Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
605 commits 1 branch 0 tags 494 MiB
Commit graph

605 commits

This branch
This branch
All branches
Author SHA1 Message Date
Krzysztof Kosiński
2a96bc108c Merge "camera: allow the camera hal to set fatp prop" into sc-dev 2021-04-06 06:23:53 +00:00
Adam Shih
f2d78c7d14 Merge "update error on ROM 7260355" into sc-dev 2021-04-06 05:42:40 +00:00
Yu-Chi Cheng
26cc7d6499 Merge "Allowed EdgeTPU service to read system properties related to vendor." into sc-dev 2021-04-06 05:40:44 +00:00
yixuanjiang
1a25f34051 audio: add support for aocdump to aceess audio state 
check audio state for SSR usage

Test: local with enforcing mode
Bug: 184239981
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I45db556434251576a1d691f1aebf2940fff283fe
 2021-04-06 12:41:24 +08:00
Adam Shih
fc69c665ee update error on ROM 7260355 
Bug: 184593993
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I49fb702a81f2fcd17e395954f24cd69ab2d272fc
 2021-04-06 11:08:59 +08:00
Adam Shih
91c7813ea8 remove obsolete mobicore operations 
Bug: 183935443
Test: boot to home with no related avc error
Change-Id: Ief907a7a77f721e58820670e9f37570fd640b473
 2021-04-06 10:31:16 +08:00
Grace Chen
404937b03b Merge "Add selinux permissions for NFC/eSIM fw upgrade" into sc-dev 2021-04-06 00:28:22 +00:00
Vova Sharaienko
25f19371aa Merge "exo: updated sepolicy" into sc-dev 2021-04-06 00:27:04 +00:00
Zhijun He
60872ac2e9 camera: allow the camera hal to set fatp prop 
Test: camera tests
Bug: 184572956
Change-Id: Ie8bc386aa60cf2e46732f2f68c8cb7e86733cb53
 2021-04-05 16:37:20 -07:00
Grace Chen
a4b253476c Add selinux permissions for NFC/eSIM fw upgrade 
Bug: 183709811
Test: Confirm no selinux permissions errors.
Change-Id: Ibd98558a2446567d4beb1f6b88acafc05c3c1951
 2021-04-05 15:38:59 -07:00
Cheng Gu
ce42ee4660 Merge "gs101-sepolicy: Allow rlsservice to access range sensor" into sc-dev 2021-04-05 20:45:08 +00:00
TreeHugger Robot
71e96842ca Merge "Grant GPU and Fabric node access" into sc-dev 2021-04-02 22:59:18 +00:00
Cheng Gu
72011a8a87 gs101-sepolicy: Allow rlsservice to access range sensor 
Fix: 184295618
Test: rlsservice_test
Change-Id: Iee4cc5376e0eb67e75ae94cd15b5211a7ec819ef
 2021-04-02 22:27:48 +00:00
Wei Wang
852d1dc3c1 Grant GPU and Fabric node access 
Bug: 183626384
Test: boot
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: Ibb700110795f81a2da4358352111f61ef987c29b
 2021-04-02 14:22:37 -07:00
Vova Sharaienko
ceafb82c02 exo: updated sepolicy 
This allows the Exo to access AIDL Stats service

Bug: 181892307
Test: Build, flash, boot & and logcat | grep "IStats"
Change-Id: I6ae1c37505b312617376bc3c954720c8a1f223d2
 2021-04-02 19:13:12 +00:00
Steve Pfetsch
48f88fb26b Merge "Add new ITouchContextService interface to twoshay" into sc-dev 2021-04-02 18:01:02 +00:00
Krzysztof Kosiński
8a1f0bed01 Mark libGralloc4Wrapper.so as same-process HAL. 
Updating the library name after upgrade to gralloc version 4.

Bug: 178656396
Test: GCA on oriole
Change-Id: I638b3cd0d7f4759f89a62a1d102cc98d9a3db622
 2021-04-01 22:21:44 -07:00
SalmaxChang
e277259f08 e2fs: Fix avc errors 
avc: denied { read } for comm="mke2fs" name="sda5" dev="tmpfs" ino=574 scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file
avc: denied { ioctl } for comm="mke2fs" path="/dev/block/sda5" dev="tmpfs" ino=510 ioctlcmd=0x127b scontext=u:r:e2fs:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file

Bug: 184221482
Change-Id: Ic0c697bb591135d9830cd9e32e110cb5b5eb1504
 2021-04-02 01:13:27 +00:00
Michael Wright
98c223e862 Add new ITouchContextService interface to twoshay 
Bug: 174626987
Test: boot, see no denials

Change-Id: I963d5b77969571182b94c4265653c5d22e124247
 2021-04-01 23:32:19 +00:00
TreeHugger Robot
8948e498c8 Merge "gs101-sepolicy: Allow binder call rlsservice from camera" into sc-dev 2021-04-01 21:04:11 +00:00
Cheng Gu
765e8e2374 gs101-sepolicy: Allow binder call rlsservice from camera 
This is to fix below avc denial:
  E SELinux : avc:  denied  { find } for pid=28954 uid=1000
  name=rlsservice scontext=u:r:hal_camera_default:s0
  tcontext=u:object_r:rls_service:s0 tclass=service_manager permissive=0

The solution is similar to ag/7253836 (coral) and ag/10232101 (redbull).

Fix: 183620858
Test: adb shell setprop persist.vendor.camera.dump_range_data 1 &&
      adb shell pkill -f camera, then retest camera
Change-Id: I6bb743c15ee64e3c4ecb8359126b238554aa649e
 2021-04-01 21:03:02 +00:00
Yu-Chi Cheng
f27370db65 Allowed EdgeTPU service to read system properties related to vendor. 
The EdgeTPU service will read properties including
"vendor.edgetpu.service.allow_unlisted_app". This change added the
related SELinux rule for it.

Bug: 182209462
Test: tested on local Oriole + GCA
Change-Id: I8e7f7975bf144593d00a305554d75a5e0200a428
 2021-04-01 11:40:36 -07:00
TreeHugger Robot
3504d25fb6 Merge "remove obsolete entries" into sc-dev 2021-04-01 08:05:31 +00:00
Adam Shih
f96f0c79a3 remove obsolete entries 
Bug: 183560282
Bug: 180858511
Bug: 183161715
Bug: 178331791
Bug: 178433597
Test: pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: Iba208b69389450b8ef69aaecfb799ef696515669
 2021-04-01 15:02:46 +08:00
Charlie Chen
1a03008756 Merge "SELinux error coming from mediacodec when using GCA and secure playback" into sc-dev 2021-04-01 06:48:14 +00:00
Gillian Lin
cdfffb7213 Merge "Fix SELinux error from vendor_init" into sc-dev 2021-04-01 05:08:50 +00:00
Charlie Chen
5602dfde45 SELinux error coming from mediacodec when using GCA and secure playback 
Fixes the following denials:

avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { search } for name="video6" dev="sysfs" ino=64587 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_video:s0 \
tclass=dir permissive=0

Bug: 182525521
Bug: 184145552
Test: GCA recording works properly, \
      Netflix and ExoPlayer can play videos
Change-Id: Ib7220feedc5031fb0e5c05a2b487da2ddf8b98cd
 2021-04-01 02:53:24 +00:00
gillianlin
52a776889c Fix SELinux error from vendor_init 
03-17 09:12:55.380     1     1 I /system/bin/init: type=1107 audit(0.0:3): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=mfgapi.touchpanel.permission pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1'

Bug: 182954248
Change-Id: I9ffff1aab20577950cb43c35d788e6a9c9acd571
 2021-04-01 10:16:41 +08:00
Eddie Tashjian
6171dc4503 Merge "Allow radio vendor apps to modify slog props." into sc-dev 2021-04-01 01:32:04 +00:00
Ilya Matyukhin
52a4f701c1 Merge "Add sepolicy for Goodix AIDL HAL" into sc-dev 2021-03-31 21:57:29 +00:00
Eddie Tashjian
022de778ed Allow radio vendor apps to modify slog props. 
Radio vendor silent logging app needs access to the vendor slog
properties in order to configure logging.

Bug: 184102091
Test: Check vendor silent logging app works.
Change-Id: I1a7c590b80d94c0b147743372ba3cd1a0817baf3
 2021-03-31 20:57:31 +00:00
Eddie Tashjian
606a9ea28d Merge "Add sepolicy for CBRS setup app." into sc-dev 2021-03-31 18:23:07 +00:00
Zhijun He
a7d3992396 Merge "Revert "Allow Exoplayer access to the vstream-secure heap for secure playback"" into sc-dev 2021-03-31 15:38:31 +00:00
Charlie Chen
ac3d49d41d Revert "Allow Exoplayer access to the vstream-secure heap for secure playback" 
This reverts commit 7c92613185.

Reason for revert: This commit breaks camera recording

Bug: 184154831
Change-Id: Ia4286dab9c5d44c59a3b224e0e24c191eb2be84b
 2021-03-31 15:37:48 +00:00
Yu-Chi Cheng
f9668d2b94 Merge "Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version." into sc-dev 2021-03-31 14:26:10 +00:00
Yu-Chi Cheng
53982a4372 Merge "Labelled EdgeTPU service libraries as SP-HAL." into sc-dev 2021-03-31 14:24:54 +00:00
millerliang
f01cb384d8 Fix MMAP audio avc denied 
03-30 16:45:16.840   738   738 I auditd  : type=1400 audit(0.0:76): avc:
denied { read } for comm="HwBinder:738_2"
name="u:object_r:audio_prop:s0" dev="tmpfs" ino=87
scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:audio_prop:s0
tclass=file permissive=0
03-30 16:45:16.980   644   644 I auditd  : type=1400 audit(0.0:78): avc:
denied { map } for comm="audioserver" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=977 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0

Bug: 165737390
Test: verified with the forrest ROM and error log gone
Change-Id: I1c8721a051844d3410cffa23411a434c832b416e
 2021-03-31 15:51:32 +08:00
TreeHugger Robot
6bcc46cec5 Merge "remove obsolete entries" into sc-dev 2021-03-31 07:35:51 +00:00
Charlie Chen
c0066d5cce Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev 2021-03-31 07:03:16 +00:00
Adam Shih
fc7c2e2c3a remove obsolete entries 
Bug: 183560076
Bug: 183338483
Bug: 183467306
Bug: 171760597
Test: pts-tradefed run commandAndExit pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: Ib35a05176fccd251dfea8b58304a68b0e9bd6412
 2021-03-31 14:28:29 +08:00
Adam Shih
4166a4d03b Merge "allow vendor_init to set logpersist" into sc-dev 2021-03-31 06:03:04 +00:00
Adam Shih
00f6651d46 Merge "update error on ROM" into sc-dev 2021-03-31 06:02:36 +00:00
Charlie Chen
7c92613185 Allow Exoplayer access to the vstream-secure heap for secure playback 
Fixes the following denials:

avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

Bug: 182525521
Test: no more denials and able to play video via ExoPlayer App
Change-Id: I21033bc78858fd407c16d2cd2df4549f97273221
 2021-03-31 05:41:26 +00:00
Adam Shih
1db99c759f allow vendor_init to set logpersist 
Bug: 184093803
Test: boot with the permission error gone
03-31 11:11:19.447     1     1 E init    : Do not have permissions to
set ...

Change-Id: Idc4023b2fa1b04ae4a4b95a2e105700e89e9dffa
 2021-03-31 11:34:12 +08:00
Erik Cheng
90ed4cc72e Merge "Grant permission for more camera device nodes" into sc-dev 2021-03-31 03:09:15 +00:00
Maurice Lam
6bc7204b64 Merge "Fix cuttlefish test fail due to sepolicy of Wirecutter" into sc-dev 2021-03-31 01:20:12 +00:00
Eddie Tashjian
44799a27ba Add sepolicy for CBRS setup app. 
Bug: 182519609
Test: Test CBRS setup
Change-Id: I3ee27dd80eb0484c9cf2c6be0c63aee996383f7f
 2021-03-30 18:06:14 -07:00
TreeHugger Robot
a548cd7773 Merge "Allow mediacodec to access the vstream-secure DMA-BUF heap" into sc-dev 2021-03-31 01:05:14 +00:00
Xu Han
f34ff90b48 Merge "Allow camera HAL access radioext service" into sc-dev 2021-03-31 00:45:11 +00:00
Adam Shih
98d890424d update error on ROM 
Bug: 184091381
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia37d49cf2e347a22181058987b0edf8f93457c53
 2021-03-31 08:32:56 +08:00