Commit graph

4550 commits

Author SHA1 Message Date
TreeHugger Robot
2391c852bd Merge "Add sepolicy for sensor HAL accessing AOC sysfs node." into sc-dev 2021-05-03 07:42:00 +00:00
sukiliu
58238158ab Update avc error on ROM 7330059
Bug: 187014717
Bug: 187015705
Bug: 187015816
Test: PtsSELinuxTestCases
Change-Id: I2d79fee24d18865090cd350485daea4e66bb5184
2021-05-03 15:25:20 +08:00
Eddie Lan
4099526a9b Merge "Add sepolicy for fpc AIDL HAL" into sc-dev am: 2d4071ca8c am: 94500a15a8
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14282485

Change-Id: Ie278a85d9ab89a3773bb0f9488bd61d977e4c1d7
2021-05-03 04:33:12 +00:00
Eddie Lan
94500a15a8 Merge "Add sepolicy for fpc AIDL HAL" into sc-dev am: 2d4071ca8c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14282485

Change-Id: I6803cbc12ccf7eb331ceb98eeae12a23e7d0b77d
2021-05-03 04:06:44 +00:00
Eddie Lan
0727a341dd Merge "Add sepolicy for fpc AIDL HAL" into sc-dev am: 2d4071ca8c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14282485

Change-Id: I05395504ff6d04b5a7fa0707084872525fcec39c
2021-05-03 04:02:39 +00:00
Eddie Lan
cc4e6fa558 Merge "Add sepolicy for fpc AIDL HAL" into sc-dev am: 2d4071ca8c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14282485

Change-Id: Ic89331057d89747796ed29741091a0d79d9e6fd3
2021-05-03 04:02:34 +00:00
TreeHugger Robot
55abb63383 Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev am: 1256869c5c am: e72dd4fc97
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14391698

Change-Id: I9f4587cdb1a6597ce86ff203a7418dc9cd1fa0eb
2021-05-03 03:50:10 +00:00
Eddie Lan
2d4071ca8c Merge "Add sepolicy for fpc AIDL HAL" into sc-dev 2021-05-03 03:48:40 +00:00
TreeHugger Robot
e72dd4fc97 Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev am: 1256869c5c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14391698

Change-Id: I7c45dee73fa499b2188126ec642c64e6921a6999
2021-05-03 03:36:00 +00:00
TreeHugger Robot
fdbbf28fa0 Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev am: 1256869c5c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14391698

Change-Id: I496ba2c956296cc09ef3115fafe5d6c1af589b5e
2021-05-03 03:31:35 +00:00
TreeHugger Robot
d9ca54da9b Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev am: 1256869c5c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14391698

Change-Id: Ied6ebf69ba45c5a50a9ba35703b1cee14c31fa05
2021-05-03 03:31:31 +00:00
TreeHugger Robot
1256869c5c Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev 2021-05-03 03:19:23 +00:00
Hridya Valsaraju
1711a2d5c7 Provide fastbootd permissions to invoke the set_active command
These permissions fix the following denials:
[   66.641731][   T59] audit: type=1400 audit(1619815760.952:17): avc:
denied  { open } for  pid=360 comm="fastbootd" path="/dev/block/sdd1"
dev="tmpfs" ino=416 scontext=u:r:fastbootd:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file permissive=1
[   66.664509][   T59] audit: type=1400 audit(1619815760.952:18): avc:
denied  { write } for  pid=360 comm="fastbootd" name="sdd1" dev="tmpfs"
ino=416 scontext=u:r:fastbootd:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file permissive=1
[   66.686431][   T59] audit: type=1400 audit(1619815760.952:19): avc:
denied  { read write } for  pid=360 comm="fastbootd"
name="boot_lun_enabled" dev="sysfs" ino=57569 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
[   66.708623][   T59] audit: type=1400 audit(1619815760.952:20): avc:
denied  { open } for  pid=360 comm="fastbootd"
path="/sys/devices/platform/14700000.ufs/pixel/boot_lun_enabled"
dev="sysfs" ino=57569 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
[   56.680861][   T59] audit: type=1400 audit(1619806507.020:10): avc:
denied  { read write } for  pid=357 comm="fastbootd" name="sda"
dev="tmpfs" ino=476 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file permissive=0

Test: fastboot set_active
Bug: 185955438
Change-Id: I9339b2a5f2a00c9e1768f479fdeac2e1f27f04bc
2021-04-30 14:37:58 -07:00
TreeHugger Robot
8114fd6b37 Merge "Remove platform certification from imsservice" into sc-dev am: 6a5cfd86f5 am: 0adcb526f5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14343989

Change-Id: I06e4f93716fda0ac8b84009ed3308ad7c73a5eaf
2021-04-30 17:15:25 +00:00
TreeHugger Robot
2ab009f72e Merge "Update gs101 sepolicy for contexthub HAL" into sc-dev am: ff7948fc48 am: 5c14296690
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14354723

Change-Id: Ia3db2de242cd75c840f8cf2fa1283e683f9bccd6
2021-04-30 17:15:16 +00:00
TreeHugger Robot
0d8edba50f Merge "Remove platform certification from imsservice" into sc-dev am: 6a5cfd86f5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14343989

Change-Id: Ib5bd0d2f54aa7d4133bdfe5ab2ffaf16936716f4
2021-04-30 17:14:29 +00:00
TreeHugger Robot
b33a1a4042 Merge "Remove platform certification from imsservice" into sc-dev am: 6a5cfd86f5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14343989

Change-Id: I846fdc99e252a3af2f9307e4e988f16d5eaa4b4c
2021-04-30 17:12:29 +00:00
TreeHugger Robot
0adcb526f5 Merge "Remove platform certification from imsservice" into sc-dev am: 6a5cfd86f5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14343989

Change-Id: I6c66e6103c284a46e57efb5760226139e8e2a965
2021-04-30 17:01:41 +00:00
TreeHugger Robot
6a5cfd86f5 Merge "Remove platform certification from imsservice" into sc-dev 2021-04-30 16:55:56 +00:00
TreeHugger Robot
5c14296690 Merge "Update gs101 sepolicy for contexthub HAL" into sc-dev am: ff7948fc48
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14354723

Change-Id: Ibba6e73ddecc5a7984dc59900f256ad9a1ff114f
2021-04-30 16:54:08 +00:00
TreeHugger Robot
2d1988d06d Merge "Update gs101 sepolicy for contexthub HAL" into sc-dev am: ff7948fc48
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14354723

Change-Id: I5d18bfc7ec389676856b19c0d78b88bafb185f85
2021-04-30 16:52:14 +00:00
TreeHugger Robot
81e7e0d374 Merge "Update gs101 sepolicy for contexthub HAL" into sc-dev am: ff7948fc48
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14354723

Change-Id: I2c1056d41a703ebc09ae20ee5b196da88ae3a34a
2021-04-30 16:49:38 +00:00
TreeHugger Robot
ff7948fc48 Merge "Update gs101 sepolicy for contexthub HAL" into sc-dev 2021-04-30 16:34:37 +00:00
TreeHugger Robot
b93162946f Merge "sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes" into sc-dev am: c134ed985a am: 521d0635f1
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14357213

Change-Id: Ie9b502d89ed42909718e2672b9c6a9698778f6df
2021-04-29 23:44:10 +00:00
TreeHugger Robot
521d0635f1 Merge "sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes" into sc-dev am: c134ed985a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14357213

Change-Id: Idd9f94fa544f5a2248cc68f8bb93e1bd155fb8f0
2021-04-29 23:14:57 +00:00
TreeHugger Robot
56305a9427 Merge "sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes" into sc-dev am: c134ed985a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14357213

Change-Id: I3baf533b80ea3e44e0e8e4ee91a8c985bec93a58
2021-04-29 23:07:38 +00:00
TreeHugger Robot
61f2e4ad4a Merge "sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes" into sc-dev am: c134ed985a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14357213

Change-Id: Ie77154a8220419986654f288ece820c1edc56606
2021-04-29 23:07:37 +00:00
TreeHugger Robot
c134ed985a Merge "sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes" into sc-dev 2021-04-29 22:48:22 +00:00
TreeHugger Robot
5757ee6b22 Merge "change persist.camera to persit.vendor.camera" into sc-dev am: 2c4b0fd96a am: 52ba04007b
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14356785

Change-Id: I3f4322bae0bf65813cc63d2cf3e664f6d2ffc582
2021-04-29 22:14:24 +00:00
TreeHugger Robot
82f13cbf48 Merge "change persist.camera to persit.vendor.camera" into sc-dev am: 2c4b0fd96a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14356785

Change-Id: Id34f09b33da5cc62d6958fe3fad3952b5cd319a7
2021-04-29 21:46:21 +00:00
TreeHugger Robot
52ba04007b Merge "change persist.camera to persit.vendor.camera" into sc-dev am: 2c4b0fd96a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14356785

Change-Id: Idb7fed4b35a5342936aa4247c79a20077ca82083
2021-04-29 21:44:32 +00:00
TreeHugger Robot
43c5bf6ed6 Merge "change persist.camera to persit.vendor.camera" into sc-dev am: 2c4b0fd96a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14356785

Change-Id: I8ece2241cea3bf27a1fa7294b29703f56030f27f
2021-04-29 21:42:50 +00:00
Oleg Matcovschi
963848fdaa sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes
Bug: 186788772
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I9cc44571eb5c8f52d6307bff9cb77f08712c5404
2021-04-29 14:34:55 -07:00
TreeHugger Robot
2c4b0fd96a Merge "change persist.camera to persit.vendor.camera" into sc-dev 2021-04-29 21:26:12 +00:00
Lida Wang
bb7ae85a0d change persist.camera to persit.vendor.camera
Bug: 186670529
Change-Id: I3a6d4202ec2b90cc0ce9cc9ba62d2cf2ce3a5c29
2021-04-29 13:18:01 -07:00
Anthony Stange
836f25d64b Update gs101 sepolicy for contexthub HAL
Bug: 168941570
Test: Load nanoapp via HAL
Change-Id: If133a3290e4fc02677523d737980ee5944885c36
2021-04-29 16:59:36 +00:00
TreeHugger Robot
25566f87c3 Merge "Add sepolicy for sensor HAL to read lhbm" into sc-dev am: 7a4cd3a6e0 am: 18525b89e6
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14299201

Change-Id: Icac3459a27db13bec70cfbeeca2198a29e85aec1
2021-04-29 16:58:00 +00:00
TreeHugger Robot
18525b89e6 Merge "Add sepolicy for sensor HAL to read lhbm" into sc-dev am: 7a4cd3a6e0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14299201

Change-Id: Ib1331ad73723ea5518f0e80d0a52f64d008255a8
2021-04-29 16:33:03 +00:00
TreeHugger Robot
0071fe0bc0 Merge "Add sepolicy for sensor HAL to read lhbm" into sc-dev am: 7a4cd3a6e0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14299201

Change-Id: I9bb9d0d61ba1cf7525c0231e5177318501c5d0ae
2021-04-29 16:31:59 +00:00
TreeHugger Robot
04b1f2cdec Merge "Add sepolicy for sensor HAL to read lhbm" into sc-dev am: 7a4cd3a6e0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14299201

Change-Id: I92d60c2f1f068b48df1b10ff852858b560127dfe
2021-04-29 16:31:33 +00:00
TreeHugger Robot
7a4cd3a6e0 Merge "Add sepolicy for sensor HAL to read lhbm" into sc-dev 2021-04-29 15:48:15 +00:00
Taesoon Park
b6f2b0bad9 Remove platform certification from imsservice
The platform certification is removed form com.shannon.imsservice.
So, remove seinfo from com.shannon.imsservice item.

Bug: 186135657
Test: VoLTE and VoWiFi

Signed-off-by: Taesoon Park <ts89.park@samsung.com>
Change-Id: Ie493abfd7a146766ad819bb7a5240d9f1e2f1d0e
2021-04-29 11:28:08 +08:00
Chia-Ching Yu
3f91d6417a Add sepolicy for sensor HAL to read lhbm
04-23 08:54:18.000   742   742 I /vendor/bin/hw/android.hardware.sensors@2.0-service.multihal: type=1400 audit(0.0:23): avc: denied { read } for comm=504F5349582074696D6572203430 name="local_hbm_mode" dev="sysfs" ino=70515 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=1

Bug: 181617640
Test: Forrest build with this patch(ab/P22167685).
      No local_hbm_mode related avc deined log.
Change-Id: Ibac3317cbca8652885310b1f5af8f4ea4d44a5c4
2021-04-29 03:00:19 +00:00
TreeHugger Robot
cbce7f27e3 Merge "Fix android.hardware.drm@1.4-service.clearkey label" into sc-dev am: 7ecd67743c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14340676

Change-Id: I161a70490c9e985c731c4880cce9b0aeda19276f
2021-04-28 23:12:22 +00:00
TreeHugger Robot
c17392b08c Merge "Fix android.hardware.drm@1.4-service.clearkey label" into sc-dev am: 7ecd67743c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14340676

Change-Id: I968ae5379dbe36e54eb931712083f969ead85522
2021-04-28 23:10:56 +00:00
TreeHugger Robot
7ecd67743c Merge "Fix android.hardware.drm@1.4-service.clearkey label" into sc-dev 2021-04-28 22:26:38 +00:00
Victor Liu
2d6895ee81 Merge "uwb: allow uwb service to access nfc service" into sc-dev am: 247097a000
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14281933

Change-Id: I25542ed6cc608427679b8b347d6e60aaad7d9014
2021-04-28 21:22:23 +00:00
Victor Liu
e8b972be35 Merge "uwb: allow uwb service to access nfc service" into sc-dev am: 247097a000
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14281933

Change-Id: Ie088c98ae196ebc9982808b0140494c30618eb03
2021-04-28 21:19:21 +00:00
Victor Liu
247097a000 Merge "uwb: allow uwb service to access nfc service" into sc-dev 2021-04-28 20:49:50 +00:00
Chris Fries
2d2adb3e56 Fix android.hardware.drm@1.4-service.clearkey label
Bug: 186617617
Change-Id: Icad8008686ef57d4b6c3fca27af41e2b2991f74f
2021-04-28 14:40:02 -05:00