device_google_gs101

Author	SHA1	Message	Date
Wen Chang Liu	8cbf2bcb97	Merge changes Ie0ed96d7,Id7f43fe1 into sc-dev am: `e72c30346f` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839790 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I3c68b42795c4b0b2cfd9510a9b393c80f2f9bc81	2021-03-12 05:51:09 +00:00
Wen Chang Liu	e72c30346f	Merge changes Ie0ed96d7,Id7f43fe1 into sc-dev * changes: Add sepolicy for BigOcean device Add sepolicy for MFC device	2021-03-12 05:41:08 +00:00
Andy Chou	4a1b96d9aa	Merge "Fix cuttlefish test fail due to sepolicy of Exo" into sc-dev am: `737059042f` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839799 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I0d271ce84e87f4042bd8cb95a3bea881377dc2ae	2021-03-12 05:35:47 +00:00
TreeHugger Robot	71f2717803	Merge "update error on ROM 7202683" into sc-dev am: `8e2430d151` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839797 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I4051250e1e3ce7dfb7ce181004f91030827cd1c8	2021-03-12 05:32:33 +00:00
Andy Chou	737059042f	Merge "Fix cuttlefish test fail due to sepolicy of Exo" into sc-dev	2021-03-12 05:32:18 +00:00
TreeHugger Robot	8e2430d151	Merge "update error on ROM 7202683" into sc-dev	2021-03-12 05:19:01 +00:00
Sung-fang Tsai	56c3a11f4a	Merge "Mark lib_aion_buffer and related library as same_process_hal_file" into sc-dev am: `1bcf7d412a` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824574 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ibbde6769b1760f55c920600c969b46d2ddb06375	2021-03-12 05:11:49 +00:00
Sung-fang Tsai	1bcf7d412a	Merge "Mark lib_aion_buffer and related library as same_process_hal_file" into sc-dev	2021-03-12 04:18:59 +00:00
Vova Sharaienko	c3ec7bbf3e	Merge "Stats: new sepolicy for the AIDL service" into sc-dev am: `175c2eaa31` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13845133 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I981065070c26b2fa74d862cddbf551e03a426379	2021-03-12 03:54:09 +00:00
TreeHugger Robot	73df265217	Merge "Add atc sysfs permission for composer service" into sc-dev am: `1dd171b66f` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13839786 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I90a0f6f3633e9e83aa1052f82630778acf43dd1d	2021-03-12 03:53:33 +00:00
andychou	9e582d4bc3	Fix cuttlefish test fail due to sepolicy of Exo Need to grant gpu_device dir search permission and device_config_runtime_native_boot_prop for testing. Bug: 182445508 Test: atest ExoTests pass on Cuttlefish Change-Id: Ia4c27efa2a900a3781301de19ab38209f818aba1	2021-03-12 11:41:24 +08:00
Vova Sharaienko	175c2eaa31	Merge "Stats: new sepolicy for the AIDL service" into sc-dev	2021-03-12 03:32:22 +00:00
Adam Shih	526da2f9b1	update error on ROM 7202683 Bug: 182524105 Bug: 182523946 Bug: 182524202 Bug: 182524203 Test: pts-tradefed run pts -m PtsSELinuxTest Change-Id: I4c97960d106a74cbe2ba819671612514d4cba282	2021-03-12 11:18:10 +08:00
wenchangliu	f98706e87b	Add sepolicy for BigOcean device add /dev/bigocean to video_device avc: denied { read write } for name="bigocean" dev="tmpfs" ino=629 \ scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \ tclass=chr_file permissive=1 avc: denied { open } for path="/dev/bigocean" dev="tmpfs" ino=629 \ scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \ tclass=chr_file permissive=1 avc: denied { ioctl } for path="/dev/bigocean" dev="tmpfs" ino=629 \ ioctlcmd=0x4202 scontext=u:r:mediacodec:s0 tcontext=u:object_r:device:s0 \ tclass=chr_file permissive=1 avc: denied { ioctl } for comm=436F646563322E30204C6F6F706572 path="/dev/bigocean" \ dev="tmpfs" ino=629 ioctlcmd=0x4202 scontext=u:r:mediacodec:s0 \ tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 Bug: 172173484 Test: Play AV1 clips in enforcing mode Change-Id: Ie0ed96d7bf4324bd38a9c42500f4f747f092bfd9	2021-03-12 10:54:10 +08:00
wenchangliu	b52121a259	Add sepolicy for MFC device - Add sysfs_video type for mfc device - Allow mediacode to access sysfs_video avc: denied { read } for name="name" dev="sysfs" ino=62278 \ scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video7/name" \ dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video7/name" \ dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { read } for name="name" dev="sysfs" ino=62230 \ scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video6/name" \ dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video6/name" \ dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \ tclass=file permissive=1 Bug: 172173484 Test: video playback / camera recording with enforcing mode Change-Id: Id7f43fe11c9ed089067f43a50d7f765df873d6c6	2021-03-12 10:51:41 +08:00
TreeHugger Robot	1dd171b66f	Merge "Add atc sysfs permission for composer service" into sc-dev	2021-03-12 02:44:43 +00:00
Ahmed ElArabawy	6219c84925	Merge "Wifi: Add sepolicy files for wifi_ext service" into sc-dev am: `4a0294348b` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806170 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I119212a1f114011a7adbbd1b48c276ef0d7e5e13	2021-03-12 02:29:24 +00:00
Ahmed ElArabawy	4a0294348b	Merge "Wifi: Add sepolicy files for wifi_ext service" into sc-dev	2021-03-12 01:37:36 +00:00
Vova Sharaienko	2ed30c23e3	Stats: new sepolicy for the AIDL service This allows the pixelstats_vendor communicate with new AIDL IStats service via ServiceManager Bug: 181914749 Test: Build, flash, and logcat -s "pixelstats_vendor" Change-Id: Icf1bbbd7f72835fe8f9c2f23281a2f5b4bf8e698	2021-03-12 01:12:21 +00:00
Pat Tjin	940d04fd2b	Merge "Move wireless charger HAL to 1.3" into sc-dev am: `854db479bb` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824572 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Iabc01056a01b06c0a23a79cc7dbc4a349aa10ac7	2021-03-11 20:28:53 +00:00
Pat Tjin	854db479bb	Merge "Move wireless charger HAL to 1.3" into sc-dev	2021-03-11 19:57:54 +00:00
Sung-fang Tsai	82376e2d49	Mark lib_aion_buffer and related library as same_process_hal_file To allow access by Google Camera App, which needs this for vendor-specific buffer management functionality to enable zero-copy camera RAW->GPU buffer handling. Test: GCA works with forrest build P20546991. Bug: 159839616 Change-Id: I71bdcd12f17013881d7a5da2f11e444f0d3b4f94	2021-03-11 12:02:04 +00:00
linpeter	ebd2a24596	Add atc sysfs permission for composer service avc: denied { read write } for name="en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/en" dev="sysfs" ino=66979 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { read write } for name="gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/gain_limit" dev="sysfs" ino=66998 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { read write } for name="st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/1c300000.drmdecon/dqe/atc/st" dev="sysfs" ino=66982 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 Bug: 168848203 test: test: check avc denied Change-Id: I48dd839e0ca6f3eb16e35f1b7a4d5f6d4a1fd88b	2021-03-11 20:01:21 +08:00
Eddie Tashjian	7a501cba00	Add selinux policies for mounted modem parition am: `78cd6eb78e` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824571 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I5dc47429ad5dd846679fbde04f2b5144d39ce977	2021-03-11 10:41:57 +00:00
Eddie Tashjian	78cd6eb78e	Add selinux policies for mounted modem parition Bug: 178980032 Bug: 178979986 Bug: 179198083 Bug: 179198085 Bug: 178980065 Test: Check selinux denials Change-Id: I7f826442d1536946d0e84aadfd80f679c0f4d6da	2021-03-11 10:16:27 +00:00
TreeHugger Robot	75e52314ad	Merge changes I68aace66,Idf510e4a into sc-dev am: `ef6e91692a` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13824668 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ie76c219de19bfeb0ec28895580e1ae631f4dc032	2021-03-11 09:43:48 +00:00
TreeHugger Robot	ef6e91692a	Merge changes I68aace66,Idf510e4a into sc-dev * changes: gs101-sepolicy: Add twoshay permissions Add touch procfs and sysfs sepolicy	2021-03-11 09:16:51 +00:00
yihsiangpeng	cc8429cc0d	Move wireless charger HAL to 1.3 Bug: 179464598 Signed-off-by: yihsiangpeng <yihsiangpeng@google.com> Change-Id: I73d1d811f2483bbe80e7d4aea1f6e9f143bc2836	2021-03-11 14:47:49 +08:00
TreeHugger Robot	152dcc1b4d	Merge changes I6f6e8359,Ib7bf4029 into sc-dev am: `db0ca5a3b2` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816037 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I4817667db5897b8eac0e12f45d9d8c630128b1cb	2021-03-11 04:35:25 +00:00
TreeHugger Robot	db0ca5a3b2	Merge changes I6f6e8359,Ib7bf4029 into sc-dev * changes: label kernel modules and grant bt permission update error on ROM 7196668	2021-03-11 03:53:57 +00:00
TreeHugger Robot	f77f159364	Merge "Fix avc denied issue when accessing to IStats service" into sc-dev am: `6657774b4c` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806168 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I64600db02c76e2bfaa3ddf03373585817d33daab	2021-03-10 17:31:10 +00:00
TreeHugger Robot	6657774b4c	Merge "Fix avc denied issue when accessing to IStats service" into sc-dev	2021-03-10 16:57:56 +00:00
TreeHugger Robot	72cfb31ebe	Merge "Fix avc denied in OMA DM" into sc-dev am: `d2cee097f8` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816043 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I4c471c8e3d6d29082744dc044fb22af6849411b2	2021-03-10 16:37:32 +00:00
TreeHugger Robot	d2cee097f8	Merge "Fix avc denied in OMA DM" into sc-dev	2021-03-10 15:52:45 +00:00
Tai Kuo	8cac55487b	gs101-sepolicy: Add twoshay permissions Add twoshay and touch input context library permissions Bug: 173330899 Bug: 173330981 Test: check boot-time twoshay startup and no denials. Signed-off-by: Steve Pfetsch <spfetsch@google.com> Change-Id: I68aace66f49c2af1ebfd4bde7082039f9caf3f64 Signed-off-by: Tai Kuo <taikuo@google.com>	2021-03-10 22:23:49 +08:00
SalmaxChang	2b90406669	cbd: Fix avc errors am: `6247ff69b2` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816040 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ibf0d222fc8bafcdaa0b7b8c5fe861749a6192bc6	2021-03-10 14:03:20 +00:00
SalmaxChang	ebab404edb	vendor_init: Update tracking denials am: `7edb7e30c4` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816041 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I9e928515b554984b84d853608d6ecd9351b2a39f	2021-03-10 14:03:14 +00:00
SalmaxChang	6247ff69b2	cbd: Fix avc errors avc: denied { setuid } for comm="cbd" capability=7 scontext=u:r:cbd:s0 tcontext=u:r:cbd:s0 tclass=capability permissive=1 avc: denied { search } for comm="cbd" name="vendor" dev="tmpfs" ino=2 scontext=u:r:cbd:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 Bug: 178331928 Bug: 171267363 Change-Id: Icf28f494f05ee386ce94213929926369f2775173	2021-03-10 13:33:43 +00:00
SalmaxChang	7edb7e30c4	vendor_init: Update tracking denials Removed the path creation from init rc. Bug: 177186257 Change-Id: I5a8e99ae273d0c8370255bcdb4b9e802fa9895ca	2021-03-10 13:33:19 +00:00
Jack Wu	b10c77244b	hal_health_default: Fix avc denials am: `522a8aefcf` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13816038 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I543f53ff53fd1db6d12c66683c956ff21a7f5da8	2021-03-10 12:46:33 +00:00
Tai Kuo	4dd3e1e99e	Add touch procfs and sysfs sepolicy Touch palm sepolicies are not included. Bug: 173330981 Test: No avc denied log for touch sysfs, procfs access. Signed-off-by: Tai Kuo <taikuo@google.com> Change-Id: Idf510e4a9c65e5af0885159353ef85d6b6ec553f	2021-03-10 17:00:16 +08:00
Calvin Pan	47bf48c03b	Fix avc denied in OMA DM 03-10 11:30:05.640 30617 30617 I auditd : type=1400 audit(0.0:493): avc: denied { search } for comm="IntentService[D" name="radio" dev="dm-6" ino=242 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:493): avc: denied { search } for name="radio" dev="dm-6" ino=242 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I auditd : type=1400 audit(0.0:494): avc: denied { getattr } for comm="IntentService[D" path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:494): avc: denied { getattr } for path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I auditd : type=1400 audit(0.0:495): avc: denied { setattr } for comm="IntentService[D" name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:495): avc: denied { setattr } for name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I auditd : type=1400 audit(0.0:496): avc: denied { append } for comm="IntentService[D" name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:496): avc: denied { append } for name="omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I auditd : type=1400 audit(0.0:497): avc: denied { open } for comm="IntentService[D" path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service 03-10 11:30:05.640 30617 30617 I IntentService[D: type=1400 audit(0.0:497): avc: denied { open } for path="/data/vendor/radio/omadm_logs.txt" dev="dm-6" ino=17137 scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_vendor_data_file:s0:c512,c768 tclass=file permissive=1 app=com.android.omadm.service 03-10 11:57:07.155 386 386 E SELinux : avc: denied { find } for pid=8406 uid=10141 name=autofill scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1 03-10 11:57:07.155 386 386 I auditd : avc: denied { find } for pid=8406 uid=10141 name=autofill scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1 03-10 12:26:05.904 388 388 E SELinux : avc: denied { find } for pid=12124 uid=10141 name=activity scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1 03-10 12:26:05.904 388 388 I auditd : avc: denied { find } for pid=12124 uid=10141 name=activity scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1 03-10 12:26:05.931 388 388 E SELinux : avc: denied { find } for pid=12124 uid=10141 name=activity_task scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1 03-10 12:26:05.931 388 388 I auditd : avc: denied { find } for pid=12124 uid=10141 name=activity_task scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1 03-10 12:26:05.960 388 388 E SELinux : avc: denied { find } for pid=12124 uid=10141 name=SurfaceFlinger scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager permissive=1 03-10 12:26:05.960 388 388 I auditd : avc: denied { find } for pid=12124 uid=10141 name=SurfaceFlinger scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager permissive=1 03-10 12:26:05.960 388 388 E SELinux : avc: denied { find } for pid=12124 uid=10141 name=gpu scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1 03-10 12:26:05.960 388 388 I auditd : avc: denied { find } for pid=12124 uid=10141 name=gpu scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1 03-10 12:26:06.041 388 388 E SELinux : avc: denied { find } for pid=12124 uid=10141 name=audio scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1 03-10 12:26:06.041 388 388 I auditd : avc: denied { find } for pid=12124 uid=10141 name=audio scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1 03-10 12:35:40.653 387 387 E SELinux : avc: denied { find } for pid=8328 uid=10141 name=tethering scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=1 03-10 12:35:40.654 387 387 I auditd : avc: denied { find } for pid=8328 uid=10141 name=tethering scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=1 03-10 12:35:40.658 387 387 E SELinux : avc: denied { find } for pid=8328 uid=10141 name=isub scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1 03-10 12:35:40.658 387 387 I auditd : avc: denied { find } for pid=8328 uid=10141 name=isub scontext=u:r:omadm_app:s0:c141,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1 Bug: 173990082 Test: Trigger OMA DM Change-Id: Ie66ecd1c9d80f7b12a4545f3651dd2c5f02b119b	2021-03-10 15:54:08 +08:00
Jack Wu	522a8aefcf	hal_health_default: Fix avc denials [ 5.146740] type=1400 audit(1611123521.796:23): avc: denied { search } for comm="android.hardwar" name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1 [ 5.425436] type=1400 audit(1611123522.076:24): avc: denied { search } for comm="health@2.1-serv" name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1 [ 29.943710] type=1400 audit(1611123546.592:483): avc: denied { write } for comm="health@2.1-serv" name="mode" dev="sysfs" ino=14741 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=1 01-20 14:18:41.796 656 656 I android.hardwar: type=1400 audit(0.0:23): avc: denied { search } for name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1 Bug: 177966434 Test: Verify pass by checking device log are w/o above errors after Signed-off-by: Jack Wu <wjack@google.com> Change-Id: I576547e27dceb55fd768de2834e3bb0155857f56	2021-03-10 14:13:38 +08:00
TreeHugger Robot	552849b103	Merge "hal_power_stats_default: Fix avc denials" into sc-dev am: `c625222492` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806171 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ie4d9a36afac8785c4b0a3a5855ce5e62d92195fa	2021-03-10 02:50:50 +00:00
Adam Shih	58b3344c7a	label kernel modules and grant bt permission Bug: 182320300 Bug: 182320258 Test: boot to home and connect to bluetooth headset under enforcing mode Change-Id: I6f6e8359d03eb4205268d56a1fcd50ce1445f442	2021-03-10 10:36:45 +08:00
Adam Shih	487f66f754	update error on ROM 7196668 Bug: 182320300 Bug: 182320246 Bug: 182320258 Bug: 182320172 Test: pts-tradefed run pts -m PtsSELinuxTest Change-Id: Ib7bf40299374061526a87714cfd8982544a1698f	2021-03-10 10:34:03 +08:00
TreeHugger Robot	c625222492	Merge "hal_power_stats_default: Fix avc denials" into sc-dev	2021-03-10 02:11:04 +00:00
Adam Shih	84bb9a87b8	Merge "remove obsolete entries and put crucial domains to permissive" into sc-dev am: `48113ddced` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13805052 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: If914068d4fb3369486f1dbef8af614245b9dfa0b	2021-03-10 01:46:48 +00:00
TreeHugger Robot	4926c30d09	Merge "dumpstate: allow dumpstate to access displaycolor" into sc-dev am: `c8e903d1c8` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13806024 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: If0f57e685973290e3323cd954367cb60864bd654	2021-03-10 01:46:19 +00:00
andychou	ce711fd18e	Fix avc denied issue when accessing to IStats service Originally we use isPriv=true but Exo APP is not located in priv-app folder. So has to remove isPriv=true and add into net_domain in order to network accessing. This is a clone cl updated from ag/13794482 Bug: 180594376 Test: manual test if there is avc denied Change-Id: Icb5009248d10c23e772040aad8ac2fed849bafa0	2021-03-10 09:27:04 +08:00

1 2

90 commits