Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1025 commits 1 branch 0 tags 494 MiB
Commit graph

1025 commits

This branch
This branch
All branches
Author SHA1 Message Date
Armelle Laine
10e8126e2d Merge "add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal" into sc-dev 2021-06-15 14:35:43 +00:00
linpeter
81aaf6cda3 Add sepolicy for hwcomposer to access lhbm sysfs 
avc: denied { read write } for comm="android.hardwar" name="local_hbm_mode" dev="sysfs" ino=70189 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=0

Bug: 190563896
test: check avc denied
Change-Id: I0f6abc1244d24781ff3318908b524a889490993d
 2021-06-15 19:37:14 +08:00
Jiyoung
02ada4f463 vendor_telephony_app.te: add selinuxfs:file 
- add selinuxfs:file for AP TCP dump
- allow userdebug or eng

Bug: 188422036

Signed-off-by: Jiyoung <ji_young.bae@samsung.com>
Change-Id: I9502f9f7320ca4ee298b38e40da0ccf11adfba7f
 2021-06-15 15:06:39 +08:00
sukiliu
b220a0e873 Move oriole bug map to whitechapel folder am: 90ae782e26 am: c8a74f7fce 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963698

Change-Id: I5faa78c559f4a6ddc0d7b92296d79b653b1a5e97
 2021-06-15 06:30:33 +00:00
sukiliu
e18a7658e9 Move oriole bug map to whitechapel folder am: 90ae782e26 am: 8657bfaf73 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963698

Change-Id: I7f8298eeb6d2988aa32f8cc4789f900ed57c04fb
 2021-06-15 06:30:04 +00:00
sukiliu
8657bfaf73 Move oriole bug map to whitechapel folder am: 90ae782e26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963698

Change-Id: I697e2270c71c1f5ce48318e9a3498ef05d954c82
 2021-06-15 06:17:36 +00:00
sukiliu
c8a74f7fce Move oriole bug map to whitechapel folder am: 90ae782e26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963698

Change-Id: I20a6b1f291236b26224ca0fe94196b2ca91bd548
 2021-06-15 06:16:50 +00:00
sukiliu
90ae782e26 Move oriole bug map to whitechapel folder 
Bug: 190563896
Bug: 190671898
Test: PtsSELinuxTestCases
Change-Id: I15f1a6d2ebab9c5794a79abccf3530eb4bfc8307
 2021-06-15 04:39:50 +00:00
TreeHugger Robot
8314b7f628 Merge "remove obsolete entries" into sc-dev am: 441bae6d1a am: d8aa5c7972 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14934444

Change-Id: I808fa351bb12654bbaa66248d9f10e6ce62f16e8
 2021-06-15 02:08:19 +00:00
TreeHugger Robot
67bd98cff1 Merge "remove obsolete entries" into sc-dev am: 441bae6d1a am: ebcba2c62d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14934444

Change-Id: Iec8b071a423c5243b9c1d8322ebc9e5698b48f88
 2021-06-15 02:08:07 +00:00
TreeHugger Robot
ebcba2c62d Merge "remove obsolete entries" into sc-dev am: 441bae6d1a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14934444

Change-Id: I4d47c91c175d8a10e0cec3e974e684f3c44b6c63
 2021-06-15 01:54:55 +00:00
TreeHugger Robot
d8aa5c7972 Merge "remove obsolete entries" into sc-dev am: 441bae6d1a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14934444

Change-Id: I31f6c2733c5cb977a8625ba473d506bfa50dbcc9
 2021-06-15 01:54:09 +00:00
TreeHugger Robot
441bae6d1a Merge "remove obsolete entries" into sc-dev 2021-06-15 01:39:02 +00:00
Rick Yiu
b7d809111c Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev am: aa315a6082 am: 6976531ebe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14943962

Change-Id: I42bcfc55c789fdecf0a92dcfd0b6d07e9583765c
 2021-06-15 00:58:01 +00:00
Rick Yiu
cc502abf3a Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev am: aa315a6082 am: 25ce780b9c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14943962

Change-Id: Id22713f2f247609bbc304bb36ae85616598a9d64
 2021-06-15 00:57:39 +00:00
Rick Yiu
25ce780b9c Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev am: aa315a6082 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14943962

Change-Id: If015ce9946b16186eb8ed75c63ac8cfadde14266
 2021-06-15 00:41:32 +00:00
Rick Yiu
6976531ebe Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev am: aa315a6082 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14943962

Change-Id: Ie3aebe5d9b8e6bae0f8e0df65f0bd6a5b8d0d178
 2021-06-15 00:40:39 +00:00
Rick Yiu
aa315a6082 Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev 2021-06-15 00:28:52 +00:00
Armelle Laine
5bb07db1de add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal 
reuse logbuffer_device group as dumpstate hal already has read perms
on this group.

Bug: 188285071
Test: adb bugreport to include a trusty section in dumpstate_board.txt
Change-Id: I623a5d450bdbe2ceef4fe460bf31bfe740d847b2
 2021-06-13 23:59:37 +00:00
Richard Hsu
db24463bc5 Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev am: 753e62f39c am: 4eb4b8c73c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14555068

Change-Id: I9e4fc6b9d1f7fb63e51b82c0aca4fd78340adfbe
 2021-06-13 06:40:41 +00:00
Richard Hsu
63e64193ea Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev am: 753e62f39c am: 64d8da84f2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14555068

Change-Id: I064464c0e3dbdb8efebb3032dccfd70cb13177b1
 2021-06-13 06:40:20 +00:00
Richard Hsu
64d8da84f2 Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev am: 753e62f39c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14555068

Change-Id: Ie75eea82a16cd39cc56a015c96896a4fcd398138
 2021-06-13 06:24:40 +00:00
Richard Hsu
4eb4b8c73c Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev am: 753e62f39c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14555068

Change-Id: If0cd3732513d21503d31cd8f9f10756305c33c5c
 2021-06-13 06:23:48 +00:00
Richard Hsu
753e62f39c Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev 2021-06-13 06:11:41 +00:00
Jayachandran Chinnakkannu
c6218c4afe Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev am: 1c130a7e1d am: 26bcc88a9b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14950196

Change-Id: I05a6717e8e1368e248cec936ebaa0a8edf7dd1b3
 2021-06-12 17:45:19 +00:00
Jayachandran Chinnakkannu
8d0bcc93e1 Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev am: 1c130a7e1d am: 40c2dd6b2e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14950196

Change-Id: Ibdde5f144fff98c1bd52b08e57f2bb0909b45550
 2021-06-12 17:44:58 +00:00
Jayachandran Chinnakkannu
40c2dd6b2e Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev am: 1c130a7e1d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14950196

Change-Id: Ic723bb2542a94bb3c86d315a89f415eb962f6c39
 2021-06-12 17:31:26 +00:00
Jayachandran Chinnakkannu
26bcc88a9b Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev am: 1c130a7e1d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14950196

Change-Id: Id9b9f74bf5caf34af4aad329e0ea3b4ee544146f
 2021-06-12 17:30:37 +00:00
Jayachandran Chinnakkannu
1c130a7e1d Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev 2021-06-12 17:19:33 +00:00
TreeHugger Robot
7bddc387cb Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev am: 694694857a am: c5d2eaeccb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14692156

Change-Id: I538a39764babaedab979782ca23cf8ad7531004b
 2021-06-12 10:41:47 +00:00
Kris Chen
293194f612 Add sepolicy to let fingerprint access power service am: 7db400b679 am: 5991ab5ba7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14665430

Change-Id: I24c9c4dbc29c21e382f76e47c28c57715b1e309f
 2021-06-12 10:41:38 +00:00
TreeHugger Robot
35d0c523a6 Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev am: 694694857a am: a45a1ffc4d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14692156

Change-Id: I034ae5e1c48a494405aaf915419af0c16cb628c2
 2021-06-12 10:41:11 +00:00
Kris Chen
1c6b824cd7 Add sepolicy to let fingerprint access power service am: 7db400b679 am: 89a68b0fac 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14665430

Change-Id: I78e827879c32515678288eee944b0b9f5e66c8ad
 2021-06-12 10:41:01 +00:00
TreeHugger Robot
a45a1ffc4d Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev am: 694694857a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14692156

Change-Id: I2bc53103a317ac5e19642fb7bb8fe0586aab81dd
 2021-06-12 10:28:06 +00:00
Kris Chen
89a68b0fac Add sepolicy to let fingerprint access power service am: 7db400b679 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14665430

Change-Id: Ieb52fb6f5ee68d0155f9acacda9853757fed4200
 2021-06-12 10:27:55 +00:00
TreeHugger Robot
c5d2eaeccb Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev am: 694694857a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14692156

Change-Id: Idc40fc74a562912a8ee35b8db966c88421778949
 2021-06-12 10:27:15 +00:00
Kris Chen
5991ab5ba7 Add sepolicy to let fingerprint access power service am: 7db400b679 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14665430

Change-Id: Id2d4cb0874a39145561fc6deb825a25ec40162d8
 2021-06-12 10:27:04 +00:00
TreeHugger Robot
694694857a Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev 2021-06-12 10:22:24 +00:00
Jayachandran C
5492a92a39 Allow telephony to access the file descriptor of the priv_apps tcp_socket 
The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.

This addresses the following SE policy denial
auditd  : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0

Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
 2021-06-12 05:18:15 +00:00
Rick Yiu
ad47112c59 gs101-sepolicy: Fix avc denial for permissioncontroller_app 
Bug: 190671898
Test: build pass
Change-Id: I3ccfe958892cd27ebbcacc651847d4277d39855b
 2021-06-11 18:41:10 +08:00
Adam Shih
d0bb828434 remove vcd from user ROM 
Bug: 190331325
Test: build all ROM variants with only user ROM without vcd
Change-Id: If9dc555ee8582b605ccdf9d60c3a9c89cd6634d8
 2021-06-11 11:46:22 +08:00
Richard Hsu
8c979899cc [BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service 
In order to access the darwinn metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses. This CL adds the same_process_hal_file tag to allow this exception.

Bug: 190661153, 151063663

Test: App can load the .so and not crash after this change.
Before: No permission to access namespace.
(https://paste.googleplex.com/6602755121610752)
After: GCA doesn't crash on load.

Change-Id: I8671732184bbbe283c94d1acd3bb1ff397fe651c
 2021-06-10 19:36:35 -07:00
Adam Shih
d00aafac75 remove obsolete entries 
Bug: 190672147
Bug: 173969091
Bug: 171760921
Bug: 178331773
Bug: 178752616
Bug: 188752940
Bug: 184005231
Bug: 182086688
Bug: 177176899
Bug: 182953825
Bug: 176528557
Bug: 183935382
Test: boot and do bugreport with no relevant error showed up
Change-Id: I869db698e96d2d6cfd533b7fd24c8c88d39fd0eb
 2021-06-11 10:35:59 +08:00
Kris Chen
7db400b679 Add sepolicy to let fingerprint access power service 
Fix the following avc denial:
SELinux : avc:  denied  { find } for pid=1055 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 185893477
Test: Observe from systrace that the CPU frequency is boosted when
      running fingerprint algorithm.
Change-Id: I245058b912ec2af3555154934dbe722b445181a9
 2021-06-10 21:31:06 +00:00
Sung-fang Tsai
985aa698c7 qllow priv-app to access Pixel power HAL extension. 
SELinux issues to solve:

native  : aion.cc:780 Error loading lib_aion_buffer.so dlopen failed: library "pixel-power-ext-V1-ndk_platform.so" not found: needed by /vendor/lib64/lib_aion_buffer.so in namespace sphal

05-23 10:11:32.055   420   420 E SELinux : avc:  denied  { find } for pid=6630 uid=10089 name=android.hardware.power.IPower/default scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 187373665
Test: Passed, procedure listed in b/187373665#comment8 with forrest.
Change-Id: Ice7c69bca4a029a61ca1ccb7087ea01948ae5f24
 2021-06-10 17:56:17 +00:00
SHUCHI LILU
4e81985347 Merge "Update avc error on ROM 7444346" into sc-dev am: 61843906c0 am: 7d1fa8b9ce 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14928573

Change-Id: I2f7a9744c830156ce4b1ff8c9ad7c3c68e6d953e
 2021-06-10 11:34:14 +00:00
SHUCHI LILU
b7394346cd Merge "Update avc error on ROM 7444346" into sc-dev am: 61843906c0 am: f2bc0d7bd7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14928573

Change-Id: I7eca5fe2191e8b5b127d4efdc5594fb1eb53320a
 2021-06-10 11:33:23 +00:00
SHUCHI LILU
f2bc0d7bd7 Merge "Update avc error on ROM 7444346" into sc-dev am: 61843906c0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14928573

Change-Id: I4ea6afe2de9a03eca793775f14ea24b8678931cf
 2021-06-10 11:22:24 +00:00
SHUCHI LILU
7d1fa8b9ce Merge "Update avc error on ROM 7444346" into sc-dev am: 61843906c0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14928573

Change-Id: I4cfc4f0fb97b796a3a118859ac30399ab15a2446
 2021-06-10 11:21:07 +00:00
SHUCHI LILU
61843906c0 Merge "Update avc error on ROM 7444346" into sc-dev 2021-06-10 11:06:35 +00:00