Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1723 commits 1 branch 0 tags 494 MiB
Commit graph

1723 commits

This branch
This branch
All branches
Author SHA1 Message Date
TeYuan Wang
faec59da79 Move libperfmgr thermal rules to pixel-sepolicy am: f7aba10674 am: fe826745b3 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2020535

Change-Id: I919c688388bcd8cc320068f6139432b58b3f0ea4
 2022-03-14 06:02:51 +00:00
TeYuan Wang
fe826745b3 Move libperfmgr thermal rules to pixel-sepolicy am: f7aba10674 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2020535

Change-Id: Ie191a767c8b3450df75a37e36deebf5f20242575
 2022-03-14 05:40:21 +00:00
TeYuan Wang
f7aba10674 Move libperfmgr thermal rules to pixel-sepolicy 
Bug: 213257759
Bug: 188579571
Test: build
Change-Id: I9893d53055594bfb4e4dba3d68b53f0fe132617d
 2022-03-10 21:28:33 +08:00
Michael Eastwood
ada03db5e0 Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" am: 82a110ba3b am: a45d075fd0 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2016899

Change-Id: I2b73c3f4576a4f42f76afbf7b8e75fd3be838107
 2022-03-09 18:32:59 +00:00
Michael Eastwood
a45d075fd0 Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" am: 82a110ba3b 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2016899

Change-Id: I55cfbec1df5a5b3952e02875860d25db44b64b98
 2022-03-09 18:00:28 +00:00
Michael Eastwood
82a110ba3b Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" 2022-03-09 17:31:28 +00:00
Michael Eastwood
f648f3c989 Update SELinux policy to allow camera HAL to send Perfetto trace packets 
Example denials:

03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr
aced:s0 tclass=fd permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext
=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:
object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1

Bug: 222684359
Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto.
Change-Id: I0180c6bccf8cb65f444b8fb687ab48422c211bac
 2022-03-08 13:54:34 -08:00
Xin Li
0e86159889 [automerger skipped] Merge Android 12L am: 22c3ab8b6b -s ours am: 594011b90b -s ours 
am skip reason: Merged-In I7b9186af0cb135241e23504fa9d6f7c3d6718c7c with SHA-1 22f2ffcbee is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2012332

Change-Id: If0e4880aa30ddfcc89e252de3f041da19401d4bc
 2022-03-08 11:04:07 +00:00
Xin Li
594011b90b [automerger skipped] Merge Android 12L am: 22c3ab8b6b -s ours 
am skip reason: Merged-In I7b9186af0cb135241e23504fa9d6f7c3d6718c7c with SHA-1 22f2ffcbee is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2012332

Change-Id: Ic29497624866c936ddf7a7f34f9539de55d73eb9
 2022-03-08 10:19:17 +00:00
Xin Li
22c3ab8b6b Merge Android 12L 
Bug: 222710654
Merged-In: I7b9186af0cb135241e23504fa9d6f7c3d6718c7c
Change-Id: I60cda8853fd8575beb8617025479d08ccf816fbb
 2022-03-08 00:15:28 +00:00
Tri Vo
a5ccc7efa8 Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada am: 22f2ffcbee 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441

Change-Id: Ie2af054a900f32cbde1352ba9f708e163f76d86c
 2022-03-04 18:29:27 +00:00
Tri Vo
22f2ffcbee Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441

Change-Id: I7b9186af0cb135241e23504fa9d6f7c3d6718c7c
 2022-03-04 18:06:53 +00:00
Tri Vo
fbf92e2ada Merge "Don't audit storageproxyd unlabeled access" 2022-03-04 17:45:37 +00:00
Midas Chien
9285045f0b [automerger skipped] [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node am: 0e1e0e2830 -s ours am: b637545191 -s ours 
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2009176

Change-Id: Iaf03b02cd8feadc0da6b1f7cb4d0d25f47907f39
 2022-03-04 12:50:47 +00:00
Midas Chien
b637545191 [automerger skipped] [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node am: 0e1e0e2830 -s ours 
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2009176

Change-Id: I5771c4702d7e76db359bba65f059f913d69d774f
 2022-03-04 12:29:41 +00:00
Midas Chien
0e1e0e2830 [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Merged-In: I5ca811f9500dc452fe6832dd772376da51f675a8
Change-Id: I5ca811f9500dc452fe6832dd772376da51f675a8
 2022-03-04 10:48:08 +00:00
Tri Vo
03fef48542 Don't audit storageproxyd unlabeled access 
Test: m sepolicy
Bug: 197502330
Change-Id: I794dac85e475434aaf024027c43c98dde60bee27
 2022-03-03 13:12:17 -08:00
Jason Macnak
28a21a48e0 Remove sysfs_gpu type definition 
... as it has moved to system/sepolicy.

Bug: b/161819018
Test: presubmit
Change-Id: I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7
Merged-In: I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7
 2022-02-24 22:23:41 +00:00
Aaron Tsai
84bacff9ab Fix selinux error for system_app am: 05565c1f14 am: d2d83c8e2d 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1992670

Change-Id: Ibdbeeee937e4c856adfebad71a956a343b820dfa
 2022-02-22 01:56:28 +00:00
Aaron Tsai
d2d83c8e2d Fix selinux error for system_app am: 05565c1f14 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1992670

Change-Id: Ia3c6c0aae82c19a5d1c019cce2700c5e64c8bb11
 2022-02-22 01:35:41 +00:00
Aaron Tsai
05565c1f14 Fix selinux error for system_app 
01-26 05:04:53.364   440   440 I auditd  : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:system_app:s0 pid=3063 scontext=u:r:system_app:s0 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 216531913
Test: verified with the forrest ROM and error log gone

Change-Id: I73d45f3cf1fe0bd918bb4856ce554e81702e4ff9
Merged-In: I73d45f3cf1fe0bd918bb4856ce554e81702e4ff9
 2022-02-21 12:16:45 +08:00
Junkyu Kang
86d20c2552 Add persist.vendor.gps to sepolicy am: 9244051b35 am: a5b052c132 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1989989

Change-Id: I0844fbc02141fc6efa77d0cd47d00fd56a15f3e2
 2022-02-18 07:12:19 +00:00
Junkyu Kang
a5b052c132 Add persist.vendor.gps to sepolicy am: 9244051b35 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1989989

Change-Id: Ibb1a3b4cca8fa3549eeef548d0939829413e8af1
 2022-02-18 06:50:19 +00:00
Junkyu Kang
9244051b35 Add persist.vendor.gps to sepolicy 
Bug: 196002632
Test: PixelLogger can modify persist.vendor.gps.*
Change-Id: I3fdaf564eacec340003eed0b5845a2c08922362c
Merged-In: I3fdaf564eacec340003eed0b5845a2c08922362c
 2022-02-17 08:55:49 +00:00
Xin Li
14abf01391 [automerger skipped] Merge sc-v2-dev-plus-aosp-without-vendor@8084891 am: 81caef24ad -s ours 
am skip reason: Merged-In Icecca9f69ee9b57d43aa2864864951bf66c4905f with SHA-1 ca06222472 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16844142

Change-Id: I12d27f867dd598e669aa86e1bec26c3aafbef4a3
 2022-02-14 18:03:48 +00:00
Xin Li
81caef24ad Merge sc-v2-dev-plus-aosp-without-vendor@8084891 
Bug: 214455710
Merged-In: Icecca9f69ee9b57d43aa2864864951bf66c4905f
Change-Id: Ibf8d551c16f8f941cfc8072a29ef5c57e8bef170
 2022-02-11 07:12:06 +00:00
TeYuan Wang
9ad50b3952 move vendor_thermal_prop rules to pixel-sepolicy am: c292dd65ba am: aeebc898cb am: 912673f8ce 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960120

Change-Id: Iaf7721a2b7a2f4def1a302c71d6f293b371b7661
 2022-02-08 11:51:56 +00:00
TeYuan Wang
912673f8ce move vendor_thermal_prop rules to pixel-sepolicy am: c292dd65ba am: aeebc898cb 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960120

Change-Id: Ib49a0a78843456c9b170dd968259e9e1d51e6317
 2022-02-08 11:40:52 +00:00
TeYuan Wang
aeebc898cb move vendor_thermal_prop rules to pixel-sepolicy am: c292dd65ba 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960120

Change-Id: Id7692611610e82be8489a0c73e2040d15101e09b
 2022-02-08 10:04:37 +00:00
TeYuan Wang
c292dd65ba move vendor_thermal_prop rules to pixel-sepolicy 
Bug: 213257759
Test: no denied log after "setprop persist.vendor.disable.thermal.control 1"
Change-Id: Ic150959bc6084034d9afcc70bf446692fbe22d11
 2022-02-08 08:10:32 +00:00
Treehugger Robot
674aa657fb Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" am: 2c1750e537 am: 02e7ad9fb5 am: d70a957518 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1972966

Change-Id: I109245e668ffa38851ced506270ec6d6d1d29fd1
 2022-02-08 01:49:40 +00:00
Treehugger Robot
d70a957518 Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" am: 2c1750e537 am: 02e7ad9fb5 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1972966

Change-Id: I1da16035bcc4af82e8c671398b76daf7cc8efd28
 2022-02-08 01:26:58 +00:00
Treehugger Robot
02e7ad9fb5 Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" am: 2c1750e537 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1972966

Change-Id: I2807e116f14305f0e829eec6907db6c817f000c3
 2022-02-08 01:08:56 +00:00
Treehugger Robot
2c1750e537 Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" 2022-02-08 00:53:08 +00:00
Will McVicker
5a88ee6af1 genfs_contexts: add paths for unnamed cs40l25a i2c devices 
In the 5.10 kernel, the i2c paths are named using an out-of-tree patch
[1]. For kernels that don't support that, let's add the unnamed sysfs
paths as well to the selinux policy.

[1] https://android-review.googlesource.com/c/kernel/common/+/1646148

Bug: 217774013
Change-Id: I3a1f279270d22bf82144ce60a08c215308764be3
 2022-02-04 11:54:06 -08:00
Marco Nelissen
a9004241c2 Allow logd to read the Trusty log am: 7df1fa1574 am: 983f5f2d96 am: 6072583f8a 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1971381

Change-Id: I599f4256ea82b4917eceafeced56aef1214de588
 2022-02-04 02:15:43 +00:00
Marco Nelissen
6072583f8a Allow logd to read the Trusty log am: 7df1fa1574 am: 983f5f2d96 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1971381

Change-Id: I3ef810bd7a3ecddf60a0b13f1262abce14a5ece1
 2022-02-04 01:59:53 +00:00
Marco Nelissen
983f5f2d96 Allow logd to read the Trusty log am: 7df1fa1574 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1971381

Change-Id: Ic66382bd03df28287fc3817c6f66a414d69637b3
 2022-02-04 01:43:42 +00:00
Marco Nelissen
7df1fa1574 Allow logd to read the Trusty log 
Bug: 190050919
Test: build
Change-Id: I8a42cd90b1581272f4dafc37d6eb29a98e1fa2e3
 2022-02-03 10:37:13 -08:00
Stephen Crane
e48d11c26c [automerged blank] Allow TEE storageproxyd permissions needed for DSU handling 2p: b9beafc9fa 
Blank merge reason: Change-Id I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b with SHA-1 3f9a11fa0b is in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16727208

Bug: 203719297
Change-Id: I337cd189a9a8ffa6d58f0e1284e09884f8fb86f5
 2022-01-26 22:12:29 +00:00
Stephen Crane
b9beafc9fa Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Includes the fixed directory creation permission change from
Ifcc3e5f82b68a506ff99469d2f3df6ab1440b42a.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Merged-In: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
Merged-In: Ifcc3e5f82b68a506ff99469d2f3df6ab1440b42a
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
(cherry picked from commit b69ac35ff0)
 2022-01-26 14:00:44 -08:00
Treehugger Robot
35d7efaf11 Merge "Allow storageproxyd to create directories in its data location" am: 423a9a467b am: 0e4789159c am: 26f020fc70 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960462

Change-Id: I91b0e8f0033c4736516f9341a5b6166f14f7894f
 2022-01-26 21:26:26 +00:00
Treehugger Robot
26f020fc70 Merge "Allow storageproxyd to create directories in its data location" am: 423a9a467b am: 0e4789159c 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960462

Change-Id: Ie20d1e1d6037a42acba87ab92007657f4f6be83d
 2022-01-26 21:07:28 +00:00
Treehugger Robot
0e4789159c Merge "Allow storageproxyd to create directories in its data location" am: 423a9a467b 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960462

Change-Id: I021cffca681495143a279470e73e194cd5faf635
 2022-01-26 20:44:17 +00:00
Treehugger Robot
423a9a467b Merge "Allow storageproxyd to create directories in its data location" 2022-01-26 20:29:27 +00:00
Stephen Crane
45850f812e Allow storageproxyd to create directories in its data location 
storageproxyd already has rw_dir_perms for tee_data_file from
vendor/tee.te in platform. We need create_dir_perms to make the
"alternate/" directory for handling DSU correctly.

Test: m dist, flash, and test DSU
Bug: 203719297
Change-Id: Ifcc3e5f82b68a506ff99469d2f3df6ab1440b42a
 2022-01-25 17:54:22 -08:00
TeYuan Wang
e925f85169 Move thermal netlink socket sepolicy rules to pixel sepolicy am: 66f1d74123 am: 8cb5857dac am: 0fe33df6c0 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1958926

Change-Id: I86642d387feb6f99939ffb52341e26ba4faef082
 2022-01-25 12:05:36 +00:00
TeYuan Wang
0fe33df6c0 Move thermal netlink socket sepolicy rules to pixel sepolicy am: 66f1d74123 am: 8cb5857dac 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1958926

Change-Id: I08f70c5940c8d7f8d40fb97791b762a935ac5dfa
 2022-01-25 11:47:21 +00:00
TeYuan Wang
8cb5857dac Move thermal netlink socket sepolicy rules to pixel sepolicy am: 66f1d74123 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1958926

Change-Id: I5b35f6bb9f7a5ff6ab3abaeac370384125c60abf
 2022-01-25 10:39:06 +00:00
TeYuan Wang
66f1d74123 Move thermal netlink socket sepolicy rules to pixel sepolicy 
Bug: 213257759
Test: verified genlink function with emul_temp under enforcing mode
Change-Id: I8f5518e5f866ed0813be1e6630c6a9aefaf06e63
 2022-01-25 11:59:06 +08:00