Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4597 commits 1 branch 0 tags 494 MiB
Commit graph

1549 commits

Author SHA1 Message Date
Lucas Wei
121d50927c Merge "sepolicy: fix odpm avc denials" into tm-qpr-dev am: 4a487ac890 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/20067818

Change-Id: Ifc7951728bc578a8c472a217a74e72c82ed846cd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-24 09:53:50 +00:00
Lucas Wei
4a487ac890 Merge "sepolicy: fix odpm avc denials" into tm-qpr-dev 2022-10-24 09:07:24 +00:00
Sam Ou
0127869bfd sepolicy: fix odpm avc denials 
add wakeup permissions for odpm driver
since we update acc_data based on alarmtimer

Bug: 250813284
Change-Id: Id7f70d02475a03e53a206dde3b8efa584cacef85
Merged-In: Id7f70d02475a03e53a206dde3b8efa584cacef85
Signed-off-by: Sam Ou <samou@google.com>
Signed-off-by: Lucas Wei <lucaswei@google.com>
 2022-10-24 05:03:01 +00:00
Sam Ou
768196f828 sepolicy: fix odpm avc denials 
add wakeup permissions for odpm driver
since we update acc_data based on alarmtimer

Bug: 250813284
Change-Id: Id7f70d02475a03e53a206dde3b8efa584cacef85
Signed-off-by: Sam Ou <samou@google.com>
 2022-10-24 10:45:55 +08:00
Gabriel Biren
24160a4bcb Update gs101 sepolicy to allow the wifi_ext AIDL service. 
Bug: 205044134
Test: Start wifi on an Oriole device using both the
      HIDL and AIDL versions of wifi_ext.
Change-Id: I45cbc86e4d4feb2aa99641175108dd9745c1715e
 2022-10-20 16:54:19 +00:00
Adam Shih
72aa5a98fc move aoc settings to gs-common 
Bug: 248426917
Test: boot with aoc launched
Change-Id: I891767f10dfac7528b76e27fd2756b77ed46e45c
 2022-10-20 11:41:19 +08:00
Chungjui Fan
26158c7a57 sepolicy: gs101: allow fastbootd to access gsc device node am: 8d802db37a am: 8753d9d07c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/20210023

Change-Id: Ieb81c7c41cac31967c49da87cd7ab33b814e7ecd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-19 13:18:21 +00:00
Chungjui Fan
8753d9d07c sepolicy: gs101: allow fastbootd to access gsc device node am: 8d802db37a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/20210023

Change-Id: Ic59f5c3967ba09506234161c7a0058b40642851e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-19 12:31:55 +00:00
Chungjui Fan
8d802db37a sepolicy: gs101: allow fastbootd to access gsc device node 
avc:  denied  { getattr } for  pid=469 comm="fastbootd"
path="/dev/gsc0" dev="tmpfs" ino=470 scontext=u:r:fastbootd:s0
tcontext=u:object_r:citadel_device:s0
tclass=chr_file permissive=0

Bug: 248301125

Change-Id: Ic1aec8874636437b9b8d795b46fae72fa8533302
Signed-off-by: Chungjui Fan <chungjuifan@google.com>
 2022-10-17 12:26:10 +00:00
TreeHugger Robot
688b2b08f3 Merge "sepolicy: ignore and fix avc denial" 2022-10-17 04:51:55 +00:00
Chungkai Mei
4dc474a7b3 sepolicy: ignore and fix avc denial 
ignore and fix avc denial

Bug: 228181404
Test: boot without avc denial
Signed-off-by: Chungkai Mei <chungkai@google.com>
Change-Id: I83640aae46bd1823c4e4dcf15f00e64fa7a87aef
 2022-10-17 02:15:45 +00:00
Timmy Li
fe1c8108c5 Merge "Add aoc_device access to P21 devices. Camera hal" 2022-10-14 17:22:48 +00:00
Krzysztof Kosiński
20e9a691cf Use generic wildcard for vendor libprotobuf. am: 2118dfb684 am: f9f745da33 am: a110b52215 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2255496

Change-Id: I5e1311cd4ca7ed0cc1f436a9ccb3a5b6c7d9da0a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-14 16:54:29 +00:00
Krzysztof Kosiński
f9f745da33 Use generic wildcard for vendor libprotobuf. am: 2118dfb684 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2255496

Change-Id: I3788ebba42c38f754c183eb518e2d3a9ad31bba7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-14 15:51:58 +00:00
Krzysztof Kosiński
2118dfb684 Use generic wildcard for vendor libprotobuf. 
The suffix changes on each upgrade and the newest release uses
a two-part version number instead of a three-part one. Use a regex
that will match any suffix.

Bug: 203713560
Test: presubmit, log check
Change-Id: I27d7bd10e469b794226fe0c77b02c57d876729b1
 2022-10-14 14:06:56 +00:00
timmyli
ecd597b98a Add aoc_device access to P21 devices. Camera hal 
Since we plan to apply rls refactor to P21 devices
as well. Add access to camera_hal to aoc_device for
these devices.

Bug: 253493159
Test: Compiles
Change-Id: I43728c723e0cfc7cdde5377260af6075d4672e7b
 2022-10-14 01:55:04 +00:00
Adam Shih
2933a7f105 upgrade dumpstate from hidl to aidl 
Bug: 240530709
Test: adb bugreport
Change-Id: If5f81174f7881100bff21462ff4aef9ff62357d4
 2022-10-12 15:25:17 +08:00
Adam Shih
f15d1599ef remove redundant permission that has moved to gs-common 
Bug: 248426917
Test: adb bugreport
Change-Id: I2b1f26164e9590dadd6eae4c14cb65a1c34197fa
 2022-10-12 11:31:57 +08:00
TreeHugger Robot
a65d9c6e58 Merge "move trusty dump from gs101 to gs-common" 2022-10-11 01:41:33 +00:00
Adam Shih
cba306cc3b move modem dump to gs-common 
Bug: 250475732
Test: adb bugreport
Change-Id: I07bc213a6136d5803316062c3fddd55fc557c4b2
 2022-10-05 10:45:33 +08:00
Adam Shih
7c74638f0c Merge "move soc dump to gs-common" 2022-10-05 02:14:15 +00:00
Vaibhav Devmurari
a254fcef0c Merge "Add SePolicy for system_server accessing sysfs for USB devices" 2022-10-04 09:22:34 +00:00
Adam Shih
0508a69dbd move soc dump to gs-common 
Bug: 248428203
Test: adb bugreport
Change-Id: I09c8279685626125ab1c5a6b73d1143de7ae2f1d
 2022-10-04 12:56:28 +08:00
Adam Shih
6d2d8a9914 move trusty dump from gs101 to gs-common 
Bug: 244504232
Test: adb bugreport
Change-Id: I7a93c9ef7d07e92f0fd508c016a264c26a4e0b1e
 2022-10-04 09:06:15 +08:00
Vaibhav Devmurari
ac878d3f62 Add SePolicy for system_server accessing sysfs for USB devices 
Add SePolicy to allow Android input manager accessing sysfs nodes
for external USB devices

To support input device lights manager feature in frameworks, provide
sysfs node access to system server process.
DD: go/pk_backlight_control (For keyboard backlight control for external
keyboards)

Kernel provides a standardized LED interface to expose LED controls
over sysfs: https://docs.kernel.org/leds/leds-class.html
The feature will be provided for devices with kernel sysfs class led
support and vendor kernel driver for input controllers that do have
lights. The kernel sysfs class led support is a kernel config option
(LEDS_CLASS), and an input device driver will create the sysfs class
node interface.
By giving system_server the access to these sysfs nodes, the feature
will work on devices with the kernel option and kernel input/hid driver
support. We do use CTS tests to enforce the kernel options and the
input device drivers.

What's already supported?
- We already support access to UHID sysfs node which used for all
bluetooth based external peripherals

What's included in this CL?
- Adding support to access sysfs nodes for USB based external devices

Test: manual
Bug: 245506418
Change-Id: Ieb55614ed651b85f0e6752a17d02f4d370fd1e6f
 2022-10-03 14:52:52 +00:00
Adam Shih
d0af280f50 move ramdump relate dumpstate to gs-common 
Bug: 248428203
Test: adb bugreport
Change-Id: I16898410318dd8f396c68cd9096a4eb49358b784
 2022-09-30 15:10:45 +08:00
Adam Shih
a190e33522 move UFS dump to gs-common 
Bug: 248143736
Test: adb bugreport
Change-Id: I3446ab420a0e8a0104dcc63c1cfd4c1a04060cdd
 2022-09-28 13:20:33 +08:00
Adam Shih
3cd9384799 dump f2fs in gs-common 
Bug: 248143736
Test: adb bugreport
Change-Id: I902030f7960b2247e9b8e913e78d447741423efb
 2022-09-27 17:03:38 +08:00
Jinting Lin
03f471518a Merge "Allows modem_svc to read the logging related properties" into tm-qpr-dev am: d255ed1576 am: 230b907ae1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19967636

Change-Id: I2e6a0cf2f7558c40e68030649d1c663db5bcd3db
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 16:12:50 +00:00
Jinting Lin
230b907ae1 Merge "Allows modem_svc to read the logging related properties" into tm-qpr-dev am: d255ed1576 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19967636

Change-Id: Ic7a7ec1e03af32e88989f32452c2c255e1419a36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 15:35:53 +00:00
Jinting Lin
d255ed1576 Merge "Allows modem_svc to read the logging related properties" into tm-qpr-dev 2022-09-22 14:30:32 +00:00
Eden Su
c3c4aa626b Merge changes from topic "gs101_network_access" into tm-qpr-dev 
* changes:
  Sepolicy: add permission to allow create, connect udp socket
  sepolicy: gs101: allowed permissions required for network access
 2022-09-20 00:34:18 +00:00
jintinglin
9a4545eafa Allows modem_svc to read the logging related properties 
avc: denied { read } for comm="modem_svc_sit" name="u:object_r:vendor_logger_prop:s0" dev="tmpfs" ino=347 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_logger_prop:s0 tclass=file permissive=0

Bug: 243039758
Change-Id: I80a6971a2c3e09320e780d1eff24e040cd8b3541
 2022-09-19 05:31:09 +00:00
Hana Kim
060b562310 Sepolicy: add permission to allow create, connect udp socket 
Bug: 226412527
Test: The tester verified IMS didn't crash and no avc denied log
Signed-off-by: Hana Kim <hanaa.kim@samsung.com>
Change-Id: Id9ba79ba87010326c53b6aec408e5cdb291122a6
Merged-In: Id9ba79ba87010326c53b6aec408e5cdb291122a6
 2022-09-19 04:58:00 +00:00
Jinhee Kim
ea1f7edaae sepolicy: gs101: allowed permissions required for network access am: 653e53d11d am: 9ca55393c9 am: a62f7495fb am: 11149a00ca am: fd941e1c1a 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2214621

Change-Id: I32eb6c697ec317f6ca40a0b82544a7a9116ac154
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-16 12:46:04 +00:00
Hana Kim
89c07daec3 Sepolicy: add permission to allow create, connect udp socket am: 09e0e1b280 am: 6c17e1e6f5 am: 19e9846ba8 am: 6b1cbfe260 am: a29b3c8ca1 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2200444

Change-Id: I2544779da7c13c7b1a8383b8c786bb2c39716a98
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-16 12:46:02 +00:00
Jinhee Kim
fd941e1c1a sepolicy: gs101: allowed permissions required for network access am: 653e53d11d am: 9ca55393c9 am: a62f7495fb am: 11149a00ca 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2214621

Change-Id: Iee88f3f9d98f1b1f1568613b81542560e42ee25d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-16 12:18:57 +00:00
Hana Kim
a29b3c8ca1 Sepolicy: add permission to allow create, connect udp socket am: 09e0e1b280 am: 6c17e1e6f5 am: 19e9846ba8 am: 6b1cbfe260 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2200444

Change-Id: I50d573cc65874987be884d83b72f4aaaa71c8818
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-16 12:18:56 +00:00
Jinhee Kim
11149a00ca sepolicy: gs101: allowed permissions required for network access am: 653e53d11d am: 9ca55393c9 am: a62f7495fb 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2214621

Change-Id: I1da45f9173b7812ab45d8b503af446689a2e7fe4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-16 11:49:03 +00:00
Hana Kim
6b1cbfe260 Sepolicy: add permission to allow create, connect udp socket am: 09e0e1b280 am: 6c17e1e6f5 am: 19e9846ba8 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2200444

Change-Id: I9074a2aaab6ef1916fc3fa9a0c1f3e5e3fe610a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-16 11:49:01 +00:00
Jinhee Kim
908a8fcf14 sepolicy: gs101: allowed permissions required for network access 
avc: denied { write } for comm="Thread-102" name="dnsproxyd" dev="tmpfs" ino=1022 scontext=u:r:vendor_ims_app:s0:c251,c256,c512,c768 tcontext=u:object_r:dnsproxyd_socket:s0 tclass=sock_file permissive=0 app=com.shannon.imsservice
avc: denied { node_bind } for comm="Thread-102" src=50174 scontext=u:r:vendor_ims_app:s0:c251,c256,c512,c768 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=0 app=com.shannon.imsservice

Bug: 242231557
Test: The tester verified IMS didn't crash and no avc denied log
Change-Id: Icc3762cef7f9766d845f1e1a56af1315fc97163b
Signed-off-by: Jinhee Kim <jinhee.k@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Merged-In: Icc3762cef7f9766d845f1e1a56af1315fc97163b
 2022-09-16 08:51:52 +00:00
Estefany Torres
0ea1dac214 Merge "Add rules for letting logger app send the command to ril" into tm-qpr-dev am: 0ec93ed8cd am: 899574b2d8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19912324

Change-Id: Idd3a937c7da2388a32f59f265705bcc84c54bf8b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-15 15:03:57 +00:00
Estefany Torres
899574b2d8 Merge "Add rules for letting logger app send the command to ril" into tm-qpr-dev am: 0ec93ed8cd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19912324

Change-Id: I14947b4a9dc41ffdb9afef580597ee0d4798443f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-15 14:35:07 +00:00
Estefany Torres
0ec93ed8cd Merge "Add rules for letting logger app send the command to ril" into tm-qpr-dev 2022-09-15 14:09:07 +00:00
TreeHugger Robot
3aaefbe1fc Merge "aoc: add audio property for pixellogger update control" into tm-qpr-dev am: 75f908a8ed am: a106f636f8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19533964

Change-Id: I86804c96c940ced146e25a411560fe7ac06e5e77
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-14 02:54:01 +00:00
TreeHugger Robot
a106f636f8 Merge "aoc: add audio property for pixellogger update control" into tm-qpr-dev am: 75f908a8ed 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/19533964

Change-Id: I347bbb35b216896a87b3b2edc96af57d6dadfe80
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-14 02:23:57 +00:00
TreeHugger Robot
75f908a8ed Merge "aoc: add audio property for pixellogger update control" into tm-qpr-dev 2022-09-14 01:48:40 +00:00
Jinhee Kim
653e53d11d sepolicy: gs101: allowed permissions required for network access 
avc: denied { write } for comm="Thread-102" name="dnsproxyd" dev="tmpfs" ino=1022 scontext=u:r:vendor_ims_app:s0:c251,c256,c512,c768 tcontext=u:object_r:dnsproxyd_socket:s0 tclass=sock_file permissive=0 app=com.shannon.imsservice
avc: denied { node_bind } for comm="Thread-102" src=50174 scontext=u:r:vendor_ims_app:s0:c251,c256,c512,c768 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=0 app=com.shannon.imsservice

Bug: 242231557
Test: Build
Change-Id: Icc3762cef7f9766d845f1e1a56af1315fc97163b
Signed-off-by: Jinhee Kim <jinhee.k@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
 2022-09-12 15:18:32 +08:00
Hana Kim
09e0e1b280 Sepolicy: add permission to allow create, connect udp socket 
Bug: 226412527
Test: Build
Signed-off-by: Hana Kim <hanaa.kim@samsung.com>
Change-Id: Id9ba79ba87010326c53b6aec408e5cdb291122a6
 2022-09-12 15:17:44 +08:00
Estefany Torres
7b5ed95fdd Add rules for letting logger app send the command to ril 
08-31 23:40:57.354   458   458 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:logger_app:s0:c252,c256,c512,c768 pid=2901 scontext=u:r:logger_app:s0:c252,c256,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
09-01 00:08:19.600  2881  2881 W oid.pixellogger: type=1400 audit(0.0:10): avc: denied { call } for scontext=u:r:logger_app:s0:c252,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.android.pixellogger

Bug: 241412942
Test: tested in C10 with pixel logger change
Change-Id: Idcd693790d654d0a9b7aba46a41764d65867a61c
 2022-09-09 17:35:19 +00:00