Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2972 commits 1 branch 0 tags 494 MiB
Commit graph

2972 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yabin Cui
1459e9734a Add SOC specific ETM sysfs paths 
Bug: 213519191
Test: run profcollectd on oriole
Change-Id: Ib1ae7466c76362b8242f2bb8560bb8b1d80c4253
 2022-01-10 11:25:25 -08:00
Vinay Kalia
72ac373dfd [automerger skipped] [DO NOT MERGE] Allow media codec to access power HAL am: 8337626f4a am: 97addf8500 -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16483773

Change-Id: Ife2d22606bc4da9a4f94fa65ae0d36a86b4c2ed2
 2022-01-10 06:32:26 +00:00
Vinay Kalia
97addf8500 [DO NOT MERGE] Allow media codec to access power HAL am: 8337626f4a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16483773

Change-Id: I4ce0bb633c8d27e798c7a8e80e1d23eb06b3a2a0
 2022-01-10 06:13:59 +00:00
Matt Buckley
c876449a7b Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags 
For the hardware composer and surfaceflinger to coordinate on certain features, it is necessary for the hardware composer to be able to read the surface_flinger_native_boot_prop to know what should be enabled.

Bug: b/195990840
Test: None
Change-Id: I41e1aa0f80c1138cf46f4f139253158b005a8634
 2022-01-08 00:00:58 +00:00
Joel Galenson
cbb76860dd Merge "Include core policy OWNERS." 2022-01-07 14:17:21 +00:00
Yifan Hong
ca7275beee Merge "Implement health AIDL HAL." 2022-01-06 23:01:32 +00:00
Vinay Kalia
8337626f4a [DO NOT MERGE] Allow media codec to access power HAL 
This commit fixes the following denials:

W /vendor/bin/hw/google.hardware.media.c2@1.0-service: type=1400 audit(0.0:276): avc: denied
{ call } for comm=436F646563322E30204C6F6F706572 scontext=u:r:mediacodec:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

bug: 206687836
Test: Secure HFR AV1 video playback with resolution change.
Signed-off-by: Vinay Kalia <vinaykalia@google.com>
Change-Id: I79c20bda87af6066ae667a5176747378718a3a62
 2022-01-06 20:18:34 +00:00
Joel Galenson
b0880417ff Include core policy OWNERS. 
Test: None
Change-Id: I053d84eba7695fe125783b536421d43117b3f16d
(cherry picked from commit b287da183e)
 2022-01-06 10:17:14 -08:00
Yifan Hong
5521fb530c Implement health AIDL HAL. 
Test: VTS
Test: manual charger mode
Test: recovery
Bug: 213273090
Change-Id: Iabaf31644f4406092a881841fb4084499fb4de89
 2022-01-05 23:08:07 -08:00
David Anderson
2fe229352b Fix sepolicy denial in update_engine. 
pvmfw is an A/B partition but is not properly labeled and update_engine
gets a denial trying to write to it.

Bug: N/A
Test: m otapackage, apply OTA, check for denials
Change-Id: I55f41a8937384d3bcda5797b5df3f34257f7a114
 2021-12-28 21:52:12 -08:00
Matt Buckley
317166636f Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags 
For the hardware composer and surfaceflinger to coordinate on certain features, it is necessary for the hardware composer to be able to read the surface_flinger_native_boot_prop to know what should be enabled.

Bug: b/195990840
Test: None
Change-Id: Idc1599820026febecda84233d60982e7db7b14b5
 2021-12-28 19:08:06 +00:00
Joel Galenson
b287da183e Include core policy OWNERS. 
Test: None
Change-Id: I053d84eba7695fe125783b536421d43117b3f16d
 2021-12-21 07:27:03 -08:00
Cyan Hsieh
6e1c9d88cd Merge "Add pvmfw to custom_ab_block_device" 2021-12-20 03:22:22 +00:00
Cyan_Hsieh
0b5b4a9692 Add pvmfw to custom_ab_block_device 
Bug: 211070100
Change-Id: Icd8f6d1837b8124bd8cd7b3d59d43b755455bae6
 2021-12-20 10:10:46 +08:00
TreeHugger Robot
899faa57e4 Merge "Allow vendor init to read gesture_prop." 2021-12-15 09:01:23 +00:00
Stephen Crane
3f9a11fa0b Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2021-12-14 14:33:56 -08:00
Xin Li
0d05632eb8 Merge Android 12 QPR1 
Bug: 210511427
Merged-In: Ie31b278a639fd5a9e249ca934d543de770fb3217
Change-Id: I0daddb05e061916c60055b7df00164a76c69ebd2
 2021-12-14 08:38:59 -08:00
Super Liu
8f356044ff Allow vendor init to read gesture_prop. 
Bug: 209713977
Bug: 193467627
Test: local test.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: I7f061f550bcf6c3a61b5528e8c21eae8567e677b
 2021-12-13 09:28:02 +08:00
Cliff Wu
11c8ad745a Update the sepolicy for exo_camera_injection v1.1 
- Update exo_camera_injection hal service from 1.0 to 1.1.
- Selinux avc log:
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs"
ino=152 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_prop:s0 tclass=file permissive=0.

Bug: 202092371
Test: Verified exo_camera_injection provider service use cases function
as expected; no denials.

Change-Id: Ica94a00db580356158d94af2ae6dbe9c9a81be0a
 2021-12-11 05:26:06 +00:00
Chris Kuiper
178337b449 selinux: Allow sensor HAL to access the display service HAL am: 734d79bdaf am: 3ce470c235 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16376281

Change-Id: Ic98462405b50b5ae86477d799d0497e00f41c450
 2021-12-10 18:08:12 +00:00
Chris Kuiper
3ce470c235 selinux: Allow sensor HAL to access the display service HAL am: 734d79bdaf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16376281

Change-Id: Ib3f0609b74dbb05a7e4936fa2055a1e050777b3e
 2021-12-10 17:44:16 +00:00
Chris Kuiper
734d79bdaf selinux: Allow sensor HAL to access the display service HAL 
Add necessary permissions.

Bug: b/204471211
Test: Testing with corresponding sensor HAL changes and sensor_test commands.
Change-Id: I01774210693ceb4a6d0d4dee4fb5e905117774d3
 2021-12-10 11:00:07 +08:00
TreeHugger Robot
8e9e3a4375 [automerger skipped] Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev am: f7db23e139 -s ours am: 65a718976e -s ours 
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 8d4e8a65d6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16302392

Change-Id: I840471543fece99908a58003235b0ab8ad3f4f43
 2021-12-08 02:12:07 +00:00
TreeHugger Robot
65a718976e [automerger skipped] Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev am: f7db23e139 -s ours 
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 8d4e8a65d6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16302392

Change-Id: Ib87c387438c8ada00867ef1422dfa6bc2c4c6df9
 2021-12-08 01:57:41 +00:00
TreeHugger Robot
f7db23e139 Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev 2021-12-08 01:40:06 +00:00
joenchen
85626ab654 [automerger skipped] Label min_vrefresh and idle_delay_ms as sysfs_display am: 8d4e8a65d6 -s ours 
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 02a20e025f is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16406482

Change-Id: I1bff1b6dfa65252c54755f0453f2e90955a4051e
 2021-12-07 19:25:59 +00:00
joenchen
8d4e8a65d6 Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-07 03:42:52 +00:00
joenchen
bef2d7397c Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-06 02:45:51 +00:00
joenchen
02a20e025f Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-04 17:18:46 +00:00
Albert Wang
2caa560163 Allow suspend_control to access xHCI wakeup node am: a506ed1e06 am: 43bde53275 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946

Change-Id: I6b86ed75839021c860f8f556f25caedd4443fc84
 2021-12-02 02:29:37 +00:00
Albert Wang
43bde53275 Allow suspend_control to access xHCI wakeup node am: a506ed1e06 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946

Change-Id: I17198ed93403abe1b6526b385218847616b52c5b
 2021-12-02 01:53:59 +00:00
Albert Wang
a506ed1e06 Allow suspend_control to access xHCI wakeup node 
This is a WORKAROUND to avoid the xHCI wakeup node permission problem,
since system will automatically allocated device ID.

Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: Ia2ca04618f950bdded4aea76c897579eb4b92daf
 2021-12-01 23:45:19 +08:00
Rick Yiu
10bd8547d7 Merge "gs101-sepolicy: Fix avc denials" 2021-11-26 10:40:43 +00:00
Rick Yiu
4075287498 gs101-sepolicy: Fix avc denials 
Fix below and other potential denials

11-21 10:10:43.984  3417  3417 I auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm=4173796E635461736B202332 path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.pixel.setupwizard

11-21 10:10:44.840  3976  3976 I auditd  : type=1400 audit(0.0:10): avc: denied { write } for comm="StallDetector-1" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:untrusted_app_30:s0:c170,c256,c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.inputmethod.latin

11-21 18:10:51.280  5595  5595 I auditd  : type=1400 audit(0.0:102): avc: denied { write } for comm="SharedPreferenc" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.gms

Bug: 206970384
Test: make selinux_policy pass
Change-Id: I7c981ef0516dc5be93ec825768de57c15786b4bd
 2021-11-25 14:26:35 +00:00
TreeHugger Robot
27e7eeb875 Merge "aoc: add audio property for audio aocdump feature" 2021-11-25 07:05:25 +00:00
Randall Huang
68ffcb774d Fix health HAL avc denied when running idle-maint 
Log:
avc: denied { read } for comm="android.hardwar" name="wb_avail_buf"
dev="sysfs" ino=59061 scontext=u:r:hal_health_storage_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 206741894
Test: adb shell sm idle-maint run
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I79e7763df16816e6799f288d2f8b7e26c204cbc4
 2021-11-23 03:17:54 +00:00
Xin Li
f7cbb95722 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours am: 4613d25f07 -s ours am: 50628a78a8 -s ours 
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: I1833320006dedc84f6f5ef8a3809f256369b5cfd
 2021-11-18 22:37:51 +00:00
Xin Li
50628a78a8 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours am: 4613d25f07 -s ours 
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: Ib19bc7987a5b32c39431ebdce2923541a944f608
 2021-11-18 22:25:11 +00:00
Xin Li
4613d25f07 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours 
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: I3f0e4f5e9f26b048b89f495b7d79d9ceffb61f80
 2021-11-18 22:00:55 +00:00
chenpaul
d7947930ec Remove wifi_logger related sepolicy settings 
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.

Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202
 2021-11-17 17:24:59 +08:00
Albert Wang
05ce6e603d [automerger skipped] [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d am: 8bdcb60170 -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250

Change-Id: I3b44efc984435e14dbdce60c7fbf7f0bfe4e4b82
 2021-11-17 09:07:56 +00:00
Albert Wang
8bdcb60170 [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250

Change-Id: If82693c02020cc701953dcb12412fa0fe132f16b
 2021-11-17 08:51:05 +00:00
Albert Wang
e6fb90425d [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node 
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
Merged-In: I6e012fea56c50656c8f26216199459092dcfc0f9
 2021-11-17 07:18:29 +00:00
yixuanjiang
002907fb12 aoc: add audio property for audio aocdump feature 
Bug: 204080552
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I79b960cf5e88856c37f7901d718ac8f14e44b812
 2021-11-16 14:55:26 +08:00
Albert Wang
c0ad9b7e8a Allow suspend_control to access xHCI wakeup node 
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
 2021-11-16 12:23:33 +08:00
chenpaul
37d4cfa648 Remove wifi_logger related sepolicy settings 
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.

Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202
 2021-11-15 02:05:06 +00:00
Michael Ayoubi
d44433c07a Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0 am: 11bb305754 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16244622

Change-Id: I8051477b4e70d61b8d137823bb22411fbddf647f
 2021-11-12 05:18:53 +00:00
Michael Ayoubi
11bb305754 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16233414

Change-Id: Ibac4fbebf2f14157e1ac32585e4da68b61acea19
 2021-11-12 01:48:47 +00:00
Michael Ayoubi
e7a17433a0 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev 2021-11-12 01:24:43 +00:00
Oleg Matcovschi
0684e81d5f gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02 am: 2eced57692 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498

Change-Id: Id2054c9819186424a08e6f4836042dde5ce36c62
 2021-11-11 23:33:41 +00:00