Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4087 commits 1 branch 0 tags 494 MiB
Commit graph

4087 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yu-Chi Cheng
5157e0dc04 Merge "Labelled EdgeTPU service libraries as SP-HAL." into sc-dev am: 53982a4372 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14026058

Change-Id: I1a1a0fd94e4e613c964598de6bb615608fd1a6c5
 2021-03-31 15:03:56 +00:00
Yu-Chi Cheng
f9668d2b94 Merge "Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version." into sc-dev 2021-03-31 14:26:10 +00:00
Yu-Chi Cheng
53982a4372 Merge "Labelled EdgeTPU service libraries as SP-HAL." into sc-dev 2021-03-31 14:24:54 +00:00
millerliang
7532dd7d1f Fix MMAP audio avc denied am: f01cb384d8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14029670

Change-Id: I6700779ed0c8077b21054f24296e8088b812bf16
 2021-03-31 09:43:37 +00:00
TreeHugger Robot
bb571e8736 Merge "remove obsolete entries" into sc-dev am: 6bcc46cec5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14041327

Change-Id: I01fe41955f235712bcb04bf48c7e7c59c699ccd4
 2021-03-31 07:52:42 +00:00
millerliang
f01cb384d8 Fix MMAP audio avc denied 
03-30 16:45:16.840   738   738 I auditd  : type=1400 audit(0.0:76): avc:
denied { read } for comm="HwBinder:738_2"
name="u:object_r:audio_prop:s0" dev="tmpfs" ino=87
scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:audio_prop:s0
tclass=file permissive=0
03-30 16:45:16.980   644   644 I auditd  : type=1400 audit(0.0:78): avc:
denied { map } for comm="audioserver" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=977 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0

Bug: 165737390
Test: verified with the forrest ROM and error log gone
Change-Id: I1c8721a051844d3410cffa23411a434c832b416e
 2021-03-31 15:51:32 +08:00
TreeHugger Robot
6bcc46cec5 Merge "remove obsolete entries" into sc-dev 2021-03-31 07:35:51 +00:00
Charlie Chen
4618354e8d Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev am: c0066d5cce 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13988004

Change-Id: Id10cade6955c3592babb70d9c82983f17cb8ff12
 2021-03-31 07:23:55 +00:00
Charlie Chen
c0066d5cce Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev 2021-03-31 07:03:16 +00:00
Adam Shih
fcd7cab8c9 Merge "allow vendor_init to set logpersist" into sc-dev am: 4166a4d03b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14033458

Change-Id: I50066c93d92dcfee240f532e690c8bfaeecbcaf4
 2021-03-31 06:36:10 +00:00
Adam Shih
781e00d4c0 Merge "update error on ROM" into sc-dev am: 00f6651d46 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14033452

Change-Id: Ia3e2c5ab1c9acd6461c772a5db02bd9d2bf05bf4
 2021-03-31 06:35:40 +00:00
Adam Shih
fc7c2e2c3a remove obsolete entries 
Bug: 183560076
Bug: 183338483
Bug: 183467306
Bug: 171760597
Test: pts-tradefed run commandAndExit pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: Ib35a05176fccd251dfea8b58304a68b0e9bd6412
 2021-03-31 14:28:29 +08:00
Adam Shih
4166a4d03b Merge "allow vendor_init to set logpersist" into sc-dev 2021-03-31 06:03:04 +00:00
Adam Shih
00f6651d46 Merge "update error on ROM" into sc-dev 2021-03-31 06:02:36 +00:00
Charlie Chen
7c92613185 Allow Exoplayer access to the vstream-secure heap for secure playback 
Fixes the following denials:

avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

Bug: 182525521
Test: no more denials and able to play video via ExoPlayer App
Change-Id: I21033bc78858fd407c16d2cd2df4549f97273221
 2021-03-31 05:41:26 +00:00
Erik Cheng
d11fbf8861 Merge "Grant permission for more camera device nodes" into sc-dev am: 90ed4cc72e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14029672

Change-Id: I478755c4d3d6f1940b8d701323b9243a6353581c
 2021-03-31 03:39:32 +00:00
Adam Shih
1db99c759f allow vendor_init to set logpersist 
Bug: 184093803
Test: boot with the permission error gone
03-31 11:11:19.447     1     1 E init    : Do not have permissions to
set ...

Change-Id: Idc4023b2fa1b04ae4a4b95a2e105700e89e9dffa
 2021-03-31 11:34:12 +08:00
Erik Cheng
90ed4cc72e Merge "Grant permission for more camera device nodes" into sc-dev 2021-03-31 03:09:15 +00:00
Maurice Lam
af24bc97cc Merge "Fix cuttlefish test fail due to sepolicy of Wirecutter" into sc-dev am: 6bc7204b64 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14039290

Change-Id: I9972e90b95ae9f74321f20a5ba18dcf9700958ab
 2021-03-31 01:37:50 +00:00
Maurice Lam
6bc7204b64 Merge "Fix cuttlefish test fail due to sepolicy of Wirecutter" into sc-dev 2021-03-31 01:20:12 +00:00
TreeHugger Robot
5268d84b5d Merge "Allow mediacodec to access the vstream-secure DMA-BUF heap" into sc-dev am: a548cd7773 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14035947

Change-Id: Ibf371ed6a35555a222bc18c7121d93699730873a
 2021-03-31 01:16:32 +00:00
Xu Han
d0a3644eaa Merge "Allow camera HAL access radioext service" into sc-dev am: f34ff90b48 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14025054

Change-Id: Ia978600ea310f05df3d4e3099e87f734ac59ab24
 2021-03-31 01:16:18 +00:00
Eddie Tashjian
44799a27ba Add sepolicy for CBRS setup app. 
Bug: 182519609
Test: Test CBRS setup
Change-Id: I3ee27dd80eb0484c9cf2c6be0c63aee996383f7f
 2021-03-30 18:06:14 -07:00
TreeHugger Robot
a548cd7773 Merge "Allow mediacodec to access the vstream-secure DMA-BUF heap" into sc-dev 2021-03-31 01:05:14 +00:00
Xu Han
f34ff90b48 Merge "Allow camera HAL access radioext service" into sc-dev 2021-03-31 00:45:11 +00:00
Adam Shih
98d890424d update error on ROM 
Bug: 184091381
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia37d49cf2e347a22181058987b0edf8f93457c53
 2021-03-31 08:32:56 +08:00
Eddie Tashjian
fd3a304ec2 Merge "Allow radioext to access bluetooth coex hal." into sc-dev am: a5879bec5b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14020221

Change-Id: I76dbea4d35a134a2f32aeea963717f2620a864ac
 2021-03-30 23:29:48 +00:00
Eddie Tashjian
a5879bec5b Merge "Allow radioext to access bluetooth coex hal." into sc-dev 2021-03-30 23:03:24 +00:00
Maurice Lam
880dd70064 Fix cuttlefish test fail due to sepolicy of Wirecutter 
Need to grant gpu_device dir search permission to be able to render UI
on cuttlefish.

Fixes: 183995046
Test: atest WirecutterTests
Change-Id: I122e541188ce659381769339e3f9e6b720441a92
 2021-03-30 22:18:45 +00:00
TreeHugger Robot
3bc4072b14 Merge "sepolicy: allow hwservice to see armnn nnhal." into sc-dev am: 8250408148 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14020212

Change-Id: I930d8db6e73fc5e3d1172ddb063c4f7aeed94c1c
 2021-03-30 21:43:53 +00:00
TreeHugger Robot
8250408148 Merge "sepolicy: allow hwservice to see armnn nnhal." into sc-dev 2021-03-30 21:16:27 +00:00
Kevin DuBois
4f5d60403d sepolicy: allow hwservice to see armnn nnhal. 
Allows hwservice to see armnn nnhal.

Fixes: 183917925
Test: build, check for absence of error msg in logcat.
Test: run_nnapi_tests for darwinn
Test: CtsNNAPITestCases64 --hal_service_instance=android.hardware.neuralnetworks@1.3::IDevice/google-edgetpu --gtest_filter="TestGenerated*"
Change-Id: I9778e92d6f15e9aa74774c6a8d143969951046eb
 2021-03-30 19:58:52 +00:00
Hridya Valsaraju
ef8172c028 Allow mediacodec to access the vstream-secure DMA-BUF heap 
This patch fixes the following denial:

avc: denied { read } for comm="HwBinder:727_3" name="vstream-secure"
dev="tmpfs" ino=693 scontext=u:r:mediacodec:s0
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file
permissive=0

Bug: 183681871
Test: build
Change-Id: I018a8d42afe2bb58416b47864b8ffd53de9292cb
 2021-03-30 12:41:17 -07:00
Oleg Matcovschi
5debfd67eb Merge "gs101-sepolicy: add sscoredump" into sc-dev am: 20c4be9a06 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14035188

Change-Id: I9d5ee813005d868290310a6fba85930b40064db3
 2021-03-30 18:26:15 +00:00
Xu Han
6932235e89 Allow camera HAL access radioext service 
Camera needs to query radioext for preferred MIPI clock rate.

Bug: 178038924
Test: camera CTS
Change-Id: Id1dbe8a12d07b5ccfb4fc7db69dda7ce78a163a7
 2021-03-30 11:15:44 -07:00
Oleg Matcovschi
20c4be9a06 Merge "gs101-sepolicy: add sscoredump" into sc-dev 2021-03-30 18:02:18 +00:00
Ankit Goyal
04b05f86bc Merge "Fix SELinux denials for arm.graphics AIDL interface" into sc-dev am: 4097aa96ab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14026225

Change-Id: I5d43362df8360be6f37bce92123df0c00795feb6
 2021-03-30 17:08:17 +00:00
Yu-Chi Cheng
755a1de452 Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version. 
Both services invoke InitGoogle in order to use google utilities (e.g.
file).  Since InitGoogle reads the kernel info from /proc/version,
this change added the corresponding selinux rules to allow that.

Bug: 183935416
Test: tested on Oriole.
Change-Id: Icb8f3a57e249774b5fad3284413661b04ff7dae6
 2021-03-30 10:07:43 -07:00
TreeHugger Robot
948fc1d359 Merge "vendor_init: allow set_prop for vendor_ro_config_default_prop" into sc-dev am: fd3d8c0467 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14025026

Change-Id: Ic26319bc3be5f80b249825f7b1f3abc0e04f63fe
 2021-03-30 17:00:17 +00:00
Ankit Goyal
4097aa96ab Merge "Fix SELinux denials for arm.graphics AIDL interface" into sc-dev 2021-03-30 16:27:55 +00:00
TreeHugger Robot
fd3d8c0467 Merge "vendor_init: allow set_prop for vendor_ro_config_default_prop" into sc-dev 2021-03-30 16:06:04 +00:00
Oleg Matcovschi
de30c53177 gs101-sepolicy: add sscoredump 
Bug: 183995288
Change-Id: I5363d0c45c183d809c03fe755835c1fc95a33159
 2021-03-30 15:31:10 +00:00
Ankit Goyal
b07d84f087 Fix SELinux denials for arm.graphics AIDL interface 
Denial example:
03-30 05:44:44.468   490   490 W RenderEngine: type=1400 audit(0.0:4): avc: denied { read } for name="arm.graphics-V1-ndk_platform.so" dev="dm-9" ino=1923 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0

Bug: 143246001
Test: Build and boot to home
Change-Id: Id7c2bd98aa634f852a21812fb2421a2e96ef7636
 2021-03-30 22:22:22 +08:00
Erik Cheng
5f6e263527 Grant permission for more camera device nodes 
Bug: 184004655
Test: aosp camera
Change-Id: I52fdb3f7f3d37537461c94b139e72add1a300bb2
 2021-03-30 17:34:38 +08:00
Yu-Chi Cheng
93bf9b613b Labelled EdgeTPU service libraries as SP-HAL. 
The EdgeTPU service libraries (libedgetpu_client.google.so and
com.google.edgetpu-V1-ndk.so) provide both the system_ext and
vendor variants.  Since these need to be linked by pre-built
applications from /product/, this change labelled them as
the same_process_hal_file in order to allow the applications
to link with the vendor variant.

Bug: 184008444
Test: tested on local Oriole with GCA.
Change-Id: I8c510f51ccc1a76d14978962d72fd91f15bf7a90
 2021-03-29 23:22:33 -07:00
Krzysztof Kosiński
946ea5bebc Improve camera HAL SELinux policy. am: dffdeca76d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13986903

Change-Id: Id5e9c98002a9be4293a1e5a381864c35abf3fc2f
 2021-03-30 05:36:52 +00:00
Krzysztof Kosiński
dffdeca76d Improve camera HAL SELinux policy. 
- Grant access to DMA system heap for Tuscany.
- Reorder statements for more logical grouping.
- Allow access to isolated tmpfs for google3 prebuilts.
- Remove fixed denials.

Bug: 181913550
Bug: 182705901
Test: Inspected logcat, no denials from hal_camera_default
Change-Id: I9bf1ce207c3bcae1b9f9ab0f0072bb7501201451
 2021-03-29 20:42:50 -07:00
Aaron Tsai
181f1d3cd0 vendor_init: allow set_prop for vendor_ro_config_default_prop 
03-29 15:18:56.425  root     1     1 E init    : Do not have permissions to set 'ro.vendor.config.build_carrier' to 'europen' in property file '/vendor/build.prop': SELinux permission check failed

Bug: 183919837
Test: verified with the forrest ROM and error log gone
Change-Id: I87cc05306f9c038df779040514a879fc2b8ab929
 2021-03-30 11:38:19 +08:00
John Tsai
d51c2f2533 Merge "Allowed Camera hal to create debug files" into sc-dev am: f06c0a9f38 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14016760

Change-Id: Ifff513d0434a7c17fd9e079b8a2ade7be4d34541
 2021-03-30 03:24:52 +00:00
John Tsai
f06c0a9f38 Merge "Allowed Camera hal to create debug files" into sc-dev 2021-03-30 02:51:28 +00:00