Provide necessary sepolicy for dumpreport to access page_pinner
information in /sys/kernel/debug/page_pinner/{longterm_pinner,
alloc_contig_failed}
Bug: 187552095
Test: Run "adb bugreport <zip>" and verify it contains the output
from page_pinner.
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I2abc48f2a156718fd4bed3b51bdd285c6bf9f175
GPU nnhal needed a file update when update upgrading to 1.3 revision,
modify this so the device uses all the 1.2 rules.
Fixes: 187981206
Test: make sure hal starts
Change-Id: Ie1054fc092f1aa459cd36b6eb0f0a1a5cc032dbc
Due to recent changes which modifies the device name for i2c devices,
st21nfc device names are now changed from ?-0008 to "i2c-st21nfc"
Bug: 188078957
Test: Verified haptic works and no avc denials when running following command:
$ dmesg | grep avc | grep sysfs
Signed-off-by: Manish Varma <varmam@google.com>
Change-Id: I17464d2d01fb64447dd8828eb8f91e38717fac4c
Due to recent changes which modifies the device name for i2c devices,
s2mpg1xmfd device names are now changed from ?-00?f to "i2c-s2mpg10mfd" or
"i2c-s2mpg11mfd"
Bug: 188078957
Test: Verified no avc denials when running following command:
$ dmesg | grep avc | grep sysfs
Signed-off-by: Manish Varma <varmam@google.com>
Change-Id: I2c58773613071147336b4f338e4c4034ce90e9bd
Due to recent changes which modifies the device name for i2c devices,
cs40l25a device names are now changed from ?-0043 to "i2c-cs40l25a"
Bug: 188078957
Test: Verified haptic works and no avc denials when running following command:
$ dmesg | grep avc | grep sysfs
Signed-off-by: Manish Varma <varmam@google.com>
Change-Id: I47c423661d788c467d4cd1602fbc145bd715c67a
Due to recent changes which modifies the device name for i2c devices,
max77759tcpc device names are now changed from ?-0025 to "i2c-max77759tcpc"
Bug: 188078957
Test: Verified charging works and no avc denials when running
$ dmesg | grep avc | grep sysfs
Signed-off-by: Manish Varma <varmam@google.com>
Change-Id: Ic1f6d018ce74348b4faa937720b50c7924bf9b7a
Due to recent changes which modifies the device name for i2c devices,
p9412 device names are now changed from ?-003c to "i2c-p9412"
Bug: 188078957
Test: Verified wlc works and no avc denials when running following command:
$ dmesg | grep avc | grep sysfs
Signed-off-by: Manish Varma <varmam@google.com>
Change-Id: Id0af1122f7182a866ab28c5317db139d8083a45d
and logbuffer_btuart device node
* add sepolicy rules to let bthal can access bluetooth kernel device
nodes dev/logbuffer_btlpm and dev/logbuffer_tty16 in engineer
or user debug build
Bug: 177794127
Test: Manually
Change-Id: I5253719df82ca7ef8e64cbd3f2b0ff6d3f088edc
Since production devices(with user builds) must not mount debugfs,
provide dumpstate HAL permission to access debugfs only in userdebug/eng
builds.
Also, delete dumpstate domain's access to
vendor_dmabuf_debugfs(/d/dma_buf/bufinfo) since dumpstate now obtains
the same information from /sys/kernel/dmabuf.
Test: build
Bug: 186500818
Change-Id: I17007d495fba6332bbf17dc7d030e5c6e4d5248b
A few debugfs files are labelled as belonging to both debugfs_type and
sysfs_type. Hence, any client that is provided access to sysfs_type will
automatically be provided access to these files. This patch corrects the
labelling for these files to prevent this.
Test: build
Bug: 186500818
Change-Id: I364a73a960824cc9051610032179fd5caeca09de
This is to pass system/netd/tests/netd_test.cpp:
TEST(NetdSELinuxTest, CheckProperMTULabels) {
// Since we expect the egrep regexp to filter everything out,
// we thus expect no matches and thus a return code of 1
ASSERT_EQ(W_EXITCODE(1, 0), system("ls -Z /sys/class/net/*/mtu | egrep -q -v "
"'^u:object_r:sysfs_net:s0 /sys/class/net/'"));
}
Test: atest, TreeHugger, manual observation of labeling
Bug: 185962988
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib4f8aa6cc2e0f5a5bd432bcfe473e550f5c68132
These are the SELinux policies for the DebugFS files of the SJTAG
kernel interface.
Bug: 184768605
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Change-Id: I36996d6fd5fe09adb7a36be573cf57f15ea35756
