Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
752 commits 1 branch 0 tags 494 MiB
Commit graph

752 commits

This branch
This branch
All branches
Author SHA1 Message Date
Armelle Laine
10e8126e2d Merge "add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal" into sc-dev 2021-06-15 14:35:43 +00:00
linpeter
81aaf6cda3 Add sepolicy for hwcomposer to access lhbm sysfs 
avc: denied { read write } for comm="android.hardwar" name="local_hbm_mode" dev="sysfs" ino=70189 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=0

Bug: 190563896
test: check avc denied
Change-Id: I0f6abc1244d24781ff3318908b524a889490993d
 2021-06-15 19:37:14 +08:00
Jiyoung
02ada4f463 vendor_telephony_app.te: add selinuxfs:file 
- add selinuxfs:file for AP TCP dump
- allow userdebug or eng

Bug: 188422036

Signed-off-by: Jiyoung <ji_young.bae@samsung.com>
Change-Id: I9502f9f7320ca4ee298b38e40da0ccf11adfba7f
 2021-06-15 15:06:39 +08:00
sukiliu
90ae782e26 Move oriole bug map to whitechapel folder 
Bug: 190563896
Bug: 190671898
Test: PtsSELinuxTestCases
Change-Id: I15f1a6d2ebab9c5794a79abccf3530eb4bfc8307
 2021-06-15 04:39:50 +00:00
TreeHugger Robot
441bae6d1a Merge "remove obsolete entries" into sc-dev 2021-06-15 01:39:02 +00:00
Rick Yiu
aa315a6082 Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev 2021-06-15 00:28:52 +00:00
Armelle Laine
5bb07db1de add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal 
reuse logbuffer_device group as dumpstate hal already has read perms
on this group.

Bug: 188285071
Test: adb bugreport to include a trusty section in dumpstate_board.txt
Change-Id: I623a5d450bdbe2ceef4fe460bf31bfe740d847b2
 2021-06-13 23:59:37 +00:00
Richard Hsu
753e62f39c Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev 2021-06-13 06:11:41 +00:00
Jayachandran Chinnakkannu
1c130a7e1d Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev 2021-06-12 17:19:33 +00:00
TreeHugger Robot
694694857a Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev 2021-06-12 10:22:24 +00:00
Jayachandran C
5492a92a39 Allow telephony to access the file descriptor of the priv_apps tcp_socket 
The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.

This addresses the following SE policy denial
auditd  : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0

Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
 2021-06-12 05:18:15 +00:00
Rick Yiu
ad47112c59 gs101-sepolicy: Fix avc denial for permissioncontroller_app 
Bug: 190671898
Test: build pass
Change-Id: I3ccfe958892cd27ebbcacc651847d4277d39855b
 2021-06-11 18:41:10 +08:00
Adam Shih
d0bb828434 remove vcd from user ROM 
Bug: 190331325
Test: build all ROM variants with only user ROM without vcd
Change-Id: If9dc555ee8582b605ccdf9d60c3a9c89cd6634d8
 2021-06-11 11:46:22 +08:00
Richard Hsu
8c979899cc [BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service 
In order to access the darwinn metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses. This CL adds the same_process_hal_file tag to allow this exception.

Bug: 190661153, 151063663

Test: App can load the .so and not crash after this change.
Before: No permission to access namespace.
(https://paste.googleplex.com/6602755121610752)
After: GCA doesn't crash on load.

Change-Id: I8671732184bbbe283c94d1acd3bb1ff397fe651c
 2021-06-10 19:36:35 -07:00
Adam Shih
d00aafac75 remove obsolete entries 
Bug: 190672147
Bug: 173969091
Bug: 171760921
Bug: 178331773
Bug: 178752616
Bug: 188752940
Bug: 184005231
Bug: 182086688
Bug: 177176899
Bug: 182953825
Bug: 176528557
Bug: 183935382
Test: boot and do bugreport with no relevant error showed up
Change-Id: I869db698e96d2d6cfd533b7fd24c8c88d39fd0eb
 2021-06-11 10:35:59 +08:00
Denny cy Lee
25373353a7 Sepolicy: Remove permission for fuel gauge 
Bug: 189811224
Test: manually, read success in enforcing mode
Change-Id: Ie56179980a9946010fb25683e3819cddbfb93cfb
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2021-06-11 09:39:53 +08:00
Kris Chen
7db400b679 Add sepolicy to let fingerprint access power service 
Fix the following avc denial:
SELinux : avc:  denied  { find } for pid=1055 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 185893477
Test: Observe from systrace that the CPU frequency is boosted when
      running fingerprint algorithm.
Change-Id: I245058b912ec2af3555154934dbe722b445181a9
 2021-06-10 21:31:06 +00:00
Sung-fang Tsai
985aa698c7 qllow priv-app to access Pixel power HAL extension. 
SELinux issues to solve:

native  : aion.cc:780 Error loading lib_aion_buffer.so dlopen failed: library "pixel-power-ext-V1-ndk_platform.so" not found: needed by /vendor/lib64/lib_aion_buffer.so in namespace sphal

05-23 10:11:32.055   420   420 E SELinux : avc:  denied  { find } for pid=6630 uid=10089 name=android.hardware.power.IPower/default scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 187373665
Test: Passed, procedure listed in b/187373665#comment8 with forrest.
Change-Id: Ice7c69bca4a029a61ca1ccb7087ea01948ae5f24
 2021-06-10 17:56:17 +00:00
SHUCHI LILU
61843906c0 Merge "Update avc error on ROM 7444346" into sc-dev 2021-06-10 11:06:35 +00:00
TreeHugger Robot
a501b656dd Merge "gs101-sepolicy: Fix avc denial for sysfs_vendor_sched" into sc-dev 2021-06-10 07:20:58 +00:00
sukiliu
d27e574f3e Update avc error on ROM 7444346 
Bug: 190672147
Bug: 190671898
Test: Test: PtsSELinuxTestCases
Change-Id: Ie9400df24f30474915d757b61ddb1c3fb77903c5
 2021-06-10 15:16:37 +08:00
Adam Shih
a81732dd6f Merge "reorganize trusty_metricsd settings" into sc-dev 2021-06-10 05:52:40 +00:00
Rick Yiu
797b646234 gs101-sepolicy: Fix avc denial for sysfs_vendor_sched 
Fix mediaprovider_app and bluetooth

Bug: 190563839
Bug: 190563916
Test: build pass
Change-Id: I477325ee812d1362db4d5005e999cba989a44216
 2021-06-10 04:10:24 +00:00
TreeHugger Robot
d3b0256025 Merge "update wakeup node" into sc-dev 2021-06-10 03:56:50 +00:00
Adam Shih
ef113ab8ac update wakeup node 
Bug: 190672147
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I3a8e8fa8b9007f556a5bfb402c4e8c726499d66f
 2021-06-10 03:23:52 +00:00
Adam Shih
8947d2dfeb reorganize trusty_metricsd settings 
Bug: 190331503
Test: build ROM and see the file and sepolicy settings are still there
Change-Id: Ib157f64428166232c3bbbd176d3c1fbed4ac31d6
 2021-06-10 02:54:00 +00:00
Adam Shih
22fae537b5 Merge "organize EdgeTPU modules and sepolicy" into sc-dev 2021-06-10 02:53:28 +00:00
SHUCHI LILU
e5c8613686 Merge "Update avc error on ROM 7440434" into sc-dev 2021-06-09 12:05:04 +00:00
sukiliu
6ce3aa9d75 Update avc error on ROM 7440434 
Bug: b/190563838
Bug: b/190563916
Bug: b/190563896
Bug: b/190563897
Test: Test: PtsSELinuxTestCases
Change-Id: Idbd0bc0f9a4770b3f976196058a311820e6e3c11
 2021-06-09 16:07:32 +08:00
TreeHugger Robot
3c66c45102 Merge "Grant powerhal access to thermal_link_device and sysfs_thermal" into sc-dev 2021-06-09 07:46:26 +00:00
TreeHugger Robot
c5d10f245a Merge "Add sysfs_camera label for powerhint flow to access intcam & tnr clock" into sc-dev 2021-06-09 04:18:05 +00:00
Rick Yiu
2332c6a43f Merge "gs101-sepolicy: Fix tracking_denials of sysfs_vendor_sched" into sc-dev 2021-06-09 03:02:37 +00:00
Adam Shih
e7ed46c52c organize EdgeTPU modules and sepolicy 
Bug: 190331327
Bug: 190331548
Bug: 189895600
Bug: 190331108
Bug: 182524105
Bug: 183935302
Test: build ROM and check if the modules and sepolicy are still there
Change-Id: I40391a239a16c4fe79d58fab209dcbd1a8f25ede
 2021-06-09 10:39:04 +08:00
Rick Yiu
a457b1d640 gs101-sepolicy: Fix tracking_denials of sysfs_vendor_sched 
Bug: 190368350
Test: build pass
Change-Id: Id742e8328f63c04e5448225975897d8f6adc1e13
 2021-06-09 01:34:50 +00:00
Adam Shih
86c45c70e6 Merge "modulize hal_neuralnetwork_armnn" into sc-dev 2021-06-08 23:03:04 +00:00
Denny cy Lee
1eb6bfcd3e Hardwareinfo: battery info porting 
Test: No read error in logcat
Bug: 171947164
Bug: 181915166
Bug: 181177926
Bug: 181914888
Bug: 188627513
Change-Id: Ibbed06cc7e6eb00c8611cdc8bc95356b17c7e043
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2021-06-08 15:34:31 +08:00
SHUCHI LILU
699d68a092 Merge "Update avc error on ROM 7432667" into sc-dev 2021-06-08 05:50:50 +00:00
sukiliu
bb8b462d7a Update avc error on ROM 7432667 
Bug: b/190337281
Bug: b/190337282
Bug: b/190336524
Bug: b/190337295
Bug: b/190337296
Bug: b/190337283
Bug: b/190336723
Bug: b/190336841
Bug: b/190337297
Bug: b/190336525
Test: PtsSELinuxTestCases
Change-Id: I2edda1bf554c0239953b8a31152a09045fb1f15a
 2021-06-08 12:48:06 +08:00
Maciej Żenczykowski
b22c6cd04a R4/raven: correctly label wpan0 device as networking 
Test: atest, TreeHugger, manual observation of labeling
Bug: 185962988
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I068b7da17590fc9dc914db80263b72cc7536c095
 2021-06-07 20:34:05 -07:00
Adam Shih
02f93b6096 modulize hal_neuralnetwork_armnn 
Bug: 189895314
Bug: 171160755
Bug: 171670122
Bug: 180858476
Test: make sure all affected devices' armnn module has the right label
Change-Id: I6ca736f156497738167ba5eea5606a0e654611b9
 2021-06-08 11:17:22 +08:00
Adam Shih
c8b02fc4c3 Remove obsolete context 
Bug: 190330778
Test: make selinux_policy with such entry gone
Change-Id: I28844c361a951de35d509ce042e64e090188e755
 2021-06-08 11:17:17 +08:00
TreeHugger Robot
17b8f5cd4e Merge "Remove unnecessary rules for vendor rcs app" into sc-dev 2021-06-07 19:01:45 +00:00
Long Ling
5afbe4584f Merge "sepolicy: gs101: display: fix dumpstate of displaycolor" into sc-dev 2021-06-07 16:36:32 +00:00
Yu(Swim) Chih Ren
d45ada475b Add sysfs_camera label for powerhint flow to access intcam & tnr clock 
Test: 1. build selinux and push related files to phone
      2. Use ls -Z "file" to check if selinux content of file is
      expected
      3. P21 camera checklist
Bug: 168654554

Change-Id: Ie757dd3e8adc151c6340e9ca662efbdf0ccb6110
 2021-06-07 06:31:09 +00:00
Long Ling
1064df0f26 sepolicy: gs101: display: fix dumpstate of displaycolor 
displaycolor service runs in HW Composer. This change allow displaycolor
to output to dumpstate via pipe fd.

Bug: 189846843
Test: adb bugreport and check displaycolor dump in dumpstate_board.txt
Change-Id: I109db9374124caf9053a9fd7ba6159f83c372038
 2021-06-06 22:20:19 -07:00
SalmaxChang
7865bf8577 cbd: Fix avc error 
avc: denied { search } for comm="cbd" name="/" dev="sda1" ino=2 scontext=u:r:cbd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0

Bug: 180687795
Change-Id: I149163760fa47378d03dc2d8c8a00c590788796c
 2021-06-07 01:40:59 +00:00
Rick Yiu
f275064208 Merge "gs101-sepolicy: Fix avc denials for sysfs_vendor_sched" into sc-dev 2021-06-07 00:38:36 +00:00
TreeHugger Robot
77cbbc1237 Merge "Add CccDkTimeSyncService" into sc-dev 2021-06-04 21:23:24 +00:00
Hui Wang
724ea61092 Remove unnecessary rules for vendor rcs app 
Bug: 190194610
Test: make, manual
Change-Id: I99f624a70a36ad6cf47806faf0eed693383dac5f
 2021-06-04 14:03:31 -07:00
TreeHugger Robot
aa7a8405e2 Merge "whitechapel: make vframe-secure a system heap" into sc-dev 2021-06-04 18:02:34 +00:00