Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3468 commits 1 branch 0 tags 494 MiB
Commit graph

3468 commits

This branch
This branch
All branches
Author SHA1 Message Date
Hridya Valsaraju
9e6528da08 Label debugfs files correctly 
A few debugfs files are labelled as belonging to both debugfs_type and
sysfs_type. Hence, any client that is provided access to sysfs_type will
automatically be provided access to these files. This patch corrects the
labelling for these files to prevent this.

Test: build
Bug: 186500818
Change-Id: I364a73a960824cc9051610032179fd5caeca09de
 2021-05-11 17:35:17 -07:00
Qinchen Gu
ab6df9cc18 Add SELinux policy for allowing dumping GSC info 
Bug: 185939493
Test: adb bugreport. Look for GSC-related info.

Change-Id: I30dbb51781526d763205594283ca3b808f45d28f
 2021-05-11 17:27:14 -07:00
Wei Wang
82e3d3146f Merge "Grant vendor_sched sysfs nodes access" into sc-dev am: 3a2d20a1a2 am: a04548a17c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14462495

Change-Id: Ia8f8af31038a6fe8a872e1632c750a0e693a8f60
 2021-05-11 18:10:48 +00:00
Wei Wang
a04548a17c Merge "Grant vendor_sched sysfs nodes access" into sc-dev am: 3a2d20a1a2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14462495

Change-Id: I957522e3cdb7c45401b50601e2a92cd617d3473a
 2021-05-11 17:42:16 +00:00
Wei Wang
776b6040fa Merge "Grant vendor_sched sysfs nodes access" into sc-dev am: 3a2d20a1a2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14462495

Change-Id: Ib9103633531cc02bed37acfd53fa314d6d47394e
 2021-05-11 17:41:51 +00:00
Wei Wang
e529fc3cfb Merge "Grant vendor_sched sysfs nodes access" into sc-dev am: 3a2d20a1a2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14462495

Change-Id: I7a96d0859bd09ebb961af6b18a7d5687aa01b391
 2021-05-11 17:40:29 +00:00
Wei Wang
3a2d20a1a2 Merge "Grant vendor_sched sysfs nodes access" into sc-dev 2021-05-11 17:24:38 +00:00
sukiliu
7a1938e846 Update avc error on ROM 7349999 am: 99853e483b am: d5d461cc4e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14500956

Change-Id: I3e39d50fcfcf238866363c2ea927286dddb3eb55
 2021-05-11 11:34:06 +00:00
sukiliu
d5d461cc4e Update avc error on ROM 7349999 am: 99853e483b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14500956

Change-Id: If71f414f52934e892475a040684dd91a2a75dfee
 2021-05-11 11:04:31 +00:00
sukiliu
fd763f3ee9 Update avc error on ROM 7349999 am: 99853e483b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14500956

Change-Id: Icc17da37ec14a7834091bd1ace72dda52dbdf842
 2021-05-11 11:02:46 +00:00
sukiliu
0d483277cf Update avc error on ROM 7349999 am: 99853e483b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14500956

Change-Id: Ieaa2460666b2d154333bbed9833abcaee833477f
 2021-05-11 11:02:14 +00:00
Midas Chien
873511167c Allowed PowerHAL service access Display node 
Bug: 164411401
Test: boot
Change-Id: Idcc1338bc66a7479aed9efd4d1ebc82efd1b7c4d
 2021-05-11 10:23:58 +00:00
sukiliu
99853e483b Update avc error on ROM 7349999 
avc: denied { call } for scontext=u:r:dumpstate:s0 tcontext=u:r:twoshay:s0 tclass=binder permissive=0

Bug: 187795940
Test: PtsSELinuxTestCases
Change-Id: Ib85ee1d52915b292295b21df8df48c18761c088e
 2021-05-11 17:24:08 +08:00
Peter Csaszar
d39d9e517f pixel-selinux: add SJTAG policies am: bc525e1a49 am: 6ff24d2a06 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14489636

Change-Id: Icab05e0fb309a6eaa0befd3d3960e84569957005
 2021-05-11 07:47:11 +00:00
Maciej Żenczykowski
60e0a18e2a correctly label networking gadgets 
This is to pass system/netd/tests/netd_test.cpp:

TEST(NetdSELinuxTest, CheckProperMTULabels) {
    // Since we expect the egrep regexp to filter everything out,
    // we thus expect no matches and thus a return code of 1
    ASSERT_EQ(W_EXITCODE(1, 0), system("ls -Z /sys/class/net/*/mtu | egrep -q -v "
                                       "'^u:object_r:sysfs_net:s0 /sys/class/net/'"));
}

Test: atest, TreeHugger, manual observation of labeling
Bug: 185962988
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib4f8aa6cc2e0f5a5bd432bcfe473e550f5c68132
 2021-05-11 07:40:38 +00:00
Peter Csaszar
6ff24d2a06 pixel-selinux: add SJTAG policies am: bc525e1a49 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14489636

Change-Id: I19e3462634d1e299ca6bfb8e8e01bd3e689bd903
 2021-05-11 07:24:12 +00:00
Peter Csaszar
c8e24207eb pixel-selinux: add SJTAG policies am: bc525e1a49 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14489636

Change-Id: I007fd343a1cea81e73989bd3aa097341fe0e8d6c
 2021-05-11 07:21:52 +00:00
Peter Csaszar
6a9f52b022 pixel-selinux: add SJTAG policies am: bc525e1a49 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14489636

Change-Id: I15f0713b466b5717e66cea151ac618eb0dfc21e1
 2021-05-11 07:19:46 +00:00
Taeju Park
638778c654 Grant vendor_sched sysfs nodes access 
Bug: 182509410
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: I53a879e904bef3c5b13127404f4f5c422abd46b4
 2021-05-11 04:27:23 +00:00
Peter Csaszar
bc525e1a49 pixel-selinux: add SJTAG policies 
These are the SELinux policies for the DebugFS files of the SJTAG
kernel interface.

Bug: 184768605
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Change-Id: I36996d6fd5fe09adb7a36be573cf57f15ea35756
 2021-05-10 17:58:04 -07:00
Wei Wang
ff1bb37173 Merge "Add policy for memlat governor needs create/delete perf events" into sc-dev am: 551505ae05 am: 8181bbaaac 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14486216

Change-Id: I616fa1b699d2b2fee93496cf06b24786f7e4e74b
 2021-05-11 00:34:34 +00:00
Wei Wang
8181bbaaac Merge "Add policy for memlat governor needs create/delete perf events" into sc-dev am: 551505ae05 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14486216

Change-Id: I28349709c6a549e25ed8dffd490c84af777b83e9
 2021-05-11 00:18:41 +00:00
Wei Wang
8c19aec1ee Merge "Add policy for memlat governor needs create/delete perf events" into sc-dev am: 551505ae05 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14486216

Change-Id: I18294c64c2dc118e1af978614d5feaec92ac0445
 2021-05-11 00:16:50 +00:00
Wei Wang
b7b6bd8736 Merge "Add policy for memlat governor needs create/delete perf events" into sc-dev am: 551505ae05 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14486216

Change-Id: I04832fd37ac2d60fe7b9f969a606501274d29789
 2021-05-11 00:14:18 +00:00
Wei Wang
551505ae05 Merge "Add policy for memlat governor needs create/delete perf events" into sc-dev 2021-05-10 23:59:50 +00:00
Jia-yi Chen
344b354f8b Merge "Add high_capacity_start_cpu to u:object_r:sysfs_vendor_sched:s0" into sc-dev am: 06a0792bf1 am: 1912dc976e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14460156

Change-Id: I7d847033afc8548522bac80ad657bcbae806dbd7
 2021-05-10 19:07:21 +00:00
Jia-yi Chen
1912dc976e Merge "Add high_capacity_start_cpu to u:object_r:sysfs_vendor_sched:s0" into sc-dev am: 06a0792bf1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14460156

Change-Id: I1ddc002e6e20ca3dec0db9f018260ec0e56db574
 2021-05-10 18:52:15 +00:00
Jia-yi Chen
d723c9dc53 Merge "Add high_capacity_start_cpu to u:object_r:sysfs_vendor_sched:s0" into sc-dev am: 06a0792bf1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14460156

Change-Id: I68e32fbfbb738a36a53f18e96a5f7ca072828102
 2021-05-10 18:48:49 +00:00
Jia-yi Chen
9894e8e202 Merge "Add high_capacity_start_cpu to u:object_r:sysfs_vendor_sched:s0" into sc-dev am: 06a0792bf1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14460156

Change-Id: I206c35135cf16ff9956d1d7b5080697c9ea566b6
 2021-05-10 18:48:39 +00:00
Jia-yi Chen
06a0792bf1 Merge "Add high_capacity_start_cpu to u:object_r:sysfs_vendor_sched:s0" into sc-dev 2021-05-10 18:29:41 +00:00
Kyle Lin
1124aeaf32 Add policy for memlat governor needs create/delete perf events 
[   31.756984] type=1400 audit(1620144320.436:11): avc: denied { perfmon } for comm="cpuhp/4" capability=38 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability2 permissive=0
[   31.757246] type=1400 audit(1620144320.436:12): avc: denied { sys_admin } for comm="cpuhp/4" capability=21 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0
[   31.757352] type=1400 audit(1620144320.436:13): avc: denied { perfmon } for comm="cpuhp/4" capability=38 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability2 permissive=0
[   31.757450] type=1400 audit(1620144320.436:14): avc: denied { sys_admin } for comm="cpuhp/4" capability=21 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0
...
...
[  215.584932] type=1400 audit(1620634018.936:191): avc: denied { cpu } for comm="cpuhp/4" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=0

Bug: 187437491
Bug: 170479743
Test: build, boot and suspend/resume test 200 times.

Change-Id: I4fd3d3fb915ca518ffa226f25298c94faaf867f1
 2021-05-10 16:18:58 +08:00
chenpaul
6297e8a5a7 Sniffer Logger: Add dontaudit getattr for sysfs_wifi 
05-10 15:04:37.376 12958 12958 I auditd  : type=1400 audit(0.0:14): avc: denied { getattr } for comm="wifi_sniffer" path="/sys/wifi/firmware_path" dev="sysfs" ino=81201 scontext=u:r:wifi_sniffer:s0 tcontext=u:object_r:sysfs_wifi:s0 tclass=file permissive=0

Bug: 187583019
Test: Sniffer Logger is workable
Change-Id: I6bce0bb58d951b6be39f58340b6418b328ffe386
 2021-05-10 15:28:47 +08:00
JJ Lee
2a2ce4a0ae Merge "sepolicy: gs101: allow audio hal to use wakelock" into sc-dev am: df02b6ef77 am: 51c75a291e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14452416

Change-Id: I085a5e10dc22ac41c84c98614dbe3133c5971d40
 2021-05-10 02:58:04 +00:00
JJ Lee
51c75a291e Merge "sepolicy: gs101: allow audio hal to use wakelock" into sc-dev am: df02b6ef77 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14452416

Change-Id: I9da7211554c5f2fdce509051caa4f3b2e381f9c1
 2021-05-10 02:34:31 +00:00
JJ Lee
4be4faa1dc Merge "sepolicy: gs101: allow audio hal to use wakelock" into sc-dev am: df02b6ef77 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14452416

Change-Id: I51e769688205bbb6ea24e4afe736f22876e7b104
 2021-05-10 02:31:46 +00:00
JJ Lee
7a46007222 Merge "sepolicy: gs101: allow audio hal to use wakelock" into sc-dev am: df02b6ef77 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14452416

Change-Id: I662932d3b069766e8c915578610b2524e8c8d396
 2021-05-10 02:31:37 +00:00
JJ Lee
df02b6ef77 Merge "sepolicy: gs101: allow audio hal to use wakelock" into sc-dev 2021-05-10 02:14:07 +00:00
TreeHugger Robot
df80f0be9f Merge "vibrator: Remove temporary method" into sc-dev am: ec3144742f am: e853b4335e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14467421

Change-Id: I6170cab39b5fec5c777500dab7506fafafba7000
 2021-05-10 01:58:17 +00:00
TreeHugger Robot
eb15c49e77 Merge changes Ic697ffe8,Idcf38e09 into sc-dev am: a2d2ebd508 am: 41d657e591 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14456725

Change-Id: I7c502814dadb2a5bb026fb856b0d8a6c7905085a
 2021-05-10 01:57:50 +00:00
TreeHugger Robot
e853b4335e Merge "vibrator: Remove temporary method" into sc-dev am: ec3144742f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14467421

Change-Id: I8abc6a5985a10691d2a6b2350aaf7c1b3b523056
 2021-05-10 01:41:55 +00:00
TreeHugger Robot
41d657e591 Merge changes Ic697ffe8,Idcf38e09 into sc-dev am: a2d2ebd508 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14456725

Change-Id: I31ebc93fd8a8a664f75e623c007482fa345a1248
 2021-05-10 01:41:42 +00:00
TreeHugger Robot
11accc9f2f Merge "vibrator: Remove temporary method" into sc-dev am: ec3144742f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14467421

Change-Id: I4a0d4f360b28e6a0496f8887488f76824d867808
 2021-05-10 01:40:05 +00:00
TreeHugger Robot
26cf3f59ac Merge changes Ic697ffe8,Idcf38e09 into sc-dev am: a2d2ebd508 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14456725

Change-Id: Ia366cfb74424fe2d8dbba868c92649fbc738fc47
 2021-05-10 01:39:57 +00:00
TreeHugger Robot
bba2a7a0c9 Merge "vibrator: Remove temporary method" into sc-dev am: ec3144742f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14467421

Change-Id: Ieb1405f8124528b337ee3273ebe79b6c522c2f44
 2021-05-10 01:39:54 +00:00
TreeHugger Robot
0121aed44a Merge changes Ic697ffe8,Idcf38e09 into sc-dev am: a2d2ebd508 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14456725

Change-Id: I55d5ff71adec66427fb69a36bfd17a8cc7a37d0b
 2021-05-10 01:39:34 +00:00
TreeHugger Robot
ec3144742f Merge "vibrator: Remove temporary method" into sc-dev 2021-05-10 01:13:47 +00:00
TreeHugger Robot
a2d2ebd508 Merge changes Ic697ffe8,Idcf38e09 into sc-dev 
* changes:
  Remove dumpstate AVC denials dontaudit for twoshay
  Allow dumpstate to access twoshay
 2021-05-10 01:11:46 +00:00
TreeHugger Robot
73f7604819 Merge "Allow radioext to communicate with bt hal" into sc-dev am: c03c055812 am: 93008dc81a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14456718

Change-Id: I04601b7854246242a3e73d12ceb0491c7428c3c4
 2021-05-08 19:33:35 +00:00
TreeHugger Robot
93008dc81a Merge "Allow radioext to communicate with bt hal" into sc-dev am: c03c055812 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14456718

Change-Id: I3d1fed21b348e309acf8c981d0295fc0c6db1597
 2021-05-08 19:13:26 +00:00
TreeHugger Robot
c3c5ca4ddb Merge "Allow radioext to communicate with bt hal" into sc-dev am: c03c055812 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14456718

Change-Id: Ie6e2ad1c7f522db72d1376aae37c5501f85e29be
 2021-05-08 19:10:01 +00:00