device_google_gs101

Author	SHA1	Message	Date
Sean Callanan	77432c5015	whitechapel: make vframe-secure a system heap The GPU driver uses vframe-secure for secure allocations, so the corresponding DMA heap file should be visible to all processes so use the dmabuf_system_secure_heap_device type instead. In order for this type to be used, we need to ensure that the HAL Allocator has access to it, so update hal_graphics_allocator_default.te Finally, since there are no longer any buffer types associated with the vframe_heap_device type, remove it. Bug: 182090311 Test: run cts-dev -m CtsDeqpTestCases --module-arg CtsDeqpTestCases:include-filter:dEQP-VK.protected_memory.stack.stacksize_64 and ensure secure allocations succeed Test: Play DRM-protected video in ExoPlayer and ensure videos render correctly via MFC->DPU. Change-Id: Id341e52322a438974d4634a4274a7be2ddb4c9fe	2021-06-04 18:01:34 +00:00
TreeHugger Robot	86bc19fafb	Merge "storage: update sepolicy for hardwareinfoservice" into sc-dev am: `29a5be5603` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14696013 Change-Id: I11ed5570c71bbb4f1dd80ff0411587aceabc6dc9	2021-06-04 11:02:36 +00:00
TreeHugger Robot	29a5be5603	Merge "storage: update sepolicy for hardwareinfoservice" into sc-dev	2021-06-04 10:45:34 +00:00
TreeHugger Robot	54767e9f18	Merge "[RCS] Add sepolicy for RCS as non-system app" into sc-dev am: `be1f56dba1` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14719163 Change-Id: Ic7ee2c3ff0a036229000191881e0255fee2f6b56	2021-06-04 06:42:19 +00:00
Maciej Żenczykowski	bfebab07d6	allow hal_usb_impl configfs:dir { create rmdir }; am: `729e8901ab` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14542109 Change-Id: I0803ce3e0ab48c7d1f258789dcb0d3b12fc4ede6	2021-06-04 06:42:09 +00:00
TreeHugger Robot	be1f56dba1	Merge "[RCS] Add sepolicy for RCS as non-system app" into sc-dev	2021-06-04 06:22:03 +00:00
Maciej Żenczykowski	729e8901ab	allow hal_usb_impl configfs:dir { create rmdir }; This is needed to allow USB HAL to create multi-config gadget (ie. rndis + ncm). Bug: 172793258 Test: built and booted on oriole Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Ifb98b23138122ad4e0aeea8dd9c93d7b3e16d3aa	2021-06-04 02:53:11 +00:00
jznpark	3d127f9224	[RCS] Add sepolicy for RCS as non-system app As shannon-rcs has been changed from system app to non-system app, sepolicy has to be updated. Bug: 186135775 Bug: 189707387 Test: sanity test Signed-off-by: jznpark <jzn.park@samsung.com> Change-Id: I32cce90611c619494136a6b1d01b3fb48330d169	2021-06-03 13:30:26 -07:00
Rick Yiu	a4dbe2ef40	gs101-sepolicy: Fix avc denials for sysfs_vendor_sched Bug: 190011861 Bug: 190011862 Bug: 190011863 Bug: 190012301 Bug: 190012320 Test: boot to home Change-Id: Icddb42fb194547211e33cf1d871e839a954b0919	2021-06-03 17:55:17 +08:00
Chiawei Wang	a1a00508b1	Merge "pixelstats: fix permission errors" into sc-dev am: `9cfc661bee` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14781915 Change-Id: I89bbeeca2f88a9a82b5d7a1a66a70d16f79627ce	2021-06-03 09:03:14 +00:00
Chiawei Wang	9cfc661bee	Merge "pixelstats: fix permission errors" into sc-dev	2021-06-03 08:45:12 +00:00
Chiawei Wang	9d5830ac19	pixelstats: fix permission errors 1. sysfs_dma_heap erros are fixed by ag/13926718 2. debugfs_mgm error is fixed by ag/14683912 Bug: 188114896 Bug: 183338421 Bug: 188495492 Test: pts-tradefed run pts -m PtsSELinuxTest http://sponge2/6cbd0af0-5414-4f2c-aea0-99b4981360a4 Signed-off-by: Chiawei Wang <chiaweiwang@google.com> Change-Id: Icd2fa4e7f168d15fd4cec3000bc0e7a33eab4d3e	2021-06-03 02:52:33 +00:00
Rick Yiu	3ad28926f7	Merge "gs101-sepolicy: Refine policy for sysfs_vendor_sched" into sc-dev am: `b530a26f1f` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14774943 Change-Id: I47a0e9367819d6ddd3b384f93c7199dead2e809e	2021-06-03 01:16:38 +00:00
Rick Yiu	b530a26f1f	Merge "gs101-sepolicy: Refine policy for sysfs_vendor_sched" into sc-dev	2021-06-03 00:56:00 +00:00
Peter Csaszar	c9da551db2	pixel-selinux: Add mlstrustedobject for SJTAG am: `7ea6a44719` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14794010 Change-Id: I2b1b51ecfec820558988666ab03082951dd21fec	2021-06-02 20:56:54 +00:00
Peter Csaszar	7ea6a44719	pixel-selinux: Add mlstrustedobject for SJTAG This CL adds the "mlstrustedobject" to types for files involved in the SJTAG authentication flow, in order to address MLS-based AVC denials. Bug: 189466122 Test: No more AVC denials when activating SJTAG in BetterBug Signed-off-by: Peter Csaszar <pcsaszar@google.com> Change-Id: Ieb88653830ce95751eee5cf26c26fd6302067bce	2021-06-02 12:23:01 -07:00
Aaron Ding	9a43bd9ead	pixel-selinux: add SJTAG policies am: `9f8d552411` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14795132 Change-Id: Ia7c9bd89f0c958eeed16828186948a045044223a	2021-06-02 06:23:03 +00:00
Aaron Ding	2f3336940b	remove sysfs_type from vendor_page_pinner_debugfs am: `2dbe515943` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14782004 Change-Id: I12715f8c51af7decc14aedf173e3bb13c8f51c1d	2021-06-02 06:22:59 +00:00
Rick Yiu	9e8bd699e9	gs101-sepolicy: Refine policy for sysfs_vendor_sched Chagne it to directory based. Bug: 182509410 Test: device boot normally Change-Id: I1cfaa95cf07e1e829e747eb99ed39ab64d3ddac1	2021-06-02 04:52:45 +00:00
Aaron Ding	9f8d552411	pixel-selinux: add SJTAG policies This reverts commit `b078284e5d`. Bug: 184768605 Change-Id: Ib0080e2ba3edf7fa654155fb4a7403d52ad2494a	2021-06-02 10:25:51 +08:00
Aaron Ding	2dbe515943	remove sysfs_type from vendor_page_pinner_debugfs Bug: 186500818 Change-Id: If97126a3d46d96342faf89b9698218b6a480a84b	2021-06-01 17:38:28 +08:00
David Chao	6026cf5181	Grant powerhal access to thermal_link_device and sysfs_thermal Bug: 188579571 Test: boot Change-Id: I8e4675e2817fe3778236618e0dba76f1233e77e2	2021-06-01 05:17:13 +00:00
Aaron Ding	2d35ae6cb8	Revert "pixel-selinux: add SJTAG policies" am: `b078284e5d` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14528664 Change-Id: I819e31237595331138b5230a77d5f85dbd368bc0	2021-05-31 18:43:52 +00:00
Aaron Ding	b078284e5d	Revert "pixel-selinux: add SJTAG policies" This reverts commit `bc525e1a49`. Bug: 186500818 Change-Id: I0bab67d42530270a819598ac320a5946e5d7aa6d Signed-off-by: Aaron Ding <aaronding@google.com>	2021-06-01 01:21:14 +08:00
Vova Sharaienko	e133184c45	Merge "hal_health_default: updated sepolicy" into sc-dev am: `ce4002966a` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14738712 Change-Id: I19ce2ef9b6f771d35036dcd5fd8217bc8eb8219a	2021-05-28 17:59:27 +00:00
Vova Sharaienko	ce4002966a	Merge "hal_health_default: updated sepolicy" into sc-dev	2021-05-28 17:42:45 +00:00
Rick Yiu	8b7354ea6c	Merge "gs101-sepolicy: Allow dumping vendor groups values" into sc-dev am: `6c5779d0af` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14692150 Change-Id: I5cdb6420dd45a50867d20a3b1ec97b1989af7a53	2021-05-28 01:40:56 +00:00
Rick Yiu	6c5779d0af	Merge "gs101-sepolicy: Allow dumping vendor groups values" into sc-dev	2021-05-28 01:16:34 +00:00
Vova Sharaienko	144b6b06b3	hal_health_default: updated sepolicy This allows the android.hardware.health service to access AIDL Stats service Bug: 186578402 Test: Build, flash, boot & and logcat \| grep "avc" Change-Id: I1bfd8dbca4a8a87387c5fc0cc47b9f09a6d07ea4	2021-05-27 01:51:21 +00:00
Harpreet Eli Sangha	e952c414ec	Add CccDkTimeSyncService Bug: 183676280 Test: Build and run example client. Signed-off-by: Harpreet Eli Sangha <eliptus@google.com> Change-Id: I862d5f3e8be3cf7d23489be374fabf26e29e0ca5	2021-05-26 16:59:51 +00:00
TreeHugger Robot	51a593d480	Merge "Add sepolicy for Trusty keymint" into sc-dev am: `9e9c6a75da` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14414676 Change-Id: I5e2c27949cd69819a9aa12da921494adefa16606	2021-05-26 13:44:53 +00:00
TreeHugger Robot	9e9c6a75da	Merge "Add sepolicy for Trusty keymint" into sc-dev	2021-05-26 13:23:20 +00:00
sukiliu	826d258fcf	Update avc error on ROM 7395282 am: `073a0f5ed1` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14717075 Change-Id: Ifa05ac25bfcf263c9cac8584420b17bb84fce60c	2021-05-26 04:54:42 +00:00
sukiliu	073a0f5ed1	Update avc error on ROM 7395282 avc: denied { dac_override } for comm="rebalance_inter" capability=1 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:r:rebalance_interrupts_vendor:s0 tclass=capability permissive=0 Bug: 189275648 Test: PtsSELinuxTestCases Change-Id: I637f1fcd901b8bf59096ba83c927b4d353f0405b	2021-05-26 11:11:03 +08:00
Shawn Willden	c5fdb59287	Add sepolicy for Trusty keymint Bug: 177729159 Test: VtsAidlKeyMintTargetTest on P21 Change-Id: I993faa2a829d3ad4f1b920ff59ba4fd5ef8e7db7	2021-05-25 16:37:29 -06:00
TreeHugger Robot	a85442bd10	Merge "Allow mediacodec to access the vframe-secure DMA-BUF heap" into sc-dev am: `477e19f032` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14704012 Change-Id: Ib1fe025493a3021d69bf7f79c8809098933ba1b8	2021-05-25 19:05:23 +00:00
TreeHugger Robot	477e19f032	Merge "Allow mediacodec to access the vframe-secure DMA-BUF heap" into sc-dev	2021-05-25 18:45:37 +00:00
TreeHugger Robot	eeb41949c2	Merge "dumpstate: add sepolicy for hal_dumpstate to access sysfs_display" into sc-dev am: `57eefb5b13` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14608138 Change-Id: I7a32e0b2bcef407665e75e58d0af2db52c08323b	2021-05-25 11:49:35 +00:00
TreeHugger Robot	57eefb5b13	Merge "dumpstate: add sepolicy for hal_dumpstate to access sysfs_display" into sc-dev	2021-05-25 10:12:38 +00:00
Ocean Chen	b8aebc85e1	storage: update sepolicy for hardwareinfoservice avc: denied { search } for name="0:0:0:0" dev="sysfs" ino=57525 scontext=u:r:hardware_info_app:s0:c512,c768 avc: denied { search } for name="health_descriptor" dev="sysfs" ino=57017 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0 app=com.google.android.hardwareinfo avc: denied { search } for name="health_descriptor" dev="sysfs" ino=57017 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="vpd_pg80" dev="sysfs" ino=57559 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="model" dev="sysfs" ino=57534 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="vendor" dev="sysfs" ino=57533 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="rev" dev="sysfs" ino=57535 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="eol_info" dev="sysfs" ino=57020 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="life_time_estimation_a" dev="sysfs" ino=57021 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo Bug: 188755652 Test: reboot then check hardwareinfo and avc denined log Change-Id: Ia03ebdd6b0b46b4c9ace5fbf1fc47a455a55abcb	2021-05-25 16:57:20 +08:00
Roger Fang	21d7509c17	Merge "sepolicy: gs101: add permission for the hardware info dsp part number" into sc-dev am: `56cbfd5a0a` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14696016 Change-Id: If394b6c1a719b26a295b97980b94fb217442ef76	2021-05-25 01:22:03 +00:00
Roger Fang	56cbfd5a0a	Merge "sepolicy: gs101: add permission for the hardware info dsp part number" into sc-dev	2021-05-25 01:02:39 +00:00
Ines Ayara	304a92ea86	Merge "Transition to using libedgetpu_util.so instead of libedgetpu_darwinn2.so. bug: b/182303547" into sc-dev am: `dfb3783187` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14652412 Change-Id: Ie52a7d786c4344a7ba0e8bf6bbba87ae7f9d0999	2021-05-25 00:16:44 +00:00
Vinay Kalia	68849437bd	Allow mediacodec to access the vframe-secure DMA-BUF heap This patch fixes the following denial: HwBinder:751_2: type=1400 audit(0.0:9): avc: denied { open } for path="/dev/dma_heap/vframe-secure" dev="tmpfs" ino=734 scontext=u:r:mediacodec:s0 tcontext=u:object_r:vframe_heap_device:s0 tclass=chr_file permissive=0 Bug: 188121584 Test: AV1 secure video playback Signed-off-by: Vinay Kalia <vinaykalia@google.com> Change-Id: I455b39914dd4316a427f5f756b4fb94a2c4db204	2021-05-24 23:57:28 +00:00
Ines Ayara	dfb3783187	Merge "Transition to using libedgetpu_util.so instead of libedgetpu_darwinn2.so. bug: b/182303547" into sc-dev	2021-05-24 23:55:32 +00:00
Roger Fang	a97bfcc1e1	sepolicy: gs101: add permission for the hardware info dsp part number Bug: 188757638 Test: Manually test passed Signed-off-by: Roger Fang <rogerfang@google.com> Change-Id: Id0c3226411b058b613b92e67174f14e64c6c3a2b	2021-05-24 08:16:34 +00:00
Rick Yiu	5aeb1b9e45	gs101-sepolicy: Allow dumping vendor groups values Fix: avc: denied { read } for name="vendor_sched" dev="sysfs" ino=45566 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0 avc: denied { read } for name="dump_task_group_ta" dev="proc" ino=4026532542 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 Bug: 172112042 Test: dump data as expected Change-Id: I9945953dba4afddd34c1535c12193b1f00fdcef9	2021-05-22 21:30:47 +08:00
Grace Chen	f8cf5a7354	Merge "Add selinux permissions for NFC/eSIM firmware upgrade and recovery" into sc-dev am: `16a38b2b6c` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14514065 Change-Id: I3ea91e07cb86b9ccbe5c27fdbd29eee2cb4512c6	2021-05-21 19:14:16 +00:00
Grace Chen	16a38b2b6c	Merge "Add selinux permissions for NFC/eSIM firmware upgrade and recovery" into sc-dev	2021-05-21 19:10:52 +00:00
TreeHugger Robot	62e330941f	Merge "Grant sepolicy for Bluetooth Ccc Timesync feature" into sc-dev am: `b42a03fa9e` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14160586 Change-Id: I1f5224c5e295837500f52c7f2a91c7cf0c12e748	2021-05-21 06:57:16 +00:00

... 7 8 9 10 11 ...

1042 commits