00:00
Michael Eastwood
82a110ba3b Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" 2022-03-09 17:31:28 +00:00
Michael Eastwood
f648f3c989 Update SELinux policy to allow camera HAL to send Perfetto trace packets 
Example denials:

03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr
aced:s0 tclass=fd permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext
=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:
object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1

Bug: 222684359
Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto.
Change-Id: I0180c6bccf8cb65f444b8fb687ab48422c211bac
 2022-03-08 13:54:34 -08:00
Darren Hsu
c3d3c574f4 sepolicy: fix VTS failure for SuspendSepolicyTests 
Label the common parent wakeup path instead of each
individual wakeup source to avoid bloating the genfs
contexts.

Bug: 221174227
Test: run vts -m SuspendSepolicyTests
Change-Id: I83a074840198aba323805fd455ee78a0e57174ac
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-08 20:57:42 +08:00
Roshan Pius
34c5b9b239 gs-sepolicy(uwb): Changes for new UCI stack 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Test: Manual Tests
Change-Id: I2c7c2466f42317d643634e24b1efb1855e673d09
 2022-03-06 18:15:16 -08:00
Tri Vo
56b17a34c8 Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada am: 22f2ffcbee am: a5ccc7efa8 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441

Change-Id: I58998bc0820db2eeb6f2362a604aaff81159594e
 2022-03-04 18:50:56 +00:00
Tri Vo
a5ccc7efa8 Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada am: 22f2ffcbee 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441

Change-Id: Ie2af054a900f32cbde1352ba9f708e163f76d86c
 2022-03-04 18:29:27 +00:00
Tri Vo
22f2ffcbee Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441

Change-Id: I7b9186af0cb135241e23504fa9d6f7c3d6718c7c
 2022-03-04 18:06:53 +00:00
Tri Vo
fbf92e2ada Merge "Don't audit storageproxyd unlabeled access" 2022-03-04 17:45:37 +00:00
Midas Chien
0e1e0e2830 [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Merged-In: I5ca811f9500dc452fe6832dd772376da51f675a8
Change-Id: I5ca811f9500dc452fe6832dd772376da51f675a8
 2022-03-04 10:48:08 +00:00
Midas Chien
08c3646fc1 Merge "Allow composer to read panel_idle_handle_exit sysfs node" into tm-dev 2022-03-04 06:55:05 +00:00
Tri Vo
03fef48542 Don't audit storageproxyd unlabeled access 
Test: m sepolicy
Bug: 197502330
Change-Id: I794dac85e475434aaf024027c43c98dde60bee27
 2022-03-03 13:12:17 -08:00
TreeHugger Robot
c865c80379 Merge "Add sepolicy rules for fingerprint hal" into tm-dev 2022-03-02 02:40:58 +00:00
Robert Lee
e5cf8beff3 Fix selinux error for aocd 
allow write permission to fix following error
auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm="aocd" name="aoc" dev="tmpfs" ino=497 scontext=u:r:aocd:s0 tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=0

Bug: 198490099
Test: no avc deny when enable no_ap_restart
Change-Id: Ia72ee36137d78f969c28bf22647443cef45d186a
Signed-off-by: Robert Lee <lerobert@google.com>
 2022-03-01 09:13:46 +00:00
Kris Chen
e0c6120237 Add sepolicy rules for fingerprint hal 
Fix the following avc denial:
avc: denied { set } for property=vendor.gf.cali.state pid=1152 uid=1000 gid=1000 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 219372997
Bug: 220263520
Test: No above avc denial in logcat.
Change-Id: I93ace30c67e04bc836bfba050028a1f25af641d5
 2022-03-01 15:05:42 +08:00
Midas Chien
acd4220ac9 Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Change-Id: I5ca811f9500dc452fe6832dd772376da51f675a8
 2022-02-25 23:07:09 +08:00
Jason Macnak
28a21a48e0 Remove sysfs_gpu type definition 
... as it has moved to system/sepolicy.

Bug: b/161819018
Test: presubmit
Change-Id: I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7
Merged-In: I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7
 2022-02-24 22:23:41 +00:00
Edwin Wong
6b7fff8497 Merge "whitechapel: sepolicy for Widevine AIDL HAL" into tm-dev 2022-02-23 01:08:19 +00:00
Aaron Tsai
e704af0ed7 Fix selinux error for system_app am: 05565c1f14 am: d2d83c8e2d am: 84bacff9ab 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1992670

Change-Id: I6e91791926ff7d840c7317fbf5d9656338960132
 2022-02-22 02:29:22 +00:00
Aaron Tsai
84bacff9ab Fix selinux error for system_app am: 05565c1f14 am: d2d83c8e2d 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1992670

Change-Id: Ibdbeeee937e4c856adfebad71a956a343b820dfa
 2022-02-22 01:56:28 +00:00
Aaron Tsai
d2d83c8e2d Fix selinux error for system_app am: 05565c1f14 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1992670

Change-Id: Ia3c6c0aae82c19a5d1c019cce2700c5e64c8bb11
 2022-02-22 01:35:41 +00:00
Aaron Tsai
05565c1f14 Fix selinux error for system_app 
01-26 05:04:53.364   440   440 I auditd  : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:system_app:s0 pid=3063 scontext=u:r:system_app:s0 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 216531913
Test: verified with the forrest ROM and error log gone

Change-Id: I73d45f3cf1fe0bd918bb4856ce554e81702e4ff9
Merged-In: I73d45f3cf1fe0bd918bb4856ce554e81702e4ff9
 2022-02-21 12:16:45 +08:00
Robert Shih
cb04f5981f whitechapel: sepolicy for Widevine AIDL HAL 
Bug: 219538389
Test: atest GtsMediaTestCases
Change-Id: I431554dcbef014f8235f048ee062a218a2131f9c
 2022-02-20 12:35:22 -08:00
Junkyu Kang
86d20c2552 Add persist.vendor.gps to sepolicy am: 9244051b35 am: a5b052c132 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1989989

Change-Id: I0844fbc02141fc6efa77d0cd47d00fd56a15f3e2
 2022-02-18 07:12:19 +00:00
Junkyu Kang
a5b052c132 Add persist.vendor.gps to sepolicy am: 9244051b35 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1989989

Change-Id: Ibb1a3b4cca8fa3549eeef548d0939829413e8af1
 2022-02-18 06:50:19 +00:00
TreeHugger Robot
d95da03285 Merge "Add hal_usb_impl permission" 2022-02-17 16:42:12 +00:00
Midas Chien
943cb1278a Merge "Allow composer to read panel_idle sysfs node" 2022-02-17 09:17:44 +00:00
Junkyu Kang
9244051b35 Add persist.vendor.gps to sepolicy 
Bug: 196002632
Test: PixelLogger can modify persist.vendor.gps.*
Change-Id: I3fdaf564eacec340003eed0b5845a2c08922362c
Merged-In: I3fdaf564eacec340003eed0b5845a2c08922362c
 2022-02-17 08:55:49 +00:00
Midas Chien
32307ac30d Allow composer to read panel_idle sysfs node 
Change panel_idle selinux type to sysfs_display to allow composer can
read it.

Bug: 198808492
Bug: 219857957
Test: ls -Z to check selinux type
Test: make sure init(write) and composer(read) can access it
Change-Id: I77ae701a73a047b26b4ebb3c9d482c8cb9220999
 2022-02-16 16:28:06 +08:00
Junkyu Kang
26e6d6f2b6 Merge "Add persist.vendor.gps to sepolicy" 2022-02-16 08:16:05 +00:00