Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
444 commits 1 branch 0 tags 494 MiB
Commit graph

444 commits

This branch
This branch
All branches
Author SHA1 Message Date
TreeHugger Robot
95d168126d Merge "Fix avc denied for Silent Logging" into sc-dev am: 60a2a6c09b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14103373

Change-Id: I77f2d19f407e8b0e0bcda835885b50218da6ad1c
 2021-04-09 06:53:47 +00:00
TreeHugger Robot
60a2a6c09b Merge "Fix avc denied for Silent Logging" into sc-dev 2021-04-09 06:20:41 +00:00
TreeHugger Robot
70ba745b79 Merge "cbd: Grant to access slog file" into sc-dev am: 5c9b9d882f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14119811

Change-Id: Ia792e85b0627e4134db6dc784bc3d3c7e3831ae3
 2021-04-09 05:54:29 +00:00
TreeHugger Robot
5c9b9d882f Merge "cbd: Grant to access slog file" into sc-dev 2021-04-09 05:15:34 +00:00
Aaron Tsai
06b410dc4a Fix avc denied for Silent Logging 
04-06 15:18:31.513  root     1     1 E init    : Do not have permissions to set 'persist.vendor.sys.silentlog.tcp' to 'On' in property file '/vendor/build.prop': SELinux permission check failed
04-06 15:20:17.988  root     1     1 W /system/bin/init: type=1107 audit(0.0:33): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.ap pid=8917 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:20:23.256  root     1     1 W /system/bin/init: type=1107 audit(0.0:38): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.cp pid=9025 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:20:51.340  root     1     1 W /system/bin/init: type=1107 audit(0.0:43): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog pid=9291 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:21:03.608  root     1     1 W /system/bin/init: type=1107 audit(0.0:54): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.tcp pid=9473 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'

04-06 20:17:08.060  1000  5754  5754 W Thread-3: type=1400 audit(0.0:21): avc: denied { write } for name="slog" dev="dm-7" ino=245 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0
04-06 20:17:09.194  1000   398   398 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 pid=5754 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=0
04-06 21:07:18.376  7458  7458 I auditd  : type=1400 audit(0.0:20): avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=0

04-06 21:16:53.200  8873  8873 W Thread-4: type=1400 audit(0.0:85): avc: denied { create } for name="NNEXT_PROFILE.nprf" scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0:c232,c259,c512,c768 tclass=file permissive=0


Bug: 184608648
Test: verified with the forrest ROM and error log gone
Change-Id: Id9cdf15478c751de92a9a84bcfdc8233d6e9d294
 2021-04-09 04:33:13 +00:00
TreeHugger Robot
b415e72482 Merge "init: allow to set tcpdump property" into sc-dev am: 83d6ee82fb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14124655

Change-Id: Ia3dd270c6ea9f90658f1657051c19a4732c4b38d
 2021-04-09 04:30:36 +00:00
TreeHugger Robot
83d6ee82fb Merge "init: allow to set tcpdump property" into sc-dev 2021-04-09 03:54:18 +00:00
Speth Chang
7d74437b07 Merge "allow camera to connect stats service" into sc-dev am: 6c4d851d28 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14108661

Change-Id: I008cdb58623b13e644ad0f2d5e76261271b54dd8
 2021-04-09 03:21:05 +00:00
SalmaxChang
6dd6d9872e cbd: Grant to access slog file 
Bug: 184646743
Change-Id: I06ecfbc8b9276b3801725f0965b03b849eddbdfc
 2021-04-09 03:11:25 +00:00
Speth Chang
6c4d851d28 Merge "allow camera to connect stats service" into sc-dev 2021-04-09 03:01:14 +00:00
TreeHugger Robot
8f541049bc Merge "Create sepolicy for the fingerprint GHBM sysprop" into sc-dev am: 4a3f3550f5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14105112

Change-Id: I627caec9927f15bc7f88af0ab298ad876a01f169
 2021-04-09 02:59:26 +00:00
SalmaxChang
5feb916e47 init: allow to set tcpdump property 
init: Unable to set property 'persist.vendor.tcpdump.log.alwayson' from uid:10273 gid:10273 pid:7074: SELinux permission check failed

Bug: 184411489

Change-Id: If449e0d883fa4cbf8dd5ac3a6a84d205e7ac1f31
 2021-04-09 10:47:56 +08:00
TreeHugger Robot
4a3f3550f5 Merge "Create sepolicy for the fingerprint GHBM sysprop" into sc-dev 2021-04-09 02:11:57 +00:00
Ilya Matyukhin
b9e10feefb Create sepolicy for the fingerprint GHBM sysprop 
Bug: 184761756
Bug: 183728349
Test: adb logcat | grep "avc: denied"
Change-Id: I5209bdf859e86a83ac3fa29ecf8bfd8d5b6d88ce
 2021-04-08 23:21:22 +00:00
TreeHugger Robot
5d9cf2c7ee Merge "Give hal_dumpstate_default read access to slog files" into sc-dev am: f15b8edbd1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14127725

Change-Id: I523ad11883f342ac65d868a04cbb498d6cfb4609
 2021-04-08 22:10:28 +00:00
TreeHugger Robot
f15b8edbd1 Merge "Give hal_dumpstate_default read access to slog files" into sc-dev 2021-04-08 21:40:31 +00:00
Eddie Tashjian
ce90dbfb57 Merge "Add TCP dump permissions." into sc-dev am: 5bbdd82a4e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14119567

Change-Id: I7ca93885708d1ca028aa6addc56da126a0635a87
 2021-04-08 18:38:47 +00:00
Eddie Tashjian
5bbdd82a4e Merge "Add TCP dump permissions." into sc-dev 2021-04-08 18:25:30 +00:00
Craig Dooley
cf558dbf33 Merge "Fix SELinux errors with aocd" into sc-dev am: cd888e847f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14105108

Change-Id: Ie4bbc58c3471209486cf380fb6f5ed209bda789c
 2021-04-08 18:11:31 +00:00
Craig Dooley
cd888e847f Merge "Fix SELinux errors with aocd" into sc-dev 2021-04-08 17:27:56 +00:00
Chris Fries
1d379dfbc9 Give hal_dumpstate_default read access to slog files 
Bug: 184821900

Bugreports require access to "silent log" files.

cp      : type=1400 audit(0.0:20): avc: denied { getattr } for path="/data/vendor/radio/logs/always-on/sbuff_20210408191538.sdm" dev="dm-11" ino=9075 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_slog_file:s0 tclass=file permissive=0

Change-Id: Iacc4778d1242f304e9519180437ceb0f0e9d350d
 2021-04-08 16:27:29 +00:00
Cliff Wu
816fefcd34 Merge "[Bug] Change the sepolicy name for exo_camera_injection" into sc-dev am: ec6bd9449b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14112451

Change-Id: Ice4fe2982eeef2ef8c6f45eebcf4df4305e9bfa0
 2021-04-08 14:41:08 +00:00
Cliff Wu
ec6bd9449b Merge "[Bug] Change the sepolicy name for exo_camera_injection" into sc-dev 2021-04-08 14:09:47 +00:00
Craig Dooley
3d4d9159c9 Fix SELinux errors with aocd 
Add inotify support for /dev
Fix the aoc vendor property

Bug: 184173298
Change-Id: I40a71edd56b2d51f848085c43ae1d10a4c2c0c4b
 2021-04-08 03:59:23 +00:00
Speth Chang
1c64cd89a2 allow camera to connect stats service 
Bug: 177076189
Test: build pass
Change-Id: I1132e8a6794d09306b70fe902fc82fbdb7bf9bb4
 2021-04-08 11:48:08 +08:00
Eddie Tashjian
b2fb9cdace Add TCP dump permissions. 
Copy selinux policy for tcp dump binary from previous Pixel to support
TCP logging on P21 through PixelLogger.

Bug: 184777243
Test: Check PixelLogger TCP dump works.
Change-Id: Id958c8a3e6375a7aae569d6fc94deb9f8072b57b
 2021-04-08 03:13:55 +00:00
Chase Wu
dfd9b4376d Merge "update label missing vibrator sys nodes for dual part" into sc-dev am: 682e3a348f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14033446

Change-Id: I2c8db9943b6d619194718226a2efc9a563902fe4
 2021-04-08 02:41:21 +00:00
Mat Bevilacqua
8c46fe8986 Merge "Fix selinux permissions errors for UwbService" into sc-dev am: b58243632d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14096432

Change-Id: Iffdeac5d97da71c279e83d61db670b71a7ec6b36
 2021-04-08 02:37:23 +00:00
Chase Wu
682e3a348f Merge "update label missing vibrator sys nodes for dual part" into sc-dev 2021-04-08 02:24:28 +00:00
Mat Bevilacqua
b58243632d Merge "Fix selinux permissions errors for UwbService" into sc-dev 2021-04-08 02:09:57 +00:00
TreeHugger Robot
034ecec70b Merge "whitechapel: add permission for pixellogger set audio property" into sc-dev am: 34e0106672 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14100415

Change-Id: I417358ac866cb6c57fd339ba172abbf5840b2b99
 2021-04-08 01:57:35 +00:00
Adam Shih
3092cd1cb5 Merge "remove wildcard on kernel modules" into sc-dev am: bf832c3b49 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14108662

Change-Id: I14680d1c5dca483f44c8e95bccbb253cad26a050
 2021-04-08 01:57:23 +00:00
TreeHugger Robot
34e0106672 Merge "whitechapel: add permission for pixellogger set audio property" into sc-dev 2021-04-08 01:31:35 +00:00
Adam Shih
bf832c3b49 Merge "remove wildcard on kernel modules" into sc-dev 2021-04-08 01:10:56 +00:00
Eddie Tashjian
61b20db123 Merge "Fix modem logging configuration." into sc-dev am: aa9ecdc436 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14106552

Change-Id: I144856a3f19f521eabb2d5872f2ac189682db079
 2021-04-07 19:04:54 +00:00
Mat Bevilacqua
82d7164b5c Fix selinux permissions errors for UwbService 
Fixes gmscore access to UwbManager APIs, fixes UwbService access to UWB
HAL APIs, and fixes CTS UwbService presence test.

Bug: 184402100
Test: atest CtsUwbTestCases
Change-Id: I7450242f8b35570c3d5a676c5835b01f74995202
 2021-04-07 11:39:31 -07:00
Eddie Tashjian
aa9ecdc436 Merge "Fix modem logging configuration." into sc-dev 2021-04-07 16:56:47 +00:00
Yabin Cui
673d8457be Merge "Move vendor_kernel_modules to public." into sc-dev am: a4af5bb39c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14106320

Change-Id: Ic24db5a261a4e090f14342d59bbd53767ca9485e
 2021-04-07 16:35:56 +00:00
Yabin Cui
a4af5bb39c Merge "Move vendor_kernel_modules to public." into sc-dev 2021-04-07 16:14:32 +00:00
Cliff Wu
c0b806fd2d [Bug] Change the sepolicy name for exo_camera_injection 
- Change the sepolicy name from platfrom_app to exo_app.
- Selinux avc log:
E/SELinux: avc:  denied  { find } for interface=vendor.google.exo_camera_injection::IExoCameraInjection sid=u:r:exo_app:s0:c248,c256,c512,c768 pid=11479 scontext=u:r:exo_app:s0:c248,c256,c512,c768 tcontext=u:object_r:hal_exo_camera_injection_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 184736718
Test: Verified exo_camera_injection provider service use cases function as expected; no denials.
Change-Id: I08887b8b6020cb7b3fb3da77cea9a1f453655bea
 2021-04-07 15:17:44 +00:00
chasewu
d57865ec05 update label missing vibrator sys nodes for dual part 
Bug: 184026143
Test: no Permission denied logs
Signed-off-by: chasewu <chasewu@google.com>
Change-Id: Id75f89f5d0f1568942ef787be295b2fa5b0ca2a2
 2021-04-07 09:35:32 +00:00
TreeHugger Robot
d0eb25628f Merge "audio: add support for aocdump to aceess audio state" into sc-dev am: dce254b11d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14098530

Change-Id: I967334de2587971edd213d65f0a987b58b41c0fb
 2021-04-07 08:53:38 +00:00
TreeHugger Robot
dce254b11d Merge "audio: add support for aocdump to aceess audio state" into sc-dev 2021-04-07 08:39:49 +00:00
Sriram Kashyap M S
830b2c0009 Allow EdgeTPU NNAPI HAL to access socket files for IPC. am: dcd42938da 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14094386

Change-Id: I9948b7fc288a786f1d86ecb58f6e369929db1c7a
 2021-04-07 08:32:38 +00:00
yixuanjiang
7e8fca8041 whitechapel: add permission for pixellogger set audio property 
Bug: 184708066
Test: local test
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I6a43959fc3565db8d2a1679ce722c11f58398794
 2021-04-07 07:06:53 +00:00
Adam Shih
a346a7fa34 remove wildcard on kernel modules 
Bug: 170786122
Test: Boot with all kernal modules loaded
Change-Id: I0d1d861af290181231223630497788c051c83ecb
 2021-04-07 14:10:00 +08:00
Adam Shih
5a648ae1e7 grant debugfs access to insmod under userdebug am: 59ba0f97aa 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14108655

Change-Id: Ic35524068f3f5d6e2715f6b782063b3a0e16b270
 2021-04-07 06:00:38 +00:00
Sriram Kashyap M S
dcd42938da Allow EdgeTPU NNAPI HAL to access socket files for IPC. 
Bug: 182524105
Test: ./scripts/run_tests.sh on Oriole.
Change-Id: I85106f004fcee2cccc44609584165a0e2ce654e3
 2021-04-07 05:58:58 +00:00
Adam Shih
59ba0f97aa grant debugfs access to insmod under userdebug 
Bug: 182086611
Test: boot with the error gone
Change-Id: I555c12b4ccbb61266dc289aac577d0240bde4d28
 2021-04-07 11:56:49 +08:00
Adam Shih
88c6c2e183 Merge "remove obsolete mobicore operations" into sc-dev am: 58b693aff0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14098526

Change-Id: Ib68a2892065fa38691af2f8fcb82bd9ef801ce8d
 2021-04-07 01:13:57 +00:00