Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2644 commits 1 branch 0 tags 494 MiB
Commit graph

2644 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eddie Tashjian
022de778ed Allow radio vendor apps to modify slog props. 
Radio vendor silent logging app needs access to the vendor slog
properties in order to configure logging.

Bug: 184102091
Test: Check vendor silent logging app works.
Change-Id: I1a7c590b80d94c0b147743372ba3cd1a0817baf3
 2021-03-31 20:57:31 +00:00
Eddie Tashjian
964eb91728 Merge "Add sepolicy for CBRS setup app." into sc-dev am: 606a9ea28d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13990414

Change-Id: If299e9dc9732742f75f26385c82b342caf765cef
 2021-03-31 18:47:55 +00:00
Eddie Tashjian
606a9ea28d Merge "Add sepolicy for CBRS setup app." into sc-dev 2021-03-31 18:23:07 +00:00
Zhijun He
1e4b402323 Merge "Revert "Allow Exoplayer access to the vstream-secure heap for secure playback"" into sc-dev am: a7d3992396 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14048500

Change-Id: Ide1c51c17bce737ba9132bb0d58c6aa994d62dcc
 2021-03-31 16:24:51 +00:00
Zhijun He
a7d3992396 Merge "Revert "Allow Exoplayer access to the vstream-secure heap for secure playback"" into sc-dev 2021-03-31 15:38:31 +00:00
Charlie Chen
ac3d49d41d Revert "Allow Exoplayer access to the vstream-secure heap for secure playback" 
This reverts commit 7c92613185.

Reason for revert: This commit breaks camera recording

Bug: 184154831
Change-Id: Ia4286dab9c5d44c59a3b224e0e24c191eb2be84b
 2021-03-31 15:37:48 +00:00
Yu-Chi Cheng
62e7f60757 Merge "Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version." into sc-dev am: f9668d2b94 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14035811

Change-Id: Iec2f2d735c6c44e655ef15a0a660a7189e368422
 2021-03-31 15:04:44 +00:00
Yu-Chi Cheng
5157e0dc04 Merge "Labelled EdgeTPU service libraries as SP-HAL." into sc-dev am: 53982a4372 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14026058

Change-Id: I1a1a0fd94e4e613c964598de6bb615608fd1a6c5
 2021-03-31 15:03:56 +00:00
Yu-Chi Cheng
f9668d2b94 Merge "Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version." into sc-dev 2021-03-31 14:26:10 +00:00
Yu-Chi Cheng
53982a4372 Merge "Labelled EdgeTPU service libraries as SP-HAL." into sc-dev 2021-03-31 14:24:54 +00:00
millerliang
7532dd7d1f Fix MMAP audio avc denied am: f01cb384d8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14029670

Change-Id: I6700779ed0c8077b21054f24296e8088b812bf16
 2021-03-31 09:43:37 +00:00
TreeHugger Robot
bb571e8736 Merge "remove obsolete entries" into sc-dev am: 6bcc46cec5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14041327

Change-Id: I01fe41955f235712bcb04bf48c7e7c59c699ccd4
 2021-03-31 07:52:42 +00:00
millerliang
f01cb384d8 Fix MMAP audio avc denied 
03-30 16:45:16.840   738   738 I auditd  : type=1400 audit(0.0:76): avc:
denied { read } for comm="HwBinder:738_2"
name="u:object_r:audio_prop:s0" dev="tmpfs" ino=87
scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:audio_prop:s0
tclass=file permissive=0
03-30 16:45:16.980   644   644 I auditd  : type=1400 audit(0.0:78): avc:
denied { map } for comm="audioserver" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=977 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0

Bug: 165737390
Test: verified with the forrest ROM and error log gone
Change-Id: I1c8721a051844d3410cffa23411a434c832b416e
 2021-03-31 15:51:32 +08:00
TreeHugger Robot
6bcc46cec5 Merge "remove obsolete entries" into sc-dev 2021-03-31 07:35:51 +00:00
Charlie Chen
4618354e8d Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev am: c0066d5cce 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13988004

Change-Id: Id10cade6955c3592babb70d9c82983f17cb8ff12
 2021-03-31 07:23:55 +00:00
Charlie Chen
c0066d5cce Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev 2021-03-31 07:03:16 +00:00
Adam Shih
fcd7cab8c9 Merge "allow vendor_init to set logpersist" into sc-dev am: 4166a4d03b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14033458

Change-Id: I50066c93d92dcfee240f532e690c8bfaeecbcaf4
 2021-03-31 06:36:10 +00:00
Adam Shih
781e00d4c0 Merge "update error on ROM" into sc-dev am: 00f6651d46 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14033452

Change-Id: Ia3e2c5ab1c9acd6461c772a5db02bd9d2bf05bf4
 2021-03-31 06:35:40 +00:00
Adam Shih
fc7c2e2c3a remove obsolete entries 
Bug: 183560076
Bug: 183338483
Bug: 183467306
Bug: 171760597
Test: pts-tradefed run commandAndExit pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: Ib35a05176fccd251dfea8b58304a68b0e9bd6412
 2021-03-31 14:28:29 +08:00
Adam Shih
4166a4d03b Merge "allow vendor_init to set logpersist" into sc-dev 2021-03-31 06:03:04 +00:00
Adam Shih
00f6651d46 Merge "update error on ROM" into sc-dev 2021-03-31 06:02:36 +00:00
Charlie Chen
7c92613185 Allow Exoplayer access to the vstream-secure heap for secure playback 
Fixes the following denials:

avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

Bug: 182525521
Test: no more denials and able to play video via ExoPlayer App
Change-Id: I21033bc78858fd407c16d2cd2df4549f97273221
 2021-03-31 05:41:26 +00:00
Erik Cheng
d11fbf8861 Merge "Grant permission for more camera device nodes" into sc-dev am: 90ed4cc72e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14029672

Change-Id: I478755c4d3d6f1940b8d701323b9243a6353581c
 2021-03-31 03:39:32 +00:00
Adam Shih
1db99c759f allow vendor_init to set logpersist 
Bug: 184093803
Test: boot with the permission error gone
03-31 11:11:19.447     1     1 E init    : Do not have permissions to
set ...

Change-Id: Idc4023b2fa1b04ae4a4b95a2e105700e89e9dffa
 2021-03-31 11:34:12 +08:00
Erik Cheng
90ed4cc72e Merge "Grant permission for more camera device nodes" into sc-dev 2021-03-31 03:09:15 +00:00
Maurice Lam
af24bc97cc Merge "Fix cuttlefish test fail due to sepolicy of Wirecutter" into sc-dev am: 6bc7204b64 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14039290

Change-Id: I9972e90b95ae9f74321f20a5ba18dcf9700958ab
 2021-03-31 01:37:50 +00:00
Maurice Lam
6bc7204b64 Merge "Fix cuttlefish test fail due to sepolicy of Wirecutter" into sc-dev 2021-03-31 01:20:12 +00:00
TreeHugger Robot
5268d84b5d Merge "Allow mediacodec to access the vstream-secure DMA-BUF heap" into sc-dev am: a548cd7773 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14035947

Change-Id: Ibf371ed6a35555a222bc18c7121d93699730873a
 2021-03-31 01:16:32 +00:00
Xu Han
d0a3644eaa Merge "Allow camera HAL access radioext service" into sc-dev am: f34ff90b48 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14025054

Change-Id: Ia978600ea310f05df3d4e3099e87f734ac59ab24
 2021-03-31 01:16:18 +00:00
Eddie Tashjian
44799a27ba Add sepolicy for CBRS setup app. 
Bug: 182519609
Test: Test CBRS setup
Change-Id: I3ee27dd80eb0484c9cf2c6be0c63aee996383f7f
 2021-03-30 18:06:14 -07:00
TreeHugger Robot
a548cd7773 Merge "Allow mediacodec to access the vstream-secure DMA-BUF heap" into sc-dev 2021-03-31 01:05:14 +00:00
Xu Han
f34ff90b48 Merge "Allow camera HAL access radioext service" into sc-dev 2021-03-31 00:45:11 +00:00
Adam Shih
98d890424d update error on ROM 
Bug: 184091381
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia37d49cf2e347a22181058987b0edf8f93457c53
 2021-03-31 08:32:56 +08:00
Eddie Tashjian
fd3a304ec2 Merge "Allow radioext to access bluetooth coex hal." into sc-dev am: a5879bec5b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14020221

Change-Id: I76dbea4d35a134a2f32aeea963717f2620a864ac
 2021-03-30 23:29:48 +00:00
Eddie Tashjian
a5879bec5b Merge "Allow radioext to access bluetooth coex hal." into sc-dev 2021-03-30 23:03:24 +00:00
Maurice Lam
880dd70064 Fix cuttlefish test fail due to sepolicy of Wirecutter 
Need to grant gpu_device dir search permission to be able to render UI
on cuttlefish.

Fixes: 183995046
Test: atest WirecutterTests
Change-Id: I122e541188ce659381769339e3f9e6b720441a92
 2021-03-30 22:18:45 +00:00
TreeHugger Robot
3bc4072b14 Merge "sepolicy: allow hwservice to see armnn nnhal." into sc-dev am: 8250408148 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14020212

Change-Id: I930d8db6e73fc5e3d1172ddb063c4f7aeed94c1c
 2021-03-30 21:43:53 +00:00
TreeHugger Robot
8250408148 Merge "sepolicy: allow hwservice to see armnn nnhal." into sc-dev 2021-03-30 21:16:27 +00:00
Kevin DuBois
4f5d60403d sepolicy: allow hwservice to see armnn nnhal. 
Allows hwservice to see armnn nnhal.

Fixes: 183917925
Test: build, check for absence of error msg in logcat.
Test: run_nnapi_tests for darwinn
Test: CtsNNAPITestCases64 --hal_service_instance=android.hardware.neuralnetworks@1.3::IDevice/google-edgetpu --gtest_filter="TestGenerated*"
Change-Id: I9778e92d6f15e9aa74774c6a8d143969951046eb
 2021-03-30 19:58:52 +00:00
Hridya Valsaraju
ef8172c028 Allow mediacodec to access the vstream-secure DMA-BUF heap 
This patch fixes the following denial:

avc: denied { read } for comm="HwBinder:727_3" name="vstream-secure"
dev="tmpfs" ino=693 scontext=u:r:mediacodec:s0
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file
permissive=0

Bug: 183681871
Test: build
Change-Id: I018a8d42afe2bb58416b47864b8ffd53de9292cb
 2021-03-30 12:41:17 -07:00
Oleg Matcovschi
5debfd67eb Merge "gs101-sepolicy: add sscoredump" into sc-dev am: 20c4be9a06 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14035188

Change-Id: I9d5ee813005d868290310a6fba85930b40064db3
 2021-03-30 18:26:15 +00:00
Xu Han
6932235e89 Allow camera HAL access radioext service 
Camera needs to query radioext for preferred MIPI clock rate.

Bug: 178038924
Test: camera CTS
Change-Id: Id1dbe8a12d07b5ccfb4fc7db69dda7ce78a163a7
 2021-03-30 11:15:44 -07:00
Oleg Matcovschi
20c4be9a06 Merge "gs101-sepolicy: add sscoredump" into sc-dev 2021-03-30 18:02:18 +00:00
Ankit Goyal
04b05f86bc Merge "Fix SELinux denials for arm.graphics AIDL interface" into sc-dev am: 4097aa96ab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14026225

Change-Id: I5d43362df8360be6f37bce92123df0c00795feb6
 2021-03-30 17:08:17 +00:00
Yu-Chi Cheng
755a1de452 Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version. 
Both services invoke InitGoogle in order to use google utilities (e.g.
file).  Since InitGoogle reads the kernel info from /proc/version,
this change added the corresponding selinux rules to allow that.

Bug: 183935416
Test: tested on Oriole.
Change-Id: Icb8f3a57e249774b5fad3284413661b04ff7dae6
 2021-03-30 10:07:43 -07:00
TreeHugger Robot
948fc1d359 Merge "vendor_init: allow set_prop for vendor_ro_config_default_prop" into sc-dev am: fd3d8c0467 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14025026

Change-Id: Ic26319bc3be5f80b249825f7b1f3abc0e04f63fe
 2021-03-30 17:00:17 +00:00
Ankit Goyal
4097aa96ab Merge "Fix SELinux denials for arm.graphics AIDL interface" into sc-dev 2021-03-30 16:27:55 +00:00
TreeHugger Robot
fd3d8c0467 Merge "vendor_init: allow set_prop for vendor_ro_config_default_prop" into sc-dev 2021-03-30 16:06:04 +00:00
Oleg Matcovschi
de30c53177 gs101-sepolicy: add sscoredump 
Bug: 183995288
Change-Id: I5363d0c45c183d809c03fe755835c1fc95a33159
 2021-03-30 15:31:10 +00:00
Ankit Goyal
b07d84f087 Fix SELinux denials for arm.graphics AIDL interface 
Denial example:
03-30 05:44:44.468   490   490 W RenderEngine: type=1400 audit(0.0:4): avc: denied { read } for name="arm.graphics-V1-ndk_platform.so" dev="dm-9" ino=1923 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0

Bug: 143246001
Test: Build and boot to home
Change-Id: Id7c2bd98aa634f852a21812fb2421a2e96ef7636
 2021-03-30 22:22:22 +08:00