Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1685 commits 1 branch 0 tags 494 MiB
Commit graph

1685 commits

This branch
This branch
All branches
Author SHA1 Message Date
Darren Hsu
24b4d1b601 Allow hal_power_stats to read sysfs_aoc_dumpstate am: f11f53a3ae am: a0592e36d2 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2044864

Change-Id: I1ae4b99a9fa4fc95f96ee1f36dc500f453653ca7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 08:17:33 +00:00
Darren Hsu
a0592e36d2 Allow hal_power_stats to read sysfs_aoc_dumpstate am: f11f53a3ae 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2044864

Change-Id: I3b5f155658676081c3248e67ee512c1ce301ab07
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 07:51:38 +00:00
Darren Hsu
f11f53a3ae Allow hal_power_stats to read sysfs_aoc_dumpstate 
avc: denied { read } for comm="android.hardwar" name="restart_count"
dev="sysfs" ino=72823 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs_aoc_dumpstate:s0 tclass=file permissive=0

Bug: 226173008
Test: check bugreport without avc denials
Change-Id: Ife3a7e00a1ffbcbed7fd8b744f2ac8910931a5fb
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-25 11:19:20 +08:00
Stephane Lee
620e6038e2 Fix off-mode (charger) sepolicy for the health interface am: 84a06151a3 am: c35357078d 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2039624

Change-Id: Ia59f2cdb6b014a802edad3b76f135a69c21002e9
 2022-03-24 04:37:58 +00:00
Jack Wu
d43cfef11c sepolicy: gs101: fix charger_vendor permission denied am: b67138e8ae am: 28efee70de 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2039623

Change-Id: I1802a01e50797f41a63ba0073f5f032a8d49939b
 2022-03-24 04:37:57 +00:00
Stephane Lee
c35357078d Fix off-mode (charger) sepolicy for the health interface am: 84a06151a3 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2039624

Change-Id: Ia2c26cc56c09a535aae2d7b4e8e46ff77b79616e
 2022-03-24 04:06:54 +00:00
Jack Wu
28efee70de sepolicy: gs101: fix charger_vendor permission denied am: b67138e8ae 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2039623

Change-Id: I70510310fad5fb164c3a420685fbad7c1e1e1e71
 2022-03-24 04:06:53 +00:00
Stephane Lee
84a06151a3 Fix off-mode (charger) sepolicy for the health interface 
Bug: 223537397
Test: Ensure that there are no selinux errors for sysfs_batteryinfo in
   off-mode charging

Change-Id: I46fa1b7552eb0655d0545538142131465a337f23
Merged-In: I46fa1b7552eb0655d0545538142131465a337f23
 2022-03-23 11:30:31 -07:00
Jack Wu
b67138e8ae sepolicy: gs101: fix charger_vendor permission denied 
[   27.025458][  T443] type=1400 audit(1644391560.640:11): avc: denied { search } for comm="android.hardwar" name="vendor" dev="tmpfs" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0
[   26.563658][  T447] type=1400 audit(1644397622.588:5): avc: denied { search } for comm="android.hardwar" name="/" dev="sda1" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
[   27.198144][  T442] type=1400 audit(1644398156.152:5): avc: denied { search } for comm="android.hardwar" name="battery" dev="sda1" ino=12 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=dir permissive=0
[   27.327035][  T443] type=1400 audit(1644398785.276:5): avc: denied { read } for comm="android.hardwar" name="defender_active_time" dev="sda1" ino=17 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=file permissive=0
[   27.355009][  T443] type=1400 audit(1644398785.276:6): avc: denied { write } for comm="android.hardwar" name="defender_charger_time" dev="sda1" ino=16 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=file permissive=0
[   26.771705][  T444] type=1400 audit(1644379988.804:4): avc: denied { read } for comm="android.hardwar" name="specification_version" dev="sysfs" ino=56257 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0
[   27.898684][  T445] type=1400 audit(1644392754.928:8): avc: denied { read } for comm="android.hardwar" name="thermal_zone6" dev="sysfs" ino=15901 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=lnk_file permissive=0
[   29.180076][  T447] type=1400 audit(1644397625.200:9): avc: denied { write } for comm="android.hardwar" name="mode" dev="sysfs" ino=15915 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0
[   27.043845][  T444] type=1400 audit(1644379988.808:9): avc: denied { search } for comm="android.hardwar" name="thermal" dev="tmpfs" ino=899 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=0
[   27.064916][  T444] type=1400 audit(1644379988.808:10): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_battery_defender_prop:s0" dev="tmpfs" ino=306 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=file permissive=0
[   27.356266][  T444] type=1107 audit(1644404450.376:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.battery.defender.state pid=457 uid=1000 gid=1000 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=property_service permissive=0'

Bug: 218485039
Test: manually test, no avc: denied
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I091dbbca35fb833e59fdbc234d74b90bfe74014c
Merged-In: I091dbbca35fb833e59fdbc234d74b90bfe74014c
 2022-03-23 11:27:45 -07:00
Armelle Laine
92707e72ab Merge changes from topic "trusty-dsu_fix-sc-qpr3" into sc-v2-dev-plus-aosp 
* changes:
  [automerged blank] Allow TEE storageproxyd permissions needed for DSU handling 2p: b9beafc9fa
  Allow TEE storageproxyd permissions needed for DSU handling
 2022-03-18 04:14:36 +00:00
Darren Hsu
186f2306d7 sepolicy: reorder genfs labels for system suspend am: 2018f942a7 am: 83e88065fc 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2026063

Change-Id: I732b1d982c15846e2b9ae1365894b4d0ea0f424f
 2022-03-17 03:55:26 +00:00
Darren Hsu
83e88065fc sepolicy: reorder genfs labels for system suspend am: 2018f942a7 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2026063

Change-Id: Ic1a74c930cc6ade12dc6ea7a42f9ed347a491c95
 2022-03-17 02:49:16 +00:00
Darren Hsu
2018f942a7 sepolicy: reorder genfs labels for system suspend 
Bug: 223683748
Test: check bugreport without relevant avc denials
Change-Id: I66ede69d94bb3cb1a446e1cd5f3250b6f9b7f7e9
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-15 11:48:39 +08:00
TeYuan Wang
faec59da79 Move libperfmgr thermal rules to pixel-sepolicy am: f7aba10674 am: fe826745b3 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2020535

Change-Id: I919c688388bcd8cc320068f6139432b58b3f0ea4
 2022-03-14 06:02:51 +00:00
TeYuan Wang
fe826745b3 Move libperfmgr thermal rules to pixel-sepolicy am: f7aba10674 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2020535

Change-Id: Ie191a767c8b3450df75a37e36deebf5f20242575
 2022-03-14 05:40:21 +00:00
TeYuan Wang
f7aba10674 Move libperfmgr thermal rules to pixel-sepolicy 
Bug: 213257759
Bug: 188579571
Test: build
Change-Id: I9893d53055594bfb4e4dba3d68b53f0fe132617d
 2022-03-10 21:28:33 +08:00
Michael Eastwood
ada03db5e0 Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" am: 82a110ba3b am: a45d075fd0 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2016899

Change-Id: I2b73c3f4576a4f42f76afbf7b8e75fd3be838107
 2022-03-09 18:32:59 +00:00
Michael Eastwood
a45d075fd0 Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" am: 82a110ba3b 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2016899

Change-Id: I55cfbec1df5a5b3952e02875860d25db44b64b98
 2022-03-09 18:00:28 +00:00
Michael Eastwood
82a110ba3b Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" 2022-03-09 17:31:28 +00:00
Michael Eastwood
f648f3c989 Update SELinux policy to allow camera HAL to send Perfetto trace packets 
Example denials:

03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr
aced:s0 tclass=fd permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext
=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:
object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1

Bug: 222684359
Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto.
Change-Id: I0180c6bccf8cb65f444b8fb687ab48422c211bac
 2022-03-08 13:54:34 -08:00
Xin Li
0e86159889 [automerger skipped] Merge Android 12L am: 22c3ab8b6b -s ours am: 594011b90b -s ours 
am skip reason: Merged-In I7b9186af0cb135241e23504fa9d6f7c3d6718c7c with SHA-1 22f2ffcbee is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2012332

Change-Id: If0e4880aa30ddfcc89e252de3f041da19401d4bc
 2022-03-08 11:04:07 +00:00
Xin Li
594011b90b [automerger skipped] Merge Android 12L am: 22c3ab8b6b -s ours 
am skip reason: Merged-In I7b9186af0cb135241e23504fa9d6f7c3d6718c7c with SHA-1 22f2ffcbee is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2012332

Change-Id: Ic29497624866c936ddf7a7f34f9539de55d73eb9
 2022-03-08 10:19:17 +00:00
Xin Li
22c3ab8b6b Merge Android 12L 
Bug: 222710654
Merged-In: I7b9186af0cb135241e23504fa9d6f7c3d6718c7c
Change-Id: I60cda8853fd8575beb8617025479d08ccf816fbb
 2022-03-08 00:15:28 +00:00
Tri Vo
a5ccc7efa8 Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada am: 22f2ffcbee 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441

Change-Id: Ie2af054a900f32cbde1352ba9f708e163f76d86c
 2022-03-04 18:29:27 +00:00
Tri Vo
22f2ffcbee Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441

Change-Id: I7b9186af0cb135241e23504fa9d6f7c3d6718c7c
 2022-03-04 18:06:53 +00:00
Tri Vo
fbf92e2ada Merge "Don't audit storageproxyd unlabeled access" 2022-03-04 17:45:37 +00:00
Midas Chien
9285045f0b [automerger skipped] [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node am: 0e1e0e2830 -s ours am: b637545191 -s ours 
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2009176

Change-Id: Iaf03b02cd8feadc0da6b1f7cb4d0d25f47907f39
 2022-03-04 12:50:47 +00:00
Midas Chien
b637545191 [automerger skipped] [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node am: 0e1e0e2830 -s ours 
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2009176

Change-Id: I5771c4702d7e76db359bba65f059f913d69d774f
 2022-03-04 12:29:41 +00:00
Midas Chien
0e1e0e2830 [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Merged-In: I5ca811f9500dc452fe6832dd772376da51f675a8
Change-Id: I5ca811f9500dc452fe6832dd772376da51f675a8
 2022-03-04 10:48:08 +00:00
Tri Vo
03fef48542 Don't audit storageproxyd unlabeled access 
Test: m sepolicy
Bug: 197502330
Change-Id: I794dac85e475434aaf024027c43c98dde60bee27
 2022-03-03 13:12:17 -08:00
Aaron Tsai
84bacff9ab Fix selinux error for system_app am: 05565c1f14 am: d2d83c8e2d 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1992670

Change-Id: Ibdbeeee937e4c856adfebad71a956a343b820dfa
 2022-02-22 01:56:28 +00:00
Aaron Tsai
d2d83c8e2d Fix selinux error for system_app am: 05565c1f14 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1992670

Change-Id: Ia3c6c0aae82c19a5d1c019cce2700c5e64c8bb11
 2022-02-22 01:35:41 +00:00
Aaron Tsai
05565c1f14 Fix selinux error for system_app 
01-26 05:04:53.364   440   440 I auditd  : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:system_app:s0 pid=3063 scontext=u:r:system_app:s0 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 216531913
Test: verified with the forrest ROM and error log gone

Change-Id: I73d45f3cf1fe0bd918bb4856ce554e81702e4ff9
Merged-In: I73d45f3cf1fe0bd918bb4856ce554e81702e4ff9
 2022-02-21 12:16:45 +08:00
Junkyu Kang
86d20c2552 Add persist.vendor.gps to sepolicy am: 9244051b35 am: a5b052c132 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1989989

Change-Id: I0844fbc02141fc6efa77d0cd47d00fd56a15f3e2
 2022-02-18 07:12:19 +00:00
Junkyu Kang
a5b052c132 Add persist.vendor.gps to sepolicy am: 9244051b35 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1989989

Change-Id: Ibb1a3b4cca8fa3549eeef548d0939829413e8af1
 2022-02-18 06:50:19 +00:00
Junkyu Kang
9244051b35 Add persist.vendor.gps to sepolicy 
Bug: 196002632
Test: PixelLogger can modify persist.vendor.gps.*
Change-Id: I3fdaf564eacec340003eed0b5845a2c08922362c
Merged-In: I3fdaf564eacec340003eed0b5845a2c08922362c
 2022-02-17 08:55:49 +00:00
Xin Li
14abf01391 [automerger skipped] Merge sc-v2-dev-plus-aosp-without-vendor@8084891 am: 81caef24ad -s ours 
am skip reason: Merged-In Icecca9f69ee9b57d43aa2864864951bf66c4905f with SHA-1 ca06222472 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16844142

Change-Id: I12d27f867dd598e669aa86e1bec26c3aafbef4a3
 2022-02-14 18:03:48 +00:00
Xin Li
81caef24ad Merge sc-v2-dev-plus-aosp-without-vendor@8084891 
Bug: 214455710
Merged-In: Icecca9f69ee9b57d43aa2864864951bf66c4905f
Change-Id: Ibf8d551c16f8f941cfc8072a29ef5c57e8bef170
 2022-02-11 07:12:06 +00:00
TeYuan Wang
9ad50b3952 move vendor_thermal_prop rules to pixel-sepolicy am: c292dd65ba am: aeebc898cb am: 912673f8ce 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960120

Change-Id: Iaf7721a2b7a2f4def1a302c71d6f293b371b7661
 2022-02-08 11:51:56 +00:00
TeYuan Wang
912673f8ce move vendor_thermal_prop rules to pixel-sepolicy am: c292dd65ba am: aeebc898cb 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960120

Change-Id: Ib49a0a78843456c9b170dd968259e9e1d51e6317
 2022-02-08 11:40:52 +00:00
TeYuan Wang
aeebc898cb move vendor_thermal_prop rules to pixel-sepolicy am: c292dd65ba 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960120

Change-Id: Id7692611610e82be8489a0c73e2040d15101e09b
 2022-02-08 10:04:37 +00:00
TeYuan Wang
c292dd65ba move vendor_thermal_prop rules to pixel-sepolicy 
Bug: 213257759
Test: no denied log after "setprop persist.vendor.disable.thermal.control 1"
Change-Id: Ic150959bc6084034d9afcc70bf446692fbe22d11
 2022-02-08 08:10:32 +00:00
Treehugger Robot
674aa657fb Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" am: 2c1750e537 am: 02e7ad9fb5 am: d70a957518 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1972966

Change-Id: I109245e668ffa38851ced506270ec6d6d1d29fd1
 2022-02-08 01:49:40 +00:00
Treehugger Robot
d70a957518 Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" am: 2c1750e537 am: 02e7ad9fb5 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1972966

Change-Id: I1da16035bcc4af82e8c671398b76daf7cc8efd28
 2022-02-08 01:26:58 +00:00
Treehugger Robot
02e7ad9fb5 Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" am: 2c1750e537 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1972966

Change-Id: I2807e116f14305f0e829eec6907db6c817f000c3
 2022-02-08 01:08:56 +00:00
Treehugger Robot
2c1750e537 Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" 2022-02-08 00:53:08 +00:00
Will McVicker
5a88ee6af1 genfs_contexts: add paths for unnamed cs40l25a i2c devices 
In the 5.10 kernel, the i2c paths are named using an out-of-tree patch
[1]. For kernels that don't support that, let's add the unnamed sysfs
paths as well to the selinux policy.

[1] https://android-review.googlesource.com/c/kernel/common/+/1646148

Bug: 217774013
Change-Id: I3a1f279270d22bf82144ce60a08c215308764be3
 2022-02-04 11:54:06 -08:00
Marco Nelissen
a9004241c2 Allow logd to read the Trusty log am: 7df1fa1574 am: 983f5f2d96 am: 6072583f8a 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1971381

Change-Id: I599f4256ea82b4917eceafeced56aef1214de588
 2022-02-04 02:15:43 +00:00
Marco Nelissen
6072583f8a Allow logd to read the Trusty log am: 7df1fa1574 am: 983f5f2d96 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1971381

Change-Id: I3ef810bd7a3ecddf60a0b13f1262abce14a5ece1
 2022-02-04 01:59:53 +00:00
Marco Nelissen
983f5f2d96 Allow logd to read the Trusty log am: 7df1fa1574 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1971381

Change-Id: Ic66382bd03df28287fc3817c6f66a414d69637b3
 2022-02-04 01:43:42 +00:00