Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3468 commits 1 branch 0 tags 494 MiB
Commit graph

3468 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eddie Tashjian
7a501cba00 Add selinux policies for mounted modem parition am: 78cd6eb78e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824571

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I5dc47429ad5dd846679fbde04f2b5144d39ce977
 2021-03-11 10:41:57 +00:00
Eddie Tashjian
78cd6eb78e Add selinux policies for mounted modem parition 
Bug: 178980032
Bug: 178979986
Bug: 179198083
Bug: 179198085
Bug: 178980065

Test: Check selinux denials
Change-Id: I7f826442d1536946d0e84aadfd80f679c0f4d6da
 2021-03-11 10:16:27 +00:00
TreeHugger Robot
75e52314ad Merge changes I68aace66,Idf510e4a into sc-dev am: ef6e91692a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824668

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ie76c219de19bfeb0ec28895580e1ae631f4dc032
 2021-03-11 09:43:48 +00:00
TreeHugger Robot
ef6e91692a Merge changes I68aace66,Idf510e4a into sc-dev 
* changes:
  gs101-sepolicy: Add twoshay permissions
  Add touch procfs and sysfs sepolicy
 2021-03-11 09:16:51 +00:00
Lopy Cheng
5019452cbb HardwareInfo: Add sepolicy for display 
hardwareinfo: type=1400 audit(0.0:17): avc: denied { read } for name="serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo
hardwareinfo: type=1400 audit(0.0:18): avc: denied { open } for path="/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo
hardwareinfo: type=1400 audit(0.0:19): avc: denied { getattr } for path="/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo

Bug: 161943795
Test:
1. Remove hardwareinfo app
rm -r /data/data/com.google.android.hardwareinfo/
2. Connect wifi and reboot
3. Check the HardwareInfoService status.
4. There is no AVC denied log.

Change-Id: I4d1c83a1c5b0f2f3bdd64ab79ab45fb69470b25b
 2021-03-11 08:38:43 +00:00
yihsiangpeng
cc8429cc0d Move wireless charger HAL to 1.3 
Bug: 179464598
Signed-off-by: yihsiangpeng <yihsiangpeng@google.com>
Change-Id: I73d1d811f2483bbe80e7d4aea1f6e9f143bc2836
 2021-03-11 14:47:49 +08:00
TreeHugger Robot
152dcc1b4d Merge changes I6f6e8359,Ib7bf4029 into sc-dev am: db0ca5a3b2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816037

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I4817667db5897b8eac0e12f45d9d8c630128b1cb
 2021-03-11 04:35:25 +00:00
TreeHugger Robot
db0ca5a3b2 Merge changes I6f6e8359,Ib7bf4029 into sc-dev 
* changes:
  label kernel modules and grant bt permission
  update error on ROM 7196668
 2021-03-11 03:53:57 +00:00
TreeHugger Robot
f77f159364 Merge "Fix avc denied issue when accessing to IStats service" into sc-dev am: 6657774b4c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806168

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I64600db02c76e2bfaa3ddf03373585817d33daab
 2021-03-10 17:31:10 +00:00
TreeHugger Robot
6657774b4c Merge "Fix avc denied issue when accessing to IStats service" into sc-dev 2021-03-10 16:57:56 +00:00
TreeHugger Robot
72cfb31ebe Merge "Fix avc denied in OMA DM" into sc-dev am: d2cee097f8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816043

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I4c471c8e3d6d29082744dc044fb22af6849411b2
 2021-03-10 16:37:32 +00:00
TreeHugger Robot
d2cee097f8 Merge "Fix avc denied in OMA DM" into sc-dev 2021-03-10 15:52:45 +00:00
Tai Kuo
8cac55487b gs101-sepolicy: Add twoshay permissions 
Add twoshay and touch input context library permissions

Bug: 173330899
Bug: 173330981
Test: check boot-time twoshay startup and no denials.
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
Change-Id: I68aace66f49c2af1ebfd4bde7082039f9caf3f64
Signed-off-by: Tai Kuo <taikuo@google.com>
 2021-03-10 22:23:49 +08:00
SalmaxChang
2b90406669 cbd: Fix avc errors am: 6247ff69b2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816040

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ibf0d222fc8bafcdaa0b7b8c5fe861749a6192bc6
 2021-03-10 14:03:20 +00:00
SalmaxChang
ebab404edb vendor_init: Update tracking denials am: 7edb7e30c4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816041

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I9e928515b554984b84d853608d6ecd9351b2a39f
 2021-03-10 14:03:14 +00:00
SalmaxChang
6247ff69b2 cbd: Fix avc errors 
avc: denied { setuid } for comm="cbd" capability=7 scontext=u:r:cbd:s0 tcontext=u:r:cbd:s0 tclass=capability permissive=1
avc: denied { search } for comm="cbd" name="vendor" dev="tmpfs" ino=2 scontext=u:r:cbd:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1

Bug: 178331928
Bug: 171267363
Change-Id: Icf28f494f05ee386ce94213929926369f2775173
 2021-03-10 13:33:43 +00:00
SalmaxChang
7edb7e30c4 vendor_init: Update tracking denials 
Removed the path creation from init rc.

Bug: 177186257
Change-Id: I5a8e99ae273d0c8370255bcdb4b9e802fa9895ca
 2021-03-10 13:33:19 +00:00
Jack Wu
b10c77244b hal_health_default: Fix avc denials am: 522a8aefcf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816038

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I543f53ff53fd1db6d12c66683c956ff21a7f5da8
 2021-03-10 12:46:33 +00:00
Tai Kuo
4dd3e1e99e Add touch procfs and sysfs sepolicy 
Touch palm sepolicies are not included.

Bug: 173330981
Test: No avc denied log for touch sysfs, procfs access.
Signed-off-by: Tai Kuo <taikuo@google.com>
Change-Id: Idf510e4a9c65e5af0885159353ef85d6b6ec553f
 2021-03-10 17:00:16 +08:00
Calvin Pan
47bf48c03b Fix avc denied in OMA DM 
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:493): avc: denied { search } for comm="IntentService[D" name="radio" dev="dm-6" ino=242 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:493): avc: denied { search } for name="radio" dev="dm-6" ino=242 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:494): avc: denied { getattr } for comm="IntentService[D" path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:494): avc: denied { getattr } for path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:495): avc: denied { setattr } for comm="IntentService[D" name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:495): avc: denied { setattr } for name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:496): avc: denied { append } for comm="IntentService[D" name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:496): avc: denied { append } for name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I auditd  : type=1400 audit(0.0:497): avc: denied { open } for comm="IntentService[D" path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service
03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:497): avc: denied { open } for path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service

03-10 11:57:07.155   386   386 E SELinux : avc:  denied  { find } for pid=8406 uid=10141 name=autofill scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1
03-10 11:57:07.155   386   386 I auditd  : avc:  denied  { find } for pid=8406 uid=10141 name=autofill scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1

03-10 12:26:05.904   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=activity scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.904   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=activity scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.931   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=activity_task scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.931   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=activity_task scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.960   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=SurfaceFlinger scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.960   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=SurfaceFlinger scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.960   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=gpu scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
03-10 12:26:05.960   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=gpu scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1
03-10 12:26:06.041   388   388 E SELinux : avc:  denied  { find } for pid=12124 uid=10141 name=audio scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1
03-10 12:26:06.041   388   388 I auditd  : avc:  denied  { find } for pid=12124 uid=10141 name=audio scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1

03-10 12:35:40.653   387   387 E SELinux : avc:  denied  { find } for pid=8328 uid=10141 name=tethering scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=1
03-10 12:35:40.654   387   387 I auditd  : avc:  denied  { find } for pid=8328 uid=10141 name=tethering scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=1
03-10 12:35:40.658   387   387 E SELinux : avc:  denied  { find } for pid=8328 uid=10141 name=isub scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1
03-10 12:35:40.658   387   387 I auditd  : avc:  denied  { find } for pid=8328 uid=10141 name=isub scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1

Bug: 173990082
Test: Trigger OMA DM
Change-Id: Ie66ecd1c9d80f7b12a4545f3651dd2c5f02b119b
 2021-03-10 15:54:08 +08:00
Jack Wu
522a8aefcf hal_health_default: Fix avc denials 
[    5.146740] type=1400 audit(1611123521.796:23): avc: denied { search } for comm="android.hardwar" name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
[    5.425436] type=1400 audit(1611123522.076:24): avc: denied { search } for comm="health@2.1-serv" name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
[   29.943710] type=1400 audit(1611123546.592:483): avc: denied { write } for comm="health@2.1-serv" name="mode" dev="sysfs" ino=14741 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=1
01-20 14:18:41.796   656   656 I android.hardwar: type=1400 audit(0.0:23): avc: denied { search } for name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1

Bug: 177966434
Test: Verify pass by checking device log are w/o above errors after
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I576547e27dceb55fd768de2834e3bb0155857f56
 2021-03-10 14:13:38 +08:00
TreeHugger Robot
552849b103 Merge "hal_power_stats_default: Fix avc denials" into sc-dev am: c625222492 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806171

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ie4d9a36afac8785c4b0a3a5855ce5e62d92195fa
 2021-03-10 02:50:50 +00:00
Adam Shih
58b3344c7a label kernel modules and grant bt permission 
Bug: 182320300
Bug: 182320258
Test: boot to home and connect to bluetooth headset under enforcing mode
Change-Id: I6f6e8359d03eb4205268d56a1fcd50ce1445f442
 2021-03-10 10:36:45 +08:00
Adam Shih
487f66f754 update error on ROM 7196668 
Bug: 182320300
Bug: 182320246
Bug: 182320258
Bug: 182320172
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ib7bf40299374061526a87714cfd8982544a1698f
 2021-03-10 10:34:03 +08:00
TreeHugger Robot
c625222492 Merge "hal_power_stats_default: Fix avc denials" into sc-dev 2021-03-10 02:11:04 +00:00
Adam Shih
84bb9a87b8 Merge "remove obsolete entries and put crucial domains to permissive" into sc-dev am: 48113ddced 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13805052

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: If914068d4fb3369486f1dbef8af614245b9dfa0b
 2021-03-10 01:46:48 +00:00
TreeHugger Robot
4926c30d09 Merge "dumpstate: allow dumpstate to access displaycolor" into sc-dev am: c8e903d1c8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806024

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: If0f57e685973290e3323cd954367cb60864bd654
 2021-03-10 01:46:19 +00:00
andychou
ce711fd18e Fix avc denied issue when accessing to IStats service 
Originally we use isPriv=true but Exo APP is not located in priv-app
folder.
So has to remove isPriv=true and add into net_domain in order to network
accessing.
This is a clone cl updated from ag/13794482

Bug: 180594376
Test: manual test if there is avc denied
Change-Id: Icb5009248d10c23e772040aad8ac2fed849bafa0
 2021-03-10 09:27:04 +08:00
Adam Shih
48113ddced Merge "remove obsolete entries and put crucial domains to permissive" into sc-dev 2021-03-10 01:24:44 +00:00
TreeHugger Robot
c8e903d1c8 Merge "dumpstate: allow dumpstate to access displaycolor" into sc-dev 2021-03-10 01:15:42 +00:00
Yu-Chi Cheng
9ba0f29835 Merge "Allowed the EdgeTPU service to access Package Manager binder service." into sc-dev am: 02ecfdcc0d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13809458

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Iad3c70644d6dce4045a9cac95315d7b60d1721b8
 2021-03-09 15:38:26 +00:00
Yu-Chi Cheng
02ecfdcc0d Merge "Allowed the EdgeTPU service to access Package Manager binder service." into sc-dev 2021-03-09 15:00:12 +00:00
Jack Wu
a3678d9487 hal_power_stats_default: Fix avc denials 
[  351.298850] type=1400 audit(1614041245.976:13): avc: denied { read } for comm="android.hardwar" name="hf1_wfi" dev="sysfs" ino=78155 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
[  698.658433] type=1400 audit(1614041593.336:1733): avc: denied { open } for comm="stats@1.0-servi" path="/sys/devices/platform/19000000.aoc/control/monitor_mode" dev="sysfs" ino=78158 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
02-23 08:53:13.336   673   673 I stats@1.0-servi: type=1400 audit(0.0:1734): avc: denied { getattr } for path="/sys/devices/platform/19000000.aoc/control/monitor_mode" dev="sysfs" ino=78158 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
02-23 08:52:26.228   670   670 I android.hardwar: type=1400 audit(0.0:724): avc: denied { search } for name="19000000.aoc" dev="sysfs" ino=18343 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=1

Bug: 180963514
Test: Verify pass by checking device log are w/o above errors after
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Iab245b320c1f6e75407f1fafb5ad20a087b1a707
 2021-03-09 14:21:20 +00:00
raylinhsu
43fb32d300 dumpstate: allow dumpstate to access displaycolor 
In bugreport, we need to dump libdisplaycolor information.
Hence, we should add corresponding sepolicy.

Bug: 181915591
Test: There is no avc denied regarding to displaycolor when we
capture the bugreport.

Change-Id: I9f7f8f451fab24b4d0c49305d96b8db6b4d0eed4
 2021-03-09 19:06:24 +08:00
Adam Shih
df06cd7760 remove obsolete entries and put crucial domains to permissive 
Bug: 171942789
Bug: 178979986
Bug: 179310854
Bug: 178980065
Bug: 179198085
Bug: 178980032
Test: boot to home under enforcing mode
Change-Id: Ic925dbbb74ca2ba38b22c982761c1e214886bfa1
 2021-03-09 13:46:42 +08:00
Charlie Chen
4cb9150dc0 Merge changes I8de6132f,I2bc6057d into sc-dev am: e265637395 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13775695

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Iabd11156d2fcf57c745c90353baf089417ed3984
 2021-03-09 05:11:25 +00:00
Charlie Chen
e265637395 Merge changes I8de6132f,I2bc6057d into sc-dev 
* changes:
  Remove dma_buf_heap tracking_denials
  Add missing permission to dmabuf_video_system_heap
 2021-03-09 04:58:08 +00:00
TreeHugger Robot
5ce78ab9bf Merge "update error on ROM 7193586" into sc-dev am: ce148d20c6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13775691

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I8be41bf126ea037a133810f05364050efa6f37f0
 2021-03-09 04:48:12 +00:00
TreeHugger Robot
ce148d20c6 Merge "update error on ROM 7193586" into sc-dev 2021-03-09 04:05:05 +00:00
Charlie Chen
019eec3f64 Remove dma_buf_heap tracking_denials 
Bug: 182086551
Bug: 182086552
Bug: 182086686
Bug: 182086482
Bug: 182086481
Bug: 182086550
Test: atest VtsHalMediaC2V1_0TargetVideoDecTest
Change-Id: I8de6132fb41b0418f67baac4971ee03031ec3e32
 2021-03-09 02:42:56 +00:00
TreeHugger Robot
a60b76aae2 Merge "sepolicy: add sensor related rules for AIDL APIs" into sc-dev am: 9c51e64c6e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13805046

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ic7ec7dc37858c5f79918208873bad661a6e60bda
 2021-03-09 02:37:08 +00:00
Taehwan Kim
7d77820127 Add missing permission to dmabuf_video_system_heap 
Bug: 153786620
Bug: 182086551
Bug: 182086552
Bug: 182086686
Bug: 182086482
Bug: 182086481
Bug: 182086550
Test: atest VtsHalMediaC2V1_0TargetVideoDecTest
Signed-off-by: Taehwan Kim <t_h.kim@samsung.com>
Change-Id: I2bc6057d16bbcc32ef8891f89c0440618d174982
 2021-03-09 02:19:06 +00:00
TreeHugger Robot
9c51e64c6e Merge "sepolicy: add sensor related rules for AIDL APIs" into sc-dev 2021-03-09 02:03:39 +00:00
Adam Shih
47abac4459 update error on ROM 7193586 
Bug: 182218891
Bug: 182219008
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Id3d823c2ec41f9b777ccb666338a195bbd3047b6
 2021-03-09 09:53:59 +08:00
TreeHugger Robot
b33e0adb8b Merge "Fix selinux error for vendor_telephony_app" into sc-dev am: 9185f0aafd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13805051

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: If06a9bc3c1794342f7c67eac5630cf930a761d4e
 2021-03-09 01:38:24 +00:00
TreeHugger Robot
82903ddc8b Merge "trusty_apploader: Fix avc errors" into sc-dev am: c5c7a85a0d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13805060

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ia054941d8d4a804355e0b7a2f5008392b14528b9
 2021-03-09 01:37:50 +00:00
TreeHugger Robot
9185f0aafd Merge "Fix selinux error for vendor_telephony_app" into sc-dev 2021-03-09 01:01:45 +00:00
TreeHugger Robot
c5c7a85a0d Merge "trusty_apploader: Fix avc errors" into sc-dev 2021-03-09 00:55:06 +00:00
Yu-Chi Cheng
d18a92b0ef Allowed the EdgeTPU service to access Package Manager binder service. 
EdgeTPU service will connect to the Package Manager service
to verify applicatoin signatures.
This change added the corresponding SELinux rules to allow such
connection.

Bug: 181821398
Test: Verified using Google Camera App on local device.
Change-Id: Ia32b3de102c162e28710e0aa917831e8de784183
 2021-03-08 16:02:14 -08:00
Isaac Chiou
73ce34397a Wifi: Add sepolicy files for wifi_ext service 
This commit adds the sepolicy related files for wifi_ext service.

Bug: 171944352
Bug: 177966433
Bug: 177673356
Test: Manual
Change-Id: I1613e396fd4c904ed563dfd533fb4b8f807f9657
 2021-03-08 19:36:29 +08:00