Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1655 commits 1 branch 0 tags 494 MiB
Commit graph

1655 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jidong Sun
61b72806e8 gs101: Allow BootControl to access sysfs blow_ar 
Bug: 232277507
Signed-off-by: Jidong Sun <jidong@google.com>
Merged-In: I120672722a5ab8b5cadf0dce6d872e00c9fae642
Change-Id: I120672722a5ab8b5cadf0dce6d872e00c9fae642
 2022-06-10 06:02:53 +00:00
SalmaxChang
1be95c2e33 modem_svc: Fix avc error 
avc: denied { write } for comm="modem_svc_sit" name="modem_stat" dev="dm-42" ino=331 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 234844823
Change-Id: I51db41d73be317cc7fc84981ac5f04e254a360d0
 2022-06-06 20:36:44 +08:00
Orion Hodson
1bd3118215 Merge "Remove odsign_prop denial for postinstall_dexopt" 2022-05-23 07:38:01 +00:00
George Chang
610af798f5 Merge "Revert "Update nfc from hidl to aidl service"" 2022-05-19 15:38:39 +00:00
George Chang
71db4c206b Revert "Update nfc from hidl to aidl service" 
Revert submission 2098739-nfc_aidl_switch_gs101

Reason for revert: broken tests
Reverted Changes:
Ifde6ab418:Switch NFC from HIDL to AIDL
I288474f69:Update nfc from hidl to aidl service
Bug: 233194621
Change-Id: I1dad9c64073c8baffdf5f491c38bf1e568c9af29
 2022-05-19 13:45:18 +00:00
Kyle Tso
418d114796 Merge "Add logbuffer_pogo_transfer file_contexts" 2022-05-19 02:22:56 +00:00
Kyle Tso
94e2cdeb6e Add logbuffer_pogo_transfer file_contexts 
Bug: 232556226
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: I1037d39f4187807e6aa9753339fae29e3bc89359
 2022-05-17 16:01:46 +08:00
George Chang
d6a8c63837 Update nfc from hidl to aidl service 
Bug: 216290344
Test: atest NfcNciInstrumentationTests
Test: atest VtsAidlHalNfcTargetTest
Merged-In: I288474f691670655516728fe0e164a3e5689875c
Change-Id: I288474f691670655516728fe0e164a3e5689875c
 2022-05-17 12:16:39 +08:00
Orion Hodson
50ac49e196 Remove odsign_prop denial for postinstall_dexopt 
Issue fixed in https://r.android.com/1771328.

Fix: 194142604
Test: N/A
Change-Id: Ib8f8c07dce9c5d393b858e4234e6da66513d181f
 2022-05-16 14:53:44 +01:00
Orion Hodson
400d4fb7f4 Remove incidentd denial for apex_info_file 
Underlying issue addressed by https://r.android.com/1849822 which
gives incidentd r_file_perms for apex_info_file:file.

Fix: 187015816
Test: atest incidentd_test; adb logcat | grep denied
Change-Id: I90b57a5f01c97c8488c10692208080557a863051
 2022-05-16 14:45:53 +01:00
Ray Chi
bf9ec40ab7 Revert "add sepolicy for set_usb_irq.sh" 
This reverts commit 714075eba7.

Bug: 194346886
Test: build pass
Change-Id: Ie275e48ee87c4e9f5c83b7802c3f3baa12ad30af
 2022-05-04 09:49:17 +08:00
Ray Chi
d99789413d Allow hal_usb_gadget_impl to access proc_irq 
Bug: 220996010
Test: build pass
Change-Id: Id9a9adbdc921629b6e89d0850dd8acaf76b1a891
(cherry picked from commit 455c3c165348fa9ea65c65b004d4dda1426d04be)
 2022-05-04 09:46:39 +08:00
Albert Wang
77db706d9b Merge "Expand the xHCI wakeup path for suspend_control" 2022-05-03 07:14:40 +00:00
Asad Ali
c6ea8d1656 Allow chre to communicate with fwk_stats_service. 
Bug: 230788686
Test: Logged atoms using CHRE + log atom extension.
Change-Id: I0683a224d61cdc8c927360ebad3de115ed431e1a
 2022-04-28 22:27:57 +00:00
Treehugger Robot
f939ebb650 Merge "hal_sensors_default: Allow sensors HAL to access AoC properties." 2022-04-28 11:08:06 +00:00
Asad Ali
a022023a90 Merge "Update SELinux to allow CHRE to talk to the Wifi HAL" 2022-04-28 07:05:14 +00:00
Albert Wang
ee1758317e Expand the xHCI wakeup path for suspend_control 
Error log:
Error opening kernel wakelock stats for: wakeup132 (../../devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1/wakeup/wakeup132): Permission denied
avc: denied { read } for name="wakeup132" dev="sysfs" ino=3607558 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

Bug: 209745132
Test: test build to verify sepolicy log
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6c70272a79059f7ca4e3b0e525bbc09625e25135
 2022-04-28 06:41:24 +00:00
Treehugger Robot
c49520d66e Merge "android.hardware.usb.IUsb AIDL migration" 2022-04-27 16:21:29 +00:00
Anthony Stange
8c311f981b Update SELinux to allow CHRE to talk to the Wifi HAL 
Bug: 206614765
Test: Run locally
Change-Id: I73bcf96ed1cab0a101e5f84852a1d82258b9c690
Merged-In: I73bcf96ed1cab0a101e5f84852a1d82258b9c690
 2022-04-27 06:13:14 +00:00
chiayupei
a53690ac43 hal_sensors_default: Allow sensors HAL to access AoC properties. 
Bug: 202901227
Test: Verify pass by checking device log.

Signed-off-by: chiayupei <chiayupei@google.com>
Change-Id: I917362ddf4b8e61810d2dd27da2b7775f1aec1e7
 2022-04-26 17:50:44 +08:00
Edmond Chung
99b4aebb6a Camera: add setsched capability. 
The camera HAL needs to configure schedule policies for
performance optimizations.

Bug: 228632527
Test: adb logcat
Change-Id: Ifbf433c026549ca774a9521704d0b0b75c9e9f23
Merged-In: Ifbf433c026549ca774a9521704d0b0b75c9e9f23
Signed-off-by: Edmond Chung <edmondchung@google.com>
 2022-04-25 15:25:01 -07:00
Alistair Delva
e48b455651 Merge "Remove sysfs_gpu type definition" 2022-04-21 04:21:45 +00:00
Darren Hsu
3c11d8d1c5 sepolicy: label charger wakeups for system suspend 
Bug: 226887726
Test: do bugreport without avc denials
Change-Id: I779b646846da90cdc710145e959644efc4733b3b
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-04-11 10:56:33 +08:00
Albert Wang
e60773b926 Add more xHCI wakeup path for suspend_control 
To addressdd the xHCI wakeup nodes permission problem, add new nodes:
/devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup
/devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb3/wakeup

avc: denied { read } for name="wakeup175" dev="sysfs" ino=162091
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup175
(../../devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup/
wakeup175): Permission denied
avc: denied { read } for name="wakeup176" dev="sysfs" ino=162107
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup176
(../../devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb3/wakeup/
wakeup176): Permission denied

Bug: 226056256
Test: test build to verify sepolicy log
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I7f65597f91db5a16d4f9de4f6bb018bd5b50a965
 2022-04-01 09:43:40 +08:00
Badhri Jagan Sridharan
a4b9ad439b android.hardware.usb.IUsb AIDL migration 
android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
Merged-In: Ia8c24610244856490c8271433710afb57d3da157
(cherry picked from commit 51735ba3ab)
 2022-03-28 17:01:45 +08:00
Darren Hsu
f11f53a3ae Allow hal_power_stats to read sysfs_aoc_dumpstate 
avc: denied { read } for comm="android.hardwar" name="restart_count"
dev="sysfs" ino=72823 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs_aoc_dumpstate:s0 tclass=file permissive=0

Bug: 226173008
Test: check bugreport without avc denials
Change-Id: Ife3a7e00a1ffbcbed7fd8b744f2ac8910931a5fb
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-25 11:19:20 +08:00
Stephane Lee
84a06151a3 Fix off-mode (charger) sepolicy for the health interface 
Bug: 223537397
Test: Ensure that there are no selinux errors for sysfs_batteryinfo in
   off-mode charging

Change-Id: I46fa1b7552eb0655d0545538142131465a337f23
Merged-In: I46fa1b7552eb0655d0545538142131465a337f23
 2022-03-23 11:30:31 -07:00
Jack Wu
b67138e8ae sepolicy: gs101: fix charger_vendor permission denied 
[   27.025458][  T443] type=1400 audit(1644391560.640:11): avc: denied { search } for comm="android.hardwar" name="vendor" dev="tmpfs" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0
[   26.563658][  T447] type=1400 audit(1644397622.588:5): avc: denied { search } for comm="android.hardwar" name="/" dev="sda1" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
[   27.198144][  T442] type=1400 audit(1644398156.152:5): avc: denied { search } for comm="android.hardwar" name="battery" dev="sda1" ino=12 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=dir permissive=0
[   27.327035][  T443] type=1400 audit(1644398785.276:5): avc: denied { read } for comm="android.hardwar" name="defender_active_time" dev="sda1" ino=17 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=file permissive=0
[   27.355009][  T443] type=1400 audit(1644398785.276:6): avc: denied { write } for comm="android.hardwar" name="defender_charger_time" dev="sda1" ino=16 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=file permissive=0
[   26.771705][  T444] type=1400 audit(1644379988.804:4): avc: denied { read } for comm="android.hardwar" name="specification_version" dev="sysfs" ino=56257 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0
[   27.898684][  T445] type=1400 audit(1644392754.928:8): avc: denied { read } for comm="android.hardwar" name="thermal_zone6" dev="sysfs" ino=15901 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=lnk_file permissive=0
[   29.180076][  T447] type=1400 audit(1644397625.200:9): avc: denied { write } for comm="android.hardwar" name="mode" dev="sysfs" ino=15915 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0
[   27.043845][  T444] type=1400 audit(1644379988.808:9): avc: denied { search } for comm="android.hardwar" name="thermal" dev="tmpfs" ino=899 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=0
[   27.064916][  T444] type=1400 audit(1644379988.808:10): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_battery_defender_prop:s0" dev="tmpfs" ino=306 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=file permissive=0
[   27.356266][  T444] type=1107 audit(1644404450.376:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.battery.defender.state pid=457 uid=1000 gid=1000 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=property_service permissive=0'

Bug: 218485039
Test: manually test, no avc: denied
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I091dbbca35fb833e59fdbc234d74b90bfe74014c
Merged-In: I091dbbca35fb833e59fdbc234d74b90bfe74014c
 2022-03-23 11:27:45 -07:00
Darren Hsu
2018f942a7 sepolicy: reorder genfs labels for system suspend 
Bug: 223683748
Test: check bugreport without relevant avc denials
Change-Id: I66ede69d94bb3cb1a446e1cd5f3250b6f9b7f7e9
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-15 11:48:39 +08:00
TeYuan Wang
f7aba10674 Move libperfmgr thermal rules to pixel-sepolicy 
Bug: 213257759
Bug: 188579571
Test: build
Change-Id: I9893d53055594bfb4e4dba3d68b53f0fe132617d
 2022-03-10 21:28:33 +08:00
Michael Eastwood
82a110ba3b Merge "Update SELinux policy to allow camera HAL to send Perfetto trace packets" 2022-03-09 17:31:28 +00:00
Michael Eastwood
f648f3c989 Update SELinux policy to allow camera HAL to send Perfetto trace packets 
Example denials:

03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr
aced:s0 tclass=fd permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext
=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:
object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1

Bug: 222684359
Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto.
Change-Id: I0180c6bccf8cb65f444b8fb687ab48422c211bac
 2022-03-08 13:54:34 -08:00
Xin Li
22c3ab8b6b Merge Android 12L 
Bug: 222710654
Merged-In: I7b9186af0cb135241e23504fa9d6f7c3d6718c7c
Change-Id: I60cda8853fd8575beb8617025479d08ccf816fbb
 2022-03-08 00:15:28 +00:00
Tri Vo
22f2ffcbee Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441

Change-Id: I7b9186af0cb135241e23504fa9d6f7c3d6718c7c
 2022-03-04 18:06:53 +00:00
Tri Vo
fbf92e2ada Merge "Don't audit storageproxyd unlabeled access" 2022-03-04 17:45:37 +00:00
Midas Chien
b637545191 [automerger skipped] [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node am: 0e1e0e2830 -s ours 
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2009176

Change-Id: I5771c4702d7e76db359bba65f059f913d69d774f
 2022-03-04 12:29:41 +00:00
Midas Chien
0e1e0e2830 [Do Not Merge] Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Merged-In: I5ca811f9500dc452fe6832dd772376da51f675a8
Change-Id: I5ca811f9500dc452fe6832dd772376da51f675a8
 2022-03-04 10:48:08 +00:00
Tri Vo
03fef48542 Don't audit storageproxyd unlabeled access 
Test: m sepolicy
Bug: 197502330
Change-Id: I794dac85e475434aaf024027c43c98dde60bee27
 2022-03-03 13:12:17 -08:00
Jason Macnak
28a21a48e0 Remove sysfs_gpu type definition 
... as it has moved to system/sepolicy.

Bug: b/161819018
Test: presubmit
Change-Id: I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7
Merged-In: I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7
 2022-02-24 22:23:41 +00:00
Aaron Tsai
d2d83c8e2d Fix selinux error for system_app am: 05565c1f14 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1992670

Change-Id: Ia3c6c0aae82c19a5d1c019cce2700c5e64c8bb11
 2022-02-22 01:35:41 +00:00
Aaron Tsai
05565c1f14 Fix selinux error for system_app 
01-26 05:04:53.364   440   440 I auditd  : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:system_app:s0 pid=3063 scontext=u:r:system_app:s0 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 216531913
Test: verified with the forrest ROM and error log gone

Change-Id: I73d45f3cf1fe0bd918bb4856ce554e81702e4ff9
Merged-In: I73d45f3cf1fe0bd918bb4856ce554e81702e4ff9
 2022-02-21 12:16:45 +08:00
Junkyu Kang
a5b052c132 Add persist.vendor.gps to sepolicy am: 9244051b35 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1989989

Change-Id: Ibb1a3b4cca8fa3549eeef548d0939829413e8af1
 2022-02-18 06:50:19 +00:00
Junkyu Kang
9244051b35 Add persist.vendor.gps to sepolicy 
Bug: 196002632
Test: PixelLogger can modify persist.vendor.gps.*
Change-Id: I3fdaf564eacec340003eed0b5845a2c08922362c
Merged-In: I3fdaf564eacec340003eed0b5845a2c08922362c
 2022-02-17 08:55:49 +00:00
Xin Li
81caef24ad Merge sc-v2-dev-plus-aosp-without-vendor@8084891 
Bug: 214455710
Merged-In: Icecca9f69ee9b57d43aa2864864951bf66c4905f
Change-Id: Ibf8d551c16f8f941cfc8072a29ef5c57e8bef170
 2022-02-11 07:12:06 +00:00
TeYuan Wang
aeebc898cb move vendor_thermal_prop rules to pixel-sepolicy am: c292dd65ba 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960120

Change-Id: Id7692611610e82be8489a0c73e2040d15101e09b
 2022-02-08 10:04:37 +00:00
TeYuan Wang
c292dd65ba move vendor_thermal_prop rules to pixel-sepolicy 
Bug: 213257759
Test: no denied log after "setprop persist.vendor.disable.thermal.control 1"
Change-Id: Ic150959bc6084034d9afcc70bf446692fbe22d11
 2022-02-08 08:10:32 +00:00
Treehugger Robot
02e7ad9fb5 Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" am: 2c1750e537 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1972966

Change-Id: I2807e116f14305f0e829eec6907db6c817f000c3
 2022-02-08 01:08:56 +00:00
Treehugger Robot
2c1750e537 Merge "genfs_contexts: add paths for unnamed cs40l25a i2c devices" 2022-02-08 00:53:08 +00:00
Will McVicker
5a88ee6af1 genfs_contexts: add paths for unnamed cs40l25a i2c devices 
In the 5.10 kernel, the i2c paths are named using an out-of-tree patch
[1]. For kernels that don't support that, let's add the unnamed sysfs
paths as well to the selinux policy.

[1] https://android-review.googlesource.com/c/kernel/common/+/1646148

Bug: 217774013
Change-Id: I3a1f279270d22bf82144ce60a08c215308764be3
 2022-02-04 11:54:06 -08:00
Marco Nelissen
983f5f2d96 Allow logd to read the Trusty log am: 7df1fa1574 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1971381

Change-Id: Ic66382bd03df28287fc3817c6f66a414d69637b3
 2022-02-04 01:43:42 +00:00