Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
868 commits 1 branch 0 tags 494 MiB
Commit graph

868 commits

This branch
This branch
All branches
Author SHA1 Message Date
Armelle Laine
10e8126e2d Merge "add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal" into sc-dev 2021-06-15 14:35:43 +00:00
linpeter
81aaf6cda3 Add sepolicy for hwcomposer to access lhbm sysfs 
avc: denied { read write } for comm="android.hardwar" name="local_hbm_mode" dev="sysfs" ino=70189 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=0

Bug: 190563896
test: check avc denied
Change-Id: I0f6abc1244d24781ff3318908b524a889490993d
 2021-06-15 19:37:14 +08:00
Jiyoung
02ada4f463 vendor_telephony_app.te: add selinuxfs:file 
- add selinuxfs:file for AP TCP dump
- allow userdebug or eng

Bug: 188422036

Signed-off-by: Jiyoung <ji_young.bae@samsung.com>
Change-Id: I9502f9f7320ca4ee298b38e40da0ccf11adfba7f
 2021-06-15 15:06:39 +08:00
sukiliu
c8a74f7fce Move oriole bug map to whitechapel folder am: 90ae782e26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963698

Change-Id: I20a6b1f291236b26224ca0fe94196b2ca91bd548
 2021-06-15 06:16:50 +00:00
sukiliu
90ae782e26 Move oriole bug map to whitechapel folder 
Bug: 190563896
Bug: 190671898
Test: PtsSELinuxTestCases
Change-Id: I15f1a6d2ebab9c5794a79abccf3530eb4bfc8307
 2021-06-15 04:39:50 +00:00
TreeHugger Robot
d8aa5c7972 Merge "remove obsolete entries" into sc-dev am: 441bae6d1a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14934444

Change-Id: I31f6c2733c5cb977a8625ba473d506bfa50dbcc9
 2021-06-15 01:54:09 +00:00
TreeHugger Robot
441bae6d1a Merge "remove obsolete entries" into sc-dev 2021-06-15 01:39:02 +00:00
Rick Yiu
6976531ebe Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev am: aa315a6082 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14943962

Change-Id: Ie3aebe5d9b8e6bae0f8e0df65f0bd6a5b8d0d178
 2021-06-15 00:40:39 +00:00
Rick Yiu
aa315a6082 Merge "gs101-sepolicy: Fix avc denial for permissioncontroller_app" into sc-dev 2021-06-15 00:28:52 +00:00
Armelle Laine
5bb07db1de add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal 
reuse logbuffer_device group as dumpstate hal already has read perms
on this group.

Bug: 188285071
Test: adb bugreport to include a trusty section in dumpstate_board.txt
Change-Id: I623a5d450bdbe2ceef4fe460bf31bfe740d847b2
 2021-06-13 23:59:37 +00:00
Richard Hsu
4eb4b8c73c Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev am: 753e62f39c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14555068

Change-Id: If0cd3732513d21503d31cd8f9f10756305c33c5c
 2021-06-13 06:23:48 +00:00
Richard Hsu
753e62f39c Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev 2021-06-13 06:11:41 +00:00
Jayachandran Chinnakkannu
26bcc88a9b Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev am: 1c130a7e1d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14950196

Change-Id: Id9b9f74bf5caf34af4aad329e0ea3b4ee544146f
 2021-06-12 17:30:37 +00:00
Jayachandran Chinnakkannu
1c130a7e1d Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev 2021-06-12 17:19:33 +00:00
TreeHugger Robot
c5d2eaeccb Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev am: 694694857a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14692156

Change-Id: Idc40fc74a562912a8ee35b8db966c88421778949
 2021-06-12 10:27:15 +00:00
Kris Chen
5991ab5ba7 Add sepolicy to let fingerprint access power service am: 7db400b679 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14665430

Change-Id: Id2d4cb0874a39145561fc6deb825a25ec40162d8
 2021-06-12 10:27:04 +00:00
TreeHugger Robot
694694857a Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev 2021-06-12 10:22:24 +00:00
Jayachandran C
5492a92a39 Allow telephony to access the file descriptor of the priv_apps tcp_socket 
The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.

This addresses the following SE policy denial
auditd  : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0

Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
 2021-06-12 05:18:15 +00:00
Rick Yiu
ad47112c59 gs101-sepolicy: Fix avc denial for permissioncontroller_app 
Bug: 190671898
Test: build pass
Change-Id: I3ccfe958892cd27ebbcacc651847d4277d39855b
 2021-06-11 18:41:10 +08:00
Adam Shih
d0bb828434 remove vcd from user ROM 
Bug: 190331325
Test: build all ROM variants with only user ROM without vcd
Change-Id: If9dc555ee8582b605ccdf9d60c3a9c89cd6634d8
 2021-06-11 11:46:22 +08:00
Richard Hsu
8c979899cc [BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service 
In order to access the darwinn metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses. This CL adds the same_process_hal_file tag to allow this exception.

Bug: 190661153, 151063663

Test: App can load the .so and not crash after this change.
Before: No permission to access namespace.
(https://paste.googleplex.com/6602755121610752)
After: GCA doesn't crash on load.

Change-Id: I8671732184bbbe283c94d1acd3bb1ff397fe651c
 2021-06-10 19:36:35 -07:00
Adam Shih
d00aafac75 remove obsolete entries 
Bug: 190672147
Bug: 173969091
Bug: 171760921
Bug: 178331773
Bug: 178752616
Bug: 188752940
Bug: 184005231
Bug: 182086688
Bug: 177176899
Bug: 182953825
Bug: 176528557
Bug: 183935382
Test: boot and do bugreport with no relevant error showed up
Change-Id: I869db698e96d2d6cfd533b7fd24c8c88d39fd0eb
 2021-06-11 10:35:59 +08:00
Denny cy Lee
25373353a7 Sepolicy: Remove permission for fuel gauge 
Bug: 189811224
Test: manually, read success in enforcing mode
Change-Id: Ie56179980a9946010fb25683e3819cddbfb93cfb
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2021-06-11 09:39:53 +08:00
Kris Chen
7db400b679 Add sepolicy to let fingerprint access power service 
Fix the following avc denial:
SELinux : avc:  denied  { find } for pid=1055 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 185893477
Test: Observe from systrace that the CPU frequency is boosted when
      running fingerprint algorithm.
Change-Id: I245058b912ec2af3555154934dbe722b445181a9
 2021-06-10 21:31:06 +00:00
Sung-fang Tsai
985aa698c7 qllow priv-app to access Pixel power HAL extension. 
SELinux issues to solve:

native  : aion.cc:780 Error loading lib_aion_buffer.so dlopen failed: library "pixel-power-ext-V1-ndk_platform.so" not found: needed by /vendor/lib64/lib_aion_buffer.so in namespace sphal

05-23 10:11:32.055   420   420 E SELinux : avc:  denied  { find } for pid=6630 uid=10089 name=android.hardware.power.IPower/default scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 187373665
Test: Passed, procedure listed in b/187373665#comment8 with forrest.
Change-Id: Ice7c69bca4a029a61ca1ccb7087ea01948ae5f24
 2021-06-10 17:56:17 +00:00
SHUCHI LILU
7d1fa8b9ce Merge "Update avc error on ROM 7444346" into sc-dev am: 61843906c0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14928573

Change-Id: I4cfc4f0fb97b796a3a118859ac30399ab15a2446
 2021-06-10 11:21:07 +00:00
SHUCHI LILU
61843906c0 Merge "Update avc error on ROM 7444346" into sc-dev 2021-06-10 11:06:35 +00:00
TreeHugger Robot
fadd9f9dd2 Merge "gs101-sepolicy: Fix avc denial for sysfs_vendor_sched" into sc-dev am: a501b656dd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14911637

Change-Id: I65292901788f5e98123e550dc676be9b66f958b3
 2021-06-10 07:37:41 +00:00
TreeHugger Robot
a501b656dd Merge "gs101-sepolicy: Fix avc denial for sysfs_vendor_sched" into sc-dev 2021-06-10 07:20:58 +00:00
sukiliu
d27e574f3e Update avc error on ROM 7444346 
Bug: 190672147
Bug: 190671898
Test: Test: PtsSELinuxTestCases
Change-Id: Ie9400df24f30474915d757b61ddb1c3fb77903c5
 2021-06-10 15:16:37 +08:00
Adam Shih
70121504b6 Merge "reorganize trusty_metricsd settings" into sc-dev am: a81732dd6f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14911639

Change-Id: Idc5ee712a86aa778f62abb93d6b6ff4cdcefec4c
 2021-06-10 06:12:07 +00:00
Adam Shih
a81732dd6f Merge "reorganize trusty_metricsd settings" into sc-dev 2021-06-10 05:52:40 +00:00
TreeHugger Robot
a34e5d929b Merge "update wakeup node" into sc-dev am: d3b0256025 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14928571

Change-Id: I5881e148d45f8a1361e28a85a296b774b5ca1269
 2021-06-10 04:11:32 +00:00
Rick Yiu
797b646234 gs101-sepolicy: Fix avc denial for sysfs_vendor_sched 
Fix mediaprovider_app and bluetooth

Bug: 190563839
Bug: 190563916
Test: build pass
Change-Id: I477325ee812d1362db4d5005e999cba989a44216
 2021-06-10 04:10:24 +00:00
TreeHugger Robot
d3b0256025 Merge "update wakeup node" into sc-dev 2021-06-10 03:56:50 +00:00
Adam Shih
ef113ab8ac update wakeup node 
Bug: 190672147
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I3a8e8fa8b9007f556a5bfb402c4e8c726499d66f
 2021-06-10 03:23:52 +00:00
Adam Shih
8879662f92 Merge "organize EdgeTPU modules and sepolicy" into sc-dev am: 22fae537b5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14911633

Change-Id: If19b793eb2d76a6856b61b67ea6b001136c013ec
 2021-06-10 03:09:57 +00:00
Adam Shih
8947d2dfeb reorganize trusty_metricsd settings 
Bug: 190331503
Test: build ROM and see the file and sepolicy settings are still there
Change-Id: Ib157f64428166232c3bbbd176d3c1fbed4ac31d6
 2021-06-10 02:54:00 +00:00
Adam Shih
22fae537b5 Merge "organize EdgeTPU modules and sepolicy" into sc-dev 2021-06-10 02:53:28 +00:00
SHUCHI LILU
f8336cf329 Merge "Update avc error on ROM 7440434" into sc-dev am: e5c8613686 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14911640

Change-Id: I2a0d5dd5aa501f6fe07f835169b903d9d6b61b65
 2021-06-09 12:26:45 +00:00
SHUCHI LILU
e5c8613686 Merge "Update avc error on ROM 7440434" into sc-dev 2021-06-09 12:05:04 +00:00
sukiliu
6ce3aa9d75 Update avc error on ROM 7440434 
Bug: b/190563838
Bug: b/190563916
Bug: b/190563896
Bug: b/190563897
Test: Test: PtsSELinuxTestCases
Change-Id: Idbd0bc0f9a4770b3f976196058a311820e6e3c11
 2021-06-09 16:07:32 +08:00
TreeHugger Robot
ea845e1796 Merge "Grant powerhal access to thermal_link_device and sysfs_thermal" into sc-dev am: 3c66c45102 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14731906

Change-Id: I0c86b40d9bdaf76bfefaee1aa2376985925564b0
 2021-06-09 08:06:26 +00:00
TreeHugger Robot
3c66c45102 Merge "Grant powerhal access to thermal_link_device and sysfs_thermal" into sc-dev 2021-06-09 07:46:26 +00:00
TreeHugger Robot
6058fd94db Merge "Add sysfs_camera label for powerhint flow to access intcam & tnr clock" into sc-dev am: c5d10f245a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14795451

Change-Id: I18fe9817dda5b3d9085d78cf7a086e1358936028
 2021-06-09 04:35:29 +00:00
TreeHugger Robot
c5d10f245a Merge "Add sysfs_camera label for powerhint flow to access intcam & tnr clock" into sc-dev 2021-06-09 04:18:05 +00:00
Rick Yiu
34ead673c6 Merge "gs101-sepolicy: Fix tracking_denials of sysfs_vendor_sched" into sc-dev am: 2332c6a43f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14881664

Change-Id: Idae83deb38d012faa86e27e7e83ee9ca53be3775
 2021-06-09 03:20:07 +00:00
Adam Shih
0dd0c26b36 Merge "modulize hal_neuralnetwork_armnn" into sc-dev am: 86c45c70e6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14881659

Change-Id: I01829f781aa4763f4b7ae62008fd74b1f6793562
 2021-06-09 03:20:00 +00:00
Rick Yiu
2332c6a43f Merge "gs101-sepolicy: Fix tracking_denials of sysfs_vendor_sched" into sc-dev 2021-06-09 03:02:37 +00:00
Adam Shih
e7ed46c52c organize EdgeTPU modules and sepolicy 
Bug: 190331327
Bug: 190331548
Bug: 189895600
Bug: 190331108
Bug: 182524105
Bug: 183935302
Test: build ROM and check if the modules and sepolicy are still there
Change-Id: I40391a239a16c4fe79d58fab209dcbd1a8f25ede
 2021-06-09 10:39:04 +08:00