Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3468 commits 1 branch 0 tags 494 MiB
Commit graph

3468 commits

This branch
This branch
All branches
Author SHA1 Message Date
Benjamin Schwartz
d5ab86411f Fix sepolicies for hal_power_stats_default am: ed8fdc9997 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13877746

Change-Id: I01e5424a15c0a2771f0b958c2d29adf4d43d33a9
 2021-03-16 20:54:07 +00:00
Benjamin Schwartz
ed8fdc9997 Fix sepolicies for hal_power_stats_default 
Bug: 182320246
Test: No more avc denied log messages for hal_power_stats_default
Change-Id: I1cd801bb4823e80bd5ea112fb0b7bdfaeabbdef5
 2021-03-16 10:37:09 -07:00
TreeHugger Robot
411cd08e91 Merge "display: add sepolicy for hal_graphics_composer" into sc-dev am: 96d0c28dc4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13880429

Change-Id: I0f7c6b3d3c172fd4e2038f9bef7d6b7a0fa9436b
 2021-03-16 12:38:49 +00:00
TreeHugger Robot
96d0c28dc4 Merge "display: add sepolicy for hal_graphics_composer" into sc-dev 2021-03-16 12:05:50 +00:00
Hsiaoan Hsu
46fedc2148 Add Sepolicy rule for connectivity monitor app 
sync sepolicy from previous projects.

Bug: 182715920
Test: build pass. connetivity monitor service running successfully.
Change-Id: Id5606b5db74fbf672ac41549862a83557734ac57
 2021-03-16 15:48:53 +08:00
raylinhsu
031fe80418 display: add sepolicy for hal_graphics_composer 
Allow HWC to access vendor_log_file and also allow hwc to access
power hal

Bug: 181712799
Test: pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: I403a528f651b9ee5755d11525f2a33c39628ecee
 2021-03-16 13:50:48 +08:00
SalmaxChang
81104c001c MDS: Fix avc errors am: b70e0bebdd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816042

Change-Id: I7438c1c4654e8053e0315623c42475e656737a11
 2021-03-16 04:26:46 +00:00
SalmaxChang
b70e0bebdd MDS: Fix avc errors 
avc: denied { search } for name="vendor" dev="tmpfs" ino=2 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { search } for name="vendor" dev="tmpfs" ino=2 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { search } for comm=4173796E635461736B202332 name="radio" dev="dm-9" ino=242 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.google.mds
avc: denied { call } for comm=4173796E635461736B202331 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=1 app=com.google.mds
avc: denied { write } for name="property_service" dev="tmpfs" ino=316 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1 app=com.google.mds
avc: denied { read } for name="u:object_r:vendor_modem_prop:s0" dev="tmpfs" ino=289 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=file permissive=1 app=com.google.mds
avc: denied { search } for comm=4173796E635461736B202331 name="chosen" dev="sysfs" ino=9330 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs_chosen:s0 tclass=dir permissive=1 app=com.google.mds

Bug: 181185131
Bug: 179110848

Change-Id: I1ac00b68e2db44cc86f6b5c70001cda78264ff6e
 2021-03-16 02:27:54 +00:00
Adam Shih
df5b767adf Merge "label power.stats-vendor properly" into sc-dev am: dd7f31a99f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13856370

Change-Id: I301a946f6fbfeab735b81fb92e37a657ede3e9a6
 2021-03-16 01:50:01 +00:00
Adam Shih
dd7f31a99f Merge "label power.stats-vendor properly" into sc-dev 2021-03-16 01:16:20 +00:00
Adam Shih
142e40a2e0 Merge "Allow bluetooth hal to get boot status" into sc-dev am: 3887fc2628 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13856369

Change-Id: I7c25de614a2e2625f2cfc8fd8a3df8a5d74f877d
 2021-03-16 00:57:19 +00:00
Benjamin Schwartz
a1f92cdd90 Give power stats HAL permission to read ufs stats 
Bug: 140217385
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: Ib3fa9440982bc5846053e9ddf56d3ed178599c0c
 2021-03-15 17:37:29 -07:00
Adam Shih
3887fc2628 Merge "Allow bluetooth hal to get boot status" into sc-dev 2021-03-16 00:35:59 +00:00
Alex Hong
21a2c8b6e8 Merge "Clean up the obsoleted dontaudit rules" into sc-dev am: e2f3348361 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839793

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I588088235e0172d82beb1ab15942e20706112c26
 2021-03-15 08:58:29 +00:00
Alex Hong
e2f3348361 Merge "Clean up the obsoleted dontaudit rules" into sc-dev 2021-03-15 08:22:53 +00:00
Alex Hong
abfa9355ee Clean up the obsoleted dontaudit rules 
Verify with the ROM: go/ab/7203892 oriole-userdebug

Test: $ make selinux_policy
      Push selinux modules. Check the denials during boot.

      $ pts-tradefed run commandAndExit pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanBugreport
      $ pts-tradefed run commandAndExit pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Bug: 171760597
Bug: 171760846
Bug: 173969190
Bug: 174443175
Bug: 176777145
Bug: 176868315
Bug: 177386448
Bug: 177389321
Bug: 177614659
Bug: 177616188
Bug: 177778551
Bug: 177778793
Bug: 177860838
Bug: 177862403
Bug: 177862777
Bug: 177966144
Bug: 178433506
Bug: 178433618
Bug: 178753151
Bug: 178752409
Bug: 178979985
Bug: 178980142
Bug: 179093352
Bug: 179310875
Bug: 179435036
Bug: 179437293
Bug: 179437737
Bug: 180551518
Bug: 180567612
Bug: 180655373
Bug: 180656244
Bug: 180874342
Bug: 180963328
Bug: 180963587
Change-Id: I19e19e49d36e5635629c1e68c7d23a98c714ebcf
 2021-03-15 06:24:59 +00:00
Adam Shih
881d24db37 update error on ROM 7207833 am: 36e82d438a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13856368

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I2f9b3e1e7f93b2eb35a908b55e10e724ddea459d
 2021-03-15 03:08:09 +00:00
Adam Shih
0218941cb8 allow df to collect partition info 
Bug: 179310854
Test: do bugreport and the error disappear
Change-Id: I9fdcbb27742a70f3b796c668c3e0d4688d36b4d8
 2021-03-15 11:00:41 +08:00
Adam Shih
cf96663690 label power.stats-vendor properly 
Bug: 182320246
Test: boot with power.stats-vendor labeled
Change-Id: Icc3ff763be1a23e8f3e9d1ed076fcb5c74401abe
 2021-03-15 10:21:24 +08:00
Adam Shih
45e33146f1 Allow bluetooth hal to get boot status 
[    5.299448] type=1400 audit(1615772363.892:3): avc: denied { read } for comm="bluetooth@1.1-s" name="u:object_r:boot_status_prop:s0" dev="tmpfs" ino=81 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:boot_status_prop:s0 tclass=file permissive=1
Bug: 171942789
Test: boot and see such log no longer appear

Change-Id: Ib27585183be1ba9913b5f0620d987f26fad663e0
 2021-03-15 09:41:48 +08:00
Adam Shih
36e82d438a update error on ROM 7207833 
Bug: 182706078
Bug: 182705863
Bug: 182705986
Bug: 182705901
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I37728b3b475998668f37d50a70ce980eeff70a63
 2021-03-15 09:26:46 +08:00
Benjamin Schwartz
7615ee47bf Merge "whitechapel: Correct acpm_stats path" into sc-dev am: aa41c84ad1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13840133

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I886976749073f18187b74bd6030bdabdd0dbee7f
 2021-03-12 18:11:53 +00:00
Benjamin Schwartz
aa41c84ad1 Merge "whitechapel: Correct acpm_stats path" into sc-dev 2021-03-12 17:41:35 +00:00
TreeHugger Robot
0e272c63ed Merge "allow init to mount modem_img" into sc-dev am: 3b10aeadae 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839800

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Icd3cac3c5d48ea9e1c438cad2a8c8564ab20a378
 2021-03-12 06:49:17 +00:00
TreeHugger Robot
3b10aeadae Merge "allow init to mount modem_img" into sc-dev 2021-03-12 06:01:50 +00:00
Wen Chang Liu
8cbf2bcb97 Merge changes Ie0ed96d7,Id7f43fe1 into sc-dev am: e72c30346f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839790

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I3c68b42795c4b0b2cfd9510a9b393c80f2f9bc81
 2021-03-12 05:51:09 +00:00
Wen Chang Liu
e72c30346f Merge changes Ie0ed96d7,Id7f43fe1 into sc-dev 
* changes:
  Add sepolicy for BigOcean device
  Add sepolicy for MFC device
 2021-03-12 05:41:08 +00:00
Andy Chou
4a1b96d9aa Merge "Fix cuttlefish test fail due to sepolicy of Exo" into sc-dev am: 737059042f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839799

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I0d271ce84e87f4042bd8cb95a3bea881377dc2ae
 2021-03-12 05:35:47 +00:00
TreeHugger Robot
71f2717803 Merge "update error on ROM 7202683" into sc-dev am: 8e2430d151 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839797

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I4051250e1e3ce7dfb7ce181004f91030827cd1c8
 2021-03-12 05:32:33 +00:00
Andy Chou
737059042f Merge "Fix cuttlefish test fail due to sepolicy of Exo" into sc-dev 2021-03-12 05:32:18 +00:00
TreeHugger Robot
8e2430d151 Merge "update error on ROM 7202683" into sc-dev 2021-03-12 05:19:01 +00:00
Sung-fang Tsai
56c3a11f4a Merge "Mark lib_aion_buffer and related library as same_process_hal_file" into sc-dev am: 1bcf7d412a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824574

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ibbde6769b1760f55c920600c969b46d2ddb06375
 2021-03-12 05:11:49 +00:00
Adam Shih
fdeedcba65 allow init to mount modem_img 
Bug: 182524202
Bug: 182524203
Test: modem_img is mounted under enforcing mode
Change-Id: Ie5448468d4d7f1ad6acdd2c93055bba9001185d1
 2021-03-12 12:54:22 +08:00
Sung-fang Tsai
1bcf7d412a Merge "Mark lib_aion_buffer and related library as same_process_hal_file" into sc-dev 2021-03-12 04:18:59 +00:00
Vova Sharaienko
c3ec7bbf3e Merge "Stats: new sepolicy for the AIDL service" into sc-dev am: 175c2eaa31 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13845133

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I981065070c26b2fa74d862cddbf551e03a426379
 2021-03-12 03:54:09 +00:00
TreeHugger Robot
73df265217 Merge "Add atc sysfs permission for composer service" into sc-dev am: 1dd171b66f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839786

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I90a0f6f3633e9e83aa1052f82630778acf43dd1d
 2021-03-12 03:53:33 +00:00
andychou
9e582d4bc3 Fix cuttlefish test fail due to sepolicy of Exo 
Need to grant gpu_device dir search permission and
device_config_runtime_native_boot_prop for testing.

Bug: 182445508
Test: atest ExoTests pass  on Cuttlefish
Change-Id: Ia4c27efa2a900a3781301de19ab38209f818aba1
 2021-03-12 11:41:24 +08:00
Vova Sharaienko
175c2eaa31 Merge "Stats: new sepolicy for the AIDL service" into sc-dev 2021-03-12 03:32:22 +00:00
Adam Shih
526da2f9b1 update error on ROM 7202683 
Bug: 182524105
Bug: 182523946
Bug: 182524202
Bug: 182524203
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I4c97960d106a74cbe2ba819671612514d4cba282
 2021-03-12 11:18:10 +08:00
wenchangliu
f98706e87b Add sepolicy for BigOcean device 
add /dev/bigocean to video_device

avc: denied { read write } for name="bigocean" dev="tmpfs" ino=629 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \
tclass=chr_file permissive=1
avc: denied { open } for path="/dev/bigocean" dev="tmpfs" ino=629 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \
tclass=chr_file permissive=1
avc: denied { ioctl } for path="/dev/bigocean" dev="tmpfs" ino=629 \
ioctlcmd=0x4202 scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \
tclass=chr_file permissive=1
avc: denied { ioctl } for comm=436F646563322E30204C6F6F706572 path="/dev/bigocean" \
dev="tmpfs" ino=629 ioctlcmd=0x4202 scontext=u:r:mediacodec:s0 \
tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Bug: 172173484
Test: Play AV1 clips in enforcing mode
Change-Id: Ie0ed96d7bf4324bd38a9c42500f4f747f092bfd9
 2021-03-12 10:54:10 +08:00
wenchangliu
b52121a259 Add sepolicy for MFC device 
- Add sysfs_video type for mfc device
- Allow mediacode to access sysfs_video

avc: denied { read } for name="name" dev="sysfs" ino=62278 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video7/name" \
dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video7/name" \
dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { read } for name="name" dev="sysfs" ino=62230 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

Bug: 172173484
Test: video playback / camera recording with enforcing mode
Change-Id: Id7f43fe11c9ed089067f43a50d7f765df873d6c6
 2021-03-12 10:51:41 +08:00
TreeHugger Robot
1dd171b66f Merge "Add atc sysfs permission for composer service" into sc-dev 2021-03-12 02:44:43 +00:00
Ahmed ElArabawy
6219c84925 Merge "Wifi: Add sepolicy files for wifi_ext service" into sc-dev am: 4a0294348b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806170

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I119212a1f114011a7adbbd1b48c276ef0d7e5e13
 2021-03-12 02:29:24 +00:00
Ahmed ElArabawy
4a0294348b Merge "Wifi: Add sepolicy files for wifi_ext service" into sc-dev 2021-03-12 01:37:36 +00:00
Vova Sharaienko
2ed30c23e3 Stats: new sepolicy for the AIDL service 
This allows the pixelstats_vendor communicate with new AIDL IStats service via ServiceManager

Bug: 181914749
Test: Build, flash, and logcat -s "pixelstats_vendor"
Change-Id: Icf1bbbd7f72835fe8f9c2f23281a2f5b4bf8e698
 2021-03-12 01:12:21 +00:00
Benjamin Schwartz
bfa18a7b2a whitechapel: Correct acpm_stats path 
Bug: 182320246
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I7a67b31e28f34d606cfab369b9e982e9fffe3b3f
 2021-03-11 15:52:48 -08:00
Pat Tjin
940d04fd2b Merge "Move wireless charger HAL to 1.3" into sc-dev am: 854db479bb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824572

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Iabc01056a01b06c0a23a79cc7dbc4a349aa10ac7
 2021-03-11 20:28:53 +00:00
Pat Tjin
854db479bb Merge "Move wireless charger HAL to 1.3" into sc-dev 2021-03-11 19:57:54 +00:00
Sung-fang Tsai
82376e2d49 Mark lib_aion_buffer and related library as same_process_hal_file 
To allow access by Google Camera App, which needs this for vendor-specific
buffer management functionality to enable zero-copy camera RAW->GPU buffer
handling.

Test: GCA works with forrest build P20546991.
Bug: 159839616
Change-Id: I71bdcd12f17013881d7a5da2f11e444f0d3b4f94
 2021-03-11 12:02:04 +00:00
linpeter
ebd2a24596 Add atc sysfs permission for composer service 
avc: denied { read write } for name="en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

avc: denied { read write } for name="gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

avc: denied { read write } for name="st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Bug: 168848203
test: test: check avc denied
Change-Id: I48dd839e0ca6f3eb16e35f1b7a4d5f6d4a1fd88b
 2021-03-11 20:01:21 +08:00