Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
338 commits 1 branch 0 tags 494 MiB
Commit graph

338 commits

This branch
This branch
All branches
Author SHA1 Message Date
Adam Shih
ebeae6abc3 label uwb service to prevent reset after unplugging USB 
Bug: 182953824
Test: unplug USB under enforcing mode
Change-Id: Ib4bdf9b9339fc631d045bde57f78a46ce3ca8b6e
 2021-03-17 15:25:27 +08:00
TreeHugger Robot
b8ec327d5c Merge "sensors: Add sensor related rule to chre." into sc-dev 2021-03-17 06:28:41 +00:00
Hridya Valsaraju
a570dc6991 Add a label for Pixel DMA-BUF heap tracepoints 
These tracepoint are the DMA-BUF equivalents to the ION tracepoints.
They expose the size of the DMA-BUF, unique inode number of the DMA-BUF
and total size of all DMA-BUFs exported from the DMA-BUF heap framework.

Test: build
Bug: 182328989
Change-Id: I311b68275ebd668f73d0ccff0fcaa01d251250bc
 2021-03-16 23:00:41 -07:00
Jenny Ho
2dc4d2d61f genfs_contexts: add sepolicy for dumping eeprom data 
I auditd  : type=1400 audit(0.0:53): avc: denied { getattr } for comm="sh" path="/sys/devices/platform/10970000.hsi2c/i2c-5/5-0050/eeprom" dev="sysfs" ino=59692 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
I sh      : type=1400 audit(0.0:53): avc: denied { getattr } for path="/sys/devices/platform/10970000.hsi2c/i2c-5/5-0050/eeprom" dev="sysfs" ino=59692 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
I auditd  : type=1400 audit(0.0:57): avc: denied { getattr } for comm="ls" path="/sys/devices/platform/10970000.hsi2c/i2c-5/5-0050/eeprom" dev="sysfs" ino=59692 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
I ls      : type=1400 audit(0.0:57): avc: denied { getattr } for path="/sys/devices/platform/10970000.hsi2c/i2c-5/5-0050/eeprom" dev="sysfs" ino=59692 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Bug: 182531832
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: If189575c6db8b43b59c6009378ec724bd075c0d1
 2021-03-17 13:07:55 +08:00
Adam Shih
63143cdf96 Merge changes I33cd99d5,I8417d4eb into sc-dev 
* changes:
  label missing power sys nodes
  update error on ROM 7213588
 2021-03-17 05:03:29 +00:00
TreeHugger Robot
0aef3b56c5 Merge "Add Sepolicy rule for connectivity monitor app" into sc-dev 2021-03-17 03:12:31 +00:00
Adam Shih
74052118a8 label missing power sys nodes 
Bug: 182954169
Test: boot with no avc error found
Change-Id: I33cd99d5748dd9fc40301c460a050b6e969f30f4
 2021-03-17 10:49:24 +08:00
Rick Chen
78047fa17b sensors: Add sensor related rule to chre. 
[    8.417813] type=1400 audit(1615518074.988:4): avc: denied { write } for comm="sensors@2.0-ser" name="chre" dev="tmpfs" ino=908 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
[    8.418075] type=1400 audit(1615518074.988:5): avc: denied { connectto } for comm="sensors@2.0-ser" path="/dev/socket/chre" scontext=u:r:hal_sensors_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1
03-12 11:01:14.988   694   694 I sensors@2.0-ser: type=1400 audit(0.0:5): avc: denied { connectto } for path="/dev/socket/chre" scontext=u:r:hal_sensors_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1

Also merge two sensor_hal related files into single file.

Bug: 182523946
Test: make selinux_policy -j128 and push to device.
      No hal_sensors_default related avc deined log during boot.
Signed-off-by: Rick Chen <rickctchen@google.com>
Change-Id: I49ce71ba4703528fb2e26dd8956c4ed741337ffc
 2021-03-17 10:34:14 +08:00
Adam Shih
7c0fd2a413 update error on ROM 7213588 
Bug: 182954169
Bug: 182954060
Bug: 182954138
Bug: 182954062
Bug: 182953824
Bug: 182953825
Bug: 182954248
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I8417d4ebacefa691838e25131749b0e4fd152a2f
 2021-03-17 10:15:02 +08:00
Benjamin Schwartz
fe980b935b Merge "Give power stats HAL permission to read ufs stats" into sc-dev 2021-03-17 02:09:54 +00:00
TreeHugger Robot
23017e956d Merge "allow df to collect partition info" into sc-dev 2021-03-17 01:52:43 +00:00
Benjamin Schwartz
ed8fdc9997 Fix sepolicies for hal_power_stats_default 
Bug: 182320246
Test: No more avc denied log messages for hal_power_stats_default
Change-Id: I1cd801bb4823e80bd5ea112fb0b7bdfaeabbdef5
 2021-03-16 10:37:09 -07:00
TreeHugger Robot
96d0c28dc4 Merge "display: add sepolicy for hal_graphics_composer" into sc-dev 2021-03-16 12:05:50 +00:00
Hsiaoan Hsu
46fedc2148 Add Sepolicy rule for connectivity monitor app 
sync sepolicy from previous projects.

Bug: 182715920
Test: build pass. connetivity monitor service running successfully.
Change-Id: Id5606b5db74fbf672ac41549862a83557734ac57
 2021-03-16 15:48:53 +08:00
raylinhsu
031fe80418 display: add sepolicy for hal_graphics_composer 
Allow HWC to access vendor_log_file and also allow hwc to access
power hal

Bug: 181712799
Test: pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: I403a528f651b9ee5755d11525f2a33c39628ecee
 2021-03-16 13:50:48 +08:00
SalmaxChang
b70e0bebdd MDS: Fix avc errors 
avc: denied { search } for name="vendor" dev="tmpfs" ino=2 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { search } for name="vendor" dev="tmpfs" ino=2 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { search } for comm=4173796E635461736B202332 name="radio" dev="dm-9" ino=242 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { call } for comm=4173796E635461736B202331 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=1 app=com.google.mds
avc: denied { write } for name="property_service" dev="tmpfs" ino=316 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1 app=com.google.mds
avc: denied { read } for name="u:object_r:vendor_modem_prop:s0" dev="tmpfs" ino=289 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=file permissive=1 app=com.google.mds
avc: denied { search } for comm=4173796E635461736B202331 name="chosen" dev="sysfs" ino=9330 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs_chosen:s0 tclass=dir permissive=1 app=com.google.mds

Bug: 181185131
Bug: 179110848

Change-Id: I1ac00b68e2db44cc86f6b5c70001cda78264ff6e
 2021-03-16 02:27:54 +00:00
Adam Shih
dd7f31a99f Merge "label power.stats-vendor properly" into sc-dev 2021-03-16 01:16:20 +00:00
Benjamin Schwartz
a1f92cdd90 Give power stats HAL permission to read ufs stats 
Bug: 140217385
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: Ib3fa9440982bc5846053e9ddf56d3ed178599c0c
 2021-03-15 17:37:29 -07:00
Adam Shih
3887fc2628 Merge "Allow bluetooth hal to get boot status" into sc-dev 2021-03-16 00:35:59 +00:00
Alex Hong
e2f3348361 Merge "Clean up the obsoleted dontaudit rules" into sc-dev 2021-03-15 08:22:53 +00:00
Alex Hong
abfa9355ee Clean up the obsoleted dontaudit rules 
Verify with the ROM: go/ab/7203892 oriole-userdebug

Test: $ make selinux_policy
      Push selinux modules. Check the denials during boot.

      $ pts-tradefed run commandAndExit pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanBugreport
      $ pts-tradefed run commandAndExit pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Bug: 171760597
Bug: 171760846
Bug: 173969190
Bug: 174443175
Bug: 176777145
Bug: 176868315
Bug: 177386448
Bug: 177389321
Bug: 177614659
Bug: 177616188
Bug: 177778551
Bug: 177778793
Bug: 177860838
Bug: 177862403
Bug: 177862777
Bug: 177966144
Bug: 178433506
Bug: 178433618
Bug: 178753151
Bug: 178752409
Bug: 178979985
Bug: 178980142
Bug: 179093352
Bug: 179310875
Bug: 179435036
Bug: 179437293
Bug: 179437737
Bug: 180551518
Bug: 180567612
Bug: 180655373
Bug: 180656244
Bug: 180874342
Bug: 180963328
Bug: 180963587
Change-Id: I19e19e49d36e5635629c1e68c7d23a98c714ebcf
 2021-03-15 06:24:59 +00:00
Adam Shih
0218941cb8 allow df to collect partition info 
Bug: 179310854
Test: do bugreport and the error disappear
Change-Id: I9fdcbb27742a70f3b796c668c3e0d4688d36b4d8
 2021-03-15 11:00:41 +08:00
Adam Shih
cf96663690 label power.stats-vendor properly 
Bug: 182320246
Test: boot with power.stats-vendor labeled
Change-Id: Icc3ff763be1a23e8f3e9d1ed076fcb5c74401abe
 2021-03-15 10:21:24 +08:00
Adam Shih
45e33146f1 Allow bluetooth hal to get boot status 
[    5.299448] type=1400 audit(1615772363.892:3): avc: denied { read } for comm="bluetooth@1.1-s" name="u:object_r:boot_status_prop:s0" dev="tmpfs" ino=81 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:boot_status_prop:s0 tclass=file permissive=1
Bug: 171942789
Test: boot and see such log no longer appear

Change-Id: Ib27585183be1ba9913b5f0620d987f26fad663e0
 2021-03-15 09:41:48 +08:00
Adam Shih
36e82d438a update error on ROM 7207833 
Bug: 182706078
Bug: 182705863
Bug: 182705986
Bug: 182705901
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I37728b3b475998668f37d50a70ce980eeff70a63
 2021-03-15 09:26:46 +08:00
Benjamin Schwartz
aa41c84ad1 Merge "whitechapel: Correct acpm_stats path" into sc-dev 2021-03-12 17:41:35 +00:00
TreeHugger Robot
3b10aeadae Merge "allow init to mount modem_img" into sc-dev 2021-03-12 06:01:50 +00:00
Wen Chang Liu
e72c30346f Merge changes Ie0ed96d7,Id7f43fe1 into sc-dev 
* changes:
  Add sepolicy for BigOcean device
  Add sepolicy for MFC device
 2021-03-12 05:41:08 +00:00
Andy Chou
737059042f Merge "Fix cuttlefish test fail due to sepolicy of Exo" into sc-dev 2021-03-12 05:32:18 +00:00
TreeHugger Robot
8e2430d151 Merge "update error on ROM 7202683" into sc-dev 2021-03-12 05:19:01 +00:00
Adam Shih
fdeedcba65 allow init to mount modem_img 
Bug: 182524202
Bug: 182524203
Test: modem_img is mounted under enforcing mode
Change-Id: Ie5448468d4d7f1ad6acdd2c93055bba9001185d1
 2021-03-12 12:54:22 +08:00
Sung-fang Tsai
1bcf7d412a Merge "Mark lib_aion_buffer and related library as same_process_hal_file" into sc-dev 2021-03-12 04:18:59 +00:00
andychou
9e582d4bc3 Fix cuttlefish test fail due to sepolicy of Exo 
Need to grant gpu_device dir search permission and
device_config_runtime_native_boot_prop for testing.

Bug: 182445508
Test: atest ExoTests pass  on Cuttlefish
Change-Id: Ia4c27efa2a900a3781301de19ab38209f818aba1
 2021-03-12 11:41:24 +08:00
Vova Sharaienko
175c2eaa31 Merge "Stats: new sepolicy for the AIDL service" into sc-dev 2021-03-12 03:32:22 +00:00
Adam Shih
526da2f9b1 update error on ROM 7202683 
Bug: 182524105
Bug: 182523946
Bug: 182524202
Bug: 182524203
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I4c97960d106a74cbe2ba819671612514d4cba282
 2021-03-12 11:18:10 +08:00
wenchangliu
f98706e87b Add sepolicy for BigOcean device 
add /dev/bigocean to video_device

avc: denied { read write } for name="bigocean" dev="tmpfs" ino=629 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \
tclass=chr_file permissive=1
avc: denied { open } for path="/dev/bigocean" dev="tmpfs" ino=629 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \
tclass=chr_file permissive=1
avc: denied { ioctl } for path="/dev/bigocean" dev="tmpfs" ino=629 \
ioctlcmd=0x4202 scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \
tclass=chr_file permissive=1
avc: denied { ioctl } for comm=436F646563322E30204C6F6F706572 path="/dev/bigocean" \
dev="tmpfs" ino=629 ioctlcmd=0x4202 scontext=u:r:mediacodec:s0 \
tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Bug: 172173484
Test: Play AV1 clips in enforcing mode
Change-Id: Ie0ed96d7bf4324bd38a9c42500f4f747f092bfd9
 2021-03-12 10:54:10 +08:00
wenchangliu
b52121a259 Add sepolicy for MFC device 
- Add sysfs_video type for mfc device
- Allow mediacode to access sysfs_video

avc: denied { read } for name="name" dev="sysfs" ino=62278 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video7/name" \
dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video7/name" \
dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { read } for name="name" dev="sysfs" ino=62230 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

Bug: 172173484
Test: video playback / camera recording with enforcing mode
Change-Id: Id7f43fe11c9ed089067f43a50d7f765df873d6c6
 2021-03-12 10:51:41 +08:00
TreeHugger Robot
1dd171b66f Merge "Add atc sysfs permission for composer service" into sc-dev 2021-03-12 02:44:43 +00:00
Ahmed ElArabawy
4a0294348b Merge "Wifi: Add sepolicy files for wifi_ext service" into sc-dev 2021-03-12 01:37:36 +00:00
Vova Sharaienko
2ed30c23e3 Stats: new sepolicy for the AIDL service 
This allows the pixelstats_vendor communicate with new AIDL IStats service via ServiceManager

Bug: 181914749
Test: Build, flash, and logcat -s "pixelstats_vendor"
Change-Id: Icf1bbbd7f72835fe8f9c2f23281a2f5b4bf8e698
 2021-03-12 01:12:21 +00:00
Benjamin Schwartz
bfa18a7b2a whitechapel: Correct acpm_stats path 
Bug: 182320246
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I7a67b31e28f34d606cfab369b9e982e9fffe3b3f
 2021-03-11 15:52:48 -08:00
Pat Tjin
854db479bb Merge "Move wireless charger HAL to 1.3" into sc-dev 2021-03-11 19:57:54 +00:00
Sung-fang Tsai
82376e2d49 Mark lib_aion_buffer and related library as same_process_hal_file 
To allow access by Google Camera App, which needs this for vendor-specific
buffer management functionality to enable zero-copy camera RAW->GPU buffer
handling.

Test: GCA works with forrest build P20546991.
Bug: 159839616
Change-Id: I71bdcd12f17013881d7a5da2f11e444f0d3b4f94
 2021-03-11 12:02:04 +00:00
linpeter
ebd2a24596 Add atc sysfs permission for composer service 
avc: denied { read write } for name="en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

avc: denied { read write } for name="gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

avc: denied { read write } for name="st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Bug: 168848203
test: test: check avc denied
Change-Id: I48dd839e0ca6f3eb16e35f1b7a4d5f6d4a1fd88b
 2021-03-11 20:01:21 +08:00
Eddie Tashjian
78cd6eb78e Add selinux policies for mounted modem parition 
Bug: 178980032
Bug: 178979986
Bug: 179198083
Bug: 179198085
Bug: 178980065

Test: Check selinux denials
Change-Id: I7f826442d1536946d0e84aadfd80f679c0f4d6da
 2021-03-11 10:16:27 +00:00
TreeHugger Robot
ef6e91692a Merge changes I68aace66,Idf510e4a into sc-dev 
* changes:
  gs101-sepolicy: Add twoshay permissions
  Add touch procfs and sysfs sepolicy
 2021-03-11 09:16:51 +00:00
yihsiangpeng
cc8429cc0d Move wireless charger HAL to 1.3 
Bug: 179464598
Signed-off-by: yihsiangpeng <yihsiangpeng@google.com>
Change-Id: I73d1d811f2483bbe80e7d4aea1f6e9f143bc2836
 2021-03-11 14:47:49 +08:00
TreeHugger Robot
db0ca5a3b2 Merge changes I6f6e8359,Ib7bf4029 into sc-dev 
* changes:
  label kernel modules and grant bt permission
  update error on ROM 7196668
 2021-03-11 03:53:57 +00:00
TreeHugger Robot
6657774b4c Merge "Fix avc denied issue when accessing to IStats service" into sc-dev 2021-03-10 16:57:56 +00:00
TreeHugger Robot
d2cee097f8 Merge "Fix avc denied in OMA DM" into sc-dev 2021-03-10 15:52:45 +00:00