Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
719 commits 1 branch 0 tags 494 MiB
Commit graph

719 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ray Chi
f4589fecba usb: Add sepolicy for extcon access 
USB gadget hal will access extcon folder so that this patch
will add new rule to allow USB gadget hal to access extcon.

Bug: 185302867
Test: apply the rule and verify it
Change-Id: I0bc44dbf89a02c4fa5b561baf1c0c1c43d5183e9
 2021-04-14 14:36:44 +08:00
SalmaxChang
f23a4423c4 Add more modem properties 
init    : Do not have permissions to set 'ro.vendor.sys.modem.logging.loc' to '/data/vendor/slog' in property file '/vendor/build.prop': SELinux permission check failed

Bug: 184101903
Change-Id: I8c2dfd48e177e4a5127c1efd977c0f6c18b50379
 2021-04-14 04:46:32 +00:00
Roshan Pius
8119d482ed Uwb: Create a new Uwb system service 
Move the vendor service to a different name which will be used by AOSP
uwb service.

Also, create a new domain for the UWB vendor app which can expose this
vendor service.

Denials:
04-12 16:38:38.282   411   411 E SELinux : avc:  denied  { find } for pid=2964
uid=1000 name=tethering scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=0

04-12 17:56:49.320   411   411 E SELinux : avc:  denied  { find } for pid=2964
uid=1000 name=hardware.qorvo.uwb.IUwb/default scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:hal_uwb_service:s0 tclass=service_manager permissive=0

04-12 20:13:37.952  3034  3034 W com.qorvo.uwb: type=1400 audit(0.0:8): avc: denied
{ getattr } for path="/data/user/0/com.qorvo.uwb" dev="dm-11" ino=7176
scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0
tclass=dir permissive=0

04-12 20:13:38.003   408   408 E SELinux : avc:  denied  { find } for pid=3034
uid=1000 name=content_capture scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768
tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=0

04-12 21:25:03.244  2992  2992 W com.qorvo.uwb: type=1400 audit(0.0:7): avc: denied
{ getattr } for path="/data/user/0/com.qorvo.uwb" dev="dm-11" ino=7176
scontext=u:r:uwb_vendor_app:s0:c232,c259,c512,c768 tcontext=u:object_r:
system_app_data_file:s0:c232,c259,c512,c768 tclass=dir permissive=0

Bug: 183904955
Test: atest android.uwb.cts.UwbManagerTest
Change-Id: Iecb871902ebe7d110f2deb9ddb960c1a3945d8e9
 2021-04-13 17:54:42 -07:00
Ilya Matyukhin
75d0cce94f Merge "Add sepolicy for SystemUIGoogle to write to lhbm" into sc-dev 2021-04-14 00:16:35 +00:00
Vova Sharaienko
72f80a3c90 wirelesscharger-adapter: updated sepolicy 
This allows the wirelesscharger-adapter to access AIDL Stats service

Bug: 181892307
Test: Build, flash, boot & and logcat | grep "platform_app"
Change-Id: I801e801133e4c7a0977f6c1e816b7c64135f59a3
 2021-04-13 19:26:01 +00:00
Ilya Matyukhin
acf6b1f5ae Add sepolicy for SystemUIGoogle to write to lhbm 
Bug: 184768835
Bug: 182520014
Test: adb logcat | grep "avc: denied"
Change-Id: Ia200983c87e0b826a0b62052e65cc731453a632f
 2021-04-13 11:26:34 -07:00
TreeHugger Robot
421bee976b Merge "logger_app: Remove Pixelize rule" into sc-dev 2021-04-13 11:54:20 +00:00
TreeHugger Robot
f7c08818e6 Merge "Fix Android GPU Inspector (AGI) support" into sc-dev 2021-04-13 10:27:29 +00:00
SalmaxChang
cbc7709c10 hal_dumpstate_default: Fix avc error 
avc: denied { set } for property=vendor.sys.modem.logging.enable pid=9743 uid=1000 gid=1000 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_modem_prop:s0 tclass=property_service permissive=0

Bug: 185196642
Change-Id: I955271fa4d2d9bc2ef4b306068623f79f5b37c74
 2021-04-13 07:43:29 +00:00
Adam Shih
e541cce49b change assigned bug 
Bug: 182531832
Test: take bugreport and see no relevant log
Change-Id: I33911bf652c7d21eb2a153e6b6129162434be72f
 2021-04-13 15:08:13 +08:00
KRIS CHEN
ef5cde63e6 Merge "Allow fingerprint hal to access dmabuf_system_heap_device" into sc-dev 2021-04-13 06:22:13 +00:00
Kris Chen
c14f02da5d Allow fingerprint hal to access dmabuf_system_heap_device 
Fixes the following avc denial:
android.hardwar: type=1400 audit(0.0:1207): avc: denied { read } for name="system" dev="tmpfs" ino=689 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0

Bug: 171791180
Bug: 184034094
Test: Enroll and authenticate fingerprints.
Change-Id: Ie86143ac2484d8909b1070829ff20cf02572f17d
 2021-04-13 06:21:09 +00:00
Adam Shih
a071425509 Merge changes Ieac81e9d,I7c069770 into sc-dev 
* changes:
  dump hal_graphics_composer
  allow init to set readahead_size
 2021-04-13 05:56:39 +00:00
Adam Shih
c8d0ba4326 Merge "update error on ROM 7278058" into sc-dev 2021-04-13 05:10:03 +00:00
Jim Sun
9e25f06368 Merge "gs101: fix grilservice context" into sc-dev 2021-04-13 04:31:21 +00:00
Adam Shih
7e071d6cb2 dump hal_graphics_composer 
Bug: 179310854
Bug: 176868159
Bug: 177176812
Bug: 177389412
Bug: 177614642
Bug: 177778217
Bug: 177860841
Bug: 178752460
Bug: 179310909
Bug: 179437463
Bug: 180963481
Bug: 181177909
Bug: 174961421
Test: do bugreport with no relevant error logs
Change-Id: Ieac81e9d684044fbd649b4fec608f393627c34cb
 2021-04-13 11:59:13 +08:00
Adam Shih
7e60d3a032 allow init to set readahead_size 
Bug: 185186743
Test: boot with no error found during boot
Change-Id: I7c06977023a1125d0187b96103e94c355a9d17a2
 2021-04-13 11:17:31 +08:00
Adam Shih
06cc3ee882 update error on ROM 7278058 
Bug: 185186743
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I40066584800e1a40fbd75dc2d97ee44f9e6dde89
 2021-04-13 10:55:33 +08:00
Sidath Senanayake
7c8d4d86e8 Fix Android GPU Inspector (AGI) support 
In order for AGI to work, it needs to dlopen the libgpudataproducer.so
shared object.

Bug: 185127179
Bug: 175593589
Change-Id: I9ad9c587f10e0fd6e27c4743c1d4cb85c896c41d
 2021-04-12 17:41:01 +01:00
Ted Lin
cd12670940 Allow to dump pps-dc 
Bug:185041587
Test: adb bugreport
Change-Id: Ia4adcc335b05f5f7d06625c274842e6a9f5d2637
Signed-off-by: Ted Lin <tedlin@google.com>
 2021-04-12 18:27:20 +08:00
SalmaxChang
2c1b29b494 logger_app: Grant to access new logger properties 
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:vendor_ssrdump_prop:s0" dev="tmpfs" ino=308 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:vendor_ssrdump_prop:s0 tclass=file permissive=1
avc: denied { set } for property=vendor.debug.ramdump.full pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:vendor_ramdump_prop:s0 tclass=property_service permissive=1
avc: denied { set } for property=persist.logd.logpersistd.count pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service permissive=1
avc: denied { set } for property=persist.vendor.ril.crash_handling_mode pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=1
avc: denied { set } for property=persist.logd.size pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logd_prop:s0 tclass=property_service permissive=1

Bug: 178744858
Change-Id: I42629335e82565fbf305be242098870aef6ea317
 2021-04-12 15:08:30 +08:00
Jenny Ho
3b6d7aeb94 Merge "Fix avc denied for maxfg_base/flip and wireless dump" into sc-dev 2021-04-12 04:05:09 +00:00
Andy Chou
deaf447bc6 Merge "Remove sepolicy of Wirecutter" into sc-dev 2021-04-12 02:06:48 +00:00
Erik Staats
1082e886c0 Add policy for USF low latency transport gralloc usage. 
Bug: 183233052
Test: Verified regular and direct report sampling on Raven with shared
 memory transport enabled.
Test: See details in testing done comment in
 https://googleplex-android-review.git.corp.google.com/14144079 .
Change-Id: Ia852a4a9ca6e8eacb0fb465884d17f95445a6822
 2021-04-12 01:33:52 +00:00
millerliang
b4bab832f9 Fix avc denied in MMAP audio exclusive mode 
04-01 15:26:30.936 16390 16390 I auditd  : type=1400 audit(0.0:55): avc:
denied { read } for comm="HwBinder:16390_" name="aaudio_playback_heap"
dev="tmpfs" ino=400 scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:dmabuf_heap_device:s0 tclass=chr_file permissive=1

Bug: 165737390
Test: Build and use OboeTester to run MMAP audio
Change-Id: I22201dfd4a3f579b52d4cfbc86fc6148dc481cb0
 2021-04-09 20:43:54 +08:00
Jenny Ho
b94e7586ce Fix avc denied for maxfg_base/flip and wireless dump 
Bug: 184780667
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: Ice4102cf541dc80c85beb05ad5c523a4306a77bc
 2021-04-09 18:24:32 +08:00
andychou
b370d9d2c3 Remove sepolicy of Wirecutter 
Bug: 184886787
Test: build pass
Change-Id: Ibe539d31dc70cc4ea478f074ef4bf75d918bcb67
 2021-04-09 17:06:51 +08:00
TreeHugger Robot
60a2a6c09b Merge "Fix avc denied for Silent Logging" into sc-dev 2021-04-09 06:20:41 +00:00
TreeHugger Robot
5c9b9d882f Merge "cbd: Grant to access slog file" into sc-dev 2021-04-09 05:15:34 +00:00
Aaron Tsai
06b410dc4a Fix avc denied for Silent Logging 
04-06 15:18:31.513  root     1     1 E init    : Do not have permissions to set 'persist.vendor.sys.silentlog.tcp' to 'On' in property file '/vendor/build.prop': SELinux permission check failed
04-06 15:20:17.988  root     1     1 W /system/bin/init: type=1107 audit(0.0:33): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.ap pid=8917 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:20:23.256  root     1     1 W /system/bin/init: type=1107 audit(0.0:38): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.cp pid=9025 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:20:51.340  root     1     1 W /system/bin/init: type=1107 audit(0.0:43): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog pid=9291 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'
04-06 15:21:03.608  root     1     1 W /system/bin/init: type=1107 audit(0.0:54): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.sys.silentlog.tcp pid=9473 uid=1000 gid=1000 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=property_service permissive=0'

04-06 20:17:08.060  1000  5754  5754 W Thread-3: type=1400 audit(0.0:21): avc: denied { write } for name="slog" dev="dm-7" ino=245 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0
04-06 20:17:09.194  1000   398   398 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 pid=5754 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=0
04-06 21:07:18.376  7458  7458 I auditd  : type=1400 audit(0.0:20): avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=0

04-06 21:16:53.200  8873  8873 W Thread-4: type=1400 audit(0.0:85): avc: denied { create } for name="NNEXT_PROFILE.nprf" scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0:c232,c259,c512,c768 tclass=file permissive=0


Bug: 184608648
Test: verified with the forrest ROM and error log gone
Change-Id: Id9cdf15478c751de92a9a84bcfdc8233d6e9d294
 2021-04-09 04:33:13 +00:00
TreeHugger Robot
83d6ee82fb Merge "init: allow to set tcpdump property" into sc-dev 2021-04-09 03:54:18 +00:00
SalmaxChang
6dd6d9872e cbd: Grant to access slog file 
Bug: 184646743
Change-Id: I06ecfbc8b9276b3801725f0965b03b849eddbdfc
 2021-04-09 03:11:25 +00:00
Speth Chang
6c4d851d28 Merge "allow camera to connect stats service" into sc-dev 2021-04-09 03:01:14 +00:00
jimsun
17f08b3cba gs101: fix grilservice context 
The app is no longer signed with the platform key.

Bug: 162313924
Test: verify gril service function works normally
Change-Id: I9bf0494e65cafca9432665be199c30508d36417e
 2021-04-09 02:48:30 +00:00
SalmaxChang
5feb916e47 init: allow to set tcpdump property 
init: Unable to set property 'persist.vendor.tcpdump.log.alwayson' from uid:10273 gid:10273 pid:7074: SELinux permission check failed

Bug: 184411489

Change-Id: If449e0d883fa4cbf8dd5ac3a6a84d205e7ac1f31
 2021-04-09 10:47:56 +08:00
Nick Sanders
d59ea41ac8 gs101-sepolicy: Allow platform_app to call uwb 
This is to fix below avc denial:
  SELinux : avc: denied { find } for pid=10783 uid=10294 name=uwb
  scontext=u:r:platform_app:s0:c512,c768
  tcontext=u:object_r:uwb_service:s0 tclass=service_manager permissive=0

Bug: 184286788
Test: Run Qorvo app without failure
Change-Id: I9673a3eef3f0b0bedb50ef2a5c336d8bfe7620e7
 2021-04-09 02:21:20 +00:00
TreeHugger Robot
4a3f3550f5 Merge "Create sepolicy for the fingerprint GHBM sysprop" into sc-dev 2021-04-09 02:11:57 +00:00
Ilya Matyukhin
b9e10feefb Create sepolicy for the fingerprint GHBM sysprop 
Bug: 184761756
Bug: 183728349
Test: adb logcat | grep "avc: denied"
Change-Id: I5209bdf859e86a83ac3fa29ecf8bfd8d5b6d88ce
 2021-04-08 23:21:22 +00:00
TreeHugger Robot
f15b8edbd1 Merge "Give hal_dumpstate_default read access to slog files" into sc-dev 2021-04-08 21:40:31 +00:00
Eddie Tashjian
5bbdd82a4e Merge "Add TCP dump permissions." into sc-dev 2021-04-08 18:25:30 +00:00
Craig Dooley
cd888e847f Merge "Fix SELinux errors with aocd" into sc-dev 2021-04-08 17:27:56 +00:00
Chris Fries
1d379dfbc9 Give hal_dumpstate_default read access to slog files 
Bug: 184821900

Bugreports require access to "silent log" files.

cp      : type=1400 audit(0.0:20): avc: denied { getattr } for path="/data/vendor/radio/logs/always-on/sbuff_20210408191538.sdm" dev="dm-11" ino=9075 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_slog_file:s0 tclass=file permissive=0

Change-Id: Iacc4778d1242f304e9519180437ceb0f0e9d350d
 2021-04-08 16:27:29 +00:00
Cliff Wu
ec6bd9449b Merge "[Bug] Change the sepolicy name for exo_camera_injection" into sc-dev 2021-04-08 14:09:47 +00:00
Craig Dooley
3d4d9159c9 Fix SELinux errors with aocd 
Add inotify support for /dev
Fix the aoc vendor property

Bug: 184173298
Change-Id: I40a71edd56b2d51f848085c43ae1d10a4c2c0c4b
 2021-04-08 03:59:23 +00:00
Speth Chang
1c64cd89a2 allow camera to connect stats service 
Bug: 177076189
Test: build pass
Change-Id: I1132e8a6794d09306b70fe902fc82fbdb7bf9bb4
 2021-04-08 11:48:08 +08:00
Eddie Tashjian
b2fb9cdace Add TCP dump permissions. 
Copy selinux policy for tcp dump binary from previous Pixel to support
TCP logging on P21 through PixelLogger.

Bug: 184777243
Test: Check PixelLogger TCP dump works.
Change-Id: Id958c8a3e6375a7aae569d6fc94deb9f8072b57b
 2021-04-08 03:13:55 +00:00
Chase Wu
682e3a348f Merge "update label missing vibrator sys nodes for dual part" into sc-dev 2021-04-08 02:24:28 +00:00
Mat Bevilacqua
b58243632d Merge "Fix selinux permissions errors for UwbService" into sc-dev 2021-04-08 02:09:57 +00:00
TreeHugger Robot
34e0106672 Merge "whitechapel: add permission for pixellogger set audio property" into sc-dev 2021-04-08 01:31:35 +00:00
Adam Shih
bf832c3b49 Merge "remove wildcard on kernel modules" into sc-dev 2021-04-08 01:10:56 +00:00