Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1040 commits 1 branch 0 tags 494 MiB
Commit graph

637 commits

Author SHA1 Message Date
Marco Nelissen
7df1fa1574 Allow logd to read the Trusty log 
Bug: 190050919
Test: build
Change-Id: I8a42cd90b1581272f4dafc37d6eb29a98e1fa2e3
 2022-02-03 10:37:13 -08:00
Treehugger Robot
423a9a467b Merge "Allow storageproxyd to create directories in its data location" 2022-01-26 20:29:27 +00:00
Stephen Crane
45850f812e Allow storageproxyd to create directories in its data location 
storageproxyd already has rw_dir_perms for tee_data_file from
vendor/tee.te in platform. We need create_dir_perms to make the
"alternate/" directory for handling DSU correctly.

Test: m dist, flash, and test DSU
Bug: 203719297
Change-Id: Ifcc3e5f82b68a506ff99469d2f3df6ab1440b42a
 2022-01-25 17:54:22 -08:00
TeYuan Wang
66f1d74123 Move thermal netlink socket sepolicy rules to pixel sepolicy 
Bug: 213257759
Test: verified genlink function with emul_temp under enforcing mode
Change-Id: I8f5518e5f866ed0813be1e6630c6a9aefaf06e63
 2022-01-25 11:59:06 +08:00
Treehugger Robot
05ca30173e Merge "Allow TEE storageproxyd permissions needed for DSU handling" 2022-01-12 23:34:32 +00:00
TeYuan Wang
32458cdc49 Label TMU as sysfs_thermal 
Bug: 202805103
Test: switch thermal tj property and check thermal threshold
Change-Id: Id113b80f856e26412e2e07b9c9b4a61d519b194f
 2022-01-12 10:16:49 +08:00
Yabin Cui
9ee70a3d7f Merge "Add SOC specific ETM sysfs paths" 2022-01-11 19:40:23 +00:00
Jasmine Cha
2abecb1519 audio: add sepolicy for getting thermal event 
type=1400 audit(0.0:15): avc: denied { call } for scontext=u:r:hal_audio_default:s0
tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1

type=1400 audit(0.0:16): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0
tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1

Bug: 204271308
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I900de2a2d8bf0753543ef4428374e782908e7aee
 2022-01-11 13:42:58 +08:00
Jasmine Cha
a21b7f8800 audio: add permission to request health/sensor data 
- Add audio hal into hal_health clients
- Allow audio hal to find fwk_sensor_hwservice
SELinux : avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1
SELinux : avc:  denied  { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1
audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1
audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1

Bug: 199382564
Bug: 199801586
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
Merged-In: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
 2022-01-11 13:42:55 +08:00
Yabin Cui
1459e9734a Add SOC specific ETM sysfs paths 
Bug: 213519191
Test: run profcollectd on oriole
Change-Id: Ib1ae7466c76362b8242f2bb8560bb8b1d80c4253
 2022-01-10 11:25:25 -08:00
David Anderson
2fe229352b Fix sepolicy denial in update_engine. 
pvmfw is an A/B partition but is not properly labeled and update_engine
gets a denial trying to write to it.

Bug: N/A
Test: m otapackage, apply OTA, check for denials
Change-Id: I55f41a8937384d3bcda5797b5df3f34257f7a114
 2021-12-28 21:52:12 -08:00
Stephen Crane
3f9a11fa0b Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2021-12-14 14:33:56 -08:00
Xin Li
856fe3d040 Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 
Bug: 205056467
Merged-In: I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c
Change-Id: Ie31b278a639fd5a9e249ca934d543de770fb3217
 2021-11-10 08:06:11 +00:00
Jiyong Park
90d1e82ae6 Remove ndk_platform backend. Use the ndk backend. 
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same ndk backend.

Bug: 161456198
Test: m

Merged-In: Icc9af3798ac89742fa56b1cb37d8116d99b4a9c2
Change-Id: Icc9af3798ac89742fa56b1cb37d8116d99b4a9c2
(cherry picked from commit 5cc5d52bd7)
 2021-10-26 14:59:28 +09:00
Max Kogan
49a05309af Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-qpr1-dev am: 2a166c0eb5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15900366

Change-Id: I71ca6648ff0305c5142047c75eeda8e7d41cb2b6
 2021-10-04 18:15:19 +00:00
Max Kogan
2a166c0eb5 Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-qpr1-dev 2021-10-04 18:04:01 +00:00
George Lee
6613966d5d Merge "power_hal: add bcl file permission" into sc-qpr1-dev am: 9d3965da4f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15905927

Change-Id: Ic3e85e9bb8b4ac9139b6c9606edcc3522da818ee
 2021-10-04 17:11:49 +00:00
George Lee
9d3965da4f Merge "power_hal: add bcl file permission" into sc-qpr1-dev 2021-10-04 16:54:14 +00:00
Edwin Tung
14719fc742 Merge "gps: add sepolicy to allow gps access pps gpio" into sc-qpr1-dev am: 6c249e4a9f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15897560

Change-Id: I327b8257a1c929c94a4adc02037488bdb547d642
 2021-09-30 14:26:41 +00:00
Edwin Tung
6c249e4a9f Merge "gps: add sepolicy to allow gps access pps gpio" into sc-qpr1-dev 2021-09-30 14:11:49 +00:00
Edwin Tung
4d6a7023e1 gps: add sepolicy to allow gps access pps gpio 
Bug: 175086879
Test: no avc deny
Change-Id: I960940d7223c25732021ff4d92ae72255c044291
 2021-09-30 12:41:17 +08:00
Jenny Ho
948eeb2de5 sepolicy: add rule for new debug file node am: c8651e514c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15773285

Change-Id: I459d1f82f9680d87a2533568259cd54c11233d5f
 2021-09-27 15:57:26 +00:00
George Lee
2a4bce5b31 power_hal: add bcl file permission 
Bug: 201002339
Test: Local test and ensure proper ratio written via PowerHAL
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Ib0a3a5401312403ce870b9c4a4ca971f05c253e4
 2021-09-24 16:10:53 +00:00
Max Kogan
b92bc5f51c sepolicy: gs101: allow dumpstate to access AoC stats 
Add AoC DRAM votes to bugreports.

Bug: 198203507
Change-Id: I77addf15709fceb70514d552b9fa8553cb129a7c
 2021-09-23 17:52:51 -07:00
Jenny Ho
c8651e514c sepolicy: add rule for new debug file node 
W dumpstate@1.1-s: type=1400 audit(0.0:7): avc: denied { read } for name="logbuffer_maxfg_monitor" dev="tmpfs" ino=500 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 196755019
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Merged-In: I0ddf68d5e15fe8d77d8d61287f65621c14024f46
Change-Id: I0ddf68d5e15fe8d77d8d61287f65621c14024f46
 2021-09-23 23:29:29 +00:00
Roshan Pius
a3f040d2ac gs101-sepolicy: Rename hal_uwb -> hal_uwb_vendor 
Since we are now creating an AOSP HAL for uwb. Rename qorvo's internal
HAL to hal_uwb_vendor to avoid conflicts with the AOSP HAL sepolicy
rules.

Bug: 195308730
Test: Compiles
Change-Id: Ief48eacde68b062b2199b20c0c1bb3af23795240
Merged-In: Ief48eacde68b062b2199b20c0c1bb3af23795240
 2021-08-26 01:07:43 +00:00
Victor Liu
29aa981623 uwb: permissions for factory uwb calibration file 
add permission to:
copy factory uwb calib files from persist to /data/vendor/uwb
convert copied file to proper format for uwb stack to consume

Bug: 195659525
Signed-off-by: Victor Liu <victorliu@google.com>
Change-Id: I3e5282477fd391b483e03242ce0b806bd447dc54
Merged-In: I3e5282477fd391b483e03242ce0b806bd447dc54
 2021-08-25 19:14:10 +00:00
Roshan Pius
04fbca104c gs101-sepolicy: Rename hal_uwb -> hal_uwb_vendor 
Since we are now creating an AOSP HAL for uwb. Rename qorvo's internal
HAL to hal_uwb_vendor to avoid conflicts with the AOSP HAL sepolicy
rules.

Bug: 195308730
Test: Compiles
Change-Id: Ief48eacde68b062b2199b20c0c1bb3af23795240
Merged-In: Ief48eacde68b062b2199b20c0c1bb3af23795240
 2021-08-25 17:32:53 +00:00
davidycchen
c0922582bc Allow twoshay to access fwk_stats_service and system_server 
avc:  denied  { find } for pid=813 uid=0
name=android.frameworks.stats.IStats/default scontext=u:r:twoshay:s0
tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager

avc: denied { call } for scontext=u:r:twoshay:s0
tcontext=u:r:system_server:s0 tclass=binder

Bug: 179334953
Test: Make selinux_policy and push related files to the device.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: Ib95debbc9ce10919c5f935e8f70b340bb293b54a
Merged-In: Ib95debbc9ce10919c5f935e8f70b340bb293b54a
 2021-08-18 09:47:01 +08:00
Bart Van Assche
239bcceb78 Add the 'bdev_type' attribute to all block device types am: 37b5741301 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15517922

Change-Id: I19d709e960fe8ccf066bdbd20dc6817ee20e55d0
 2021-08-18 00:34:10 +00:00
Bart Van Assche
37b5741301 Add the 'bdev_type' attribute to all block device types 
The following patch introduces code that iterates over all block
devices:
https://android-review.googlesource.com/c/platform/system/core/+/1783847/9

The following patch grants 'init' and 'apexd' permission to iterate over
all block devices:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947

The above SELinux policy change requires to add the 'bdev_type'
attribute to all block devices. Hence this patch.

Bug: 194450129
Bug: 196982345
Test: Built Android images that include this change and verified that neither init nor apexd triggers any SELinux access denied errors.
Change-Id: I6ce1127f199c5b33812f15fe280d86594d7d7ebf
Signed-off-by: Bart Van Assche <bvanassche@google.com>
 2021-08-17 15:23:23 -07:00
Edmond Chung
c45a1b5828 Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev am: 7e581b9a7b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15584607

Change-Id: I97f8f143230d13f64b34ee11c7a46cfcc5f2f3f9
 2021-08-16 22:17:00 +00:00
Edmond Chung
7e581b9a7b Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev 2021-08-16 22:01:46 +00:00
Edmond Chung
6b30dbc54c gs101: Allow camera HAL to access interrupt handles 
This is to allow camera HAL to modify IRQ affinity for different use
cases.

Bug: 196058977
Test: Camera use cases
Change-Id: I498b0ac763b735d05299e1f4b09de14e131fd6e3
 2021-08-16 10:52:27 -07:00
Rick Yiu
1f4c69a11d gs101-sepolicy: Use untrusted_app_all for vendor_sched denials am: 2ef3daba50 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15531061

Change-Id: I54a069f83c389b69a73d9d4d64a34177ba652d1c
 2021-08-16 13:54:58 +00:00
Rick Yiu
2ef3daba50 gs101-sepolicy: Use untrusted_app_all for vendor_sched denials 
Use untrusted_app_all to cover all Use untrusted_app versions.

Bug: 196109806
Test: no untrusted_app denials for vendor_sched
Change-Id: Ic6426b26b8a05f8a0bc7e2a4a4a293b2988812d3
 2021-08-16 13:40:32 +00:00
Victor Liu
39b5815a1e allow uwb hal sys_nice access 
hardware.qorvo.: type=1400 audit(0.0:9): avc: denied { sys_nice } for capability=23 scontext=u:r:hal_uwb_default:s0 tcontext=u:r:hal_uwb_default:s0 tclass=capability permissive=0
hardware.qorvo.: type=1400 audit(0.0:9): avc: denied { setsched } for scontext=u:r:hal_uwb_default:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0

Bug: 196438549
Signed-off-by: Victor Liu <victorliu@google.com>
Change-Id: I742bae701cfcc7b4842cd63abbc8c275d82c8ba1
 2021-08-12 16:11:06 -07:00
Victor Liu
0c429efc07 uwb: allow uwb to access the radio service 
07-07 18:28:28.391   409   409 E SELinux : avc:  denied  { find } for pid=4609 uid=1083 name=isub scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0

Bug: 192833779
Test: on device, no avc denied message
Change-Id: I4a6b778dce6f493093d3a05683473bb60e9cfa5c
 2021-08-10 22:47:35 +00:00
Siqi Lin
df73384b2e Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-dev 2021-08-09 19:52:02 +00:00
TreeHugger Robot
cfcf725081 Merge "Add sepolicy to allow camera HAL to read display backlight" into sc-dev 2021-08-06 14:04:38 +00:00
Siqi Lin
57d81aa6c1 sepolicy: gs101: allow dumpstate to access AoC stats 
Add AP wakeups from AoC DRAM exceptions to bugreports.

Bug: 186456919
Change-Id: I31df82addf1b5024b8e33c6284e5da1f473ac5d9
 2021-08-05 10:47:13 -07:00
Alice Yang
0d7ab6ea8b Add sepolicy to allow camera HAL to read display backlight 
Add sepolicy to allow camera HAL to read display backlight to use in
gabc algorithm.

Bug: 187917645
Test: build pass,  go/p21-camera-test-checklist
Change-Id: I628ee2dedd48dd1360d0818137ba9139ae194029
 2021-08-03 16:31:12 +00:00
Charles Chiu
718a856e26 Allow init to set Camera properties. 
Test: Camera CTS
Bug: 194656156

Change-Id: I2f8f89a02984bfb9fea96df7b0a1d4150c9fdd8d
 2021-08-02 23:21:14 +08:00
Mark Chang
f7fa1fa877 Merge "[DO NOT MERGE] sepolicy: Add "dontaudit" for twoshay dac_override." into sc-dev 2021-07-31 00:01:26 +00:00
Mark Chang
a1aab562ca [DO NOT MERGE] sepolicy: Add "dontaudit" for twoshay dac_override. 
Bug: 193224954
Test: build pass and boot to home
Signed-off-by: Mark Chang <changmark@google.com>
Change-Id: I5c330564cc026e113c5d33d5d093dbcdb3ede5e4
 2021-07-30 01:49:59 +00:00
Jaineel Mehta
0474bcf10e Add vendor SELinux denial to allowlist 
Change-Id: If7435e9c62811ef3c9757f22f06018c32a8d3597
Test: None
Bug: 194281028
 2021-07-29 21:23:34 +00:00
TreeHugger Robot
750888bc5b Merge "gs101: Allow camera hal to create file in persist camera folder" into sc-dev 2021-07-29 08:40:36 +00:00
Michael Eastwood
9bfbb3c0d4 Merge "Allow hal_dumpstate_default to access vendor_camera_debug_prop" into sc-dev 2021-07-28 21:36:38 +00:00
Michael Eastwood
30bd5e8ed6 Allow hal_dumpstate_default to access vendor_camera_debug_prop 
Bug: 193365129
Test: atest com.google.android.selinux.pts.SELinuxTest#scanBugreport
Change-Id: I43e389d46e8116844bb9ca4259e5ea28e86c50f4
 2021-07-27 17:22:47 -07:00
TreeHugger Robot
fead41d573 Merge "Add AoC wakeup stats to dump state" into sc-dev 2021-07-27 19:23:06 +00:00