Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
243 commits 1 branch 0 tags 494 MiB
Commit graph

243 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eddie Tashjian
4cdfd5b4ac Merge "Allow init to set RIL properties." into sc-dev am: 5dbe586a1d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13986934

Change-Id: Ib1366e4bb178ae6111ceb4e7b3219cac9c09765f
 2021-03-25 02:35:42 +00:00
Eddie Tashjian
5dbe586a1d Merge "Allow init to set RIL properties." into sc-dev 2021-03-25 01:51:20 +00:00
Krzysztof Kosiński
fc18626210 Merge "Revert "Add lazy service binary to hal_camera_default domain."" into sc-dev am: 1314a15cb9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13985005

Change-Id: I38a71c99ebdf718b396e49fd1cf4489b6a1525f7
 2021-03-24 21:33:06 +00:00
Krzysztof Kosiński
1314a15cb9 Merge "Revert "Add lazy service binary to hal_camera_default domain."" into sc-dev 2021-03-24 20:57:35 +00:00
Eddie Tashjian
d3579bb3ec Allow init to set RIL properties. 
Init sequence needs to set several properties under *vendor.ril*. Change
permission to set instead of get.

Bug: 183633407
Test: Check selinux denials.
Change-Id: Id7ecff48f36ee87f251ee6121f1782fa57b39844
 2021-03-24 13:35:11 -07:00
Krzysztof Kosiński
9818e25500 Revert "Add lazy service binary to hal_camera_default domain." 
This reverts commit d02e73b966.

Reason for revert: This HAL is actually not intended to be present
on GS101 devices. The denial logs come from people who did "adb sync"
after building binaries that are not included in the device image.
SELinux should not allow access to this HAL.

Change-Id: Id179023eeb79d749a0bde13e1d83af41fc42780e
 2021-03-24 15:59:55 +00:00
Adam Shih
5838ee55bc allow bootctl to access devinfo am: 5b5a004593 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13981527

Change-Id: If110be4ad37cedc65fac2e737165d36f3d8881d4
 2021-03-24 13:26:53 +00:00
Adam Shih
5b5a004593 allow bootctl to access devinfo 
[   22.798274] type=1400 audit(1616580486.404:10): avc:
denied { write } for comm="boot@1.2-servic" name="sdd1"
dev="tmpfs" ino=705 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file
permissive=1
Bug: 177882574
Test: boot to home after factory reset
Change-Id: I6774ffd46a74c75b2fee962757901ea97e9033fe
 2021-03-24 10:32:37 +00:00
SalmaxChang
68d69074e3 mds: Update radio_vendor_data_file permission am: 3a27f85dc8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13975652

Change-Id: Id5fbdc1545c5d144d9d51329754b2697b040a020
 2021-03-24 10:10:12 +00:00
SalmaxChang
3a27f85dc8 mds: Update radio_vendor_data_file permission 
Bug: 181174034
Change-Id: Ie22e19b179d41a97198c07cb922dd5c60f095ad4
 2021-03-24 09:23:18 +00:00
Adam Shih
398ee2091b Merge "fix reset problem caused by ims" into sc-dev am: c58780d645 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13975655

Change-Id: I7f97b020b8ccf4ec69cab4018f1e27591fe51f86
 2021-03-24 08:51:27 +00:00
Adam Shih
c58780d645 Merge "fix reset problem caused by ims" into sc-dev 2021-03-24 08:13:23 +00:00
Adam Shih
692faeedaf fix reset problem caused by ims 
Bug: 183209764
Test: unplug device, reboot, enter sim code and survived
Change-Id: I23c39290731a76ec4a364e4f92d3994254d70eae
 2021-03-24 14:31:31 +08:00
TreeHugger Robot
72c6df70bf Merge "Remove tracking_denials/bootanim.te" into sc-dev am: e8ac32ef2e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13979105

Change-Id: I1190b5b123aea72d0e569e292537fec5fa5291b3
 2021-03-24 05:45:24 +00:00
TreeHugger Robot
5a5f5b98d5 Merge "work around for uwb" into sc-dev am: 9e41379b9e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13960253

Change-Id: I9490b8021f180b9b5aec5db98a7ee49453497993
 2021-03-24 05:44:46 +00:00
TreeHugger Robot
e8ac32ef2e Merge "Remove tracking_denials/bootanim.te" into sc-dev 2021-03-24 05:06:44 +00:00
TreeHugger Robot
9e41379b9e Merge "work around for uwb" into sc-dev 2021-03-24 05:01:12 +00:00
SalmaxChang
dfd490b604 vendor_init: Update tracking denials am: 14d068b640 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13899374

Change-Id: If2aa80b11fe37122ce072c2a019dbe2aaea3aa2e
 2021-03-24 04:02:11 +00:00
TreeHugger Robot
57226560a8 Merge "update error on ROM 7230950" into sc-dev am: 1bc06a6de6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13977868

Change-Id: I3ae2d34b90ddc511af1056141d5decee00dcf2bc
 2021-03-24 04:01:31 +00:00
SalmaxChang
14d068b640 vendor_init: Update tracking denials 
Bug: 176528556
Change-Id: I1ad621c14a1705420f63aeb63b0c68452d991f93
 2021-03-24 03:49:03 +00:00
Jesse Hall
6efd563361 Remove tracking_denials/bootanim.te 
The action that was being denied no longer occurs.

Bug: 180567480
Test: boot past bootanim, check audit log
Change-Id: I58a1b307538a1198d69120c0797a9e0542f30bdf
 2021-03-23 20:43:59 -07:00
TreeHugger Robot
1bc06a6de6 Merge "update error on ROM 7230950" into sc-dev 2021-03-24 03:28:03 +00:00
TreeHugger Robot
e1a5e4c82c Merge "Add se-policy for new GRIL service and RadioExt hal APIs" into sc-dev am: fb3fe04feb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13974811

Change-Id: I6ab45de430900ff6c0ce18eedf678d34fac1cbcd
 2021-03-24 02:55:47 +00:00
TreeHugger Robot
abb3620d8f Merge "Add the sepolicy for UWB hal" into sc-dev am: 40df476219 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13874847

Change-Id: I9c6caf5690cb247d9d2ec079cbe829169e60f181
 2021-03-24 02:55:02 +00:00
TreeHugger Robot
fb3fe04feb Merge "Add se-policy for new GRIL service and RadioExt hal APIs" into sc-dev 2021-03-24 02:39:23 +00:00
TreeHugger Robot
40df476219 Merge "Add the sepolicy for UWB hal" into sc-dev 2021-03-24 02:13:43 +00:00
Adam Shih
d28724fdb1 update error on ROM 7230950 
Bug: 183560076
Bug: 183560282
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I329cd3f1e4c5eed986c21724bf42730bed46ab3b
 2021-03-24 10:03:35 +08:00
TreeHugger Robot
3a05b06511 Merge "Fix denials for ril_config_service_app" into sc-dev am: 835a255138 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13960264

Change-Id: I5494cde9c8f7b4c04220d19e5b614a7560407445
 2021-03-24 01:35:47 +00:00
TreeHugger Robot
13b3e58059 Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev am: d70813575b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13974361

Change-Id: I5b7c199261a4f46f3ab6ca6caa019a41889cf7cc
 2021-03-24 01:23:22 +00:00
Adam Shih
77f6de6ea6 work around for uwb 
Bug: 171943668
Test: dw3000 kthread and uwb service came up fine
Change-Id: I4288e07b9b9a2741bfe64b35bd4681ffe4a66039
 2021-03-24 00:41:27 +00:00
TreeHugger Robot
835a255138 Merge "Fix denials for ril_config_service_app" into sc-dev 2021-03-24 00:41:22 +00:00
TreeHugger Robot
d70813575b Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev 2021-03-24 00:26:19 +00:00
Christine Franks
697b71b400 Merge "Add uhid access for exo" into sc-dev am: 28ab0ae8c3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13933043

Change-Id: Idb4c0e31fa115cc5ff381ed17872f8dce21a2590
 2021-03-23 22:33:21 +00:00
labib
a0c5ec2305 Add se-policy for new GRIL service and RadioExt hal APIs 
Bug: 172294179
Change-Id: Ief4c7ec7959676126f35037006016e1454a34f5e
 2021-03-24 06:16:03 +08:00
Christine Franks
28ab0ae8c3 Merge "Add uhid access for exo" into sc-dev 2021-03-23 21:57:15 +00:00
Hridya Valsaraju
fb862c0888 Allow Exoplayer access to the vstream-secure heap for secure playback 
Fixes the following denials:

avc: denied { read } for name="vstream-secure" dev="tmpfs"
ino=736 scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0 tclass=chr_file permissive=0
app=com.google.android.exoplayer.demo
avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=736
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0
tclass=chr_file permissive=0 app=com.google.android.exoplayer.demo
avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=736
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0
tclass=chr_file permissive=0 app=com.google.android.exoplayer.demo

Bug: 178865267
Test: no more denials
Change-Id: I6612bd56c49558b13e2ae72cfbf3552715729e7a
Signed-off-by: Hridya Valsaraju <hridya@google.com>
 2021-03-23 14:37:01 -07:00
Greg Kaiser
d10bc2029c Merge "Revert "Add se-policy for new GRIL service and RadioExt hal APIs"" into sc-dev am: 9ec1be4eb9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13974086

Change-Id: Ie04f0e9e1d4df1d225a53da99d6b8b9a81710659
 2021-03-23 19:49:49 +00:00
Greg Kaiser
9ec1be4eb9 Merge "Revert "Add se-policy for new GRIL service and RadioExt hal APIs"" into sc-dev 2021-03-23 19:12:13 +00:00
LABIB MD RASHID
97bfa35d4f Revert "Add se-policy for new GRIL service and RadioExt hal APIs" 
Revert "BT SAR client implementation for GRIL"

Revert submission 13944227-gril-bt-sar

Reason for revert: TreeHugger builds failing due to changes requiring se-linux permissions for GRIL. Need to add permissions for more devices before attempting this change again.

Reverted Changes:
I556657928:Add se-policy for new GRIL service and RadioExt ha...
I96cf9176a:BT SAR client implementation for GRIL

Change-Id: Ib800962d07d305a5a42ee40f019535f663beacd1
 2021-03-23 19:00:57 +00:00
TreeHugger Robot
f87d5740f6 Merge "Add se-policy for new GRIL service and RadioExt hal APIs" into sc-dev am: 25e39f7d37 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13944227

Change-Id: If101de29d62c1fa07ba39c501c9954fbc2510630
 2021-03-23 16:30:55 +00:00
TreeHugger Robot
25e39f7d37 Merge "Add se-policy for new GRIL service and RadioExt hal APIs" into sc-dev 2021-03-23 16:02:35 +00:00
TreeHugger Robot
fcf368d2dd Merge "modem_svc_sit: Fix avc errors" into sc-dev am: 3bf9cddeb7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13960255

Change-Id: Icf37a2009e9fe585e703d0492686643100ba35a5
 2021-03-23 11:47:41 +00:00
TreeHugger Robot
6ba162f8c3 Merge "update error on ROM 7228492" into sc-dev am: 1cf98386f6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13960254

Change-Id: I7609764ad40566346526f40be15310492598bca3
 2021-03-23 11:47:16 +00:00
TreeHugger Robot
3bf9cddeb7 Merge "modem_svc_sit: Fix avc errors" into sc-dev 2021-03-23 11:16:25 +00:00
TreeHugger Robot
1cf98386f6 Merge "update error on ROM 7228492" into sc-dev 2021-03-23 11:16:22 +00:00
Hongbo Zeng
4211025746 Fix denials for ril_config_service_app 
- RilConfigService is a common google project in vendor/google/tools,
  sync related rules from the previous project(ag/6697240, ag/7153946)
  to allow it to:
  (1) receive intents
  (2) update database files under /data/vendor/radio
  (3) update RIL properties
- Two new denials found in this project only:
  avc: denied { search } for name="data" dev="dm-7" ino=93
      scontext=u:r:ril_config_service_app:s0
      tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=1
  avc: denied { search } for name="0" dev="dm-7" ino=192
      scontext=u:r:ril_config_service_app:s0
      tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=1

Bug: 182715439
Test: apply these rules and check there is no denial for
      RilConfigService finally
Change-Id: Icfb0e121d0d11600bda900dff0511187518105ab
 2021-03-23 17:22:33 +08:00
labib
6516f369ff Add se-policy for new GRIL service and RadioExt hal APIs 
Bug: 172294179
Change-Id: I556657928caa441b3530bb371902d5f4ce0be257
 2021-03-23 09:20:18 +00:00
Adam Shih
b182a7166e permission required for adb sideload to work am: fd45b5ef27 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13960252

Change-Id: Ib93eae652d1e1c3cf636a3e53cd0593ade481c64
 2021-03-23 08:40:29 +00:00
SalmaxChang
b4fbecb9fb modem_svc_sit: Fix avc errors 
avc: denied { search } for comm="modem_svc_sit" name="vendor" dev="tmpfs" ino=2 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir
avc: denied { write open } for path="/mnt/vendor/modem_userdata/replay/dds.bin" dev="sda7" ino=14 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=file
avc: denied { remove_name } for name="dds.bin" dev="sda7" ino=14 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir

Bug: 183467321
Change-Id: Ic5b8fcf324bb0a8b0f6312b3ae755d73a53f0e9c
 2021-03-23 15:11:38 +08:00
Adam Shih
01376cbe06 update error on ROM 7228492 
Bug: 183467306
Bug: 183467321
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia8473c1a4e1f56cc52bc765dea56e3bc497c7cc9
 2021-03-23 15:11:24 +08:00