Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4550 commits 1 branch 0 tags 494 MiB
Commit graph

4550 commits

This branch
This branch
All branches
Author SHA1 Message Date
TreeHugger Robot
1cf98386f6 Merge "update error on ROM 7228492" into sc-dev 2021-03-23 11:16:22 +00:00
Hongbo Zeng
4211025746 Fix denials for ril_config_service_app 
- RilConfigService is a common google project in vendor/google/tools,
  sync related rules from the previous project(ag/6697240, ag/7153946)
  to allow it to:
  (1) receive intents
  (2) update database files under /data/vendor/radio
  (3) update RIL properties
- Two new denials found in this project only:
  avc: denied { search } for name="data" dev="dm-7" ino=93
      scontext=u:r:ril_config_service_app:s0
      tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=1
  avc: denied { search } for name="0" dev="dm-7" ino=192
      scontext=u:r:ril_config_service_app:s0
      tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=1

Bug: 182715439
Test: apply these rules and check there is no denial for
      RilConfigService finally
Change-Id: Icfb0e121d0d11600bda900dff0511187518105ab
 2021-03-23 17:22:33 +08:00
labib
6516f369ff Add se-policy for new GRIL service and RadioExt hal APIs 
Bug: 172294179
Change-Id: I556657928caa441b3530bb371902d5f4ce0be257
 2021-03-23 09:20:18 +00:00
Adam Shih
b182a7166e permission required for adb sideload to work am: fd45b5ef27 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13960252

Change-Id: Ib93eae652d1e1c3cf636a3e53cd0593ade481c64
 2021-03-23 08:40:29 +00:00
SalmaxChang
b4fbecb9fb modem_svc_sit: Fix avc errors 
avc: denied { search } for comm="modem_svc_sit" name="vendor" dev="tmpfs" ino=2 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir
avc: denied { write open } for path="/mnt/vendor/modem_userdata/replay/dds.bin" dev="sda7" ino=14 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=file
avc: denied { remove_name } for name="dds.bin" dev="sda7" ino=14 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir

Bug: 183467321
Change-Id: Ic5b8fcf324bb0a8b0f6312b3ae755d73a53f0e9c
 2021-03-23 15:11:38 +08:00
Adam Shih
01376cbe06 update error on ROM 7228492 
Bug: 183467306
Bug: 183467321
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia8473c1a4e1f56cc52bc765dea56e3bc497c7cc9
 2021-03-23 15:11:24 +08:00
Adam Shih
fd45b5ef27 permission required for adb sideload to work 
Bug: 183174452
Test: do adb sideload under enforcing mode
Change-Id: I2ba05b22729894d2677859fd33a6370f2ff9d409
 2021-03-23 14:23:44 +08:00
TreeHugger Robot
22ab0cc731 Merge "permissions required for OTA" into sc-dev am: 9c46632091 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13960245

Change-Id: I2b125c5603680ecbea34ceb6ef0ccf89533540aa
 2021-03-23 05:08:23 +00:00
TreeHugger Robot
9c46632091 Merge "permissions required for OTA" into sc-dev 2021-03-23 04:45:37 +00:00
Krzysztof Kosiński
f6fddb20ad Merge "Add lazy service binary to hal_camera_default domain." into sc-dev am: 61e515e4ce 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13957807

Change-Id: I10fa91098ff56ab9ef01409647f097ca484bc41f
 2021-03-23 02:09:47 +00:00
Adam Shih
7314a7b522 permissions required for OTA 
Bug: 183174452
Test: do OTA under enforcing mode
Change-Id: I0edf7703713e24351f57ef0e68096ca03c59e6f8
 2021-03-23 09:49:02 +08:00
Krzysztof Kosiński
61e515e4ce Merge "Add lazy service binary to hal_camera_default domain." into sc-dev 2021-03-23 01:31:50 +00:00
Krzysztof Kosiński
d02e73b966 Add lazy service binary to hal_camera_default domain. 
Avoids denial logs from init on service (re)start. See bug for
details.

Bug: 183441948
Test: Restarted the service
Change-Id: I9ee9b8099d2ffae4d6a115552800fa844c192132
 2021-03-22 16:25:57 -07:00
TreeHugger Robot
123411f826 Merge "allow bootctl to read devinfo" into sc-dev am: 8d9094345e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13946008

Change-Id: I079480b87535460a59f3eff2164e5f73f3b466d8
 2021-03-22 14:25:43 +00:00
TreeHugger Robot
b7322c9c6b Merge "update error on ROM 7225160" into sc-dev am: df64c08266 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13944228

Change-Id: I7f4fbec0c249cc02ceb8f853a1f309c1f5096dc0
 2021-03-22 13:56:52 +00:00
David Li
da5e908d0f Merge "audio: add /dev/acd-audio_dcdoff_ref for audio effect visualizer" into sc-dev am: 6dce033807 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13921067

Change-Id: I16da30f8f4d31bcfcd1697a33bdb976d903ae684
 2021-03-22 13:54:42 +00:00
TreeHugger Robot
8d9094345e Merge "allow bootctl to read devinfo" into sc-dev 2021-03-22 09:16:23 +00:00
Adam Shih
f05cdba220 allow bootctl to read devinfo 
Bug: 182705986
Test: boot with no relevant log found
Change-Id: I6d4c699fe1492f8fbcd5b8a9ba98da2fade57bd7
 2021-03-22 16:10:22 +08:00
TreeHugger Robot
df64c08266 Merge "update error on ROM 7225160" into sc-dev 2021-03-22 02:52:56 +00:00
David Li
6dce033807 Merge "audio: add /dev/acd-audio_dcdoff_ref for audio effect visualizer" into sc-dev 2021-03-22 02:07:33 +00:00
Adam Shih
38e55f2331 update error on ROM 7225160 
Bug: 183338483
Bug: 183338543
Bug: 183338421
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I16548c00f2a2c38b190664a5cc20ae67d04a8454
 2021-03-22 09:52:45 +08:00
Christine Franks
a334f079cc Add uhid access for exo 
This is required to write input events to /dev/uinput.

Bug: 182854143
Test: n/a
Change-Id: Icd9714a61be62d40d1b3e5e9d7dcb33ce5f0bf6b
 2021-03-19 23:31:08 +00:00
Alex Hong
b640326154 Add the sepolicy for UWB hal 
Bug: 182727934
Test: $ make selinux_policy
      Push SELinux modules and check the denials during boot
Change-Id: I630e6e353897a85d1b90c7d8a4250703a4c3a245
 2021-03-19 21:42:07 +08:00
TreeHugger Robot
8d7d184bcf Merge "remove workaround as vendor_init is ready" into sc-dev am: 9225f4e5d0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13921069

Change-Id: Ia0d7bf18a52ff1069fc692e270eb79837290af2e
 2021-03-19 07:24:08 +00:00
TreeHugger Robot
9225f4e5d0 Merge "remove workaround as vendor_init is ready" into sc-dev 2021-03-19 06:43:54 +00:00
Adam Shih
42bd5867e8 Merge "label missing vibrator sys nodes" into sc-dev am: 3f6e2bba41 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13908553

Change-Id: I7f44920dd91712c201a8fc55d15ee89ab405dcbb
 2021-03-19 06:05:41 +00:00
Adam Shih
3f6e2bba41 Merge "label missing vibrator sys nodes" into sc-dev 2021-03-19 05:32:27 +00:00
TreeHugger Robot
78976ea7e1 Merge "Add sepolicy rules for fingerprint hal" into sc-dev am: fc6b81d188 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13918107

Change-Id: Ib09464497cc1b3c366ff2939b5885d565069d15d
 2021-03-19 05:01:34 +00:00
TreeHugger Robot
fc6b81d188 Merge "Add sepolicy rules for fingerprint hal" into sc-dev 2021-03-19 04:37:58 +00:00
TreeHugger Robot
c197961ab5 Merge "update error on ROM 7219510" into sc-dev am: 4eba688673 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13921068

Change-Id: Ia35cde269940c847ec6e064c845bad98c5c4d595
 2021-03-19 04:23:51 +00:00
TreeHugger Robot
a5cfd7aaab Merge "power: Add policy to access sysfs_bcl" into sc-dev am: 46b51cd204 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13876026

Change-Id: I829fe7b028908f791e72fd551b1d24bd92c880c3
 2021-03-19 04:23:17 +00:00
Adam Shih
ac6b1273e4 remove workaround as vendor_init is ready 
Bug: 171942789
Test: boot under enforcing ROM
Change-Id: If4bb070ecf2272dd927ceaeda1882d2fad62b4c3
 2021-03-19 11:58:39 +08:00
TreeHugger Robot
4eba688673 Merge "update error on ROM 7219510" into sc-dev 2021-03-19 03:51:31 +00:00
Kris Chen
09996bc810 Add sepolicy rules for fingerprint hal 
Fixes the following avc denials:
03-18 11:23:15.692   956   956 I android.hardwar: type=1400 audit(0.0:7): avc: denied { read write } for name="trusty-ipc-dev0" dev="tmpfs" ino=691 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1
03-18 11:23:15.692   956   956 I android.hardwar: type=1400 audit(0.0:8): avc: denied { open } for path="/dev/trusty-ipc-dev0" dev="tmpfs" ino=691 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1
03-18 11:23:15.692   956   956 I android.hardwar: type=1400 audit(0.0:9): avc: denied { ioctl } for path="/dev/trusty-ipc-dev0" dev="tmpfs" ino=691 ioctlcmd=0x7280 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1
03-18 11:40:56.072   973   973 I fingerprint@2.1: type=1400 audit(0.0:39): avc: denied { search } for name="battery" dev="sysfs" ino=66502 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
03-18 11:40:56.072   973   973 I fingerprint@2.1: type=1400 audit(0.0:40): avc: denied { read } for name="temp" dev="sysfs" ino=66520 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
03-18 11:40:56.072   973   973 I fingerprint@2.1: type=1400 audit(0.0:41): avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/temp" dev="sysfs" ino=66520 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
03-18 14:11:23.476   979   979 I fingerprint@2.1: type=1400 audit(0.0:13): avc: denied { search } for name="battery" dev="sysfs" ino=66502 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
03-18 12:03:08.248   978   978 I android.hardwar: type=1400 audit(0.0:9): avc: denied { create } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1
03-18 12:03:08.248   978   978 I android.hardwar: type=1400 audit(0.0:10): avc: denied { bind } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1
03-18 12:03:08.248   978   978 I android.hardwar: type=1400 audit(0.0:11): avc: denied { write } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1
03-18 12:03:08.248   978   978 I android.hardwar: type=1400 audit(0.0:12): avc: denied { read } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1
03-18 12:56:30.446   404   404 E SELinux : avc:  denied  { add } for interface=vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon sid=u:r:hal_fingerprint_default:s0 pid=967 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=1

Bug: 171943101
Test: No above avc denials in logcat.
Change-Id: I67b397f86c39625b77ebe6d32d37e42cd87b3f93
 2021-03-19 03:41:18 +00:00
TreeHugger Robot
46b51cd204 Merge "power: Add policy to access sysfs_bcl" into sc-dev 2021-03-19 03:39:32 +00:00
Adam Shih
8d2feed7ed label missing vibrator sys nodes 
Bug: 182954060
Test: boot with no avc error found
Change-Id: I1ffd97c6646d106c88efe36bfb4483ae44415eaa
 2021-03-19 11:14:36 +08:00
TreeHugger Robot
71f0fd6e55 Merge "Allow fingerprint hal to access fingerprint device" into sc-dev am: 9a865e84c7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13918106

Change-Id: I7f56e90224fe24568d84bcdd4a6a91deed3194bb
 2021-03-19 03:08:00 +00:00
George Lee
9c3d77d088 power: Add policy to access sysfs_bcl 
Bug: 180620276
Test: adb bugreport
dumpstate_board.txt shows:
------ BCL (/sys/devices/virtual/pmic/mitigation/triggered_stats) ------
Source    	Count	Last Triggered	Last SOC	Last Voltage
smpl_warn      	0	0		0		0
ocp_cpu1       	0	0		0		0
ocp_cpu2       	0	0		0		0
soft_ocp_cpu1  	0	0		0		0
soft_ocp_cpu2  	0	0		0		0
ocp_tpu        	0	0		0		0
soft_ocp_tpu   	0	0		0		0
pmic_120c      	0	0		0		0
pmic_140c      	0	0		0		0
pmic_overheat  	0	0		0		0
ocp_gpu        	0	0		0		0
soft_ocp_gpu   	0	0		0		0

------ IF PMIC (/sys/devices/virtual/pmic/max77759-mitigation/triggered_stats) ------
Source    	Count	Last Triggered	Last SOC	Last Voltage
VDROOP1        	0	0		0		0
VDROOP2        	0	0		0		0
BATOILO        	0	0		0		0

Signed-off-by: George Lee <geolee@google.com>
Change-Id: If7874e19b8202175071d474502e77748168565ce
 2021-03-19 02:56:32 +00:00
Adam Shih
857ea2e064 update error on ROM 7219510 
Bug: 183161715
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Id5c7856e7b77600f47df652a95ac342f11c924f5
 2021-03-19 10:52:09 +08:00
TreeHugger Robot
9a865e84c7 Merge "Allow fingerprint hal to access fingerprint device" into sc-dev 2021-03-19 02:19:59 +00:00
David Li
fa11af6a07 audio: add /dev/acd-audio_dcdoff_ref for audio effect visualizer 
Set /dev/acd-audio_dcdoff_ref as u:object_r:aoc_device:s0
crw-rw---- 1 system audio u:object_r:aoc_device:s0  500,  29 2021-03-18 22:19 /dev/acd-audio_dcdoff_ref

Bug: 180984363
Bug: 165719427
Test: make -j128
Test: ls -alZ /dev/acd-audio_dcdoff_ref
Change-Id: If7cd3ef99885730287648afebb222d4f925d325e
 2021-03-19 10:10:49 +08:00
Kris Chen
10fda56cd1 Allow fingerprint hal to access fingerprint device 
Fixes the following avc denials:
03-18 10:57:10.612   947   947 I android.hardwar: type=1400 audit(0.0:8): avc: denied { open } for path="/dev/goodix_fp" dev="tmpfs" ino=482 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
03-18 10:57:10.632   947   947 I android.hardwar: type=1400 audit(0.0:9): avc: denied { ioctl } for path="/dev/goodix_fp" dev="tmpfs" ino=482 ioctlcmd=0x6707 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
03-18 10:57:13.672   947   947 I android.hardwar: type=1400 audit(0.0:14): avc: denied { ioctl } for path="/dev/goodix_fp" dev="tmpfs" ino=482 ioctlcmd=0x6706 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
03-18 10:57:32.704   947   947 I HwBinder:947_1: type=1400 audit(0.0:26): avc: denied { ioctl } for path="/dev/goodix_fp" dev="tmpfs" ino=482 ioctlcmd=0x6705 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Bug: 171943101
Test: No above avc denials in logcat.
Change-Id: I254a01a2c11fcaba9ad3f387862a8d0ddafffd38
 2021-03-18 19:23:54 +08:00
TreeHugger Robot
005b56dc05 Merge "sepolicy: fix usb hal selinux permission" into sc-dev am: 2433a82427 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13899365

Change-Id: Iec98ad83437265a5b557eaaddc22d52dd7fe0269
 2021-03-18 06:20:40 +00:00
TreeHugger Robot
2433a82427 Merge "sepolicy: fix usb hal selinux permission" into sc-dev 2021-03-18 05:47:52 +00:00
SalmaxChang
4393badd84 Update vendor_modem_prop and add rules for mds am: 2797490192 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13895427

Change-Id: Id23adbbf9cbf6cb7dcb76632cca5adfba44e369b
 2021-03-18 05:27:50 +00:00
SalmaxChang
2797490192 Update vendor_modem_prop and add rules for mds 
Bug: 181185131
Change-Id: Ie709e08152d23428a687c949359316206843b9fa
 2021-03-18 04:48:19 +00:00
TreeHugger Robot
ddd3cf4514 Merge changes I15473321,Id60bb2e8 into sc-dev am: 8a191daf92 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13908551

Change-Id: I59cf2780c00e6b9b524edf0bdd7ef20c7ecc796b
 2021-03-18 04:28:48 +00:00
TreeHugger Robot
8a191daf92 Merge changes I15473321,Id60bb2e8 into sc-dev 
* changes:
  remove obsolete entries
  update error on ROM 7216638
 2021-03-18 04:02:01 +00:00
Ines Ayara
7a8dcc0893 Merge "Add "libedgetpu_darwinn2.so" library duplicate to be used for external launch." into sc-dev am: 338d324e5a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13904945

Change-Id: I43397196ba9d57b84bde59d1f0034b8f68052810
 2021-03-18 03:41:15 +00:00
Ines Ayara
338d324e5a Merge "Add "libedgetpu_darwinn2.so" library duplicate to be used for external launch." into sc-dev 2021-03-18 02:54:19 +00:00