Ted Lin
69c8212a41
wlc fwupdate implementation
...
Fix sepolicy problems.
Bug: 183465596
Test: logcat/dmesg grep wlc.
Signed-off-by: Ted Lin <tedlin@google.com>
Change-Id: I834f4d83f822b8189a576ac198bae9a7d77a3e10
2021-05-04 02:09:32 +00:00
Daniel Mentz
2fb432f08c
Remove /vendor/lib/modules from file_contexts
...
Vendor kernel modules were moved to /vendor_dlkm/lib/modules. Let's
remove the old directory /vendor/lib/modules from file_contexts.
Bug: 185184472
Bug: 186777291
Change-Id: I38f1b25cb2d73a804f1cdb113edc9b11f8e516f7
2021-05-03 18:16:05 -07:00
Chris Kuiper
db03875ebe
sepolicy: gs101: allow usf_reg_edit to run
...
Provide necessary permissions to run usf_reg_edit from bugreport.
Bug: 187081112
Test: Run "adb bugreport <zip>" and verify it contains the output
from "usf_reg_edit save -".
Change-Id: Iade132d93105d461d51273d19fe570d48cce46fe
2021-05-03 16:34:58 -07:00
Daniel Mentz
a3c0b2ba9e
Revert "remove wildcard on kernel modules"
...
This reverts commit a346a7fa34
2021-05-03 15:38:56 -07:00
SHUCHI LILU
1d6ffc2305
Merge "Update avc error on ROM 7330059" into sc-dev
2021-05-03 09:34:35 +00:00
TreeHugger Robot
4ae391d780
Merge "update error on ROM 7331131" into sc-dev
2021-05-03 08:56:20 +00:00
lucaslin
4099f60681
Add sepolicy for tcpdump_logger to access wlan_logs folder
...
tcpdump cannot be zipped into wlan logs when using tcpdump_logger
on-demand function is because tcpdump_logger doesn't have access
of wlan_logs folder.
Add related sepolicies to fix it.
Bug: 183467815
Test: 1. Set logger to wlan
2. Enable tcpdump_logger on-demand
3. Start logging
4. Stop logging
5. Pull wlan_logs
6. Check if tcpdump.pcap is zipped into the zip file
Change-Id: Ib1b6c8cbd4512acdbe756d11bfe6f540e16c8db6
2021-05-03 16:29:18 +08:00
Adam Shih
722b181dd3
update error on ROM 7331131
...
Bug: 187016929
Bug: 187016930
Bug: 187016910
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I294a27fd272f73cc371a4a8dc9783ba5f60203ff
2021-05-03 15:48:46 +08:00
Jenny Ho
4510c55091
set sepolicy for testing_battery_profile
...
need run /vendor/bin/sh before setprop
Bug: 180511460
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: I3dbaa984407c82662dea537da671745851035fa2
2021-05-03 15:47:14 +08:00
TreeHugger Robot
2391c852bd
Merge "Add sepolicy for sensor HAL accessing AOC sysfs node." into sc-dev
2021-05-03 07:42:00 +00:00
sukiliu
58238158ab
Update avc error on ROM 7330059
...
Bug: 187014717
Bug: 187015705
Bug: 187015816
Test: PtsSELinuxTestCases
Change-Id: I2d79fee24d18865090cd350485daea4e66bb5184
2021-05-03 15:25:20 +08:00
Eddie Lan
2d4071ca8c
Merge "Add sepolicy for fpc AIDL HAL" into sc-dev
2021-05-03 03:48:40 +00:00
TreeHugger Robot
1256869c5c
Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev
2021-05-03 03:19:23 +00:00
Hridya Valsaraju
1711a2d5c7
Provide fastbootd permissions to invoke the set_active command
...
These permissions fix the following denials:
[ 66.641731][ T59] audit: type=1400 audit(1619815760.952:17): avc:
denied { open } for pid=360 comm="fastbootd" path="/dev/block/sdd1"
dev="tmpfs" ino=416 scontext=u:r:fastbootd:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file permissive=1
[ 66.664509][ T59] audit: type=1400 audit(1619815760.952:18): avc:
denied { write } for pid=360 comm="fastbootd" name="sdd1" dev="tmpfs"
ino=416 scontext=u:r:fastbootd:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file permissive=1
[ 66.686431][ T59] audit: type=1400 audit(1619815760.952:19): avc:
denied { read write } for pid=360 comm="fastbootd"
name="boot_lun_enabled" dev="sysfs" ino=57569 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
[ 66.708623][ T59] audit: type=1400 audit(1619815760.952:20): avc:
denied { open } for pid=360 comm="fastbootd"
path="/sys/devices/platform/14700000.ufs/pixel/boot_lun_enabled"
dev="sysfs" ino=57569 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
[ 56.680861][ T59] audit: type=1400 audit(1619806507.020:10): avc:
denied { read write } for pid=357 comm="fastbootd" name="sda"
dev="tmpfs" ino=476 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file permissive=0
Test: fastboot set_active
Bug: 185955438
Change-Id: I9339b2a5f2a00c9e1768f479fdeac2e1f27f04bc
2021-04-30 14:37:58 -07:00
TreeHugger Robot
6a5cfd86f5
Merge "Remove platform certification from imsservice" into sc-dev
2021-04-30 16:55:56 +00:00
TreeHugger Robot
ff7948fc48
Merge "Update gs101 sepolicy for contexthub HAL" into sc-dev
2021-04-30 16:34:37 +00:00
TreeHugger Robot
c134ed985a
Merge "sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes" into sc-dev
2021-04-29 22:48:22 +00:00
Oleg Matcovschi
963848fdaa
sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes
...
Bug: 186788772
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I9cc44571eb5c8f52d6307bff9cb77f08712c5404
2021-04-29 14:34:55 -07:00
TreeHugger Robot
2c4b0fd96a
Merge "change persist.camera to persit.vendor.camera" into sc-dev
2021-04-29 21:26:12 +00:00
Lida Wang
bb7ae85a0d
change persist.camera to persit.vendor.camera
...
Bug: 186670529
Change-Id: I3a6d4202ec2b90cc0ce9cc9ba62d2cf2ce3a5c29
2021-04-29 13:18:01 -07:00
Anthony Stange
836f25d64b
Update gs101 sepolicy for contexthub HAL
...
Bug: 168941570
Test: Load nanoapp via HAL
Change-Id: If133a3290e4fc02677523d737980ee5944885c36
2021-04-29 16:59:36 +00:00
TreeHugger Robot
7a4cd3a6e0
Merge "Add sepolicy for sensor HAL to read lhbm" into sc-dev
2021-04-29 15:48:15 +00:00
Taesoon Park
b6f2b0bad9
Remove platform certification from imsservice
...
The platform certification is removed form com.shannon.imsservice.
So, remove seinfo from com.shannon.imsservice item.
Bug: 186135657
Test: VoLTE and VoWiFi
Signed-off-by: Taesoon Park <ts89.park@samsung.com>
Change-Id: Ie493abfd7a146766ad819bb7a5240d9f1e2f1d0e
2021-04-29 11:28:08 +08:00
Chia-Ching Yu
3f91d6417a
Add sepolicy for sensor HAL to read lhbm
...
04-23 08:54:18.000 742 742 I /vendor/bin/hw/android.hardware.sensors@2.0-service.multihal: type=1400 audit(0.0:23): avc: denied { read } for comm=504F5349582074696D6572203430 name="local_hbm_mode" dev="sysfs" ino=70515 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=1
Bug: 181617640
Test: Forrest build with this patch(ab/P22167685).
No local_hbm_mode related avc deined log.
Change-Id: Ibac3317cbca8652885310b1f5af8f4ea4d44a5c4
2021-04-29 03:00:19 +00:00
TreeHugger Robot
7ecd67743c
Merge "Fix android.hardware.drm@1.4-service.clearkey label" into sc-dev
2021-04-28 22:26:38 +00:00
Victor Liu
247097a000
Merge "uwb: allow uwb service to access nfc service" into sc-dev
2021-04-28 20:49:50 +00:00
Chris Fries
2d2adb3e56
Fix android.hardware.drm@1.4-service.clearkey label
...
Bug: 186617617
Change-Id: Icad8008686ef57d4b6c3fca27af41e2b2991f74f
2021-04-28 14:40:02 -05:00
Roger Fang
66634d4d20
sepolicy: gs101: allows pixelstat to access audio metrics nodes
...
audio.service: type=1400 audit(0.0:30): avc: denied { read write } for name="amcs" dev="tmpfs" ino=739 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:amcs_device:s0 tclass=chr_file permissive=0
pixelstats-vend: type=1400 audit(0.0:9): avc: denied { read } for name="speaker_impedance" dev="sysfs" ino=67611 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
HwBinder:696_2: type=1400 audit(0.0:8): avc: denied { open } for path="/dev/amcs" dev="tmpfs" ino=766 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:amcs_device:s0 tclass=chr_file permissive=0
Bug: 171854614
Test: manually test, no avc: denied.
Change-Id: I82ebd22f167200ab3cf59e6525ef43c0be8f722a
2021-04-28 10:52:06 +08:00
TreeHugger Robot
d60ae7dfed
Merge "Add sepolicy for wlan logger and sniffer logger" into sc-dev
2021-04-28 02:12:26 +00:00
TreeHugger Robot
68bbf709c2
Merge "Grant powerhal access to sysfs_devfreq_dir" into sc-dev
2021-04-28 02:03:58 +00:00
Jia-yi Chen
09d5fc647d
Grant powerhal access to sysfs_devfreq_dir
...
Bug: 186576303
Test: Boot & check logcat
Change-Id: Ia07991c3a8a7dfd8388a228fbdec1f28d2f5b4c3
2021-04-27 16:16:02 -07:00
chiayupei
3fefc8a57b
Add sepolicy for sensor HAL accessing AOC sysfs node.
...
Bug: 177943509
Test: make selinux_policy -j128 and push to device.
No hal_sensors_default related avc deined log while suez polling.
Signed-off-by: chiayupei <chiayupei@google.com>
Change-Id: Ie32eaccf551fcb9f2d7bc763c801891f637ccc1a
2021-04-28 03:50:26 +08:00
chenpaul
920b0e11a9
Add sepolicy for wlan logger and sniffer logger
...
Bug: 186069127
Test: Sniffer logger can be start by Pixel Logger app
wlan logger is workable.
Change-Id: I1e7a75a08de37668316b06e066c080e837d7896b
2021-04-27 19:37:28 +08:00
TreeHugger Robot
27c30c1cc6
Merge "update wakeup node" into sc-dev
2021-04-27 08:47:38 +00:00
Adam Shih
72ca81757a
update wakeup node
...
Bug: 186492032
Test: pts-tradefed run pts -m PtsSELinuxTest
-t com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I9bac40334001d4073dae1846a2cd0310d59ebfe7
2021-04-27 15:30:55 +08:00
Adam Shih
ab9437c069
Merge "move vendor_executes_system_violators to userdebug" into sc-dev
2021-04-27 01:01:21 +00:00
TreeHugger Robot
6f18d69b86
Merge "logger_app: Grant access to control usb debug port" into sc-dev
2021-04-26 18:19:35 +00:00
TreeHugger Robot
a18b6c2e99
Merge "usb: Add sepolicy for extcon access" into sc-dev
2021-04-26 10:00:15 +00:00
Nicole Lee
b3dfc87e03
logger_app: Grant access to control usb debug port
...
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=325 scontext=u:r:logger_app:s0:c22,c257,c512,c768 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1 app=com.android.pixellogger
avc: denied { open } for comm="oid.pixellogger" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=325 scontext=u:r:logger_app:s0:c22,c257,c512,c768 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1 app=com.android.pixellogger
avc: denied { set } for property=vendor.usb.config pid=8892 uid=10278 gid=10278 scontext=u:r:logger_app:s0:c22,c257,c512,c768 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1
Bug: 186365435
Change-Id: Ie7aef49eee1dd66a6ca6ca9a1a4f8d31cc793551
2021-04-26 11:50:51 +08:00
David Massoud
e03291c6af
Add gs101 specific sysfs_devfreq_cur entries
...
Device specific implementation for go/oag/1676945
Bug: 181850306
Test: See go/oag/1676945
Change-Id: I8a973f400c89ada880edb5566ec31fc6ee7b97c1
2021-04-26 00:56:42 +00:00
Adam Shih
22f18adb26
move vendor_executes_system_violators to userdebug
...
Bug: 186189967
Test: com.google.android.security.gts.SELinuxHostTest#testNoExemptionsForVendorExecutingCore
Change-Id: I277cec72377b647c9af40e32b5582e30e9e3730e
2021-04-26 08:41:02 +08:00
TreeHugger Robot
707d297dd8
Merge "allow RilConfigService to call oemrilhook api" into sc-dev
2021-04-23 17:48:32 +00:00
TreeHugger Robot
16730f3087
Merge "Mark GS101 camera HAL as using Binder." into sc-dev
2021-04-23 00:52:20 +00:00
TreeHugger Robot
0f87f26134
Merge "Allow access to NFC power stats" into sc-dev
2021-04-22 23:38:44 +00:00
TreeHugger Robot
9573fc21a0
Merge "gs101-sepolicy: Allow platform_app to call uwb" into sc-dev
2021-04-22 22:12:28 +00:00
Krzysztof Kosiński
de973d797a
Mark GS101 camera HAL as using Binder.
...
The service implements a public API, so it will communicate over
Binder in both the framework domain and the vendor domain.
Bug: 186067463
Test: boot on oriole & check logs
Change-Id: If5bee474f79b7d14f65351580544c0dcb701d604
2021-04-22 13:50:42 -07:00
Victor Liu
4605f4b82c
uwb: allow uwb service to access nfc service
...
04-22 00:47:16.771 9777 9777 V UwbService: Service: Getting Nfc
adapter 04-22 00:47:16.771 412 412 E SELinux : avc: denied
{ find } for pid=9777 uid=1000 name=nfc scontext=u:r:uwb_vendor_app:
s0:c232,c259,c512,c768 tcontext=u:object_r:nfc_service:s0
tclass=service_manager permissive=1
Bug: 185389669
Test: on device, no avc: denied message
Change-Id: Ib31385d88a68878eaca5e53b4ddeddc5a6e7c87d
2021-04-22 08:51:21 -07:00
Michael Ayoubi
134a3882cc
Merge "gs101: Remove kernel.te after UWB fixes" into sc-dev
2021-04-22 15:11:23 +00:00
eddielan
09e529d78c
Add sepolicy for fpc AIDL HAL
...
Bug: 185464439
Test: Build Pass
Change-Id: I7ac26b2bf50fdfc1d32fb88efc2bee07f0525b0c
2021-04-22 22:01:32 +08:00
Michael Ayoubi
d17f3bad0f
gs101: Remove kernel.te after UWB fixes
...
tracking_denials/kernel.te is no longer needed after fixes from b/182954062.
Bug: 171943668
Test: Add dw3000 module back into build
Compile and test image on Raven
Confirm no avc denial logs are seen and that the dw3000 driver
loads successfully.
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I9a8510ed3852c053319a3395871728048a57ecb5
2021-04-22 05:38:21 +00:00
