Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
546 commits 1 branch 0 tags 494 MiB
Commit graph

546 commits

This branch
This branch
All branches
Author SHA1 Message Date
chasewu
59161a5745 vibrator: Remove temporary method 
Bug: 177176811
Test: no avc denied logs
Signed-off-by: chasewu <chasewu@google.com>
Change-Id: I424e15037b3e20824f5e072d88bdf71a50cfdabf
 2021-05-07 18:33:15 +08:00
Seungah Lim
72e6339123 iwlan: update sepolicy for qualifiednetworksservice 
Bug: 185942456
Test: VoLTE/VoWifi

Change-Id: I352bb933e577b11bb052a297d17776ff0a5f3a75
Signed-off-by: Seungah Lim <sss.lim@samsung.com>
 2021-05-07 17:14:00 +08:00
Tai Kuo
8e3aaa30ff Remove dumpstate AVC denials dontaudit for twoshay 
Bug: 187014717
Test: pts-tradefed run pts -m PtsSELinuxTest -t \
  com.google.android.selinux.pts.SELinuxTest#scanBugreport
Signed-off-by: Tai Kuo <taikuo@google.com>
Change-Id: Ic697ffe8f6ee15fb9d9330173a3c92aeca61de67
 2021-05-07 14:56:22 +08:00
Tai Kuo
0e68aed154 Allow dumpstate to access twoshay 
Bug: 173330981
Bug: 187014717
Test: no avc denials for twoshay was found.
Signed-off-by: Tai Kuo <taikuo@google.com>
Change-Id: Idcf38e0921fb4d6d617e7cd443425193aea3fe91
 2021-05-07 14:55:43 +08:00
Jia-yi Chen
15c046878b Add high_capacity_start_cpu to u:object_r:sysfs_vendor_sched:s0 
Bug: 186564130
Test: Boot & check powerhal log
Change-Id: I1a828f113266d4b3386b2f6fa74df050255113a9
 2021-05-06 21:00:08 -07:00
Labib
a27f8c4480 Allow radioext to communicate with bt hal 
Bug: 187447420
Change-Id: I1a1626502a6c3913846b957c3c0a31fdd99feb31
 2021-05-07 09:20:02 +08:00
Tri Vo
f7bec8b3c6 Merge "trusty: sepolicy for metrics reporter" into sc-dev 2021-05-06 15:52:51 +00:00
JJ Lee
43735f0fc3 sepolicy: gs101: allow audio hal to use wakelock 
Bug: 178789331
Test: build pass
Signed-off-by: JJ Lee <leejj@google.com>
Change-Id: I1d5c9ea8726f2e53bc05e0ecd5dedddede274794
 2021-05-06 19:43:24 +08:00
Aaron Tsai
6a9a85cd07 Fix avc denied for shannon-ims 
04-01 19:10:22.956 10272  2327  2327 W Binder:2327_4: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=139 scontext=u:r:vendor_ims_app:s0:c16,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.shannon.imsservice
04-01 19:10:22.960 10272  2327  4608 E libc    : Access denied finding property "persist.dbg.wfc_avail_ovr0"
04-01 19:10:22.981 10272  2327  4608 E libc    : Access denied finding property "persist.dbg.vt_avail_ovr0"
04-01 19:10:22.982 10272  2327  4980 E libc    : Access denied finding property "persist.dbg.volte_avail_ovr0"

Bug: 183935382
Bug: 184858478
Test: verified with the forrest ROM and error log goneFix
Change-Id: I0754c6be7f74ed73533e9570c7d1916320ab2897
 2021-05-06 09:04:03 +00:00
TreeHugger Robot
6978eeaea4 Merge "HardwareInfo: Add sepolicy for display" into sc-dev 2021-05-06 06:03:18 +00:00
TreeHugger Robot
577f562727 Merge "wlc fwupdate implementation" into sc-dev 2021-05-06 05:41:01 +00:00
SalmaxChang
ab97657410 logger_app: Fix avc errors 
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=141 scontext=u:r:logger_app:s0:c21,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
Access denied finding property "viewroot.profile_rendering"
Access denied finding property "ro.input.resampling"
Access denied finding property "persist.input.velocitytracker.strategy"

avc: denied { read } for comm="oid.pixellogger" name="u:object_r:usb_control_prop:s0" dev="tmpfs" ino=281 scontext=u:r:logger_app:s0:c21,c257,c512,c768 tcontext=u:object_r:usb_control_prop:s0 tclass=file permissive=0 app=com.android.pixellogger

Bug: 186612284
Change-Id: I15f00d9ed3cc0c0657c854292caad60e3f7a3011
 2021-05-06 03:57:01 +00:00
Jack Wu
2c1ecf3a54 sepolicy: gs101: Fix hal_health_default avc denials 
01-01 12:00:08.752  1000   682   682 I android.hardwar: type=1400 audit(0.0:3): avc: denied { read } for name="type" dev="sysfs" ino=68812 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
01-01 12:00:08.752  1000   682   682 I android.hardwar: type=1400 audit(0.0:4): avc: denied { open } for path="/sys/devices/platform/10d50000.hsi2c/i2c-7/7-0069/power_supply/dc/type" dev="sysfs" ino=68812 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
01-01 12:00:08.752  1000   682   682 I android.hardwar: type=1400 audit(0.0:5): avc: denied { getattr } for path="/sys/devices/platform/10d50000.hsi2c/i2c-7/7-0069/power_supply/dc/type" dev="sysfs" ino=68812 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Bug: 184429394
Test: Verify pass by checking device log are w/o above errors after
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: If1253c902af1723ca80d31223f51ebf439404527
 2021-05-06 00:26:14 +08:00
Alex Hong
be17ec14cc Merge "sepolicy: Update dumpstate HAL to V1.1" into sc-dev 2021-05-05 06:09:11 +00:00
Tri Vo
1dac39e833 trusty: sepolicy for metrics reporter 
Bug: 173423860
Test: m
Change-Id: I42d646c6c9453662e670e7c22712f2bde2368bba
 2021-05-05 05:38:34 +00:00
TreeHugger Robot
6978cd7220 Merge "add sepolicy for dump TRICKLE/TEMP/DWELL defend config" into sc-dev 2021-05-05 02:55:28 +00:00
qinyiyan
9eeae92ade [SEPolicy] Allow EdgeTPU related service to log to stats service 
We are collecting Suez metrics from TPU related services. This includes
NNAPI HAL, edgetput logging service, and edgetpu service.

This change allows them all to find stats_service.

Bug: 151063663
Test: Pushed selinx module to device and successfully logged Stats
service.

Change-Id: I80774485ae7c2a5f994d48a71b6406fac753a9f8
 2021-05-04 17:08:56 -07:00
Chris Kuiper
d0d0304443 Merge "sepolicy: gs101: allow usf_reg_edit to run" into sc-dev 2021-05-04 22:33:57 +00:00
Yu-Chi Cheng
7eef8643a3 Merge "Added the SELinux rule for the EdgeTPU vendor service." into sc-dev 2021-05-04 19:39:32 +00:00
Yu-Chi Cheng
b844190a34 Added the SELinux rule for the EdgeTPU vendor service. 
To comply with the GSI compliance test, this change
splits the compiler part of the edgetpu_service into a
separate edgetpu_vendor_service under vendor.

The edgetpu_service locates under /system_ext/ and used
to be connected by both applications and vendor clients.
With this change, vendor clients could talk to the vendor
part of this service directly without having to cross
the system and vendor boundary.

Applications will still talk to the system_ext one, which
will forward the requests to the vendor service.

Bug: 185432427
Test: tested on Oriole + GCA.
Change-Id: I1ee47946f1fc3694d5f8b5325c192d6bd720a76e
 2021-05-04 10:36:21 -07:00
Alex Hong
ea5b597e3d sepolicy: Update dumpstate HAL to V1.1 
Test: $ make selinux_policy
      Check the label after boot completed
Bug: 186539439
Change-Id: I6690e2bc485aceb53dc607b8a7656a4f57edf70e
 2021-05-04 17:11:07 +08:00
Jenny Ho
f5b47095be add sepolicy for dump TRICKLE/TEMP/DWELL defend config 
type=1400 audit(0.0:12): avc: denied { read } for name="google,charger" dev="sysfs" ino=25880 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0

Bug: 186872139
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: Id8868d2b12408d4a39ba42c8b0faf801923f73f3
 2021-05-04 15:24:38 +08:00
Daniel Mentz
48e3555770 Merge "Remove /vendor/lib/modules from file_contexts" into sc-dev 2021-05-04 04:28:49 +00:00
Daniel Mentz
1473b1d155 Merge "Revert "remove wildcard on kernel modules"" into sc-dev 2021-05-04 03:50:16 +00:00
TreeHugger Robot
3186a0f24c Merge changes from topic "tcpdump_logger" into sc-dev 
* changes:
  Add sepolicy for dumpstate to access logs of tcpdump_logger
  Add sepolicy for tcpdump_logger to access wlan_logs folder
 2021-05-04 03:48:04 +00:00
Jenny Ho
93e25c878a Merge "set sepolicy for testing_battery_profile" into sc-dev 2021-05-04 02:48:41 +00:00
lucaslin
34278f05a0 Add sepolicy for dumpstate to access logs of tcpdump_logger 
Bug: 183467815
Test: 1. Enable tcpdump_logger always-on function
      2. Dump bugreport
      3. Pull dumpstate_board.bin and chagne it to zip
      4. Unzip dumpstate_board.zip and check if tcpdump files
         are there.
Change-Id: I178aca40d94602994eef619f05a26ceb78eeff1f
 2021-05-04 10:30:22 +08:00
Ted Lin
69c8212a41 wlc fwupdate implementation 
Fix sepolicy problems.

Bug: 183465596
Test: logcat/dmesg grep wlc.
Signed-off-by: Ted Lin <tedlin@google.com>
Change-Id: I834f4d83f822b8189a576ac198bae9a7d77a3e10
 2021-05-04 02:09:32 +00:00
Daniel Mentz
2fb432f08c Remove /vendor/lib/modules from file_contexts 
Vendor kernel modules were moved to /vendor_dlkm/lib/modules. Let's
remove the old directory /vendor/lib/modules from file_contexts.

Bug: 185184472
Bug: 186777291
Change-Id: I38f1b25cb2d73a804f1cdb113edc9b11f8e516f7
 2021-05-03 18:16:05 -07:00
Chris Kuiper
db03875ebe sepolicy: gs101: allow usf_reg_edit to run 
Provide necessary permissions to run usf_reg_edit from bugreport.

Bug: 187081112
Test: Run "adb bugreport <zip>" and verify it contains the output
      from "usf_reg_edit save -".
Change-Id: Iade132d93105d461d51273d19fe570d48cce46fe
 2021-05-03 16:34:58 -07:00
Daniel Mentz
a3c0b2ba9e Revert "remove wildcard on kernel modules" 
This reverts commit a346a7fa34.

Let's move back to wildcards for kernel modules. This better supports
kernel pre-submit testing and local kernel development where the script
build.sh from the kernel repo is used to create the vendor_dlkm parition
image.  With build.sh, the path to a .ko file includes the kernel
version as well as additional directory components like "extra/" that
describe where in the kernel source key the module is located. Example:

/vendor_dlkm/lib/modules/5.10.33-g2f01cf4c7282-dirty/extra/ftm5.ko

Bug: 185184472
Bug: 186777291
Change-Id: I32f85dae7ca60d9063ad6c63f21ffdaecbb66039
 2021-05-03 15:38:56 -07:00
SHUCHI LILU
1d6ffc2305 Merge "Update avc error on ROM 7330059" into sc-dev 2021-05-03 09:34:35 +00:00
TreeHugger Robot
4ae391d780 Merge "update error on ROM 7331131" into sc-dev 2021-05-03 08:56:20 +00:00
lucaslin
4099f60681 Add sepolicy for tcpdump_logger to access wlan_logs folder 
tcpdump cannot be zipped into wlan logs when using tcpdump_logger
on-demand function is because tcpdump_logger doesn't have access
of wlan_logs folder.
Add related sepolicies to fix it.

Bug: 183467815
Test: 1. Set logger to wlan
      2. Enable tcpdump_logger on-demand
      3. Start logging
      4. Stop logging
      5. Pull wlan_logs
      6. Check if tcpdump.pcap is zipped into the zip file
Change-Id: Ib1b6c8cbd4512acdbe756d11bfe6f540e16c8db6
 2021-05-03 16:29:18 +08:00
Adam Shih
722b181dd3 update error on ROM 7331131 
Bug: 187016929
Bug: 187016930
Bug: 187016910
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I294a27fd272f73cc371a4a8dc9783ba5f60203ff
 2021-05-03 15:48:46 +08:00
Jenny Ho
4510c55091 set sepolicy for testing_battery_profile 
need run /vendor/bin/sh before setprop

Bug: 180511460
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: I3dbaa984407c82662dea537da671745851035fa2
 2021-05-03 15:47:14 +08:00
TreeHugger Robot
2391c852bd Merge "Add sepolicy for sensor HAL accessing AOC sysfs node." into sc-dev 2021-05-03 07:42:00 +00:00
sukiliu
58238158ab Update avc error on ROM 7330059 
Bug: 187014717
Bug: 187015705
Bug: 187015816
Test: PtsSELinuxTestCases
Change-Id: I2d79fee24d18865090cd350485daea4e66bb5184
 2021-05-03 15:25:20 +08:00
Eddie Lan
2d4071ca8c Merge "Add sepolicy for fpc AIDL HAL" into sc-dev 2021-05-03 03:48:40 +00:00
TreeHugger Robot
1256869c5c Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev 2021-05-03 03:19:23 +00:00
Hridya Valsaraju
1711a2d5c7 Provide fastbootd permissions to invoke the set_active command 
These permissions fix the following denials:
[   66.641731][   T59] audit: type=1400 audit(1619815760.952:17): avc:
denied  { open } for  pid=360 comm="fastbootd" path="/dev/block/sdd1"
dev="tmpfs" ino=416 scontext=u:r:fastbootd:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file permissive=1
[   66.664509][   T59] audit: type=1400 audit(1619815760.952:18): avc:
denied  { write } for  pid=360 comm="fastbootd" name="sdd1" dev="tmpfs"
ino=416 scontext=u:r:fastbootd:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file permissive=1
[   66.686431][   T59] audit: type=1400 audit(1619815760.952:19): avc:
denied  { read write } for  pid=360 comm="fastbootd"
name="boot_lun_enabled" dev="sysfs" ino=57569 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
[   66.708623][   T59] audit: type=1400 audit(1619815760.952:20): avc:
denied  { open } for  pid=360 comm="fastbootd"
path="/sys/devices/platform/14700000.ufs/pixel/boot_lun_enabled"
dev="sysfs" ino=57569 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
[   56.680861][   T59] audit: type=1400 audit(1619806507.020:10): avc:
denied  { read write } for  pid=357 comm="fastbootd" name="sda"
dev="tmpfs" ino=476 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file permissive=0

Test: fastboot set_active
Bug: 185955438
Change-Id: I9339b2a5f2a00c9e1768f479fdeac2e1f27f04bc
 2021-04-30 14:37:58 -07:00
TreeHugger Robot
6a5cfd86f5 Merge "Remove platform certification from imsservice" into sc-dev 2021-04-30 16:55:56 +00:00
TreeHugger Robot
ff7948fc48 Merge "Update gs101 sepolicy for contexthub HAL" into sc-dev 2021-04-30 16:34:37 +00:00
TreeHugger Robot
c134ed985a Merge "sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes" into sc-dev 2021-04-29 22:48:22 +00:00
Oleg Matcovschi
963848fdaa sepolicy:gs101: allow init-insmod-sh to access sysfs_leds nodes 
Bug: 186788772
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I9cc44571eb5c8f52d6307bff9cb77f08712c5404
 2021-04-29 14:34:55 -07:00
TreeHugger Robot
2c4b0fd96a Merge "change persist.camera to persit.vendor.camera" into sc-dev 2021-04-29 21:26:12 +00:00
Lida Wang
bb7ae85a0d change persist.camera to persit.vendor.camera 
Bug: 186670529
Change-Id: I3a6d4202ec2b90cc0ce9cc9ba62d2cf2ce3a5c29
 2021-04-29 13:18:01 -07:00
Anthony Stange
836f25d64b Update gs101 sepolicy for contexthub HAL 
Bug: 168941570
Test: Load nanoapp via HAL
Change-Id: If133a3290e4fc02677523d737980ee5944885c36
 2021-04-29 16:59:36 +00:00
TreeHugger Robot
7a4cd3a6e0 Merge "Add sepolicy for sensor HAL to read lhbm" into sc-dev 2021-04-29 15:48:15 +00:00
Taesoon Park
b6f2b0bad9 Remove platform certification from imsservice 
The platform certification is removed form com.shannon.imsservice.
So, remove seinfo from com.shannon.imsservice item.

Bug: 186135657
Test: VoLTE and VoWiFi

Signed-off-by: Taesoon Park <ts89.park@samsung.com>
Change-Id: Ie493abfd7a146766ad819bb7a5240d9f1e2f1d0e
 2021-04-29 11:28:08 +08:00