device_google_gs101

Author	SHA1	Message	Date
Adam Shih	cf96663690	label power.stats-vendor properly Bug: 182320246 Test: boot with power.stats-vendor labeled Change-Id: Icc3ff763be1a23e8f3e9d1ed076fcb5c74401abe	2021-03-15 10:21:24 +08:00
Adam Shih	45e33146f1	Allow bluetooth hal to get boot status [ 5.299448] type=1400 audit(1615772363.892:3): avc: denied { read } for comm="bluetooth@1.1-s" name="u:object_r:boot_status_prop:s0" dev="tmpfs" ino=81 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:boot_status_prop:s0 tclass=file permissive=1 Bug: 171942789 Test: boot and see such log no longer appear Change-Id: Ib27585183be1ba9913b5f0620d987f26fad663e0	2021-03-15 09:41:48 +08:00
Adam Shih	36e82d438a	update error on ROM 7207833 Bug: 182706078 Bug: 182705863 Bug: 182705986 Bug: 182705901 Test: pts-tradefed run pts -m PtsSELinuxTest Change-Id: I37728b3b475998668f37d50a70ce980eeff70a63	2021-03-15 09:26:46 +08:00
Benjamin Schwartz	7615ee47bf	Merge "whitechapel: Correct acpm_stats path" into sc-dev am: `aa41c84ad1` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13840133 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I886976749073f18187b74bd6030bdabdd0dbee7f	2021-03-12 18:11:53 +00:00
Benjamin Schwartz	aa41c84ad1	Merge "whitechapel: Correct acpm_stats path" into sc-dev	2021-03-12 17:41:35 +00:00
TreeHugger Robot	0e272c63ed	Merge "allow init to mount modem_img" into sc-dev am: `3b10aeadae` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839800 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Icd3cac3c5d48ea9e1c438cad2a8c8564ab20a378	2021-03-12 06:49:17 +00:00
TreeHugger Robot	3b10aeadae	Merge "allow init to mount modem_img" into sc-dev	2021-03-12 06:01:50 +00:00
Wen Chang Liu	8cbf2bcb97	Merge changes Ie0ed96d7,Id7f43fe1 into sc-dev am: `e72c30346f` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839790 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I3c68b42795c4b0b2cfd9510a9b393c80f2f9bc81	2021-03-12 05:51:09 +00:00
Wen Chang Liu	e72c30346f	Merge changes Ie0ed96d7,Id7f43fe1 into sc-dev * changes: Add sepolicy for BigOcean device Add sepolicy for MFC device	2021-03-12 05:41:08 +00:00
Andy Chou	4a1b96d9aa	Merge "Fix cuttlefish test fail due to sepolicy of Exo" into sc-dev am: `737059042f` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839799 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I0d271ce84e87f4042bd8cb95a3bea881377dc2ae	2021-03-12 05:35:47 +00:00
TreeHugger Robot	71f2717803	Merge "update error on ROM 7202683" into sc-dev am: `8e2430d151` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839797 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I4051250e1e3ce7dfb7ce181004f91030827cd1c8	2021-03-12 05:32:33 +00:00
Andy Chou	737059042f	Merge "Fix cuttlefish test fail due to sepolicy of Exo" into sc-dev	2021-03-12 05:32:18 +00:00
TreeHugger Robot	8e2430d151	Merge "update error on ROM 7202683" into sc-dev	2021-03-12 05:19:01 +00:00
Sung-fang Tsai	56c3a11f4a	Merge "Mark lib_aion_buffer and related library as same_process_hal_file" into sc-dev am: `1bcf7d412a` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824574 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ibbde6769b1760f55c920600c969b46d2ddb06375	2021-03-12 05:11:49 +00:00
Adam Shih	fdeedcba65	allow init to mount modem_img Bug: 182524202 Bug: 182524203 Test: modem_img is mounted under enforcing mode Change-Id: Ie5448468d4d7f1ad6acdd2c93055bba9001185d1	2021-03-12 12:54:22 +08:00
Sung-fang Tsai	1bcf7d412a	Merge "Mark lib_aion_buffer and related library as same_process_hal_file" into sc-dev	2021-03-12 04:18:59 +00:00
Vova Sharaienko	c3ec7bbf3e	Merge "Stats: new sepolicy for the AIDL service" into sc-dev am: `175c2eaa31` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13845133 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I981065070c26b2fa74d862cddbf551e03a426379	2021-03-12 03:54:09 +00:00
TreeHugger Robot	73df265217	Merge "Add atc sysfs permission for composer service" into sc-dev am: `1dd171b66f` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839786 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I90a0f6f3633e9e83aa1052f82630778acf43dd1d	2021-03-12 03:53:33 +00:00
andychou	9e582d4bc3	Fix cuttlefish test fail due to sepolicy of Exo Need to grant gpu_device dir search permission and device_config_runtime_native_boot_prop for testing. Bug: 182445508 Test: atest ExoTests pass on Cuttlefish Change-Id: Ia4c27efa2a900a3781301de19ab38209f818aba1	2021-03-12 11:41:24 +08:00
Vova Sharaienko	175c2eaa31	Merge "Stats: new sepolicy for the AIDL service" into sc-dev	2021-03-12 03:32:22 +00:00
Adam Shih	526da2f9b1	update error on ROM 7202683 Bug: 182524105 Bug: 182523946 Bug: 182524202 Bug: 182524203 Test: pts-tradefed run pts -m PtsSELinuxTest Change-Id: I4c97960d106a74cbe2ba819671612514d4cba282	2021-03-12 11:18:10 +08:00
wenchangliu	f98706e87b	Add sepolicy for BigOcean device add /dev/bigocean to video_device avc: denied { read write } for name="bigocean" dev="tmpfs" ino=629 \ scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \ tclass=chr_file permissive=1 avc: denied { open } for path="/dev/bigocean" dev="tmpfs" ino=629 \ scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \ tclass=chr_file permissive=1 avc: denied { ioctl } for path="/dev/bigocean" dev="tmpfs" ino=629 \ ioctlcmd=0x4202 scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \ tclass=chr_file permissive=1 avc: denied { ioctl } for comm=436F646563322E30204C6F6F706572 path="/dev/bigocean" \ dev="tmpfs" ino=629 ioctlcmd=0x4202 scontext=u:r:mediacodec:s0 \ tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 Bug: 172173484 Test: Play AV1 clips in enforcing mode Change-Id: Ie0ed96d7bf4324bd38a9c42500f4f747f092bfd9	2021-03-12 10:54:10 +08:00
wenchangliu	b52121a259	Add sepolicy for MFC device - Add sysfs_video type for mfc device - Allow mediacode to access sysfs_video avc: denied { read } for name="name" dev="sysfs" ino=62278 \ scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video7/name" \ dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video7/name" \ dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { read } for name="name" dev="sysfs" ino=62230 \ scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video6/name" \ dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video6/name" \ dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 Bug: 172173484 Test: video playback / camera recording with enforcing mode Change-Id: Id7f43fe11c9ed089067f43a50d7f765df873d6c6	2021-03-12 10:51:41 +08:00
TreeHugger Robot	1dd171b66f	Merge "Add atc sysfs permission for composer service" into sc-dev	2021-03-12 02:44:43 +00:00
Ahmed ElArabawy	6219c84925	Merge "Wifi: Add sepolicy files for wifi_ext service" into sc-dev am: `4a0294348b` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806170 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I119212a1f114011a7adbbd1b48c276ef0d7e5e13	2021-03-12 02:29:24 +00:00
Ahmed ElArabawy	4a0294348b	Merge "Wifi: Add sepolicy files for wifi_ext service" into sc-dev	2021-03-12 01:37:36 +00:00
Vova Sharaienko	2ed30c23e3	Stats: new sepolicy for the AIDL service This allows the pixelstats_vendor communicate with new AIDL IStats service via ServiceManager Bug: 181914749 Test: Build, flash, and logcat -s "pixelstats_vendor" Change-Id: Icf1bbbd7f72835fe8f9c2f23281a2f5b4bf8e698	2021-03-12 01:12:21 +00:00
Benjamin Schwartz	bfa18a7b2a	whitechapel: Correct acpm_stats path Bug: 182320246 Test: dumpsys android.hardware.power.stats.IPowerStats/default Change-Id: I7a67b31e28f34d606cfab369b9e982e9fffe3b3f	2021-03-11 15:52:48 -08:00
Pat Tjin	940d04fd2b	Merge "Move wireless charger HAL to 1.3" into sc-dev am: `854db479bb` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824572 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Iabc01056a01b06c0a23a79cc7dbc4a349aa10ac7	2021-03-11 20:28:53 +00:00
Pat Tjin	854db479bb	Merge "Move wireless charger HAL to 1.3" into sc-dev	2021-03-11 19:57:54 +00:00
Sung-fang Tsai	82376e2d49	Mark lib_aion_buffer and related library as same_process_hal_file To allow access by Google Camera App, which needs this for vendor-specific buffer management functionality to enable zero-copy camera RAW->GPU buffer handling. Test: GCA works with forrest build P20546991. Bug: 159839616 Change-Id: I71bdcd12f17013881d7a5da2f11e444f0d3b4f94	2021-03-11 12:02:04 +00:00
linpeter	ebd2a24596	Add atc sysfs permission for composer service avc: denied { read write } for name="en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { read write } for name="gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { read write } for name="st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 Bug: 168848203 test: test: check avc denied Change-Id: I48dd839e0ca6f3eb16e35f1b7a4d5f6d4a1fd88b	2021-03-11 20:01:21 +08:00
Eddie Tashjian	7a501cba00	Add selinux policies for mounted modem parition am: `78cd6eb78e` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824571 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I5dc47429ad5dd846679fbde04f2b5144d39ce977	2021-03-11 10:41:57 +00:00
Eddie Tashjian	78cd6eb78e	Add selinux policies for mounted modem parition Bug: 178980032 Bug: 178979986 Bug: 179198083 Bug: 179198085 Bug: 178980065 Test: Check selinux denials Change-Id: I7f826442d1536946d0e84aadfd80f679c0f4d6da	2021-03-11 10:16:27 +00:00
TreeHugger Robot	75e52314ad	Merge changes I68aace66,Idf510e4a into sc-dev am: `ef6e91692a` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824668 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ie76c219de19bfeb0ec28895580e1ae631f4dc032	2021-03-11 09:43:48 +00:00
TreeHugger Robot	ef6e91692a	Merge changes I68aace66,Idf510e4a into sc-dev * changes: gs101-sepolicy: Add twoshay permissions Add touch procfs and sysfs sepolicy	2021-03-11 09:16:51 +00:00
Lopy Cheng	5019452cbb	HardwareInfo: Add sepolicy for display hardwareinfo: type=1400 audit(0.0:17): avc: denied { read } for name="serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo hardwareinfo: type=1400 audit(0.0:18): avc: denied { open } for path="/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo hardwareinfo: type=1400 audit(0.0:19): avc: denied { getattr } for path="/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo Bug: 161943795 Test: 1. Remove hardwareinfo app rm -r /data/data/com.google.android.hardwareinfo/ 2. Connect wifi and reboot 3. Check the HardwareInfoService status. 4. There is no AVC denied log. Change-Id: I4d1c83a1c5b0f2f3bdd64ab79ab45fb69470b25b	2021-03-11 08:38:43 +00:00
yihsiangpeng	cc8429cc0d	Move wireless charger HAL to 1.3 Bug: 179464598 Signed-off-by: yihsiangpeng <yihsiangpeng@google.com> Change-Id: I73d1d811f2483bbe80e7d4aea1f6e9f143bc2836	2021-03-11 14:47:49 +08:00
TreeHugger Robot	152dcc1b4d	Merge changes I6f6e8359,Ib7bf4029 into sc-dev am: `db0ca5a3b2` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816037 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I4817667db5897b8eac0e12f45d9d8c630128b1cb	2021-03-11 04:35:25 +00:00
TreeHugger Robot	db0ca5a3b2	Merge changes I6f6e8359,Ib7bf4029 into sc-dev * changes: label kernel modules and grant bt permission update error on ROM 7196668	2021-03-11 03:53:57 +00:00
TreeHugger Robot	f77f159364	Merge "Fix avc denied issue when accessing to IStats service" into sc-dev am: `6657774b4c` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806168 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I64600db02c76e2bfaa3ddf03373585817d33daab	2021-03-10 17:31:10 +00:00
TreeHugger Robot	6657774b4c	Merge "Fix avc denied issue when accessing to IStats service" into sc-dev	2021-03-10 16:57:56 +00:00
TreeHugger Robot	72cfb31ebe	Merge "Fix avc denied in OMA DM" into sc-dev am: `d2cee097f8` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816043 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I4c471c8e3d6d29082744dc044fb22af6849411b2	2021-03-10 16:37:32 +00:00
TreeHugger Robot	d2cee097f8	Merge "Fix avc denied in OMA DM" into sc-dev	2021-03-10 15:52:45 +00:00
Tai Kuo	8cac55487b	gs101-sepolicy: Add twoshay permissions Add twoshay and touch input context library permissions Bug: 173330899 Bug: 173330981 Test: check boot-time twoshay startup and no denials. Signed-off-by: Steve Pfetsch <spfetsch@google.com> Change-Id: I68aace66f49c2af1ebfd4bde7082039f9caf3f64 Signed-off-by: Tai Kuo <taikuo@google.com>	2021-03-10 22:23:49 +08:00
SalmaxChang	2b90406669	cbd: Fix avc errors am: `6247ff69b2` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816040 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ibf0d222fc8bafcdaa0b7b8c5fe861749a6192bc6	2021-03-10 14:03:20 +00:00
SalmaxChang	ebab404edb	vendor_init: Update tracking denials am: `7edb7e30c4` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816041 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I9e928515b554984b84d853608d6ecd9351b2a39f	2021-03-10 14:03:14 +00:00
SalmaxChang	6247ff69b2	cbd: Fix avc errors avc: denied { setuid } for comm="cbd" capability=7 scontext=u:r:cbd:s0 tcontext=u:r:cbd:s0 tclass=capability permissive=1 avc: denied { search } for comm="cbd" name="vendor" dev="tmpfs" ino=2 scontext=u:r:cbd:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 Bug: 178331928 Bug: 171267363 Change-Id: Icf28f494f05ee386ce94213929926369f2775173	2021-03-10 13:33:43 +00:00
SalmaxChang	7edb7e30c4	vendor_init: Update tracking denials Removed the path creation from init rc. Bug: 177186257 Change-Id: I5a8e99ae273d0c8370255bcdb4b9e802fa9895ca	2021-03-10 13:33:19 +00:00
Jack Wu	b10c77244b	hal_health_default: Fix avc denials am: `522a8aefcf` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816038 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I543f53ff53fd1db6d12c66683c956ff21a7f5da8	2021-03-10 12:46:33 +00:00

... 87 88 89 90 91

4550 commits