Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
546 commits 1 branch 0 tags 494 MiB
Commit graph

546 commits

This branch
This branch
All branches
Author SHA1 Message Date
TreeHugger Robot
be1f56dba1 Merge "[RCS] Add sepolicy for RCS as non-system app" into sc-dev 2021-06-04 06:22:03 +00:00
Maciej Żenczykowski
729e8901ab allow hal_usb_impl configfs:dir { create rmdir }; 
This is needed to allow USB HAL to create multi-config gadget
(ie. rndis + ncm).

Bug: 172793258
Test: built and booted on oriole
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifb98b23138122ad4e0aeea8dd9c93d7b3e16d3aa
 2021-06-04 02:53:11 +00:00
jznpark
3d127f9224 [RCS] Add sepolicy for RCS as non-system app 
As shannon-rcs has been changed from system app
to non-system app, sepolicy has to be updated.

Bug: 186135775
Bug: 189707387
Test: sanity test
Signed-off-by: jznpark <jzn.park@samsung.com>
Change-Id: I32cce90611c619494136a6b1d01b3fb48330d169
 2021-06-03 13:30:26 -07:00
Chiawei Wang
9cfc661bee Merge "pixelstats: fix permission errors" into sc-dev 2021-06-03 08:45:12 +00:00
Chiawei Wang
9d5830ac19 pixelstats: fix permission errors 
1. sysfs_dma_heap erros are fixed by ag/13926718
2. debugfs_mgm error is fixed by ag/14683912

Bug: 188114896
Bug: 183338421
Bug: 188495492
Test: pts-tradefed run pts -m PtsSELinuxTest
      http://sponge2/6cbd0af0-5414-4f2c-aea0-99b4981360a4

Signed-off-by: Chiawei Wang <chiaweiwang@google.com>
Change-Id: Icd2fa4e7f168d15fd4cec3000bc0e7a33eab4d3e
 2021-06-03 02:52:33 +00:00
Rick Yiu
b530a26f1f Merge "gs101-sepolicy: Refine policy for sysfs_vendor_sched" into sc-dev 2021-06-03 00:56:00 +00:00
Peter Csaszar
7ea6a44719 pixel-selinux: Add mlstrustedobject for SJTAG 
This CL adds the "mlstrustedobject" to types for files involved in the
SJTAG authentication flow, in order to address MLS-based AVC denials.

Bug: 189466122
Test: No more AVC denials when activating SJTAG in BetterBug
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Change-Id: Ieb88653830ce95751eee5cf26c26fd6302067bce
 2021-06-02 12:23:01 -07:00
Rick Yiu
9e8bd699e9 gs101-sepolicy: Refine policy for sysfs_vendor_sched 
Chagne it to directory based.

Bug: 182509410
Test: device boot normally
Change-Id: I1cfaa95cf07e1e829e747eb99ed39ab64d3ddac1
 2021-06-02 04:52:45 +00:00
Aaron Ding
9f8d552411 pixel-selinux: add SJTAG policies 
This reverts commit b078284e5d.

Bug: 184768605
Change-Id: Ib0080e2ba3edf7fa654155fb4a7403d52ad2494a
 2021-06-02 10:25:51 +08:00
Aaron Ding
2dbe515943 remove sysfs_type from vendor_page_pinner_debugfs 
Bug: 186500818
Change-Id: If97126a3d46d96342faf89b9698218b6a480a84b
 2021-06-01 17:38:28 +08:00
Aaron Ding
b078284e5d Revert "pixel-selinux: add SJTAG policies" 
This reverts commit bc525e1a49.

Bug: 186500818
Change-Id: I0bab67d42530270a819598ac320a5946e5d7aa6d
Signed-off-by: Aaron Ding <aaronding@google.com>
 2021-06-01 01:21:14 +08:00
Vova Sharaienko
ce4002966a Merge "hal_health_default: updated sepolicy" into sc-dev 2021-05-28 17:42:45 +00:00
Rick Yiu
6c5779d0af Merge "gs101-sepolicy: Allow dumping vendor groups values" into sc-dev 2021-05-28 01:16:34 +00:00
Vova Sharaienko
144b6b06b3 hal_health_default: updated sepolicy 
This allows the android.hardware.health service to access
AIDL Stats service

Bug: 186578402
Test: Build, flash, boot & and logcat | grep "avc"
Change-Id: I1bfd8dbca4a8a87387c5fc0cc47b9f09a6d07ea4
 2021-05-27 01:51:21 +00:00
TreeHugger Robot
9e9c6a75da Merge "Add sepolicy for Trusty keymint" into sc-dev 2021-05-26 13:23:20 +00:00
sukiliu
073a0f5ed1 Update avc error on ROM 7395282 
avc: denied { dac_override } for comm="rebalance_inter" capability=1 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:r:rebalance_interrupts_vendor:s0 tclass=capability permissive=0

Bug: 189275648
Test: PtsSELinuxTestCases
Change-Id: I637f1fcd901b8bf59096ba83c927b4d353f0405b
 2021-05-26 11:11:03 +08:00
Shawn Willden
c5fdb59287 Add sepolicy for Trusty keymint 
Bug: 177729159
Test: VtsAidlKeyMintTargetTest on P21
Change-Id: I993faa2a829d3ad4f1b920ff59ba4fd5ef8e7db7
 2021-05-25 16:37:29 -06:00
TreeHugger Robot
477e19f032 Merge "Allow mediacodec to access the vframe-secure DMA-BUF heap" into sc-dev 2021-05-25 18:45:37 +00:00
TreeHugger Robot
57eefb5b13 Merge "dumpstate: add sepolicy for hal_dumpstate to access sysfs_display" into sc-dev 2021-05-25 10:12:38 +00:00
Roger Fang
56cbfd5a0a Merge "sepolicy: gs101: add permission for the hardware info dsp part number" into sc-dev 2021-05-25 01:02:39 +00:00
Vinay Kalia
68849437bd Allow mediacodec to access the vframe-secure DMA-BUF heap 
This patch fixes the following denial:

HwBinder:751_2: type=1400 audit(0.0:9): avc: denied { open } for
path="/dev/dma_heap/vframe-secure" dev="tmpfs" ino=734
scontext=u:r:mediacodec:s0 tcontext=u:object_r:vframe_heap_device:s0
tclass=chr_file permissive=0

Bug: 188121584
Test: AV1 secure video playback

Signed-off-by: Vinay Kalia <vinaykalia@google.com>
Change-Id: I455b39914dd4316a427f5f756b4fb94a2c4db204
 2021-05-24 23:57:28 +00:00
Ines Ayara
dfb3783187 Merge "Transition to using libedgetpu_util.so instead of libedgetpu_darwinn2.so. bug: b/182303547" into sc-dev 2021-05-24 23:55:32 +00:00
Roger Fang
a97bfcc1e1 sepolicy: gs101: add permission for the hardware info dsp part number 
Bug: 188757638
Test: Manually test passed

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: Id0c3226411b058b613b92e67174f14e64c6c3a2b
 2021-05-24 08:16:34 +00:00
Rick Yiu
5aeb1b9e45 gs101-sepolicy: Allow dumping vendor groups values 
Fix:
avc: denied { read } for name="vendor_sched" dev="sysfs" ino=45566 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

avc: denied { read } for name="dump_task_group_ta" dev="proc" ino=4026532542 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

Bug: 172112042
Test: dump data as expected
Change-Id: I9945953dba4afddd34c1535c12193b1f00fdcef9
 2021-05-22 21:30:47 +08:00
Grace Chen
16a38b2b6c Merge "Add selinux permissions for NFC/eSIM firmware upgrade and recovery" into sc-dev 2021-05-21 19:10:52 +00:00
TreeHugger Robot
b42a03fa9e Merge "Grant sepolicy for Bluetooth Ccc Timesync feature" into sc-dev 2021-05-21 06:41:20 +00:00
SHUCHI LILU
5128ec7db7 Merge "Update avc error on ROM 7380236" into sc-dev 2021-05-21 02:08:56 +00:00
TreeHugger Robot
73b7ad4a3c Merge "pixel-selinux: add SJTAG policies" into sc-dev 2021-05-21 00:49:42 +00:00
Maurice Lam
32848785da Merge "DO NOT MERGE. Revert Exo selinux policies for S" into sc-dev 2021-05-20 17:31:08 +00:00
George Lee
3561520ae2 Merge "power: mod sysfs_bcl path" into sc-dev 2021-05-20 15:12:44 +00:00
Ken Huang
560d12c3f1 dumpstate: add sepolicy for hal_dumpstate to access sysfs_display 
Allow dumpstate to read panel extra info.

Bug: 183061481
Test: adb bugreport
Change-Id: I1902f28c2edceeb5b74ce655f83c8aea7c60825b
 2021-05-20 13:53:39 +00:00
sukiliu
ba92629794 Update avc error on ROM 7380236 
Bug: 188752787
Bug: 188752940
Test: PtsSELinuxTestCases
Change-Id: I5b674d4696ef470956301388f3d0fcc4883010c6
 2021-05-20 16:52:43 +08:00
Peter Csaszar
8fd76cee44 pixel-selinux: add SJTAG policies 
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface. The files are in the following directories:

  /sys/devices/platform/sjtag_ap/interface/
  /sys/devices/platform/sjtag_gsa/interface/

Bug: 184768605
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Change-Id: I4ecf5cec5bbd08a44d7dbf88de5f3bc58b6c4fe5
 2021-05-20 00:00:30 -07:00
George Lee
f7a9784254 power: mod sysfs_bcl path 
Recent change in kernel prompted path change.

Bug: 186879633
Test: adb bugreport
dumpstate_board.txt shows:
------ Mitigation Stats (/vendor/bin/sh -c echo "Source\t\tCount\tSOC\tTime\tVoltage"; for f in `ls /sys/devices/virtual/pmic/mitigation/last_triggered_count/*` ; do count=`cat $f`; a=${f/\/sys\/devices\/virtual\/pmic\/mitigation\/last_triggered_count\//}; b=${f/last_triggered_count/last_triggered_capacity}; c=${f/last_triggered_count/last_triggered_timestamp/}; d=${f/last_triggered_count/last_triggered_voltage/}; cnt=`cat $f`; cap=`cat ${b/count/cap}`; ti=`cat ${c/count/time}`; volt=`cat ${d/count/volt}`; echo "${a/_count/} \t$cnt\t$cap\t$ti\t$volt" ; done) ------
Source		Count	SOC	Time	Voltage
batoilo 	0	0	0	0
ocp_cpu1 	0	0	0	0
ocp_cpu2 	0	0	0	0
ocp_gpu 	0	0	0	0
ocp_tpu 	0	0	0	0
smpl_warn 	0	0	0	0
soft_ocp_cpu1 	0	0	0	0
soft_ocp_cpu2 	0	0	0	0
soft_ocp_gpu 	0	0	0	0
soft_ocp_tpu 	0	0	0	0
vdroop1 	0	0	0	0
vdroop2 	0	0	0	0
------ Clock Divider Ratio (/vendor/bin/sh -c echo "Source\t\tRatio"; for f in `ls /sys/devices/virtual/pmic/mitigation/clock_ratio/*` ; do ratio=`cat $f`; a=${f/\/sys\/devices\/virtual\/pmic\/mitigation\/clock_ratio\//}; echo "${a/_ratio/} \t$ratio" ; done) ------
Source		Ratio
cpu0_clk 	0xf041c3
cpu1_heavy_clk 	0xf041c3
cpu1_light_clk 	0xf041c5
cpu2_heavy_clk 	0xf041c3
cpu2_light_clk 	0xf041c5
gpu_heavy_clk 	off
gpu_light_clk 	off
tpu_heavy_clk 	off
tpu_light_clk 	off
------ Clock Stats (/vendor/bin/sh -c echo "Source\t\tStats"; for f in `ls /sys/devices/virtual/pmic/mitigation/clock_stats/*` ; do stats=`cat $f`; a=${f/\/sys\/devices\/virtual\/pmic\/mitigation\/clock_stats\//}; echo "${a/_stats/} \t$stats" ; done) ------
Source		Stats
cpu0_clk 	0x101
cpu1_clk 	0x101
cpu2_clk 	0x101
gpu_clk 	off
tpu_clk 	off
------ Triggered Level (/vendor/bin/sh -c echo "Source\t\tLevel"; for f in `ls /sys/devices/virtual/pmic/mitigation/triggered_lvl/*` ; do lvl=`cat $f`; a=${f/\/sys\/devices\/virtual\/pmic\/mitigation\/triggered_lvl\//}; echo "${a/_lvl/} \t$lvl" ; done) ------
Source		Level
ocp_cpu1 	7000mA
ocp_cpu2 	12000mA
ocp_gpu 	12000mA
ocp_tpu 	10500mA
smpl 	2900mV
soft_ocp_cpu1 	7000mA
soft_ocp_cpu2 	12000mA
soft_ocp_gpu 	12000mA
soft_ocp_tpu 	10500mA

Change-Id: Ibe303ad69ffb29f3c3bbd79d557d04138cd09bd7
 2021-05-20 02:07:55 +00:00
iayara
53aff191d2 Transition to using libedgetpu_util.so instead of libedgetpu_darwinn2.so. 
bug: b/182303547

Change-Id: Ia84e63fdfdeac5094752dfe9de84b75bd56aa131
 2021-05-20 00:10:01 +00:00
TreeHugger Robot
dc4db7d1cc Merge "logger_app: Fix avc error" into sc-dev 2021-05-19 08:31:39 +00:00
SalmaxChang
b486ddedc5 logger_app: Fix avc error 
avc: denied { search } for name="ramdump" dev="dm-7" ino=316 scontext=u:r:logger_app:s0:c17,c257,c512,c768 tcontext=u:object_r:ramdump_vendor_data_file:s0 tclass=dir permissive=0
avc: denied { search } for name="ssrdump" dev="dm-11" ino=292 scontext=u:r:logger_app:s0:c23,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0

Bug: 188601292
Bug: 188611595

Change-Id: If6b204bf0d5c502cf09c9fe70bcd572cfe2db016
 2021-05-19 07:39:36 +00:00
yixuanjiang
494ac0cfe3 Add sepolicy for aocdump to access wlan_logs folder 
Add related sepolicies on aoc dump when pixel logger using
wlan config

Bug: 188411088
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: I7a786f25b9094cc9ebeef79e4aff5522bde17d19
 2021-05-19 14:11:42 +08:00
Jinting Lin
c57a3fc989 Merge "logger_app: Fix avc errors" into sc-dev 2021-05-19 02:18:39 +00:00
Tri Vo
6a558ac02b Merge "Fix file_contexts path for trusty_metricsd" into sc-dev 2021-05-18 22:18:39 +00:00
Tri Vo
970f15b13d Fix file_contexts path for trusty_metricsd 
Bug: 188417701
Bug: 173423860
Test: trusty_metricsd starts
Change-Id: I212c2d449441ac4b9238c8f7171982b253d4b6e0
 2021-05-18 19:39:42 +00:00
Yu-Chi Cheng
8ebeb48b39 Merge "Renamed edgetpu_service to edgetpu_app_service." into sc-dev 2021-05-18 19:13:21 +00:00
Roger Fang
834331af79 Merge changes from topic "IAudioMetricExt@1.0" into sc-dev 
* changes:
  sepolicy: gs101: add IAudioMetricExt settings
  Add permission to access audiometricext hal for grilservice_app
 2021-05-18 17:21:48 +00:00
Kevin DuBois
811dbd6611 Merge "sepolicy: update gpu nnhal file" into sc-dev 2021-05-18 15:07:05 +00:00
jintinglin
3be06b2ec9 logger_app: Fix avc errors 
avc: denied { read } for name="level" dev="sysfs" ino=57112 scontext=u:r:logger_app:s0:c29,c257,c512,c768 tcontext=u:object_r:sysfs_sscoredump_level:s0 tclass=file permissive=0 app=com.android.pixellogger

Bug: 187909426
Change-Id: I2037b1d2613736c8e1789bc96bfd4be0168444e0
 2021-05-18 18:46:00 +08:00
Roger Fang
9de2688cd4 sepolicy: gs101: add IAudioMetricExt settings 
E init    : Could not start service 'audiometricext' as part of class 'hal': File /vendor/bin/hw/vendor.google.audiometricext@1.0-service-vendor(labeled "u:object_r:vendor_file:s0")

vendor.google.a: type=1400 audit(0.0:3): avc: denied { read } for name="u:object_r:hwservicemanager_prop:s0" dev="tmpfs" ino=188 scontext=u:r:hal_audiometricext_default:s0 tcontext=u:object_r:hwservicemanager_prop:s0 tclass=file permissive=1

E SELinux : avc:  denied  { find } for interface=vendor.google.audiometricext::IAudioMetricExt sid=u:r:hal_audiometricext_default:s0 pid=819 scontext=u:r:hal_audiometricext_default:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=1

E SELinux : avc:  denied  { add } for interface=android.hidl.base::IBase sid=u:r:hal_audiometricext_default:s0 pid=795 scontext=u:r:hal_audiometricext_default:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1

Bug: 180627405
Test: manually test passed
Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: I91d76eb0ad5850e75ad865304d83f3025b981915
 2021-05-18 05:06:58 +00:00
Gary Jian
b9e4f7a759 Add permission to access audiometricext hal for grilservice_app 
Bug: 182526894
Test: Manual
Change-Id: I3ca85be7e5ab244e2dea2c6f7768f59c07b44525
 2021-05-18 02:18:56 +00:00
TreeHugger Robot
ac53196839 Merge "genfs_contexts: Specify correct GPU clock hint node" into sc-dev 2021-05-18 00:50:53 +00:00
TreeHugger Robot
09a98d233d Merge "Grant dumpstate hal read permission of camera hal dump files" into sc-dev 2021-05-18 00:42:12 +00:00
Yu-Chi Cheng
e8ee41f9af Renamed edgetpu_service to edgetpu_app_service. 
edgetpu_service was splitted into two in previous change:
edgetpu_service and edgetpu_vendor_service, where the new
vendor service for vendor clients, and the old service keeps
serving app clients.

This change updated the SELinux policy to rename the edgetpu_service
into edgetpu_app_service to make the purpose clearer.

Bug: 188463446
Test: Oriole + GCA
Change-Id: I3a133319edc84fc02ef211934d0542575580da14
 2021-05-17 15:38:24 -07:00