device_google_gs101

Author	SHA1	Message	Date
Jin Jeong	15e1832396	Revert "Fix SELinux error for com.google.android.euicc" Revert submission 22899490-euicc_selinux_fix Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Bug: 279988311 Reverted changes: /q/submissionid:22899490-euicc_selinux_fix Change-Id: I72da756853a540d6251e074313b1880c9c9038e8	2023-05-16 12:18:21 +00:00
Jinyoung Jeong	42a0c82065	Fix SELinux error for com.google.android.euicc bug: 279548423 Test: http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed Change-Id: I00bdf71f04eec985147189eb1b474c7ff6797023	2023-04-28 13:39:35 +00:00
Orion Hodson	ad0f7df5bc	Remove the dontaudit suppressions for dex2oat.te `system/sepolicy/private/dex2oat.te` has rules for these now. Bug: 187016929 Test: m Change-Id: Idb34a644af6620c45f044f98c3d2686fca8ced05	2023-01-17 15:02:07 +00:00
Adam Shih	acf18a6f23	remove obsolete sepolicy Bug: 193474772 Bug: 193726003 Bug: 193009345 Bug: 190337283 Bug: 226717475 Test: boot with no relevant avc error shows up Change-Id: I8af2693fb7726e49d9b6d1c13010840a0b581326	2022-06-09 11:29:43 +08:00
Orion Hodson	61ccfcc43e	Merge "Remove odsign_prop denial for postinstall_dexopt" am: `1bd3118215` am: `bf8031994e` Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2098050 Change-Id: Ia1f584c3f55b58286ae45a4f48da201b0b76e515 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-23 08:24:08 +00:00
Orion Hodson	50ac49e196	Remove odsign_prop denial for postinstall_dexopt Issue fixed in https://r.android.com/1771328. Fix: 194142604 Test: N/A Change-Id: Ib8f8c07dce9c5d393b858e4234e6da66513d181f	2022-05-16 14:53:44 +01:00
chungkai	de44d766e4	sched: move sysfs to procfs Modify name from sysfs_vendor_sched to proc_vendor_sched Test: without avc denial Bug: 216207007 Signed-off-by: chungkai <chungkai@google.com> Change-Id: Ic113b2d8ee1d3ae1ced9985636b17ef1e7657a84	2022-03-29 09:43:32 +00:00
Rick Yiu	4075287498	gs101-sepolicy: Fix avc denials Fix below and other potential denials 11-21 10:10:43.984 3417 3417 I auditd : type=1400 audit(0.0:4): avc: denied { write } for comm=4173796E635461736B202332 path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.pixel.setupwizard 11-21 10:10:44.840 3976 3976 I auditd : type=1400 audit(0.0:10): avc: denied { write } for comm="StallDetector-1" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:untrusted_app_30:s0:c170,c256,c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.inputmethod.latin 11-21 18:10:51.280 5595 5595 I auditd : type=1400 audit(0.0:102): avc: denied { write } for comm="SharedPreferenc" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.gms Bug: 206970384 Test: make selinux_policy pass Change-Id: I7c981ef0516dc5be93ec825768de57c15786b4bd	2021-11-25 14:26:35 +00:00
Rick Yiu	6224fa9354	gs101-sepolicy: Remove private/mediaprovider_app.te Moved to system/sepolicy to solve GSI avc denials. Bug: 196326750 Test: build pass Change-Id: I4bdcc1d49bf9550297687534074fd3fc526d3acc	2021-08-17 21:09:20 +08:00
Rick Yiu	7de8a5d4a7	gs101: Remove vendor_sched Moved to system/sepolicy. Bug: 194656257 Test: build pass Change-Id: Ia5ea1bbc05bdc52b43cb403d99994bad70613e08 Merged-In: Ia5ea1bbc05bdc52b43cb403d99994bad70613e08	2021-07-30 03:13:39 +00:00
sukiliu	d9309ef34d	Update avc error on ROM 7562467 avc: denied { read } for name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=229 scontext=u:r:postinstall_dexopt:s0 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0 avc: denied { read } for comm="otapreopt" name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=229 scontext=u:r:postinstall_dexopt:s0 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0 Bug: 194142604 Bug: 194065991 Test: PtsSELinuxTestCases Change-Id: Ic3bb544f05ffff0df42f820d2f9cf6cd7cb24879	2021-07-20 10:03:30 +08:00
Orion Hodson	d4a7e81293	Merge "Revert "Update avc error on ROM 7522385"" into sc-dev	2021-07-14 09:08:32 +00:00
Adam Shih	9d7e88c27e	suppress error for ag/15263334 Bug: 193474772 Test: boot with no relevant error found Change-Id: Ia3f49fbf9e623c6b81d6c595e19e275f64521dfe	2021-07-13 09:57:18 +08:00
Orion Hodson	da1f469dc8	Revert "Update avc error on ROM 7522385" This reverts commit `46dfc784f5`. Bug: 192895524 Test: PtsSELinuxTestCases Change-Id: Iaf00b567fbd3df575ea009036c2e35f6a7a87d90	2021-07-09 15:51:12 +01:00
sukiliu	46dfc784f5	Update avc error on ROM 7522385 avc: denied { read } for name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=220 scontext=u:r:incidentd:s0 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0 avc: denied { read } for comm="app_process" name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=220 scontext=u:r:incidentd:s0 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0 Bug: 192895524 Test: PtsSELinuxTestCases Change-Id: I770c953e80920388e9c21e6dc8a12762c1f4fb8a	2021-07-06 09:42:31 +08:00
Alex Hong	c598db170c	Move the genfs_contexts of sched nodes from vendor to product For sched nodes, "proc_vendor_sched" and "sysfs_vendor_sched", their type definition is in product sepolicy, while genfs_contexts is in vendor sepolicy. In this case, genfs_contexts cannot be resolved after product sepolicy is replaced by Dynamic System Update. Need to keep the type definition and genfs_contexts in the same partition. Now move genfs_contexts because the type definition has to be in product for now since other private domains are accessing these sched nodes. Test: $ make selinux_policy The device can boot to home after replacing with GSI. Bug: 191236468 Change-Id: I02ea78b04dfcade4ceb426ff6ebf498daa81ac32	2021-06-21 14:55:08 +00:00
TreeHugger Robot	441bae6d1a	Merge "remove obsolete entries" into sc-dev	2021-06-15 01:39:02 +00:00
Rick Yiu	ad47112c59	gs101-sepolicy: Fix avc denial for permissioncontroller_app Bug: 190671898 Test: build pass Change-Id: I3ccfe958892cd27ebbcacc651847d4277d39855b	2021-06-11 18:41:10 +08:00
Adam Shih	d00aafac75	remove obsolete entries Bug: 190672147 Bug: 173969091 Bug: 171760921 Bug: 178331773 Bug: 178752616 Bug: 188752940 Bug: 184005231 Bug: 182086688 Bug: 177176899 Bug: 182953825 Bug: 176528557 Bug: 183935382 Test: boot and do bugreport with no relevant error showed up Change-Id: I869db698e96d2d6cfd533b7fd24c8c88d39fd0eb	2021-06-11 10:35:59 +08:00
SHUCHI LILU	61843906c0	Merge "Update avc error on ROM 7444346" into sc-dev	2021-06-10 11:06:35 +00:00
sukiliu	d27e574f3e	Update avc error on ROM 7444346 Bug: 190672147 Bug: 190671898 Test: Test: PtsSELinuxTestCases Change-Id: Ie9400df24f30474915d757b61ddb1c3fb77903c5	2021-06-10 15:16:37 +08:00
Rick Yiu	797b646234	gs101-sepolicy: Fix avc denial for sysfs_vendor_sched Fix mediaprovider_app and bluetooth Bug: 190563839 Bug: 190563916 Test: build pass Change-Id: I477325ee812d1362db4d5005e999cba989a44216	2021-06-10 04:10:24 +00:00
sukiliu	53c9a79002	Update avc error on ROM 7358093 Bug: 188114822 Bug: 188114896 Test: PtsSELinuxTestCases Change-Id: Ic5e865a921d0db981acfd936e1599a0ab220b975	2021-05-14 14:23:22 +08:00
chasewu	59161a5745	vibrator: Remove temporary method Bug: 177176811 Test: no avc denied logs Signed-off-by: chasewu <chasewu@google.com> Change-Id: I424e15037b3e20824f5e072d88bdf71a50cfdabf	2021-05-07 18:33:15 +08:00
Adam Shih	722b181dd3	update error on ROM 7331131 Bug: 187016929 Bug: 187016930 Bug: 187016910 Test: pts-tradefed run pts -m PtsSELinuxTest Change-Id: I294a27fd272f73cc371a4a8dc9783ba5f60203ff	2021-05-03 15:48:46 +08:00
Robin Peng	5009efa776	Move slider-sepolicy into gs101-sepolicy from: 71e609c24c97fc8d44843af30527cbeb90d5dcdf Bug: 167996145 Change-Id: Ie00e7e0983a3ca695bbd5140c929d07a80144301	2021-03-06 16:15:39 +08:00

26 commits