Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
283 commits 1 branch 0 tags 494 MiB
Commit graph

219 commits

Author SHA1 Message Date
TreeHugger Robot
c625222492 Merge "hal_power_stats_default: Fix avc denials" into sc-dev 2021-03-10 02:11:04 +00:00
TreeHugger Robot
c8e903d1c8 Merge "dumpstate: allow dumpstate to access displaycolor" into sc-dev 2021-03-10 01:15:42 +00:00
Yu-Chi Cheng
02ecfdcc0d Merge "Allowed the EdgeTPU service to access Package Manager binder service." into sc-dev 2021-03-09 15:00:12 +00:00
Jack Wu
a3678d9487 hal_power_stats_default: Fix avc denials 
[  351.298850] type=1400 audit(1614041245.976:13): avc: denied { read } for comm="android.hardwar" name="hf1_wfi" dev="sysfs" ino=78155 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
[  698.658433] type=1400 audit(1614041593.336:1733): avc: denied { open } for comm="stats@1.0-servi" path="/sys/devices/platform/19000000.aoc/control/monitor_mode" dev="sysfs" ino=78158 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
02-23 08:53:13.336   673   673 I stats@1.0-servi: type=1400 audit(0.0:1734): avc: denied { getattr } for path="/sys/devices/platform/19000000.aoc/control/monitor_mode" dev="sysfs" ino=78158 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
02-23 08:52:26.228   670   670 I android.hardwar: type=1400 audit(0.0:724): avc: denied { search } for name="19000000.aoc" dev="sysfs" ino=18343 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=1

Bug: 180963514
Test: Verify pass by checking device log are w/o above errors after
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Iab245b320c1f6e75407f1fafb5ad20a087b1a707
 2021-03-09 14:21:20 +00:00
raylinhsu
43fb32d300 dumpstate: allow dumpstate to access displaycolor 
In bugreport, we need to dump libdisplaycolor information.
Hence, we should add corresponding sepolicy.

Bug: 181915591
Test: There is no avc denied regarding to displaycolor when we
capture the bugreport.

Change-Id: I9f7f8f451fab24b4d0c49305d96b8db6b4d0eed4
 2021-03-09 19:06:24 +08:00
Charlie Chen
e265637395 Merge changes I8de6132f,I2bc6057d into sc-dev 
* changes:
  Remove dma_buf_heap tracking_denials
  Add missing permission to dmabuf_video_system_heap
 2021-03-09 04:58:08 +00:00
Taehwan Kim
7d77820127 Add missing permission to dmabuf_video_system_heap 
Bug: 153786620
Bug: 182086551
Bug: 182086552
Bug: 182086686
Bug: 182086482
Bug: 182086481
Bug: 182086550
Test: atest VtsHalMediaC2V1_0TargetVideoDecTest
Signed-off-by: Taehwan Kim <t_h.kim@samsung.com>
Change-Id: I2bc6057d16bbcc32ef8891f89c0440618d174982
 2021-03-09 02:19:06 +00:00
TreeHugger Robot
9c51e64c6e Merge "sepolicy: add sensor related rules for AIDL APIs" into sc-dev 2021-03-09 02:03:39 +00:00
TreeHugger Robot
9185f0aafd Merge "Fix selinux error for vendor_telephony_app" into sc-dev 2021-03-09 01:01:45 +00:00
TreeHugger Robot
c5c7a85a0d Merge "trusty_apploader: Fix avc errors" into sc-dev 2021-03-09 00:55:06 +00:00
Yu-Chi Cheng
d18a92b0ef Allowed the EdgeTPU service to access Package Manager binder service. 
EdgeTPU service will connect to the Package Manager service
to verify applicatoin signatures.
This change added the corresponding SELinux rules to allow such
connection.

Bug: 181821398
Test: Verified using Google Camera App on local device.
Change-Id: Ia32b3de102c162e28710e0aa917831e8de784183
 2021-03-08 16:02:14 -08:00
Isaac Chiou
73ce34397a Wifi: Add sepolicy files for wifi_ext service 
This commit adds the sepolicy related files for wifi_ext service.

Bug: 171944352
Bug: 177966433
Bug: 177673356
Test: Manual
Change-Id: I1613e396fd4c904ed563dfd533fb4b8f807f9657
 2021-03-08 19:36:29 +08:00
matthuang
94095e1fd3 sepolicy: add sensor related rules for AIDL APIs 
SELinux : avc:  denied  { find } for pid=703 uid=1000name=android.frameworks.stats.IStats/default
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
android.hardwar: type=1400 audit(0.0:24): avc: denied { transfer } for scontext=u:r:hal_sensors_default:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=1

Bug: 182086688
Test: make selinux_policy -j128 and push to device.
Test: avc denials are disappeared in boot log.
Change-Id: I13e658c1cef3bd24ae25cc1c22dd9336b4e45b0f
 2021-03-08 09:00:36 +00:00
Kris Chen
5c76e0c1f3 trusty_apploader: Fix avc errors 
Fix the following avc denials:
trusty_apploade: type=1400 audit(0.0:3): avc: denied { read } for name="system" dev="tmpfs" ino=713 scontext=u:r:trusty_apploader:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1
trusty_apploade: type=1400 audit(0.0:4): avc: denied { open } for path="/dev/dma_heap/system" dev="tmpfs" ino=713 scontext=u:r:trusty_apploader:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1
trusty_apploade: type=1400 audit(0.0:5): avc: denied { ioctl } for path="/dev/dma_heap/system" dev="tmpfs" ino=713 ioctlcmd=0x4800 scontext=u:r:trusty_apploader:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1

Bug: 180874342
Test: Verify no avc denied when trusty app is loaded.
Change-Id: Idbd850580220a1cb85a221d769d741f63cd8751f
 2021-03-08 16:42:27 +08:00
TreeHugger Robot
433719c74f Merge "Allow vendor_init to set USB properties" into sc-dev 2021-03-08 08:38:01 +00:00
Aaron Tsai
5e63caa568 Fix selinux error for vendor_telephony_app 
// b/174961423
[   43.295540] type=1400 audit(1607136492.652:21): avc: denied { open } for comm="y.silentlogging" path="/dev/__properties__/u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=261 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1
[   43.295445] type=1400 audit(1607136492.652:20): avc: denied { read } for comm="y.silentlogging" name="u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=261 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1
[   43.290494] type=1400 audit(1607136492.648:19): avc: denied { search } for comm="y.silentlogging" name="com.samsung.slsi.telephony.silentlogging" dev="dm-6" ino=3751 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=1
[   43.267396] type=1400 audit(1607136492.624:18): avc: denied { getattr } for comm="y.silentlogging" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-6" ino=3751 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=1
[   43.267076] type=1400 audit(1607136492.624:17): avc: denied { search } for comm="y.silentlogging" name="data" dev="dm-6" ino=87 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=1

// b/176868380
[   44.640326] type=1400 audit(1609377760.052:32): avc: denied { search } for comm="y.silentlogging" name="0" dev="dm-6" ino=181 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=1
[   44.705763] type=1400 audit(1609377760.120:36): avc: denied { search } for comm="ephony.testmode" name="0" dev="dm-6" ino=181 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=1
[   44.649879] type=1400 audit(1609377760.064:33): avc: denied { getattr } for comm="y.silentlogging" path="/dev/__properties__/u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=261 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1
[   44.649981] type=1400 audit(1609377760.064:34): avc: denied { map } for comm="y.silentlogging" path="/dev/__properties__/u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=261 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1
[   44.650286] type=1400 audit(1609377760.064:35): avc: denied { search } for comm="y.silentlogging" name="slog" dev="dm-6" ino=228 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=1

// b/177176900
[   46.609809] type=1400 audit(1610075109.964:21): avc: denied { getattr } for comm="ephony.testmode" path="/dev/__properties__/u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=266 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1
[   46.609747] type=1400 audit(1610075109.964:20): avc: denied { open } for comm="ephony.testmode" path="/dev/__properties__/u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=266 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1
[   46.609580] type=1400 audit(1610075109.960:19): avc: denied { read } for comm="ephony.testmode" name="u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=266 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1
[   46.609867] type=1400 audit(1610075109.964:22): avc: denied { map } for comm="ephony.testmode" path="/dev/__properties__/u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=266 scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1

// b/179437464
02-05 09:46:38.796   376   376 E SELinux : avc:  denied  { find } for pid=9609 uid=1000 name=activity scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
02-05 09:46:38.894   376   376 E SELinux : avc:  denied  { find } for pid=9631 uid=1000 name=thermalservice scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
02-05 09:46:38.825   376   376 E SELinux : avc:  denied  { find } for pid=9609 uid=1000 name=tethering scontext=u:r:vendor_telephony_app:s0 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=1


Bug: 174961423
Bug: 176868380
Bug: 177176900
Bug: 179437464

Test: verified with the forrest ROM and error log gone
Change-Id: Ibd2dfb61eb58b381504ac43595e99695a5e21b7e
 2021-03-08 15:48:34 +08:00
Alex Hong
6bfbfc3c3a Allow vendor_init to set USB properties 
Bug: 181925042
Test: $ make selinux_policy
      Push SELinux modules, switch to Enforcing mode
      Ensure the vendor_init denials are gone
Change-Id: I4007cbc2396fa1fc22f1d18a977beb11c57e3b12
 2021-03-08 14:59:13 +08:00
SalmaxChang
4d87bc0f2a cbd: Fix avc errors 
avc: denied { write } for comm="cbd" name="ssrdump" dev="dm-9" ino=284 scontext=u:r:cbd:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir
avc: denied { add_name } for comm="cbd" name="crashinfo_modem_2021-03-02_10-57-06.txt" scontext=u:r:cbd:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir
avc: denied { write } for comm="sh" name="image" dev="dm-9" ino=231 scontext=u:r:cbd:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir
avc: denied { read } for comm="cbd" name="u:object_r:radio_prop:s0" dev="tmpfs" ino=206 scontext=u:r:cbd:s0 tcontext=u:object_r:radio_prop:s0 tclass=file
avc: denied { search } for comm="cbd" name="/" dev="sda15" ino=2 scontext=u:r:cbd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir
avc: denied { syslog_read } for comm="cbd" scontext=u:r:cbd:s0 tcontext=u:r:kernel:s0 tclass=system

Bug: 179198083
Bug: 178331928
Bug: 171267363
Change-Id: I8a89e360e6d614ad76ed2eb78467fcbedf1ea0ce
 2021-03-08 06:00:45 +00:00
Robin Peng
5009efa776 Move slider-sepolicy into gs101-sepolicy 
from: 71e609c24c97fc8d44843af30527cbeb90d5dcdf

Bug: 167996145
Change-Id: Ie00e7e0983a3ca695bbd5140c929d07a80144301
 2021-03-06 16:15:39 +08:00