Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3273 commits 1 branch 0 tags 494 MiB
Commit graph

1256 commits

Author SHA1 Message Date
TeYuan Wang
66f1d74123 Move thermal netlink socket sepolicy rules to pixel sepolicy 
Bug: 213257759
Test: verified genlink function with emul_temp under enforcing mode
Change-Id: I8f5518e5f866ed0813be1e6630c6a9aefaf06e63
 2022-01-25 11:59:06 +08:00
Kame(TeYuan) Wang
1be9b0a5de Merge "Label TMU as sysfs_thermal am: 32458cdc49 am: a76533f48b am: 27eae23a3f am: 5c9ca15d60" 2022-01-24 05:04:06 +00:00
TreeHugger Robot
b41839bdf3 Merge "camera_hal: allow changing kthread priority" 2022-01-24 03:17:11 +00:00
TeYuan Wang
287cad81ea Label TMU as sysfs_thermal am: 32458cdc49 am: a76533f48b am: 27eae23a3f am: 5c9ca15d60 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1937119

Change-Id: Ie7426fcefe1ba3bf7fd53af5454811724e6d1a90
 2022-01-24 02:45:55 +00:00
TreeHugger Robot
8b1083c037 Merge "Merge "Add SOC specific ETM sysfs paths" am: 9ee70a3d7f am: 1a59c0625f am: c581535e5c am: b48e33f29f" 2022-01-22 23:29:11 +00:00
TreeHugger Robot
1b02510fce Merge "Remove redundant rule in system_server.te" 2022-01-22 08:01:05 +00:00
Yabin Cui
826a3540e7 Merge "Add SOC specific ETM sysfs paths" am: 9ee70a3d7f am: 1a59c0625f am: c581535e5c am: b48e33f29f 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1943866

Change-Id: I75cfc6940977bf431c9a8fee12497caf865ce3ff
 2022-01-22 04:25:25 +00:00
Jasmine Cha
eec7d4b172 audio: add sepolicy for getting thermal event am: 2abecb1519 am: 54e84e9978 am: d57668f3cc am: 0bfc811257 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944690

Change-Id: I83d62090ef9a78a3bac0c0cdccd550eb56b82dc5
 2022-01-22 03:41:43 +00:00
Badhri Jagan Sridharan
7dacac2b34 Merge "android.hardware.usb.IUsb AIDL migration" 2022-01-22 01:20:20 +00:00
Badhri Jagan Sridharan
472abdcd5d Remove redundant rule in system_server.te 
hal_client_domain(system_server, hal_usb) covers
the needed rule.

Bug: 200993386
Test: Boot up target to check for selinux denials.
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: If9803a028babb38a6ed0ce5f87a5c7d1eec8e598
 2022-01-21 17:08:50 -08:00
Badhri Jagan Sridharan
51735ba3ab android.hardware.usb.IUsb AIDL migration 
android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
 2022-01-21 17:07:56 -08:00
Treehugger Robot
b0ecddbd4e Merge "Allow TEE storageproxyd permissions needed for DSU handling" am: 05ca30173e am: 3cde81c794 am: 5dd5b0dd29 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1923363

Change-Id: I0190a5a7017d8cfa34932ecdbe9c85587408af85
 2022-01-21 22:47:37 +00:00
TeYuan Wang
5c9ca15d60 Label TMU as sysfs_thermal am: 32458cdc49 am: a76533f48b am: 27eae23a3f 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1937119

Change-Id: I78fdf05253972c617a124165a6d880083e7c0310
 2022-01-21 22:47:28 +00:00
Yabin Cui
b48e33f29f Merge "Add SOC specific ETM sysfs paths" am: 9ee70a3d7f am: 1a59c0625f am: c581535e5c 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1943866

Change-Id: I391bab4a982ec03d1904d59aa2376a3d3c816c40
 2022-01-21 22:47:19 +00:00
Jasmine Cha
0bfc811257 audio: add sepolicy for getting thermal event am: 2abecb1519 am: 54e84e9978 am: d57668f3cc 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944690

Change-Id: Idb58719a8511be2f750c8e4a11421d147801b57c
 2022-01-21 22:47:00 +00:00
David Anderson
9e40c2e027 Fix sepolicy denial in update_engine. am: 2fe229352b am: e999b85d07 am: b7b8477e12 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1934897

Change-Id: I8f97a3527ec13132ddbba7a0981619f55e0e0f9d
 2022-01-21 22:46:11 +00:00
Treehugger Robot
5dd5b0dd29 Merge "Allow TEE storageproxyd permissions needed for DSU handling" am: 05ca30173e am: 3cde81c794 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1923363

Change-Id: I5e75aabf2f88f5611f8c4406d7bb81de77d3800f
 2022-01-21 22:30:24 +00:00
TeYuan Wang
27eae23a3f Label TMU as sysfs_thermal am: 32458cdc49 am: a76533f48b 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1937119

Change-Id: Ica3d0e3c016616052f18b880cd22e9da8ca1515e
 2022-01-21 22:30:16 +00:00
Yabin Cui
c581535e5c Merge "Add SOC specific ETM sysfs paths" am: 9ee70a3d7f am: 1a59c0625f 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1943866

Change-Id: If31d085e00b660262575ab11decb61b372597ceb
 2022-01-21 22:29:59 +00:00
Jasmine Cha
d57668f3cc audio: add sepolicy for getting thermal event am: 2abecb1519 am: 54e84e9978 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944690

Change-Id: Iddcd4b760301c761c273d53231147a6c1b0927da
 2022-01-21 22:29:29 +00:00
Jasmine Cha
8b5831f247 audio: add permission to request health/sensor data am: a21b7f8800 am: cdcccbbd02 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944689

Change-Id: I16f8196bfe5e3b49575b936ee6d2376e878aa9be
 2022-01-21 22:29:12 +00:00
David Anderson
b7b8477e12 Fix sepolicy denial in update_engine. am: 2fe229352b am: e999b85d07 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1934897

Change-Id: I45ccf375ccb5b97f848a1db62de77271de5c0b86
 2022-01-21 22:28:55 +00:00
Jagadeesh Pakaravoor
400b93eb0b camera_hal: allow changing kthread priority 
Allow changing kthread priority during insmod for camera-hal/LWIS.

Bug: 199950581
Test: boot, local camera testing
Change-Id: If59bfe101cab17854a5472ef388411bd19ef0a68
 2022-01-21 14:58:07 +08:00
Presubmit Automerger Backend
03b2c4e33e [automerge] Add vendor SELinux denial to allowlist 2p: ed2c8d78ae am: bb9f892d56 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16672552

Change-Id: I991901e8d67be19d479d0cba5852aa7cca3d8301
 2022-01-21 06:24:13 +00:00
Presubmit Automerger Backend
bb9f892d56 [automerge] Add vendor SELinux denial to allowlist 2p: ed2c8d78ae 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16672552

Bug: 215640468
Change-Id: Ie94576056af0683b0cb23b51ae8543ef14b2bca7
 2022-01-21 03:37:25 +00:00
eddielan
ed2c8d78ae Add vendor SELinux denial to allowlist 
Bug: 215640468
Test: Build Pass
Change-Id: I8c2aa5ce4c6cc229837f763c6a20a1c27e1978a6
 2022-01-21 03:37:16 +00:00
Stephen Crane
b69ac35ff0 Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Merged-In: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2022-01-18 11:43:16 -08:00
Treehugger Robot
05ca30173e Merge "Allow TEE storageproxyd permissions needed for DSU handling" 2022-01-12 23:34:32 +00:00
YiHo Cheng
5254b52656 Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev am: e400db11ba am: b4024884f1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16569088

Change-Id: Icf3374f059b914f09e5dd6650a60c7f0a825672d
 2022-01-12 23:26:50 +00:00
YiHo Cheng
b4024884f1 Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev am: e400db11ba 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16569088

Change-Id: I3c9929f0ec857786766b892e415d4b58163797be
 2022-01-12 23:14:55 +00:00
YiHo Cheng
e400db11ba Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev 2022-01-12 23:03:42 +00:00
TeYuan Wang
32458cdc49 Label TMU as sysfs_thermal 
Bug: 202805103
Test: switch thermal tj property and check thermal threshold
Change-Id: Id113b80f856e26412e2e07b9c9b4a61d519b194f
 2022-01-12 10:16:49 +08:00
Yabin Cui
9ee70a3d7f Merge "Add SOC specific ETM sysfs paths" 2022-01-11 19:40:23 +00:00
Jasmine Cha
2abecb1519 audio: add sepolicy for getting thermal event 
type=1400 audit(0.0:15): avc: denied { call } for scontext=u:r:hal_audio_default:s0
tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1

type=1400 audit(0.0:16): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0
tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1

Bug: 204271308
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I900de2a2d8bf0753543ef4428374e782908e7aee
 2022-01-11 13:42:58 +08:00
Jasmine Cha
a21b7f8800 audio: add permission to request health/sensor data 
- Add audio hal into hal_health clients
- Allow audio hal to find fwk_sensor_hwservice
SELinux : avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1
SELinux : avc:  denied  { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1
audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1
audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1

Bug: 199382564
Bug: 199801586
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
Merged-In: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
 2022-01-11 13:42:55 +08:00
YiHo Cheng
ca06222472 thermal: Label tmu register dump sysfs 
Allow dumpstate to access tmu register dump sysfs

[ 1155.422181] type=1400 audit(1641335196.892:8): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_state" dev="sysfs"
ino=68561
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0
[ 1155.423398] type=1400 audit(1641335196.892:9): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_current_temp" dev="sysfs"
ino
=68562 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.443740] type=1400 audit(1641335196.896:10): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_rise_thres"
dev="sysfs"
ino=68563 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.466064] type=1400 audit(1641335196.896:11): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_fall_thres"
dev="sysfs"
ino=68565 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.488251] type=1400 audit(1641335196.916:12): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_rise_thres"
dev="sysfs" ino=68564 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.510614] type=1400 audit(1641335196.960:13): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_fall_thres"
dev="sysfs"
ino=68566 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
o

Bug: 202736838
Test: check thermal section in dumpstate
Change-Id: Icecca9f69ee9b57d43aa2864864951bf66c4905f
 2022-01-11 08:42:45 +08:00
Yabin Cui
1459e9734a Add SOC specific ETM sysfs paths 
Bug: 213519191
Test: run profcollectd on oriole
Change-Id: Ib1ae7466c76362b8242f2bb8560bb8b1d80c4253
 2022-01-10 11:25:25 -08:00
Vinay Kalia
97addf8500 [DO NOT MERGE] Allow media codec to access power HAL am: 8337626f4a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16483773

Change-Id: I4ce0bb633c8d27e798c7a8e80e1d23eb06b3a2a0
 2022-01-10 06:13:59 +00:00
Vinay Kalia
8337626f4a [DO NOT MERGE] Allow media codec to access power HAL 
This commit fixes the following denials:

W /vendor/bin/hw/google.hardware.media.c2@1.0-service: type=1400 audit(0.0:276): avc: denied
{ call } for comm=436F646563322E30204C6F6F706572 scontext=u:r:mediacodec:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

bug: 206687836
Test: Secure HFR AV1 video playback with resolution change.
Signed-off-by: Vinay Kalia <vinaykalia@google.com>
Change-Id: I79c20bda87af6066ae667a5176747378718a3a62
 2022-01-06 20:18:34 +00:00
David Anderson
2fe229352b Fix sepolicy denial in update_engine. 
pvmfw is an A/B partition but is not properly labeled and update_engine
gets a denial trying to write to it.

Bug: N/A
Test: m otapackage, apply OTA, check for denials
Change-Id: I55f41a8937384d3bcda5797b5df3f34257f7a114
 2021-12-28 21:52:12 -08:00
Cyan Hsieh
6e1c9d88cd Merge "Add pvmfw to custom_ab_block_device" 2021-12-20 03:22:22 +00:00
Cyan_Hsieh
0b5b4a9692 Add pvmfw to custom_ab_block_device 
Bug: 211070100
Change-Id: Icd8f6d1837b8124bd8cd7b3d59d43b755455bae6
 2021-12-20 10:10:46 +08:00
TreeHugger Robot
899faa57e4 Merge "Allow vendor init to read gesture_prop." 2021-12-15 09:01:23 +00:00
Stephen Crane
3f9a11fa0b Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2021-12-14 14:33:56 -08:00
Super Liu
8f356044ff Allow vendor init to read gesture_prop. 
Bug: 209713977
Bug: 193467627
Test: local test.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: I7f061f550bcf6c3a61b5528e8c21eae8567e677b
 2021-12-13 09:28:02 +08:00
Cliff Wu
11c8ad745a Update the sepolicy for exo_camera_injection v1.1 
- Update exo_camera_injection hal service from 1.0 to 1.1.
- Selinux avc log:
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs"
ino=152 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_prop:s0 tclass=file permissive=0.

Bug: 202092371
Test: Verified exo_camera_injection provider service use cases function
as expected; no denials.

Change-Id: Ica94a00db580356158d94af2ae6dbe9c9a81be0a
 2021-12-11 05:26:06 +00:00
TreeHugger Robot
f7db23e139 Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev 2021-12-08 01:40:06 +00:00
joenchen
8d4e8a65d6 Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-07 03:42:52 +00:00
joenchen
bef2d7397c Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-06 02:45:51 +00:00
joenchen
02a20e025f Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-04 17:18:46 +00:00