Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3273 commits 1 branch 0 tags 494 MiB
Commit graph

1256 commits

Author SHA1 Message Date
Mark Chang
8a5863ab6d sepolicy: Add "dontaudit" for twoshay dac_override. 
Bug: 198755236
Test: build pass and boot to home
Signed-off-by: Mark Chang <changmark@google.com>
Change-Id: I5c330564cc026e113c5d33d5d093dbcdb3ede5e4
(cherry picked from commit a1aab562ca)
 2021-09-06 13:08:59 +00:00
Jenny Ho
17e518038e sepolicy: add rule for new debug file node 
W dumpstate@1.1-s: type=1400 audit(0.0:7): avc: denied { read } for name="logbuffer_maxfg_monitor" dev="tmpfs" ino=500 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 196755019
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: I0ddf68d5e15fe8d77d8d61287f65621c14024f46
 2021-09-06 06:21:34 +00:00
Roshan Pius
9c96111094 gs101-sepolicy: Rename hal_uwb -> hal_uwb_vendor 
Since we are now creating an AOSP HAL for uwb. Rename qorvo's internal
HAL to hal_uwb_vendor to avoid conflicts with the AOSP HAL sepolicy
rules.

Bug: 195308730
Test: Compiles
Change-Id: Ief48eacde68b062b2199b20c0c1bb3af23795240
Merged-In: Ief48eacde68b062b2199b20c0c1bb3af23795240
 2021-08-26 20:02:20 +00:00
Roshan Pius
a3f040d2ac gs101-sepolicy: Rename hal_uwb -> hal_uwb_vendor 
Since we are now creating an AOSP HAL for uwb. Rename qorvo's internal
HAL to hal_uwb_vendor to avoid conflicts with the AOSP HAL sepolicy
rules.

Bug: 195308730
Test: Compiles
Change-Id: Ief48eacde68b062b2199b20c0c1bb3af23795240
Merged-In: Ief48eacde68b062b2199b20c0c1bb3af23795240
 2021-08-26 01:07:43 +00:00
Victor Liu
e877511429 uwb: permissions for factory uwb calibration file am: 29aa981623 am: 5dfabe8acf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15616315

Change-Id: I35c0484a84695969e5f1f3e7cf2e8c7c06b4df3e
 2021-08-25 23:41:44 +00:00
Victor Liu
7a06a7a434 uwb: permissions for factory uwb calibration file am: 29aa981623 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15616315

Change-Id: I9755128c2a7a1039cb3b1c5a2e3913a0965540d9
 2021-08-25 23:29:50 +00:00
Victor Liu
29aa981623 uwb: permissions for factory uwb calibration file 
add permission to:
copy factory uwb calib files from persist to /data/vendor/uwb
convert copied file to proper format for uwb stack to consume

Bug: 195659525
Signed-off-by: Victor Liu <victorliu@google.com>
Change-Id: I3e5282477fd391b483e03242ce0b806bd447dc54
Merged-In: I3e5282477fd391b483e03242ce0b806bd447dc54
 2021-08-25 19:14:10 +00:00
Victor Liu
8383d9e13f uwb: permissions for factory uwb calibration file 
add permission to:
copy factory uwb calib files from persist to /data/vendor/uwb
convert copied file to proper format for uwb stack to consume

Bug: 195659525
Signed-off-by: Victor Liu <victorliu@google.com>
Change-Id: I3e5282477fd391b483e03242ce0b806bd447dc54
 2021-08-25 19:12:44 +00:00
Roshan Pius
04fbca104c gs101-sepolicy: Rename hal_uwb -> hal_uwb_vendor 
Since we are now creating an AOSP HAL for uwb. Rename qorvo's internal
HAL to hal_uwb_vendor to avoid conflicts with the AOSP HAL sepolicy
rules.

Bug: 195308730
Test: Compiles
Change-Id: Ief48eacde68b062b2199b20c0c1bb3af23795240
Merged-In: Ief48eacde68b062b2199b20c0c1bb3af23795240
 2021-08-25 17:32:53 +00:00
Roshan Pius
515c17c4e3 gs101-sepolicy: Rename hal_uwb -> hal_uwb_vendor 
Since we are now creating an AOSP HAL for uwb. Rename qorvo's internal
HAL to hal_uwb_vendor to avoid conflicts with the AOSP HAL sepolicy
rules.

Bug: 195308730
Test: Compiles
Change-Id: Ief48eacde68b062b2199b20c0c1bb3af23795240
 2021-08-23 09:03:06 -07:00
David Chen
462d4b1bcd resolve merge conflicts of c0922582bc to sc-v2-dev 
Bug: 197164878

Change-Id: Ibc7ea7ffe9c30912c8e12d081a6b110f8e73f29f
Merged-In: Ib95debbc9ce10919c5f935e8f70b340bb293b54a
 2021-08-19 02:25:56 +00:00
David Chen
28cd716faa resolve merge conflicts of 945de94222 to sc-v2-dev-plus-aosp 
Bug: 197166084

Change-Id: I4b8b2d99db133be4c96853f072e3b10dbac39b92
Merged-In: Ib95debbc9ce10919c5f935e8f70b340bb293b54a
 2021-08-19 02:25:12 +00:00
Horng Chuang
b43621dd40 Merge "sepolicy: gs101: Grant permission for more camera device nodes" 2021-08-18 06:16:25 +00:00
davidycchen
c0922582bc Allow twoshay to access fwk_stats_service and system_server 
avc:  denied  { find } for pid=813 uid=0
name=android.frameworks.stats.IStats/default scontext=u:r:twoshay:s0
tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager

avc: denied { call } for scontext=u:r:twoshay:s0
tcontext=u:r:system_server:s0 tclass=binder

Bug: 179334953
Test: Make selinux_policy and push related files to the device.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: Ib95debbc9ce10919c5f935e8f70b340bb293b54a
Merged-In: Ib95debbc9ce10919c5f935e8f70b340bb293b54a
 2021-08-18 09:47:01 +08:00
Bart Van Assche
eeccb9bc7a Add the 'bdev_type' attribute to all block device types am: 37b5741301 am: 239bcceb78 am: ea25044059 am: 07751567ad 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15517922

Change-Id: Ifac56b5f8a8e14ca55419e3009771644c3041df2
 2021-08-18 01:32:55 +00:00
Bart Van Assche
07751567ad Add the 'bdev_type' attribute to all block device types am: 37b5741301 am: 239bcceb78 am: ea25044059 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15517922

Change-Id: I5d46eab501e1ce290570a69dde5450813eff0bf0
 2021-08-18 01:20:15 +00:00
Bart Van Assche
7513cd7ad6 Add the 'bdev_type' attribute to all block device types am: 37b5741301 am: 239bcceb78 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15517922

Change-Id: Iedf50eb9fc1c205eb584c4c53ad7de45c06b695d
 2021-08-18 00:56:43 +00:00
Bart Van Assche
239bcceb78 Add the 'bdev_type' attribute to all block device types am: 37b5741301 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15517922

Change-Id: I19d709e960fe8ccf066bdbd20dc6817ee20e55d0
 2021-08-18 00:34:10 +00:00
Bart Van Assche
37b5741301 Add the 'bdev_type' attribute to all block device types 
The following patch introduces code that iterates over all block
devices:
https://android-review.googlesource.com/c/platform/system/core/+/1783847/9

The following patch grants 'init' and 'apexd' permission to iterate over
all block devices:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947

The above SELinux policy change requires to add the 'bdev_type'
attribute to all block devices. Hence this patch.

Bug: 194450129
Bug: 196982345
Test: Built Android images that include this change and verified that neither init nor apexd triggers any SELinux access denied errors.
Change-Id: I6ce1127f199c5b33812f15fe280d86594d7d7ebf
Signed-off-by: Bart Van Assche <bvanassche@google.com>
 2021-08-17 15:23:23 -07:00
Jack Wu
941a3bcd44 sepolicy: gs101: allows dock power supply permission 
Bug: 196017001
Test: can dump dock power supply in dumpstate
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Ie2781da77da0f181665974c335998a6dcb0e8ad2
 2021-08-17 03:48:48 +00:00
Edmond Chung
25ccfad161 Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev am: 7e581b9a7b am: d5f9036c8e am: 9bde9324fe am: ff5c485ddc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15584607

Change-Id: I0f9314f34e796e55e0adc47779f5e342ca6b3b84
 2021-08-16 23:37:27 +00:00
Edmond Chung
ff5c485ddc Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev am: 7e581b9a7b am: d5f9036c8e am: 9bde9324fe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15584607

Change-Id: I90884f92df1e42fa5b60ad47e914ed1460b40c04
 2021-08-16 22:44:58 +00:00
Edmond Chung
36f756e44b Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev am: 7e581b9a7b am: c45a1b5828 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15584607

Change-Id: Id66f403466d50ea3beb4663cc137e551a92e16f3
 2021-08-16 22:32:00 +00:00
Edmond Chung
9bde9324fe Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev am: 7e581b9a7b am: d5f9036c8e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15584607

Change-Id: Ib347e1a8fbee1822542adf48a03f92dbdac3a302
 2021-08-16 22:31:40 +00:00
Edmond Chung
c45a1b5828 Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev am: 7e581b9a7b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15584607

Change-Id: I97f8f143230d13f64b34ee11c7a46cfcc5f2f3f9
 2021-08-16 22:17:00 +00:00
Edmond Chung
7e581b9a7b Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev 2021-08-16 22:01:46 +00:00
Edmond Chung
6b30dbc54c gs101: Allow camera HAL to access interrupt handles 
This is to allow camera HAL to modify IRQ affinity for different use
cases.

Bug: 196058977
Test: Camera use cases
Change-Id: I498b0ac763b735d05299e1f4b09de14e131fd6e3
 2021-08-16 10:52:27 -07:00
Rick Yiu
63a624e811 gs101-sepolicy: Use untrusted_app_all for vendor_sched denials am: 2ef3daba50 am: 7b8fe23d74 am: fa5d13d6e1 am: 7b0fa572c3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15531061

Change-Id: I985dde431db9fa2f03f6036c139c6a653f3fe755
 2021-08-16 14:40:25 +00:00
Rick Yiu
7b0fa572c3 gs101-sepolicy: Use untrusted_app_all for vendor_sched denials am: 2ef3daba50 am: 7b8fe23d74 am: fa5d13d6e1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15531061

Change-Id: Ia05c12145187f2500010827b6e28ce5b56039511
 2021-08-16 14:25:57 +00:00
Rick Yiu
9c7ca5fdd3 gs101-sepolicy: Use untrusted_app_all for vendor_sched denials am: 2ef3daba50 am: 1f4c69a11d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15531061

Change-Id: I59e7baee2e2c5a80d53b5a6f5c8712a2b09a36d3
 2021-08-16 14:11:45 +00:00
Rick Yiu
fa5d13d6e1 gs101-sepolicy: Use untrusted_app_all for vendor_sched denials am: 2ef3daba50 am: 7b8fe23d74 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15531061

Change-Id: I2837b12374957c35725af2f4aed49ada200810ff
 2021-08-16 14:11:31 +00:00
Rick Yiu
1f4c69a11d gs101-sepolicy: Use untrusted_app_all for vendor_sched denials am: 2ef3daba50 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15531061

Change-Id: I54a069f83c389b69a73d9d4d64a34177ba652d1c
 2021-08-16 13:54:58 +00:00
Rick Yiu
2ef3daba50 gs101-sepolicy: Use untrusted_app_all for vendor_sched denials 
Use untrusted_app_all to cover all Use untrusted_app versions.

Bug: 196109806
Test: no untrusted_app denials for vendor_sched
Change-Id: Ic6426b26b8a05f8a0bc7e2a4a4a293b2988812d3
 2021-08-16 13:40:32 +00:00
horngchuang
e212167642 sepolicy: gs101: Grant permission for more camera device nodes 
Bug: 193103432
Test: aosp camera
Change-Id: Ic921200f05092c217d9c3d859ed33b5dc8e5b44b
 2021-08-16 08:40:25 +00:00
Victor Liu
d75e7326f1 allow uwb hal sys_nice access am: 39b5815a1e am: 21d74ff50f am: ecceee1ddc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15549222

Change-Id: I0379b550ceea8c5656d9fc26a556c0fbb48e0150
 2021-08-13 22:09:09 +00:00
Victor Liu
ecceee1ddc allow uwb hal sys_nice access am: 39b5815a1e am: 21d74ff50f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15549222

Change-Id: Ie7d5132a50e0d0f7e8db35d512a70ef6b932ab68
 2021-08-13 22:07:02 +00:00
Victor Liu
de55d68c2f uwb: allow uwb to access the radio service am: 0c429efc07 am: 19b1a2feef am: 243649da79 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15521660

Change-Id: I8909e4d78ea1b2dd3bc0ae7492f2c6b846f6f253
 2021-08-13 22:03:02 +00:00
Victor Liu
243649da79 uwb: allow uwb to access the radio service am: 0c429efc07 am: 19b1a2feef 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15521660

Change-Id: I264015c73d5a4a61712726192c7ee3160704dc02
 2021-08-13 21:31:06 +00:00
Victor Liu
9d2d70e09b allow uwb hal sys_nice access am: 39b5815a1e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15549222

Change-Id: Ib8b61cc66bd2919360e05434f147f495fcacb156
 2021-08-13 02:41:53 +00:00
Victor Liu
39b5815a1e allow uwb hal sys_nice access 
hardware.qorvo.: type=1400 audit(0.0:9): avc: denied { sys_nice } for capability=23 scontext=u:r:hal_uwb_default:s0 tcontext=u:r:hal_uwb_default:s0 tclass=capability permissive=0
hardware.qorvo.: type=1400 audit(0.0:9): avc: denied { setsched } for scontext=u:r:hal_uwb_default:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0

Bug: 196438549
Signed-off-by: Victor Liu <victorliu@google.com>
Change-Id: I742bae701cfcc7b4842cd63abbc8c275d82c8ba1
 2021-08-12 16:11:06 -07:00
Victor Liu
e4ee9723f4 uwb: allow uwb to access the radio service am: 0c429efc07 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15521660

Change-Id: I4bc3d385c8895137bf62640c06592907ccd495b0
 2021-08-12 21:57:10 +00:00
Victor Liu
0c429efc07 uwb: allow uwb to access the radio service 
07-07 18:28:28.391   409   409 E SELinux : avc:  denied  { find } for pid=4609 uid=1083 name=isub scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0

Bug: 192833779
Test: on device, no avc denied message
Change-Id: I4a6b778dce6f493093d3a05683473bb60e9cfa5c
 2021-08-10 22:47:35 +00:00
TreeHugger Robot
ff88615a29 Merge "Remove ndk_platform backend. Use the ndk backend." 2021-08-10 04:36:22 +00:00
Siqi Lin
2af36e8664 Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-dev am: df73384b2e am: 1a27d3d66e am: 4ae3686490 am: c5ba760b93 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15475450

Change-Id: Iaa4691b168df18a81701230c9f2ce1647b234b90
 2021-08-09 20:52:07 +00:00
Siqi Lin
c5ba760b93 Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-dev am: df73384b2e am: 1a27d3d66e am: 4ae3686490 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15475450

Change-Id: I34c4308d929e5582bf499d424fcf8a2a050d9d55
 2021-08-09 20:34:24 +00:00
Siqi Lin
c8836d9832 Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-dev am: df73384b2e am: 505d9d692e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15475450

Change-Id: I16b13385bd0a66983999b3b2f4518c0a07387068
 2021-08-09 20:20:19 +00:00
Siqi Lin
df73384b2e Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-dev 2021-08-09 19:52:02 +00:00
TreeHugger Robot
30f9fc6299 Merge "Add sepolicy to allow camera HAL to read display backlight" into sc-dev am: cfcf725081 am: f30a67df8a am: 89a3d8f1e0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15453996

Change-Id: I538d9c42acc9ae78657c34718fd7cb3b0a8ec475
 2021-08-06 14:49:23 +00:00
TreeHugger Robot
f30a67df8a Merge "Add sepolicy to allow camera HAL to read display backlight" into sc-dev am: cfcf725081 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15453996

Change-Id: I495b9411ea69f6aca5a201c3f6b4e8c464906a9f
 2021-08-06 14:17:49 +00:00
TreeHugger Robot
cfcf725081 Merge "Add sepolicy to allow camera HAL to read display backlight" into sc-dev 2021-08-06 14:04:38 +00:00