Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1627 commits 1 branch 0 tags 494 MiB
Commit graph

1627 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vinay Kalia
8337626f4a [DO NOT MERGE] Allow media codec to access power HAL 
This commit fixes the following denials:

W /vendor/bin/hw/google.hardware.media.c2@1.0-service: type=1400 audit(0.0:276): avc: denied
{ call } for comm=436F646563322E30204C6F6F706572 scontext=u:r:mediacodec:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

bug: 206687836
Test: Secure HFR AV1 video playback with resolution change.
Signed-off-by: Vinay Kalia <vinaykalia@google.com>
Change-Id: I79c20bda87af6066ae667a5176747378718a3a62
 2022-01-06 20:18:34 +00:00
David Anderson
2fe229352b Fix sepolicy denial in update_engine. 
pvmfw is an A/B partition but is not properly labeled and update_engine
gets a denial trying to write to it.

Bug: N/A
Test: m otapackage, apply OTA, check for denials
Change-Id: I55f41a8937384d3bcda5797b5df3f34257f7a114
 2021-12-28 21:52:12 -08:00
Matt Buckley
317166636f Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags 
For the hardware composer and surfaceflinger to coordinate on certain features, it is necessary for the hardware composer to be able to read the surface_flinger_native_boot_prop to know what should be enabled.

Bug: b/195990840
Test: None
Change-Id: Idc1599820026febecda84233d60982e7db7b14b5
 2021-12-28 19:08:06 +00:00
Joel Galenson
b287da183e Include core policy OWNERS. 
Test: None
Change-Id: I053d84eba7695fe125783b536421d43117b3f16d
 2021-12-21 07:27:03 -08:00
Stephen Crane
3f9a11fa0b Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2021-12-14 14:33:56 -08:00
Xin Li
0d05632eb8 Merge Android 12 QPR1 
Bug: 210511427
Merged-In: Ie31b278a639fd5a9e249ca934d543de770fb3217
Change-Id: I0daddb05e061916c60055b7df00164a76c69ebd2
 2021-12-14 08:38:59 -08:00
Chris Kuiper
3ce470c235 selinux: Allow sensor HAL to access the display service HAL am: 734d79bdaf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16376281

Change-Id: Ib3f0609b74dbb05a7e4936fa2055a1e050777b3e
 2021-12-10 17:44:16 +00:00
Chris Kuiper
734d79bdaf selinux: Allow sensor HAL to access the display service HAL 
Add necessary permissions.

Bug: b/204471211
Test: Testing with corresponding sensor HAL changes and sensor_test commands.
Change-Id: I01774210693ceb4a6d0d4dee4fb5e905117774d3
 2021-12-10 11:00:07 +08:00
TreeHugger Robot
65a718976e [automerger skipped] Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev am: f7db23e139 -s ours 
am skip reason: Merged-In I29243751ab5f38eca5d8e4221122764f79c75e04 with SHA-1 8d4e8a65d6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16302392

Change-Id: Ib87c387438c8ada00867ef1422dfa6bc2c4c6df9
 2021-12-08 01:57:41 +00:00
TreeHugger Robot
f7db23e139 Merge "Label min_vrefresh and idle_delay_ms as sysfs_display" into sc-v2-dev 2021-12-08 01:40:06 +00:00
joenchen
8d4e8a65d6 Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-07 03:42:52 +00:00
joenchen
bef2d7397c Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 202567084
Test: Check the files label by "adb shell ls -Z"
Change-Id: I29243751ab5f38eca5d8e4221122764f79c75e04
Merged-In: I29243751ab5f38eca5d8e4221122764f79c75e04
 2021-12-06 02:45:51 +00:00
Albert Wang
43bde53275 Allow suspend_control to access xHCI wakeup node am: a506ed1e06 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946

Change-Id: I17198ed93403abe1b6526b385218847616b52c5b
 2021-12-02 01:53:59 +00:00
Albert Wang
a506ed1e06 Allow suspend_control to access xHCI wakeup node 
This is a WORKAROUND to avoid the xHCI wakeup node permission problem,
since system will automatically allocated device ID.

Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: Ia2ca04618f950bdded4aea76c897579eb4b92daf
 2021-12-01 23:45:19 +08:00
Xin Li
50628a78a8 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours am: 4613d25f07 -s ours 
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: Ib19bc7987a5b32c39431ebdce2923541a944f608
 2021-11-18 22:25:11 +00:00
Xin Li
4613d25f07 [automerger skipped] Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 am: 856fe3d040 -s ours 
am skip reason: Merged-In I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c with SHA-1 7bfec1ad53 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16278444

Change-Id: I3f0e4f5e9f26b048b89f495b7d79d9ceffb61f80
 2021-11-18 22:00:55 +00:00
Albert Wang
8bdcb60170 [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node am: e6fb90425d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16246250

Change-Id: If82693c02020cc701953dcb12412fa0fe132f16b
 2021-11-17 08:51:05 +00:00
Albert Wang
e6fb90425d [RESTRICT AUTOMERGE] Allow suspend_control to access xHCI wakeup node 
Bug: 205138535
Test: n/a
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e012fea56c50656c8f26216199459092dcfc0f9
Merged-In: I6e012fea56c50656c8f26216199459092dcfc0f9
 2021-11-17 07:18:29 +00:00
chenpaul
37d4cfa648 Remove wifi_logger related sepolicy settings 
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.

Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202
 2021-11-15 02:05:06 +00:00
Michael Ayoubi
11bb305754 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev am: e7a17433a0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16233414

Change-Id: Ibac4fbebf2f14157e1ac32585e4da68b61acea19
 2021-11-12 01:48:47 +00:00
Michael Ayoubi
e7a17433a0 Merge "Allow uwb_vendor_app to get SE properties" into sc-v2-dev 2021-11-12 01:24:43 +00:00
Oleg Matcovschi
2eced57692 gs101:ssr_detector: Allow access to aoc properties in user builds am: 63d04e1e02 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16236498

Change-Id: I80dc34c15c60f80ddde869c6895d1afe53e8bf3e
 2021-11-11 23:14:23 +00:00
Oleg Matcovschi
63d04e1e02 gs101:ssr_detector: Allow access to aoc properties in user builds 
Bug: 205755422
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I684590a2ee91cf6d1edfc8a606f3a9e6672ca46f
 2021-11-11 06:13:44 +00:00
Michael Ayoubi
a8e745039f Allow uwb_vendor_app to get SE properties 
Bug: 205770401
Test: Build and flash on device.
Change-Id: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
Merged-In: Ic98f394434fad12e7d8ef804ecfd694a55ee8190
 2021-11-11 00:50:08 +00:00
Xin Li
856fe3d040 Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918 
Bug: 205056467
Merged-In: I8f9932ad8885aaefde9548f87c6d2c6cc148cd4c
Change-Id: Ie31b278a639fd5a9e249ca934d543de770fb3217
 2021-11-10 08:06:11 +00:00
Ted Lin
ee9b913bb7 Using dontaudit to fix the avc on boot test am: 3d463050a2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16175460

Change-Id: I00cfd7b47b7e2c6718e8211809e1ddb20e19656b
 2021-11-04 16:46:45 +00:00
Ted Lin
3d463050a2 Using dontaudit to fix the avc on boot test 
avc: denied { search } for comm="kworker/6:2" name="google_battery" dev="debugfs" ino=32648 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_battery_debugfs:s0 tclass=dir permissive=1

Bug:200739262
Test: Check bugreport
Change-Id: I50a96bab88f564fef0eda9a23bb77dc6ffed357f
Signed-off-by: Ted Lin <tedlin@google.com>
(cherry picked from commit 951ce82739)
 2021-11-03 03:20:45 +00:00
Automerger Merge Worker
16a5af35e1 Merge "Label GPU power_policy sysfs node am: a7aa46862d am: 3e1bd82949" into sc-v2-dev-plus-aosp 2021-11-02 05:14:28 +00:00
Siddharth Kapoor
74dbf5739c Label GPU power_policy sysfs node am: a7aa46862d am: 3e1bd82949 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105

Change-Id: I3134c1ea8b6970fba3044042142ec4e656e31c9c
 2021-11-02 05:14:26 +00:00
Siddharth Kapoor
7ff374ff1f Label GPU power_policy sysfs node am: a7aa46862d am: 00ceb78ed2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105

Change-Id: I5b87ce21380b0a390e684ac55862dae0f86cd7bb
 2021-11-02 05:14:23 +00:00
Siddharth Kapoor
3e1bd82949 Label GPU power_policy sysfs node am: a7aa46862d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105

Change-Id: Ia0a271554b8640cd32f1293c8e96405abf9f31b6
 2021-11-02 05:03:27 +00:00
Siddharth Kapoor
00ceb78ed2 Label GPU power_policy sysfs node am: a7aa46862d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105

Change-Id: Iad4caeea7667379e15b69b9a2694a31d759c9dab
 2021-11-02 05:03:24 +00:00
Siddharth Kapoor
62460926d3 Label GPU power_policy sysfs node am: f94633e718 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16123766

Change-Id: Ia753ea69fb270e2bbeca29f2275b84482cc77ec3
 2021-10-28 01:08:49 +00:00
Jiyong Park
d753a4e82d Remove ndk_platform backend. Use the ndk backend. am: 90d1e82ae6 am: caf102afda am: 02048701de 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16119648

Change-Id: I7714a03deb27225af3ddaebdcb523fee20f27069
 2021-10-27 07:02:59 +00:00
Jiyong Park
02048701de Remove ndk_platform backend. Use the ndk backend. am: 90d1e82ae6 am: caf102afda 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16119648

Change-Id: I9742f6b11c4b07698f597aeac36aa55686dd8b3f
 2021-10-27 06:46:14 +00:00
Jiyong Park
caf102afda Remove ndk_platform backend. Use the ndk backend. am: 90d1e82ae6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16119648

Change-Id: I9a01c4e883cf1903eab8589c4eeca1d60d9fb741
 2021-10-27 06:27:12 +00:00
Siddharth Kapoor
f94633e718 Label GPU power_policy sysfs node 
Bug: 201718421
Test: trace while App launch
Change-Id: Icd85b8611632e4638946b492740e509baf2714ce
Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
 2021-10-27 01:59:23 +00:00
Steve Pfetsch
30ec086c5d [automerger skipped] Merge "Move twoshay definitions to hardware/google/pixel-sepolicy/input." into sc-v2-dev am: 421cbb2f61 -s ours 
am skip reason: Merged-In I2cada463fcbfd3b52230430b12b091a655e2abbb with SHA-1 b834b1d008 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16095720

Change-Id: I7144920413f461fee6f59eebf1b2e865ce652854
 2021-10-27 00:28:58 +00:00
Steve Pfetsch
421cbb2f61 Merge "Move twoshay definitions to hardware/google/pixel-sepolicy/input." into sc-v2-dev 2021-10-27 00:14:20 +00:00
Jiyong Park
90d1e82ae6 Remove ndk_platform backend. Use the ndk backend. 
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same ndk backend.

Bug: 161456198
Test: m

Merged-In: Icc9af3798ac89742fa56b1cb37d8116d99b4a9c2
Change-Id: Icc9af3798ac89742fa56b1cb37d8116d99b4a9c2
(cherry picked from commit 5cc5d52bd7)
 2021-10-26 14:59:28 +09:00
Philip Quinn
b834b1d008 Move twoshay definitions to hardware/google/pixel-sepolicy/input. 
Bug: 187654303
Test: twoshay works on R4, B3, P7
Change-Id: I2cada463fcbfd3b52230430b12b091a655e2abbb
Merged-In: I2cada463fcbfd3b52230430b12b091a655e2abbb
 2021-10-26 02:06:20 +00:00
Siddharth Kapoor
a7aa46862d Label GPU power_policy sysfs node 
Bug: 201718421
Test: trace while App launch
Change-Id: Icd85b8611632e4638946b492740e509baf2714ce
Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
 2021-10-21 14:23:00 +08:00
Philip Quinn
0d48ab4fbf Move twoshay definitions to hardware/google/pixel-sepolicy/input. 
Bug: 187654303
Test: twoshay works on R4, B3, P7
Change-Id: I2cada463fcbfd3b52230430b12b091a655e2abbb
Merged-In: I2cada463fcbfd3b52230430b12b091a655e2abbb
 2021-10-20 23:09:13 +00:00
TreeHugger Robot
cdfec7db74 Merge "audio: add permission to request health/sensor data" into sc-v2-dev am: 7352bf22f0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15838845

Change-Id: Ic4d717872a99b98770be9d883c0569a09e6c7f3a
 2021-10-20 04:32:42 +00:00
TreeHugger Robot
7352bf22f0 Merge "audio: add permission to request health/sensor data" into sc-v2-dev 2021-10-20 04:12:49 +00:00
Shawn Yang
72a6569655 Merge "Allow modem app to read the battery info" into sc-v2-dev am: e48bb0205b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15879394

Change-Id: I14e54fdae2d7c3929057ab8fdc24158685d87e6f
 2021-10-20 03:42:10 +00:00
Shawn Yang
e48bb0205b Merge "Allow modem app to read the battery info" into sc-v2-dev 2021-10-20 03:25:48 +00:00
Jasmine Cha
27a4afc1a9 audio: add permission to request health/sensor data 
- Add audio hal into hal_health clients
- Allow audio hal to find fwk_sensor_hwservice
SELinux : avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1
SELinux : avc:  denied  { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1
audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1
audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1


Bug: 199382564
Bug: 199801586
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
 2021-10-20 03:04:32 +00:00
Michael Ayoubi
f94f426c9e Merge "Allow euiccpixel_app to get dck_prop" into sc-v2-dev am: 21c2c3f145 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15795866

Change-Id: I18da0736804df2e43fab9d938e758d4cc480d9eb
 2021-10-20 00:48:48 +00:00
Michael Ayoubi
21c2c3f145 Merge "Allow euiccpixel_app to get dck_prop" into sc-v2-dev 2021-10-20 00:32:56 +00:00