Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2572 commits 1 branch 0 tags 494 MiB
Commit graph

920 commits

Author SHA1 Message Date
Marco Nelissen
a2d6a19bcd Allow logd to read the Trusty log 
Bug: 190050919
Test: build
Change-Id: I8a42cd90b1581272f4dafc37d6eb29a98e1fa2e3
 2022-02-01 21:37:36 +00:00
Stephen Crane
b69ac35ff0 Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Merged-In: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2022-01-18 11:43:16 -08:00
YiHo Cheng
5254b52656 Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev am: e400db11ba am: b4024884f1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16569088

Change-Id: Icf3374f059b914f09e5dd6650a60c7f0a825672d
 2022-01-12 23:26:50 +00:00
YiHo Cheng
b4024884f1 Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev am: e400db11ba 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16569088

Change-Id: I3c9929f0ec857786766b892e415d4b58163797be
 2022-01-12 23:14:55 +00:00
YiHo Cheng
e400db11ba Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev 2022-01-12 23:03:42 +00:00
YiHo Cheng
ca06222472 thermal: Label tmu register dump sysfs 
Allow dumpstate to access tmu register dump sysfs

[ 1155.422181] type=1400 audit(1641335196.892:8): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_state" dev="sysfs"
ino=68561
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0
[ 1155.423398] type=1400 audit(1641335196.892:9): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_current_temp" dev="sysfs"
ino
=68562 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.443740] type=1400 audit(1641335196.896:10): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_rise_thres"
dev="sysfs"
ino=68563 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.466064] type=1400 audit(1641335196.896:11): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_fall_thres"
dev="sysfs"
ino=68565 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.488251] type=1400 audit(1641335196.916:12): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_rise_thres"
dev="sysfs" ino=68564 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.510614] type=1400 audit(1641335196.960:13): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_fall_thres"
dev="sysfs"
ino=68566 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
o

Bug: 202736838
Test: check thermal section in dumpstate
Change-Id: Icecca9f69ee9b57d43aa2864864951bf66c4905f
 2022-01-11 08:42:45 +08:00
Vinay Kalia
97addf8500 [DO NOT MERGE] Allow media codec to access power HAL am: 8337626f4a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16483773

Change-Id: I4ce0bb633c8d27e798c7a8e80e1d23eb06b3a2a0
 2022-01-10 06:13:59 +00:00
Vinay Kalia
8337626f4a [DO NOT MERGE] Allow media codec to access power HAL 
This commit fixes the following denials:

W /vendor/bin/hw/google.hardware.media.c2@1.0-service: type=1400 audit(0.0:276): avc: denied
{ call } for comm=436F646563322E30204C6F6F706572 scontext=u:r:mediacodec:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

bug: 206687836
Test: Secure HFR AV1 video playback with resolution change.
Signed-off-by: Vinay Kalia <vinaykalia@google.com>
Change-Id: I79c20bda87af6066ae667a5176747378718a3a62
 2022-01-06 20:18:34 +00:00
Cyan Hsieh
6e1c9d88cd Merge "Add pvmfw to custom_ab_block_device" 2021-12-20 03:22:22 +00:00
Cyan_Hsieh
0b5b4a9692 Add pvmfw to custom_ab_block_device 
Bug: 211070100
Change-Id: Icd8f6d1837b8124bd8cd7b3d59d43b755455bae6
 2021-12-20 10:10:46 +08:00
TreeHugger Robot
899faa57e4 Merge "Allow vendor init to read gesture_prop." 2021-12-15 09:01:23 +00:00
Super Liu
8f356044ff Allow vendor init to read gesture_prop. 
Bug: 209713977
Bug: 193467627
Test: local test.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: I7f061f550bcf6c3a61b5528e8c21eae8567e677b
 2021-12-13 09:28:02 +08:00
Cliff Wu
11c8ad745a Update the sepolicy for exo_camera_injection v1.1 
- Update exo_camera_injection hal service from 1.0 to 1.1.
- Selinux avc log:
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs"
ino=152 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_prop:s0 tclass=file permissive=0.

Bug: 202092371
Test: Verified exo_camera_injection provider service use cases function
as expected; no denials.

Change-Id: Ica94a00db580356158d94af2ae6dbe9c9a81be0a
 2021-12-11 05:26:06 +00:00
TreeHugger Robot
f7db23e139 Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev 2021-12-08 01:40:06 +00:00
joenchen
8d4e8a65d6 Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-07 03:42:52 +00:00
joenchen
bef2d7397c Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-06 02:45:51 +00:00
joenchen
02a20e025f Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-04 17:18:46 +00:00
Albert Wang
2caa560163 Allow suspend_control to access xHCI wakeup node am: a506ed1e06 am: 43bde53275 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946

Change-Id: I6b86ed75839021c860f8f556f25caedd4443fc84
 2021-12-02 02:29:37 +00:00
Albert Wang
43bde53275 Allow suspend_control to access xHCI wakeup node am: a506ed1e06 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946

Change-Id: I17198ed93403abe1b6526b385218847616b52c5b
 2021-12-02 01:53:59 +00:00
Albert Wang
a506ed1e06 Allow suspend_control to access xHCI wakeup node 
This is a WORKAROUND to avoid the xHCI wakeup node permission problem,
since system will automatically allocated device ID.

Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: Ia2ca04618f950bdded4aea76c897579eb4b92daf
 2021-12-01 23:45:19 +08:00
Rick Yiu
10bd8547d7 Merge "gs101-sepolicy: Fix avc denials" 2021-11-26 10:40:43 +00:00
Rick Yiu
4075287498 gs101-sepolicy: Fix avc denials 
Fix below and other potential denials

11-21 10:10:43.984  3417  3417 I auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm=4173796E635461736B202332 path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.pixel.setupwizard

11-21 10:10:44.840  3976  3976 I auditd  : type=1400 audit(0.0:10): avc: denied { write } for comm="StallDetector-1" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:untrusted_app_30:s0:c170,c256,c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.inputmethod.latin

11-21 18:10:51.280  5595  5595 I auditd  : type=1400 audit(0.0:102): avc: denied { write } for comm="SharedPreferenc" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.gms

Bug: 206970384
Test: make selinux_policy pass
Change-Id: I7c981ef0516dc5be93ec825768de57c15786b4bd
 2021-11-25 14:26:35 +00:00
TreeHugger Robot
27e7eeb875 Merge "aoc: add audio property for audio aocdump feature" 2021-11-25 07:05:25 +00:00
Randall Huang
68ffcb774d Fix health HAL avc denied when running idle-maint 
Log:
avc: denied { read } for comm="android.hardwar" name="wb_avail_buf"
dev="sysfs" ino=59061 scontext=u:r:hal_health_storage_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 206741894
Test: adb shell sm idle-maint run
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I79e7763df16816e6799f288d2f8b7e26c204cbc4
 2021-11-23 03:17:54 +00:00
Albert Wang
8bdcb60170 [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250

Change-Id: If82693c02020cc701953dcb12412fa0fe132f16b
 2021-11-17 08:51:05 +00:00
Albert Wang
e6fb90425d [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node 
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
Merged-In: I6e012fea56c50656c8f26216199459092dcfc0f9
 2021-11-17 07:18:29 +00:00
yixuanjiang
002907fb12 aoc: add audio property for audio aocdump feature 
Bug: 204080552
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I79b960cf5e88856c37f7901d718ac8f14e44b812
 2021-11-16 14:55:26 +08:00
Albert Wang
c0ad9b7e8a Allow suspend_control to access xHCI wakeup node 
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
 2021-11-16 12:23:33 +08:00
Michael Ayoubi
11bb305754 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16233414

Change-Id: Ibac4fbebf2f14157e1ac32585e4da68b61acea19
 2021-11-12 01:48:47 +00:00
Michael Ayoubi
e7a17433a0 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev 2021-11-12 01:24:43 +00:00
Oleg Matcovschi
0684e81d5f gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02 am: 2eced57692 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498

Change-Id: Id2054c9819186424a08e6f4836042dde5ce36c62
 2021-11-11 23:33:41 +00:00
Oleg Matcovschi
2eced57692 gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498

Change-Id: I80dc34c15c60f80ddde869c6895d1afe53e8bf3e
 2021-11-11 23:14:23 +00:00
Oleg Matcovschi
63d04e1e02 gs101:ssr_detector: Allow access to aoc properties in user builds 
Bug: 205755422
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I684590a2ee91cf6d1edfc8a606f3a9e6672ca46f
 2021-11-11 06:13:44 +00:00
Michael Ayoubi
a8e745039f Allow uwb_vendor_app to get SE properties 
Bug: 205770401
Test: Build and flash on device.
Change-Id: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
Merged-In: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
 2021-11-11 00:50:08 +00:00
Michael Ayoubi
18d2a96a11 Allow uwb_vendor_app to get SE properties 
Bug: 205770401
Test: Build and flash on device.
Change-Id: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
 2021-11-11 00:48:21 +00:00
Ted Lin
ee9b913bb7 Using dontaudit to fix the avc on boot test am: 3d463050a2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16175460

Change-Id: I00cfd7b47b7e2c6718e8211809e1ddb20e19656b
 2021-11-04 16:46:45 +00:00
Ted Lin
3d463050a2 Using dontaudit to fix the avc on boot test 
avc: denied { search } for comm="kworker/6:2" name="google_battery" dev="debugfs" ino=32648 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_battery_debugfs:s0 tclass=dir permissive=1

Bug:200739262
Test: Check bugreport
Change-Id: I50a96bab88f564fef0eda9a23bb77dc6ffed357f
Signed-off-by: Ted Lin <tedlin@google.com>
(cherry picked from commit 951ce82739)
 2021-11-03 03:20:45 +00:00
Siddharth Kapoor
6d1da2c994 Label GPU power_policy sysfs node am: f94633e718 am: 62460926d3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16123766

Change-Id: Ic0715cc18f5848e694d40f3633c005cf7964791c
 2021-10-28 01:27:24 +00:00
Siddharth Kapoor
62460926d3 Label GPU power_policy sysfs node am: f94633e718 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16123766

Change-Id: Ia753ea69fb270e2bbeca29f2275b84482cc77ec3
 2021-10-28 01:08:49 +00:00
Jiyong Park
d753a4e82d Remove ndk_platform backend. Use the ndk backend. am: 90d1e82ae6 am: caf102afda am: 02048701de 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16119648

Change-Id: I7714a03deb27225af3ddaebdcb523fee20f27069
 2021-10-27 07:02:59 +00:00
Jiyong Park
02048701de Remove ndk_platform backend. Use the ndk backend. am: 90d1e82ae6 am: caf102afda 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16119648

Change-Id: I9742f6b11c4b07698f597aeac36aa55686dd8b3f
 2021-10-27 06:46:14 +00:00
Siddharth Kapoor
f94633e718 Label GPU power_policy sysfs node 
Bug: 201718421
Test: trace while App launch
Change-Id: Icd85b8611632e4638946b492740e509baf2714ce
Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
 2021-10-27 01:59:23 +00:00
Steve Pfetsch
421cbb2f61 Merge "Move twoshay definitions to hardware/google/pixel-sepolicy/input." into sc-v2-dev 2021-10-27 00:14:20 +00:00
Jiyong Park
90d1e82ae6 Remove ndk_platform backend. Use the ndk backend. 
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same ndk backend.

Bug: 161456198
Test: m

Merged-In: Icc9af3798ac89742fa56b1cb37d8116d99b4a9c2
Change-Id: Icc9af3798ac89742fa56b1cb37d8116d99b4a9c2
(cherry picked from commit 5cc5d52bd7)
 2021-10-26 14:59:28 +09:00
Philip Quinn
b834b1d008 Move twoshay definitions to hardware/google/pixel-sepolicy/input. 
Bug: 187654303
Test: twoshay works on R4, B3, P7
Change-Id: I2cada463fcbfd3b52230430b12b091a655e2abbb
Merged-In: I2cada463fcbfd3b52230430b12b091a655e2abbb
 2021-10-26 02:06:20 +00:00
Super Liu
c8220eea82 Add touch procfs and sysfs sepolicy. 
Bug: 193467774
Test: TH build pass.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: I25c4d9422966e8603f12222e93ca7b6d6ea6f566
 2021-10-25 17:01:52 +08:00
Philip Quinn
0d48ab4fbf Move twoshay definitions to hardware/google/pixel-sepolicy/input. 
Bug: 187654303
Test: twoshay works on R4, B3, P7
Change-Id: I2cada463fcbfd3b52230430b12b091a655e2abbb
Merged-In: I2cada463fcbfd3b52230430b12b091a655e2abbb
 2021-10-20 23:09:13 +00:00
TreeHugger Robot
7431e8b11f Merge "audio: add permission to request health/sensor data" into sc-v2-dev am: 7352bf22f0 am: cdfec7db74 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15838845

Change-Id: I3507cd6655aa6fddb31ca311fd1d94e45ee7b860
 2021-10-20 04:52:34 +00:00
TreeHugger Robot
cdfec7db74 Merge "audio: add permission to request health/sensor data" into sc-v2-dev am: 7352bf22f0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15838845

Change-Id: Ic4d717872a99b98770be9d883c0569a09e6c7f3a
 2021-10-20 04:32:42 +00:00
TreeHugger Robot
7352bf22f0 Merge "audio: add permission to request health/sensor data" into sc-v2-dev 2021-10-20 04:12:49 +00:00