Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
508 commits 1 branch 0 tags 494 MiB
Commit graph

508 commits

This branch
This branch
All branches
Author SHA1 Message Date
qinyiyan
c28198ce01 [SEPolicy] Allow EdgeTPU related service to log to stats service am: 9eeae92ade am: ac59670250 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14431799

Change-Id: I4fde66b57df8e0c1af1145c7163cadf5ba55a6be
 2021-05-05 02:43:41 +00:00
qinyiyan
ac59670250 [SEPolicy] Allow EdgeTPU related service to log to stats service am: 9eeae92ade 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14431799

Change-Id: Ie3341d449912158725a1d5292db97278b13605f7
 2021-05-05 02:28:49 +00:00
qinyiyan
9eeae92ade [SEPolicy] Allow EdgeTPU related service to log to stats service 
We are collecting Suez metrics from TPU related services. This includes
NNAPI HAL, edgetput logging service, and edgetpu service.

This change allows them all to find stats_service.

Bug: 151063663
Test: Pushed selinx module to device and successfully logged Stats
service.

Change-Id: I80774485ae7c2a5f994d48a71b6406fac753a9f8
 2021-05-04 17:08:56 -07:00
Chris Kuiper
5db8d9f987 Merge "sepolicy: gs101: allow usf_reg_edit to run" into sc-dev am: d0d0304443 am: adb83f2a07 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14415568

Change-Id: I83c062d199c58c459c1dc378924d6b7181a56ba3
 2021-05-04 23:12:05 +00:00
Chris Kuiper
adb83f2a07 Merge "sepolicy: gs101: allow usf_reg_edit to run" into sc-dev am: d0d0304443 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14415568

Change-Id: I7eba5b27a274180a9bbf3389018549b7e1188a98
 2021-05-04 22:56:31 +00:00
Chris Kuiper
d0d0304443 Merge "sepolicy: gs101: allow usf_reg_edit to run" into sc-dev 2021-05-04 22:33:57 +00:00
Yu-Chi Cheng
99d5b083f8 Merge "Added the SELinux rule for the EdgeTPU vendor service." into sc-dev am: 7eef8643a3 am: b989b6c2d5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14299125

Change-Id: Ie29cfc8d8a473f3d047ee9c825096daeef405e6d
 2021-05-04 20:33:22 +00:00
Yu-Chi Cheng
b989b6c2d5 Merge "Added the SELinux rule for the EdgeTPU vendor service." into sc-dev am: 7eef8643a3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14299125

Change-Id: I7413d1da70dc4e5a5895296f7dde4be3dde45291
 2021-05-04 20:11:24 +00:00
Yu-Chi Cheng
7eef8643a3 Merge "Added the SELinux rule for the EdgeTPU vendor service." into sc-dev 2021-05-04 19:39:32 +00:00
Yu-Chi Cheng
b844190a34 Added the SELinux rule for the EdgeTPU vendor service. 
To comply with the GSI compliance test, this change
splits the compiler part of the edgetpu_service into a
separate edgetpu_vendor_service under vendor.

The edgetpu_service locates under /system_ext/ and used
to be connected by both applications and vendor clients.
With this change, vendor clients could talk to the vendor
part of this service directly without having to cross
the system and vendor boundary.

Applications will still talk to the system_ext one, which
will forward the requests to the vendor service.

Bug: 185432427
Test: tested on Oriole + GCA.
Change-Id: I1ee47946f1fc3694d5f8b5325c192d6bd720a76e
 2021-05-04 10:36:21 -07:00
Daniel Mentz
5aed8b6921 Merge "Remove /vendor/lib/modules from file_contexts" into sc-dev am: 48e3555770 am: dfd70f5140 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14416770

Change-Id: I24ba3f169ef7a82eefaaf27e1b339882dd8c7b4d
 2021-05-04 05:06:12 +00:00
Daniel Mentz
dfd70f5140 Merge "Remove /vendor/lib/modules from file_contexts" into sc-dev am: 48e3555770 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14416770

Change-Id: Id338f87631bcd0dac2a8f98cf85c3372b0b5fe84
 2021-05-04 04:49:30 +00:00
Daniel Mentz
23c0cba680 Merge "Revert "remove wildcard on kernel modules"" into sc-dev am: 1473b1d155 am: 3d63e648fa 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14393364

Change-Id: I176f41a779b5ebc7f7382664b4f80a9f6eb4f2b3
 2021-05-04 04:29:22 +00:00
TreeHugger Robot
4a089a1a14 Merge changes from topic "tcpdump_logger" into sc-dev am: 3186a0f24c am: 869798380a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14048497

Change-Id: I95a6fd717f9cb2aab31030a39e90c9a0bb66f572
 2021-05-04 04:29:13 +00:00
lucaslin
d68ecabda7 Add sepolicy for tcpdump_logger to access wlan_logs folder am: 4099f60681 am: a068c23698 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14410096

Change-Id: I56c28001f2c1dc61bfe349d8b443bb6c42e46198
 2021-05-04 04:29:12 +00:00
Daniel Mentz
48e3555770 Merge "Remove /vendor/lib/modules from file_contexts" into sc-dev 2021-05-04 04:28:49 +00:00
Daniel Mentz
3d63e648fa Merge "Revert "remove wildcard on kernel modules"" into sc-dev am: 1473b1d155 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14393364

Change-Id: I108e79936a1bf016b84e3442eca15d559b5b09d0
 2021-05-04 04:15:30 +00:00
TreeHugger Robot
869798380a Merge changes from topic "tcpdump_logger" into sc-dev am: 3186a0f24c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14048497

Change-Id: I4ac7202553d43883b405b68b9342e056bcfadfe3
 2021-05-04 04:15:25 +00:00
lucaslin
a068c23698 Add sepolicy for tcpdump_logger to access wlan_logs folder am: 4099f60681 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14410096

Change-Id: Ib593cb56d978978d6a2dce2649ce7eb83dbcc565
 2021-05-04 04:15:24 +00:00
Daniel Mentz
1473b1d155 Merge "Revert "remove wildcard on kernel modules"" into sc-dev 2021-05-04 03:50:16 +00:00
TreeHugger Robot
3186a0f24c Merge changes from topic "tcpdump_logger" into sc-dev 
* changes:
  Add sepolicy for dumpstate to access logs of tcpdump_logger
  Add sepolicy for tcpdump_logger to access wlan_logs folder
 2021-05-04 03:48:04 +00:00
Jenny Ho
9d53cfccb8 Merge "set sepolicy for testing_battery_profile" into sc-dev am: 93e25c878a am: e6334ffd7c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14409676

Change-Id: I986a7bfabe592c60ef82aa01a87e30b8b210147d
 2021-05-04 03:27:20 +00:00
Jenny Ho
e6334ffd7c Merge "set sepolicy for testing_battery_profile" into sc-dev am: 93e25c878a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14409676

Change-Id: Id42c10ec5258075cea310766db6e72c75e602820
 2021-05-04 03:06:09 +00:00
Jenny Ho
93e25c878a Merge "set sepolicy for testing_battery_profile" into sc-dev 2021-05-04 02:48:41 +00:00
lucaslin
34278f05a0 Add sepolicy for dumpstate to access logs of tcpdump_logger 
Bug: 183467815
Test: 1. Enable tcpdump_logger always-on function
      2. Dump bugreport
      3. Pull dumpstate_board.bin and chagne it to zip
      4. Unzip dumpstate_board.zip and check if tcpdump files
         are there.
Change-Id: I178aca40d94602994eef619f05a26ceb78eeff1f
 2021-05-04 10:30:22 +08:00
Daniel Mentz
2fb432f08c Remove /vendor/lib/modules from file_contexts 
Vendor kernel modules were moved to /vendor_dlkm/lib/modules. Let's
remove the old directory /vendor/lib/modules from file_contexts.

Bug: 185184472
Bug: 186777291
Change-Id: I38f1b25cb2d73a804f1cdb113edc9b11f8e516f7
 2021-05-03 18:16:05 -07:00
Chris Kuiper
db03875ebe sepolicy: gs101: allow usf_reg_edit to run 
Provide necessary permissions to run usf_reg_edit from bugreport.

Bug: 187081112
Test: Run "adb bugreport <zip>" and verify it contains the output
      from "usf_reg_edit save -".
Change-Id: Iade132d93105d461d51273d19fe570d48cce46fe
 2021-05-03 16:34:58 -07:00
Daniel Mentz
a3c0b2ba9e Revert "remove wildcard on kernel modules" 
This reverts commit a346a7fa34.

Let's move back to wildcards for kernel modules. This better supports
kernel pre-submit testing and local kernel development where the script
build.sh from the kernel repo is used to create the vendor_dlkm parition
image.  With build.sh, the path to a .ko file includes the kernel
version as well as additional directory components like "extra/" that
describe where in the kernel source key the module is located. Example:

/vendor_dlkm/lib/modules/5.10.33-g2f01cf4c7282-dirty/extra/ftm5.ko

Bug: 185184472
Bug: 186777291
Change-Id: I32f85dae7ca60d9063ad6c63f21ffdaecbb66039
 2021-05-03 15:38:56 -07:00
SHUCHI LILU
5b2e7de887 Merge "Update avc error on ROM 7330059" into sc-dev am: 1d6ffc2305 am: 1ed37f06e9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14408671

Change-Id: Ia52856c1c9267e6d786e5c9a0989f2ab39ec8b92
 2021-05-03 10:16:08 +00:00
SHUCHI LILU
1ed37f06e9 Merge "Update avc error on ROM 7330059" into sc-dev am: 1d6ffc2305 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14408671

Change-Id: I80d6669d7fc3c072d41469754fa4ba238925948e
 2021-05-03 09:51:00 +00:00
SHUCHI LILU
1d6ffc2305 Merge "Update avc error on ROM 7330059" into sc-dev 2021-05-03 09:34:35 +00:00
TreeHugger Robot
08ac0f06bf Merge "update error on ROM 7331131" into sc-dev am: 4ae391d780 am: 76c9592ec4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14409678

Change-Id: I6c11c29d94742623a82a9ae31ebf9f3dc1beb4ca
 2021-05-03 09:32:58 +00:00
TreeHugger Robot
76c9592ec4 Merge "update error on ROM 7331131" into sc-dev am: 4ae391d780 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14409678

Change-Id: I352882dc64ceff300d4a69cc3cf1b9f77bdd7c84
 2021-05-03 09:11:39 +00:00
TreeHugger Robot
4ae391d780 Merge "update error on ROM 7331131" into sc-dev 2021-05-03 08:56:20 +00:00
lucaslin
4099f60681 Add sepolicy for tcpdump_logger to access wlan_logs folder 
tcpdump cannot be zipped into wlan logs when using tcpdump_logger
on-demand function is because tcpdump_logger doesn't have access
of wlan_logs folder.
Add related sepolicies to fix it.

Bug: 183467815
Test: 1. Set logger to wlan
      2. Enable tcpdump_logger on-demand
      3. Start logging
      4. Stop logging
      5. Pull wlan_logs
      6. Check if tcpdump.pcap is zipped into the zip file
Change-Id: Ib1b6c8cbd4512acdbe756d11bfe6f540e16c8db6
 2021-05-03 16:29:18 +08:00
TreeHugger Robot
80114dd11e Merge "Add sepolicy for sensor HAL accessing AOC sysfs node." into sc-dev am: 2391c852bd am: d51f97bd33 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14327406

Change-Id: I949da0c0d85b9f818dc79a44467169237eaaa1ba
 2021-05-03 08:10:49 +00:00
TreeHugger Robot
d51f97bd33 Merge "Add sepolicy for sensor HAL accessing AOC sysfs node." into sc-dev am: 2391c852bd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14327406

Change-Id: I5757a039510386f588b934debeb279312f3f3f8d
 2021-05-03 07:57:01 +00:00
Adam Shih
722b181dd3 update error on ROM 7331131 
Bug: 187016929
Bug: 187016930
Bug: 187016910
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I294a27fd272f73cc371a4a8dc9783ba5f60203ff
 2021-05-03 15:48:46 +08:00
Jenny Ho
4510c55091 set sepolicy for testing_battery_profile 
need run /vendor/bin/sh before setprop

Bug: 180511460
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: I3dbaa984407c82662dea537da671745851035fa2
 2021-05-03 15:47:14 +08:00
TreeHugger Robot
2391c852bd Merge "Add sepolicy for sensor HAL accessing AOC sysfs node." into sc-dev 2021-05-03 07:42:00 +00:00
sukiliu
58238158ab Update avc error on ROM 7330059 
Bug: 187014717
Bug: 187015705
Bug: 187015816
Test: PtsSELinuxTestCases
Change-Id: I2d79fee24d18865090cd350485daea4e66bb5184
 2021-05-03 15:25:20 +08:00
Eddie Lan
4099526a9b Merge "Add sepolicy for fpc AIDL HAL" into sc-dev am: 2d4071ca8c am: 94500a15a8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14282485

Change-Id: Ie278a85d9ab89a3773bb0f9488bd61d977e4c1d7
 2021-05-03 04:33:12 +00:00
Eddie Lan
94500a15a8 Merge "Add sepolicy for fpc AIDL HAL" into sc-dev am: 2d4071ca8c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14282485

Change-Id: I6803cbc12ccf7eb331ceb98eeae12a23e7d0b77d
 2021-05-03 04:06:44 +00:00
TreeHugger Robot
55abb63383 Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev am: 1256869c5c am: e72dd4fc97 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14391698

Change-Id: I9f4587cdb1a6597ce86ff203a7418dc9cd1fa0eb
 2021-05-03 03:50:10 +00:00
Eddie Lan
2d4071ca8c Merge "Add sepolicy for fpc AIDL HAL" into sc-dev 2021-05-03 03:48:40 +00:00
TreeHugger Robot
e72dd4fc97 Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev am: 1256869c5c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14391698

Change-Id: I7c45dee73fa499b2188126ec642c64e6921a6999
 2021-05-03 03:36:00 +00:00
TreeHugger Robot
1256869c5c Merge "Provide fastbootd permissions to invoke the set_active command" into sc-dev 2021-05-03 03:19:23 +00:00
Hridya Valsaraju
1711a2d5c7 Provide fastbootd permissions to invoke the set_active command 
These permissions fix the following denials:
[   66.641731][   T59] audit: type=1400 audit(1619815760.952:17): avc:
denied  { open } for  pid=360 comm="fastbootd" path="/dev/block/sdd1"
dev="tmpfs" ino=416 scontext=u:r:fastbootd:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file permissive=1
[   66.664509][   T59] audit: type=1400 audit(1619815760.952:18): avc:
denied  { write } for  pid=360 comm="fastbootd" name="sdd1" dev="tmpfs"
ino=416 scontext=u:r:fastbootd:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file permissive=1
[   66.686431][   T59] audit: type=1400 audit(1619815760.952:19): avc:
denied  { read write } for  pid=360 comm="fastbootd"
name="boot_lun_enabled" dev="sysfs" ino=57569 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
[   66.708623][   T59] audit: type=1400 audit(1619815760.952:20): avc:
denied  { open } for  pid=360 comm="fastbootd"
path="/sys/devices/platform/14700000.ufs/pixel/boot_lun_enabled"
dev="sysfs" ino=57569 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_ota:s0 tclass=file permissive=1
[   56.680861][   T59] audit: type=1400 audit(1619806507.020:10): avc:
denied  { read write } for  pid=357 comm="fastbootd" name="sda"
dev="tmpfs" ino=476 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file permissive=0

Test: fastboot set_active
Bug: 185955438
Change-Id: I9339b2a5f2a00c9e1768f479fdeac2e1f27f04bc
 2021-04-30 14:37:58 -07:00
TreeHugger Robot
8114fd6b37 Merge "Remove platform certification from imsservice" into sc-dev am: 6a5cfd86f5 am: 0adcb526f5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14343989

Change-Id: I06e4f93716fda0ac8b84009ed3308ad7c73a5eaf
 2021-04-30 17:15:25 +00:00
TreeHugger Robot
2ab009f72e Merge "Update gs101 sepolicy for contexthub HAL" into sc-dev am: ff7948fc48 am: 5c14296690 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14354723

Change-Id: Ia3db2de242cd75c840f8cf2fa1283e683f9bccd6
 2021-04-30 17:15:16 +00:00