Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
729 commits 1 branch 0 tags 494 MiB
Commit graph

729 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yuriy Romanenko
6bf4661e8f Allow camera HAL to set vendor.camera properties 
Bug: 188246923
Test: See topic
Change-Id: I18cbcf1b622ad7cd6d6bd1ea258b3d537db54412
 2021-06-17 21:58:54 -07:00
Adam Shih
d77bc5a970 organize confirmationui settings 
Bug: 190331547
Bug: 190331370
Test: build ROM and make sure file and sepolicy is still there
Change-Id: I4cabf9280ab5e21038bcb72615799b7ed0fb1670
 2021-06-18 12:56:05 +08:00
Badhri Jagan Sridharan
04302e6743 Merge "Add file context for /dev/logbuffer_tcpm" into sc-dev am: d9876fd266 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15019635

Change-Id: Ibd2e13f7069bec378076c40f187d9707c85f6227
 2021-06-18 03:55:10 +00:00
Badhri Jagan Sridharan
d9876fd266 Merge "Add file context for /dev/logbuffer_tcpm" into sc-dev 2021-06-18 03:38:35 +00:00
Badhri Jagan Sridharan
eb3881dbe7 Add file context for /dev/logbuffer_tcpm 
/dev/logbuffer_tcpm gets accessed by dumpstate while bugreport
generation.

Bug: 189792358
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ica0f3557ad9c41844f8411b0bdf68d66fbba00e5
 2021-06-17 16:11:28 -07:00
Craig Dooley
5f7548f746 Merge "Allow hal_dumpstate to collect AoC statistics" into sc-dev am: 7fe9d053e8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15000356

Change-Id: I41d370542b4be1b052ba863df7c28c265ccd036c
 2021-06-17 16:49:11 +00:00
Craig Dooley
7fe9d053e8 Merge "Allow hal_dumpstate to collect AoC statistics" into sc-dev 2021-06-17 16:32:38 +00:00
Franklin He
c53c03b843 Add new sepolicy to allow Power Hint 
SELinux policy changes to work with https://googleplex-android-review.git.corp.google.com/c/device/google/gs101/+/14997393
This allows the NNAPI HAL to make IPC calls to the Power HAL in order to request power hints

Bug: 191241561
Test: Pushed new SEPolicy to device, verified no AVC problems when making IPC calls
Change-Id: I8209b3677bedf908901389c07304f4478d0431b0
 2021-06-17 07:59:11 +00:00
Yuriy Romanenko
14786d9b40 Allow rlsservice/camera HAL to read /apex/apex-info-list.xml 
To detect apex updates

Bug: 188246923
Test: See topic
Change-Id: I28a27741c1c285f8b49a2aa50bc0665143c1b7cb
 2021-06-16 20:55:38 -07:00
TreeHugger Robot
c3d33dfd8f Merge "vendor_telephony_app.te: add selinuxfs:file" into sc-dev am: 502b653380 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963703

Change-Id: Id126e3c4849db6a693458c67215c81e08c33c1a2
 2021-06-17 01:44:20 +00:00
TreeHugger Robot
502b653380 Merge "vendor_telephony_app.te: add selinuxfs:file" into sc-dev 2021-06-17 01:14:20 +00:00
Yu-Chi Cheng
66aac3e71f Allowed EdgeTPU compilation services (tflite and nnapi) to access am: 643e5a7123 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15004632

Change-Id: I6d0883541ad8f5796cc0ef7ae8ca7fb9827ce5f2
 2021-06-17 01:09:50 +00:00
Yu-Chi Cheng
643e5a7123 Allowed EdgeTPU compilation services (tflite and nnapi) to access 
overcommit_memory info.

This is required as part of the compilation process, likely part of
the jemalloc which was added recently.

Bug: 190790251
Test: verified on local P21 device.
Change-Id: I4d90ea92afd7beaa4c4efa6ed509d703764932a1
 2021-06-16 16:17:14 -07:00
Craig Dooley
3031b077a3 Allow hal_dumpstate to collect AoC statistics 
Bug: 188114650
Signed-off-by: Craig Dooley <dooleyc@google.com>
Change-Id: Iba5525af2c651070b9a5f7769c0439ef320d666b
 2021-06-16 17:18:55 +00:00
TreeHugger Robot
632d66fb17 Merge "Add sepolicy for hwcomposer to access lhbm sysfs" into sc-dev am: 11ebd6122e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14234767

Change-Id: Id3396b6103d217649292ec4338e72d4a52fdf18e
 2021-06-16 14:05:25 +00:00
TreeHugger Robot
11ebd6122e Merge "Add sepolicy for hwcomposer to access lhbm sysfs" into sc-dev 2021-06-16 13:51:37 +00:00
Adam Shih
56f9c7730f Merge "remove vcd from user ROM" into sc-dev am: 2cdde93f15 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14934449

Change-Id: Idceee76892481baf7c7c6339f088f003a7e735f3
 2021-06-16 06:54:18 +00:00
Adam Shih
2cdde93f15 Merge "remove vcd from user ROM" into sc-dev 2021-06-16 06:40:28 +00:00
TreeHugger Robot
0bf84fa3c0 Merge "Use label persist_ss_file" into sc-dev am: 6550281b13 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14987305

Change-Id: I4336b65c246f69138f6534fc76ea12ead51f786e
 2021-06-16 06:04:59 +00:00
TreeHugger Robot
6550281b13 Merge "Use label persist_ss_file" into sc-dev 2021-06-16 05:45:04 +00:00
SHUCHI LILU
e79f75aa16 Merge "Update avc error on ROM 7457955" into sc-dev am: 5624d07640 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14980573

Change-Id: I754282c66d68a873edd9b89919890d293bf90084
 2021-06-16 04:01:22 +00:00
SHUCHI LILU
5624d07640 Merge "Update avc error on ROM 7457955" into sc-dev 2021-06-16 01:25:10 +00:00
Wenhao Wang
dc0cdc36f3 Use label persist_ss_file 
The label "persist_ss_file" was created for "/mnt/vendor/persist/ss(/.*)?".
But we erroneously didn't assign the label to the path.
This patch fixes the error.

Bug: 173971240
Bug: 173032298
Test: Trusty storage tests
Change-Id: I8e891ebd90ae47ab8a4aad1c2b0a3bbb734174d8
 2021-06-15 17:24:01 -07:00
sukiliu
673b8f1014 Update avc error on ROM 7457955 
Bug: 191132545
Bug: 191133059
Test: PtsSELinuxTestCases
Change-Id: I6a8e7924819734e38c2b6f761eb738f3e4d21c32
 2021-06-15 23:23:43 +08:00
Armelle Laine
4847b5d1f4 Merge "add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal" into sc-dev am: 10e8126e2d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14961880

Change-Id: I9c29b33df803b368a71d68ce59e0f16cf3a2b66c
 2021-06-15 14:52:27 +00:00
Armelle Laine
10e8126e2d Merge "add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal" into sc-dev 2021-06-15 14:35:43 +00:00
linpeter
81aaf6cda3 Add sepolicy for hwcomposer to access lhbm sysfs 
avc: denied { read write } for comm="android.hardwar" name="local_hbm_mode" dev="sysfs" ino=70189 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=0

Bug: 190563896
test: check avc denied
Change-Id: I0f6abc1244d24781ff3318908b524a889490993d
 2021-06-15 19:37:14 +08:00
Jiyoung
02ada4f463 vendor_telephony_app.te: add selinuxfs:file 
- add selinuxfs:file for AP TCP dump
- allow userdebug or eng

Bug: 188422036

Signed-off-by: Jiyoung <ji_young.bae@samsung.com>
Change-Id: I9502f9f7320ca4ee298b38e40da0ccf11adfba7f
 2021-06-15 15:06:39 +08:00
sukiliu
8657bfaf73 Move oriole bug map to whitechapel folder am: 90ae782e26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963698

Change-Id: I697e2270c71c1f5ce48318e9a3498ef05d954c82
 2021-06-15 06:17:36 +00:00
sukiliu
90ae782e26 Move oriole bug map to whitechapel folder 
Bug: 190563896
Bug: 190671898
Test: PtsSELinuxTestCases
Change-Id: I15f1a6d2ebab9c5794a79abccf3530eb4bfc8307
 2021-06-15 04:39:50 +00:00
TreeHugger Robot
ebcba2c62d Merge "remove obsolete entries" into sc-dev am: 441bae6d1a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14934444

Change-Id: I4d47c91c175d8a10e0cec3e974e684f3c44b6c63
 2021-06-15 01:54:55 +00:00
TreeHugger Robot
441bae6d1a Merge "remove obsolete entries" into sc-dev 2021-06-15 01:39:02 +00:00
Rick Yiu
25ce780b9c Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev am: aa315a6082 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14943962

Change-Id: If015ce9946b16186eb8ed75c63ac8cfadde14266
 2021-06-15 00:41:32 +00:00
Rick Yiu
aa315a6082 Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev 2021-06-15 00:28:52 +00:00
Armelle Laine
5bb07db1de add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal 
reuse logbuffer_device group as dumpstate hal already has read perms
on this group.

Bug: 188285071
Test: adb bugreport to include a trusty section in dumpstate_board.txt
Change-Id: I623a5d450bdbe2ceef4fe460bf31bfe740d847b2
 2021-06-13 23:59:37 +00:00
Richard Hsu
64d8da84f2 Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev am: 753e62f39c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14555068

Change-Id: Ie75eea82a16cd39cc56a015c96896a4fcd398138
 2021-06-13 06:24:40 +00:00
Richard Hsu
753e62f39c Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev 2021-06-13 06:11:41 +00:00
Jayachandran Chinnakkannu
40c2dd6b2e Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev am: 1c130a7e1d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14950196

Change-Id: Ic723bb2542a94bb3c86d315a89f415eb962f6c39
 2021-06-12 17:31:26 +00:00
Jayachandran Chinnakkannu
1c130a7e1d Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev 2021-06-12 17:19:33 +00:00
TreeHugger Robot
a45a1ffc4d Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev am: 694694857a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14692156

Change-Id: I2bc53103a317ac5e19642fb7bb8fe0586aab81dd
 2021-06-12 10:28:06 +00:00
Kris Chen
89a68b0fac Add sepolicy to let fingerprint access power service am: 7db400b679 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14665430

Change-Id: Ieb52fb6f5ee68d0155f9acacda9853757fed4200
 2021-06-12 10:27:55 +00:00
TreeHugger Robot
694694857a Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev 2021-06-12 10:22:24 +00:00
Jayachandran C
5492a92a39 Allow telephony to access the file descriptor of the priv_apps tcp_socket 
The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.

This addresses the following SE policy denial
auditd  : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0

Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
 2021-06-12 05:18:15 +00:00
Rick Yiu
ad47112c59 gs101-sepolicy: Fix avc denial for permissioncontroller_app 
Bug: 190671898
Test: build pass
Change-Id: I3ccfe958892cd27ebbcacc651847d4277d39855b
 2021-06-11 18:41:10 +08:00
Adam Shih
d0bb828434 remove vcd from user ROM 
Bug: 190331325
Test: build all ROM variants with only user ROM without vcd
Change-Id: If9dc555ee8582b605ccdf9d60c3a9c89cd6634d8
 2021-06-11 11:46:22 +08:00
Richard Hsu
8c979899cc [BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service 
In order to access the darwinn metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses. This CL adds the same_process_hal_file tag to allow this exception.

Bug: 190661153, 151063663

Test: App can load the .so and not crash after this change.
Before: No permission to access namespace.
(https://paste.googleplex.com/6602755121610752)
After: GCA doesn't crash on load.

Change-Id: I8671732184bbbe283c94d1acd3bb1ff397fe651c
 2021-06-10 19:36:35 -07:00
Adam Shih
d00aafac75 remove obsolete entries 
Bug: 190672147
Bug: 173969091
Bug: 171760921
Bug: 178331773
Bug: 178752616
Bug: 188752940
Bug: 184005231
Bug: 182086688
Bug: 177176899
Bug: 182953825
Bug: 176528557
Bug: 183935382
Test: boot and do bugreport with no relevant error showed up
Change-Id: I869db698e96d2d6cfd533b7fd24c8c88d39fd0eb
 2021-06-11 10:35:59 +08:00
Kris Chen
7db400b679 Add sepolicy to let fingerprint access power service 
Fix the following avc denial:
SELinux : avc:  denied  { find } for pid=1055 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 185893477
Test: Observe from systrace that the CPU frequency is boosted when
      running fingerprint algorithm.
Change-Id: I245058b912ec2af3555154934dbe722b445181a9
 2021-06-10 21:31:06 +00:00
Sung-fang Tsai
985aa698c7 qllow priv-app to access Pixel power HAL extension. 
SELinux issues to solve:

native  : aion.cc:780 Error loading lib_aion_buffer.so dlopen failed: library "pixel-power-ext-V1-ndk_platform.so" not found: needed by /vendor/lib64/lib_aion_buffer.so in namespace sphal

05-23 10:11:32.055   420   420 E SELinux : avc:  denied  { find } for pid=6630 uid=10089 name=android.hardware.power.IPower/default scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 187373665
Test: Passed, procedure listed in b/187373665#comment8 with forrest.
Change-Id: Ice7c69bca4a029a61ca1ccb7087ea01948ae5f24
 2021-06-10 17:56:17 +00:00
SHUCHI LILU
f2bc0d7bd7 Merge "Update avc error on ROM 7444346" into sc-dev am: 61843906c0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14928573

Change-Id: I4ea6afe2de9a03eca793775f14ea24b8678931cf
 2021-06-10 11:22:24 +00:00