Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
280 commits 1 branch 0 tags 494 MiB
Commit graph

280 commits

This branch
This branch
All branches
Author SHA1 Message Date
Oleg Matcovschi
cf08b32308 Merge changes from topic "b180760068" into sc-dev am: 3872f8015f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14017040

Change-Id: I9b89eea1dfd61d9789f396232d744d9db5da4ddf
 2021-03-29 22:50:27 +00:00
Oleg Matcovschi
994f5fc31e vendor: remove sscoredump policies am: 6862b8e239 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14006443

Change-Id: Icd0bba0cb154fc525d261f73c2f2ef24ef24bc79
 2021-03-29 22:50:25 +00:00
Oleg Matcovschi
3872f8015f Merge changes from topic "b180760068" into sc-dev 
* changes:
  genfs_contexts: add sscoredump per-subsystem policies
  vendor: remove sscoredump policies
 2021-03-29 22:05:23 +00:00
Alex Hong
f8f1b8498c Merge "update error on ROM 7242124" into sc-dev am: 122849026f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14018649

Change-Id: Id86ffa0c2c73356efa4412bc4809cffc91d6d4a7
 2021-03-29 17:19:51 +00:00
Oleg Matcovschi
005fafff5b genfs_contexts: add sscoredump per-subsystem policies 
Bug: 180760068
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I448dd8d5ea1e11eb774c62e129eb4c7896a5bd15
 2021-03-29 10:04:57 -07:00
Alex Hong
122849026f Merge "update error on ROM 7242124" into sc-dev 2021-03-29 16:37:47 +00:00
Alex Hong
68569d8fe3 update error on ROM 7242124 
Bug: 183935416
Bug: 183935302
Bug: 183935382
Bug: 183935443
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Iccdfc8a9eea3e8d52bebc89ca1eafcd2ec26e3c6
 2021-03-29 22:18:39 +08:00
Hsiaoan Hsu
3a4feeb1b9 Fix netutils_wrapper avc denied am: c9f580b083 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14011940

Change-Id: If6d570e2278ec3a4da2f308e5e2c5e1a780528c0
 2021-03-29 11:30:53 +00:00
Hsiaoan Hsu
c9f580b083 Fix netutils_wrapper avc denied 
avc denied log:
03-25 22:30:40.226  root 22962 22962 W iptables-wrappe: type=1400 audit(0.0:2269): avc: denied { read write } for path="/dev/umts_wfc1" dev="tmpfs" ino=748 scontext=u:r:netutils_wrapper:s0 tcontext=u:object_r:pktrouter_device:s0 tclass=chr_file permissive=0

03-25 22:30:40.226  root 22962 22962 W iptables-wrappe: type=1400 audit(0.0:2270): avc: denied { read write } for path="socket:[1017]" dev="sockfs" ino=1017 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:pktrouter:s0 tclass=netlink_route_socket permissive=0

03-25 22:30:40.226  root 22962 22962 W iptables-wrappe: type=1400 audit(0.0:2274): avc: denied { read write } for path="socket:[655847]" dev="sockfs" ino=655847 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:pktrouter:s0 tclass=udp_socket permissive=0

Bug: 183713618
Test: WFC/WFC handover

Change-Id: I363bf009c3b05ac2ceccb5580e786fcebf0f5631
 2021-03-29 05:22:41 +00:00
Oleg Matcovschi
6862b8e239 vendor: remove sscoredump policies 
Bug: 180760068
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: Ib8d360b227286bdea7de00125ef2ed6ad7978e67
 2021-03-28 21:26:34 -07:00
TreeHugger Robot
a6b062f1e7 Merge "SELinux: Grant camera HAL TEE access" into sc-dev am: 6d56fb7391 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13997191

Change-Id: I4aaa68feccc12ff6ee9a335b26558663b5b00e48
 2021-03-26 06:39:36 +00:00
TreeHugger Robot
6d56fb7391 Merge "SELinux: Grant camera HAL TEE access" into sc-dev 2021-03-26 06:21:05 +00:00
Kevin DuBois
25b3b67b30 Merge "hal_neuralnetworks_armnn: allow GPU access" into sc-dev am: 978b3b4e9b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13994637

Change-Id: I82f36fd0432c06f3575130f0d183f94e4039a176
 2021-03-25 22:36:09 +00:00
Kevin DuBois
978b3b4e9b Merge "hal_neuralnetworks_armnn: allow GPU access" into sc-dev 2021-03-25 22:01:42 +00:00
Jidong Sun
eda148cd47 SELinux: Grant camera HAL TEE access 
Bug: 183714594
Signed-off-by: Jidong Sun <jidong@google.com>
Change-Id: I84fd3a7cf18bc3b574632b665be86c0fcb505704
 2021-03-25 20:01:12 +00:00
Kevin DuBois
9c8327de8d hal_neuralnetworks_armnn: allow GPU access 
Neuralnetworks for armnn driver needs GPU access in order to issue
OpenCL commands to GPU. Add rule that allows this.

Fixes: 183673130
Test: setenforce 1, stop and start hal, see that hal started.
Change-Id: I9be0ee4326e5e128a37f2c4df0878f8fbbea7f8d
 2021-03-25 11:10:40 -07:00
Krzysztof Kosiński
4650213e1e Merge "Mark libGrallocWrapper.so as same-process HAL." into sc-dev am: 74bc4bf947 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13986904

Change-Id: I8839372f0a5f181089cb56192f52b51d660f7731
 2021-03-25 17:18:23 +00:00
Krzysztof Kosiński
74bc4bf947 Merge "Mark libGrallocWrapper.so as same-process HAL." into sc-dev 2021-03-25 16:34:28 +00:00
Terry Huang
d426c1dd4f Merge "Fix VT issue avc denied" into sc-dev am: bea1d217b5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13992794

Change-Id: I6b8750edc7d4de209133c1a9a10a5fe5e547bd7e
 2021-03-25 16:02:47 +00:00
Terry Huang
bea1d217b5 Merge "Fix VT issue avc denied" into sc-dev 2021-03-25 15:21:53 +00:00
Steven Liu
3dee8cecad Merge "Add sepolicy for the wifi firmware config OTA feature" into sc-dev am: acf218cb51 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13983837

Change-Id: I00b8c3c91c9373168d80a7fda2268add40375310
 2021-03-25 15:05:44 +00:00
Steven Liu
acf218cb51 Merge "Add sepolicy for the wifi firmware config OTA feature" into sc-dev 2021-03-25 14:40:18 +00:00
terrycrhuang
3316a7135d Fix VT issue avc denied 
03-25 19:59:12.604 E SELinux : avc:  denied  { find } for pid=3822
uid=10264 name=media.camera
scontext=u:r:vendor_ims_app:s0:c8,c257,c512,c768
tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager
permissive=0

03-25 19:59:19.283 E SELinux : avc:  denied  { find } for pid=3822
uid=10264 name=media.player
scontext=u:r:vendor_ims_app:s0:c8,c257,c512,c768
tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager
permissive=0

Bug: 183698793
Test: Manual

Change-Id: I5ccff82df99b6bcb3883b880ef1fbfe8710b2e99
 2021-03-25 21:22:33 +08:00
terrycrhuang
79d2510748 Fix pktrouter avc denied am: dbef5fe678 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13992789

Change-Id: I42fde09a926575d0c2cff90463e4eeccea436b55
 2021-03-25 10:26:22 +00:00
terrycrhuang
b80a40f7bc Fix vendor.pktrouter avc denied am: 986fe49987 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13992787

Change-Id: I99535459516df8cfc6289585e0211ccc80fbbbca
 2021-03-25 09:23:59 +00:00
terrycrhuang
dbef5fe678 Fix pktrouter avc denied 
03-25 15:28:05.656 I auditd  : type=1400 audit(0.0:48): avc: denied {
net_raw } for comm="wfc-pkt-router" capability=13
scontext=u:r:pktrouter:s0 tcontext=u:r:pktrouter:s0 tclass=capability
permissive=0

Bug: 183664765
Test: Manual

Change-Id: I378b2c0ed8af9e4ba1accfdcc5380a1f9f066b81
 2021-03-25 15:56:35 +08:00
terrycrhuang
986fe49987 Fix vendor.pktrouter avc denied 
03-24 19:45:17.324 E init : Do not have permissions to set
'vendor.pktrouter' to '1' in property file '/vendor/build.prop': SELinux
permission check failed

Bug: 183664765
Test: Manual

Change-Id: Ibf0f764c905c4797b179dff2cdd1faa98fae5bc0
 2021-03-25 14:36:05 +08:00
TreeHugger Robot
80df40415d Merge "Fix avc denied for vendor_ims_app" into sc-dev am: f112196d64 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13987992

Change-Id: Id635d595a0551821b794690f990325fcc486db48
 2021-03-25 05:06:18 +00:00
Aaron Tsai
239310d8a6 Fix selinux errors for rild am: d135bde241 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13975653

Change-Id: I595e55a3db7bb5c5570b7c25f3aa1519b97cb061
 2021-03-25 05:04:39 +00:00
TreeHugger Robot
f112196d64 Merge "Fix avc denied for vendor_ims_app" into sc-dev 2021-03-25 04:59:51 +00:00
terrycrhuang
9778af3cef Fix avc denied for vendor_ims_app 
03-25 09:24:16.810 E SELinux : avc:  denied  { find } for pid=3681
uid=10272 name=media.audio_flinger
scontext=u:r:vendor_ims_app:s0:c16,c257,c512,c768
tcontext=u:object_r:audioserver_service:s0 tclass=service_manager
permissive=0

Bug: 183593669
Test: Manual

Change-Id: I9d659b475d5d19ae5dd1642974f9064c152ee4b0
 2021-03-25 10:57:57 +08:00
Aaron Tsai
d135bde241 Fix selinux errors for rild 
03-10 09:33:20.380   849   849 I rild_exynos: type=1400 audit(0.0:11): avc: denied { map } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
03-10 09:33:20.380   849   849 I rild_exynos: type=1400 audit(0.0:10): avc: denied { getattr } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
03-10 09:33:20.380   849   849 I rild_exynos: type=1400 audit(0.0:9): avc: denied { open } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
03-10 09:33:20.380   849   849 I rild_exynos: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
[   16.814981] type=1400 audit(1615340000.380:8): avc: denied { read } for comm="rild_exynos" name="u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
[   16.815057] type=1400 audit(1615340000.380:9): avc: denied { open } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
[   16.815089] type=1400 audit(1615340000.380:10): avc: denied { getattr } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
[   16.815108] type=1400 audit(1615340000.380:11): avc: denied { map } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1

Bug: 182320172
Test: verified with the forrest ROM and error log gone
Change-Id: Ib0300629de5a0186c4f9fd2f603be52aefd085bc
 2021-03-25 02:47:16 +00:00
TreeHugger Robot
3c3585d3a6 Merge "Fix hangup Volte call fail" into sc-dev am: 14ff0e6ac5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13987985

Change-Id: Ie640695ab69c9b7a43f62dc340b83977aa884184
 2021-03-25 02:36:29 +00:00
Eddie Tashjian
4cdfd5b4ac Merge "Allow init to set RIL properties." into sc-dev am: 5dbe586a1d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13986934

Change-Id: Ib1366e4bb178ae6111ceb4e7b3219cac9c09765f
 2021-03-25 02:35:42 +00:00
TreeHugger Robot
14ff0e6ac5 Merge "Fix hangup Volte call fail" into sc-dev 2021-03-25 02:19:49 +00:00
Eddie Tashjian
5dbe586a1d Merge "Allow init to set RIL properties." into sc-dev 2021-03-25 01:51:20 +00:00
terrycrhuang
8b3601f87d Fix hangup Volte call fail 
03-24 19:45:59.920 I auditd  : type=1107 audit(0.0:35): uid=0
auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set }
for property=persist.radio.call.audio.output pid=2328 uid=10260
gid=10260 scontext=u:r:vendor_ims_app:s0:c4,c257,c512,c768
tcontext=u:object_r:radio_prop:s0 tclass=property_service permissive=0'

03-24 19:45:59.923 W libc    : Unable to set property
"persist.radio.call.audio.output" to "0": error code: 0x18

Bug: 183593669
Bug: 182978936
Test: Manual
Change-Id: I7f4491348ca6d97e0997f51359f1c42d98d61c75
 2021-03-25 05:33:56 +08:00
Krzysztof Kosiński
fc18626210 Merge "Revert "Add lazy service binary to hal_camera_default domain."" into sc-dev am: 1314a15cb9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13985005

Change-Id: I38a71c99ebdf718b396e49fd1cf4489b6a1525f7
 2021-03-24 21:33:06 +00:00
Krzysztof Kosiński
1314a15cb9 Merge "Revert "Add lazy service binary to hal_camera_default domain."" into sc-dev 2021-03-24 20:57:35 +00:00
Eddie Tashjian
d3579bb3ec Allow init to set RIL properties. 
Init sequence needs to set several properties under *vendor.ril*. Change
permission to set instead of get.

Bug: 183633407
Test: Check selinux denials.
Change-Id: Id7ecff48f36ee87f251ee6121f1782fa57b39844
 2021-03-24 13:35:11 -07:00
Krzysztof Kosiński
9818e25500 Revert "Add lazy service binary to hal_camera_default domain." 
This reverts commit d02e73b966.

Reason for revert: This HAL is actually not intended to be present
on GS101 devices. The denial logs come from people who did "adb sync"
after building binaries that are not included in the device image.
SELinux should not allow access to this HAL.

Change-Id: Id179023eeb79d749a0bde13e1d83af41fc42780e
 2021-03-24 15:59:55 +00:00
Steven Liu
c6eca53b9e Add sepolicy for the wifi firmware config OTA feature 
Bug: 177083009
Test: the OTA updated files can be updated and applied.
Change-Id: I2f269dbc146aae41cab57abd568af7e26fd23876
 2021-03-24 06:59:08 -07:00
Krzysztof Kosiński
7e469b9941 Mark libGrallocWrapper.so as same-process HAL. 
This library is indirectly loaded by lib_aion_buffer.so, which
is an ABI-stable wrapper for some vendor-specific APIs used by
GCA (the Pixel camera app)

Bug: 182962346
Test: ran GCA on oriole
Change-Id: Ida5171110081cac0ac13ea769f9d434499faebe6
 2021-03-24 06:42:05 -07:00
Adam Shih
5838ee55bc allow bootctl to access devinfo am: 5b5a004593 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13981527

Change-Id: If110be4ad37cedc65fac2e737165d36f3d8881d4
 2021-03-24 13:26:53 +00:00
Adam Shih
5b5a004593 allow bootctl to access devinfo 
[   22.798274] type=1400 audit(1616580486.404:10): avc:
denied { write } for comm="boot@1.2-servic" name="sdd1"
dev="tmpfs" ino=705 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file
permissive=1
Bug: 177882574
Test: boot to home after factory reset
Change-Id: I6774ffd46a74c75b2fee962757901ea97e9033fe
 2021-03-24 10:32:37 +00:00
SalmaxChang
68d69074e3 mds: Update radio_vendor_data_file permission am: 3a27f85dc8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13975652

Change-Id: Id5fbdc1545c5d144d9d51329754b2697b040a020
 2021-03-24 10:10:12 +00:00
SalmaxChang
3a27f85dc8 mds: Update radio_vendor_data_file permission 
Bug: 181174034
Change-Id: Ie22e19b179d41a97198c07cb922dd5c60f095ad4
 2021-03-24 09:23:18 +00:00
Adam Shih
398ee2091b Merge "fix reset problem caused by ims" into sc-dev am: c58780d645 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13975655

Change-Id: I7f97b020b8ccf4ec69cab4018f1e27591fe51f86
 2021-03-24 08:51:27 +00:00
Adam Shih
c58780d645 Merge "fix reset problem caused by ims" into sc-dev 2021-03-24 08:13:23 +00:00
Adam Shih
692faeedaf fix reset problem caused by ims 
Bug: 183209764
Test: unplug device, reboot, enter sim code and survived
Change-Id: I23c39290731a76ec4a364e4f92d3994254d70eae
 2021-03-24 14:31:31 +08:00