Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1655 commits 1 branch 0 tags 494 MiB
Commit graph

1655 commits

This branch
This branch
All branches
Author SHA1 Message Date
Marco Nelissen
7df1fa1574 Allow logd to read the Trusty log 
Bug: 190050919
Test: build
Change-Id: I8a42cd90b1581272f4dafc37d6eb29a98e1fa2e3
 2022-02-03 10:37:13 -08:00
Treehugger Robot
0e4789159c Merge "Allow storageproxyd to create directories in its data location" am: 423a9a467b 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1960462

Change-Id: I021cffca681495143a279470e73e194cd5faf635
 2022-01-26 20:44:17 +00:00
Treehugger Robot
423a9a467b Merge "Allow storageproxyd to create directories in its data location" 2022-01-26 20:29:27 +00:00
Stephen Crane
45850f812e Allow storageproxyd to create directories in its data location 
storageproxyd already has rw_dir_perms for tee_data_file from
vendor/tee.te in platform. We need create_dir_perms to make the
"alternate/" directory for handling DSU correctly.

Test: m dist, flash, and test DSU
Bug: 203719297
Change-Id: Ifcc3e5f82b68a506ff99469d2f3df6ab1440b42a
 2022-01-25 17:54:22 -08:00
TeYuan Wang
8cb5857dac Move thermal netlink socket sepolicy rules to pixel sepolicy am: 66f1d74123 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1958926

Change-Id: I5b35f6bb9f7a5ff6ab3abaeac370384125c60abf
 2022-01-25 10:39:06 +00:00
TeYuan Wang
66f1d74123 Move thermal netlink socket sepolicy rules to pixel sepolicy 
Bug: 213257759
Test: verified genlink function with emul_temp under enforcing mode
Change-Id: I8f5518e5f866ed0813be1e6630c6a9aefaf06e63
 2022-01-25 11:59:06 +08:00
linpeter
af647ece2f atc context change am: 85d5a9a60a 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1951025

Change-Id: I04d30ff685f7ad74d9f5eff43ff360edf7cf0fd3
 2022-01-21 22:12:40 +00:00
Treehugger Robot
3cde81c794 Merge "Allow TEE storageproxyd permissions needed for DSU handling" am: 05ca30173e 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1923363

Change-Id: I38635cce32595befc29dc3319ba5dd48a5010023
 2022-01-21 22:12:31 +00:00
TeYuan Wang
a76533f48b Label TMU as sysfs_thermal am: 32458cdc49 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1937119

Change-Id: Idc76bdeb58cdff9eb83ae817d8ed01dee9253032
 2022-01-21 22:12:21 +00:00
Yabin Cui
1a59c0625f Merge "Add SOC specific ETM sysfs paths" am: 9ee70a3d7f 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1943866

Change-Id: I89a806d01292ec28a0b22bef7833fae566d1d941
 2022-01-21 22:12:12 +00:00
Jasmine Cha
54e84e9978 audio: add sepolicy for getting thermal event am: 2abecb1519 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944690

Change-Id: I7d33c5cf635907493462d49d8b3a2ceacc128f00
 2022-01-21 22:12:02 +00:00
Jasmine Cha
cdcccbbd02 audio: add permission to request health/sensor data am: a21b7f8800 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944689

Change-Id: I0ec1f8e2c389b199e0b0646397bdd40593b3c374
 2022-01-21 22:11:55 +00:00
David Anderson
e999b85d07 Fix sepolicy denial in update_engine. am: 2fe229352b 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1934897

Change-Id: Ie42aaf3f8b972471ccf43fda689e32bc4b388bf8
 2022-01-21 22:11:24 +00:00
Matt Buckley
8670a782de Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags am: 317166636f 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1934617

Change-Id: I20977b9d52ecd10ce3feac4111677e278cadd3c2
 2022-01-21 22:11:00 +00:00
Joel Galenson
453006460d Include core policy OWNERS. am: b287da183e 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1931017

Change-Id: I91c6a5a9e6fde086d82b2def66207b938f18adae
 2022-01-21 22:10:13 +00:00
Xin Li
01d5ec6d2a [automerger skipped] Merge Android 12 QPR1 am: 0d05632eb8 -s ours 
am skip reason: Merged-In Ie31b278a639fd5a9e249ca934d543de770fb3217 with SHA-1 856fe3d040 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1921233

Change-Id: Icf501a9eaa676a0fbf49f2862e76fe482dfa6238
 2022-01-21 22:09:34 +00:00
chenpaul
9a9bf7fc09 Remove wifi_logger related sepolicy settings am: 37d4cfa648 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1881116

Change-Id: I4537982542fcf8f47e7b9fbaacf326db2cc12dc7
 2022-01-21 22:08:19 +00:00
linpeter
85d5a9a60a atc context change 
Give atc nodes are changed to dqe0 form.

Bug: 213133646
test: test: check avc denied
Change-Id: Ibbcb7538b7874912f8c7e19a77ae6dd32f097ab0
 2022-01-17 16:53:53 +08:00
Treehugger Robot
05ca30173e Merge "Allow TEE storageproxyd permissions needed for DSU handling" 2022-01-12 23:34:32 +00:00
YiHo Cheng
b4024884f1 Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev am: e400db11ba 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16569088

Change-Id: I3c9929f0ec857786766b892e415d4b58163797be
 2022-01-12 23:14:55 +00:00
YiHo Cheng
e400db11ba Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev 2022-01-12 23:03:42 +00:00
TeYuan Wang
32458cdc49 Label TMU as sysfs_thermal 
Bug: 202805103
Test: switch thermal tj property and check thermal threshold
Change-Id: Id113b80f856e26412e2e07b9c9b4a61d519b194f
 2022-01-12 10:16:49 +08:00
Yabin Cui
9ee70a3d7f Merge "Add SOC specific ETM sysfs paths" 2022-01-11 19:40:23 +00:00
Jasmine Cha
2abecb1519 audio: add sepolicy for getting thermal event 
type=1400 audit(0.0:15): avc: denied { call } for scontext=u:r:hal_audio_default:s0
tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1

type=1400 audit(0.0:16): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0
tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1

Bug: 204271308
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I900de2a2d8bf0753543ef4428374e782908e7aee
 2022-01-11 13:42:58 +08:00
Jasmine Cha
a21b7f8800 audio: add permission to request health/sensor data 
- Add audio hal into hal_health clients
- Allow audio hal to find fwk_sensor_hwservice
SELinux : avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1
SELinux : avc:  denied  { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1
audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1
audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1

Bug: 199382564
Bug: 199801586
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
Merged-In: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
 2022-01-11 13:42:55 +08:00
YiHo Cheng
ca06222472 thermal: Label tmu register dump sysfs 
Allow dumpstate to access tmu register dump sysfs

[ 1155.422181] type=1400 audit(1641335196.892:8): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_state" dev="sysfs"
ino=68561
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0
[ 1155.423398] type=1400 audit(1641335196.892:9): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_current_temp" dev="sysfs"
ino
=68562 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.443740] type=1400 audit(1641335196.896:10): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_rise_thres"
dev="sysfs"
ino=68563 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.466064] type=1400 audit(1641335196.896:11): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_fall_thres"
dev="sysfs"
ino=68565 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.488251] type=1400 audit(1641335196.916:12): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_rise_thres"
dev="sysfs" ino=68564 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.510614] type=1400 audit(1641335196.960:13): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_fall_thres"
dev="sysfs"
ino=68566 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
o

Bug: 202736838
Test: check thermal section in dumpstate
Change-Id: Icecca9f69ee9b57d43aa2864864951bf66c4905f
 2022-01-11 08:42:45 +08:00
Yabin Cui
1459e9734a Add SOC specific ETM sysfs paths 
Bug: 213519191
Test: run profcollectd on oriole
Change-Id: Ib1ae7466c76362b8242f2bb8560bb8b1d80c4253
 2022-01-10 11:25:25 -08:00
Vinay Kalia
97addf8500 [DO NOT MERGE] Allow media codec to access power HAL am: 8337626f4a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16483773

Change-Id: I4ce0bb633c8d27e798c7a8e80e1d23eb06b3a2a0
 2022-01-10 06:13:59 +00:00
Vinay Kalia
8337626f4a [DO NOT MERGE] Allow media codec to access power HAL 
This commit fixes the following denials:

W /vendor/bin/hw/google.hardware.media.c2@1.0-service: type=1400 audit(0.0:276): avc: denied
{ call } for comm=436F646563322E30204C6F6F706572 scontext=u:r:mediacodec:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

bug: 206687836
Test: Secure HFR AV1 video playback with resolution change.
Signed-off-by: Vinay Kalia <vinaykalia@google.com>
Change-Id: I79c20bda87af6066ae667a5176747378718a3a62
 2022-01-06 20:18:34 +00:00
David Anderson
2fe229352b Fix sepolicy denial in update_engine. 
pvmfw is an A/B partition but is not properly labeled and update_engine
gets a denial trying to write to it.

Bug: N/A
Test: m otapackage, apply OTA, check for denials
Change-Id: I55f41a8937384d3bcda5797b5df3f34257f7a114
 2021-12-28 21:52:12 -08:00
Matt Buckley
317166636f Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags 
For the hardware composer and surfaceflinger to coordinate on certain features, it is necessary for the hardware composer to be able to read the surface_flinger_native_boot_prop to know what should be enabled.

Bug: b/195990840
Test: None
Change-Id: Idc1599820026febecda84233d60982e7db7b14b5
 2021-12-28 19:08:06 +00:00
Joel Galenson
b287da183e Include core policy OWNERS. 
Test: None
Change-Id: I053d84eba7695fe125783b536421d43117b3f16d
 2021-12-21 07:27:03 -08:00
Stephen Crane
3f9a11fa0b Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2021-12-14 14:33:56 -08:00
Xin Li
0d05632eb8 Merge Android 12 QPR1 
Bug: 210511427
Merged-In: Ie31b278a639fd5a9e249ca934d543de770fb3217
Change-Id: I0daddb05e061916c60055b7df00164a76c69ebd2
 2021-12-14 08:38:59 -08:00
Chris Kuiper
3ce470c235 selinux: Allow sensor HAL to access the display service HAL am: 734d79bdaf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16376281

Change-Id: Ib3f0609b74dbb05a7e4936fa2055a1e050777b3e
 2021-12-10 17:44:16 +00:00
Chris Kuiper
734d79bdaf selinux: Allow sensor HAL to access the display service HAL 
Add necessary permissions.

Bug: b/204471211
Test: Testing with corresponding sensor HAL changes and sensor_test commands.
Change-Id: I01774210693ceb4a6d0d4dee4fb5e905117774d3
 2021-12-10 11:00:07 +08:00
TreeHugger Robot
65a718976e [automerger skipped] Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev am: f7db23e139 -s ours 
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 8d4e8a65d6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16302392

Change-Id: Ib87c387438c8ada00867ef1422dfa6bc2c4c6df9
 2021-12-08 01:57:41 +00:00
TreeHugger Robot
f7db23e139 Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev 2021-12-08 01:40:06 +00:00
joenchen
8d4e8a65d6 Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-07 03:42:52 +00:00
joenchen
bef2d7397c Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-06 02:45:51 +00:00
Albert Wang
43bde53275 Allow suspend_control to access xHCI wakeup node am: a506ed1e06 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946

Change-Id: I17198ed93403abe1b6526b385218847616b52c5b
 2021-12-02 01:53:59 +00:00
Albert Wang
a506ed1e06 Allow suspend_control to access xHCI wakeup node 
This is a WORKAROUND to avoid the xHCI wakeup node permission problem,
since system will automatically allocated device ID.

Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: Ia2ca04618f950bdded4aea76c897579eb4b92daf
 2021-12-01 23:45:19 +08:00
Xin Li
50628a78a8 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours am: 4613d25f07 -s ours 
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: Ib19bc7987a5b32c39431ebdce2923541a944f608
 2021-11-18 22:25:11 +00:00
Xin Li
4613d25f07 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours 
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: I3f0e4f5e9f26b048b89f495b7d79d9ceffb61f80
 2021-11-18 22:00:55 +00:00
Albert Wang
8bdcb60170 [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250

Change-Id: If82693c02020cc701953dcb12412fa0fe132f16b
 2021-11-17 08:51:05 +00:00
Albert Wang
e6fb90425d [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node 
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
Merged-In: I6e012fea56c50656c8f26216199459092dcfc0f9
 2021-11-17 07:18:29 +00:00
chenpaul
37d4cfa648 Remove wifi_logger related sepolicy settings 
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.

Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202
 2021-11-15 02:05:06 +00:00
Michael Ayoubi
11bb305754 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16233414

Change-Id: Ibac4fbebf2f14157e1ac32585e4da68b61acea19
 2021-11-12 01:48:47 +00:00
Michael Ayoubi
e7a17433a0 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev 2021-11-12 01:24:43 +00:00
Oleg Matcovschi
2eced57692 gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498

Change-Id: I80dc34c15c60f80ddde869c6895d1afe53e8bf3e
 2021-11-11 23:14:23 +00:00