Commit graph

874 commits

Author SHA1 Message Date
SHUCHI LILU
d083bb9bfd Merge "Update avc error on ROM 7539530" into sc-dev am: 4aa650714c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15250405

Change-Id: I091a161f8c984c7a718d504aa3ef1da40655a4f8
2021-07-12 04:04:41 +00:00
SHUCHI LILU
4aa650714c Merge "Update avc error on ROM 7539530" into sc-dev 2021-07-12 03:45:34 +00:00
Salmax Chang
dc5f944d31 Merge "init: change overlayfs_file rule to dontaudit" into sc-dev am: 3582ffbdbf
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15243218

Change-Id: If111d5fe0ec75703abb1ca01a40820165e41d0c1
2021-07-12 02:54:39 +00:00
Salmax Chang
3582ffbdbf Merge "init: change overlayfs_file rule to dontaudit" into sc-dev 2021-07-12 02:40:43 +00:00
sukiliu
a06677ce7a Update avc error on ROM 7539530
avc: denied { read } for name="u:object_r:vendor_camera_debug_prop:s0" dev="tmpfs" ino=300 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_camera_debug_prop:s0 tclass=file permissive=0
avc: denied { read } for comm="dumpstate@1.1-s" name="u:object_r:vendor_camera_debug_prop:s0" dev="tmpfs" ino=300 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_camera_debug_prop:s0 tclass=file permissive=0

Bug: 193365129
Test: PtsSELinuxTestCases
Change-Id: I1d0258ec4ce2abbf8f899add86be2076c0c72be0
2021-07-12 09:49:17 +08:00
Long Ling
c8efc49b29 Merge "Allowed HWC HAL access TUI status node" into sc-dev am: 5a7c666290
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15177771

Change-Id: I035cfe3c25903178bab1823d5f3ea61e2ad900e1
2021-07-10 02:35:42 +00:00
Long Ling
5a7c666290 Merge "Allowed HWC HAL access TUI status node" into sc-dev 2021-07-10 02:19:43 +00:00
SalmaxChang
12370586c9 init: change overlayfs_file rule to dontaudit
Workaround for modem_img being unlabeled after disable-verity.

Bug: 193113005

Change-Id: I64b528d9952849ff73bcd583211d33c3b220438d
2021-07-09 23:27:30 +08:00
Meng Wang
70052ef1c1 Merge "[RCS] Update sepolicy for RCS" into sc-dev am: 1c6e5c01eb
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15185251

Change-Id: Ib935cc9132f6b7239e973b43bd13b160b7df2747
2021-07-08 17:28:23 +00:00
Meng Wang
1c6e5c01eb Merge "[RCS] Update sepolicy for RCS" into sc-dev 2021-07-08 17:14:51 +00:00
TreeHugger Robot
b2b7ac7cdb Merge "[3A Coordinator] Enable to property_set for log.tag. prefix" into sc-dev am: 95756a2c79
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15223178

Change-Id: Ia36378397d340c61fd8d3f0ce601cbcfc83f06e9
2021-07-08 06:59:59 +00:00
TreeHugger Robot
95756a2c79 Merge "[3A Coordinator] Enable to property_set for log.tag. prefix" into sc-dev 2021-07-08 05:55:52 +00:00
SHUCHI LILU
cc3d5bb968 Merge "Update avc error on ROM 7527858" into sc-dev am: 54780f7ae3
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15222136

Change-Id: I8d938fa6851835f1948964c373764a10dbcf36d8
2021-07-08 03:04:39 +00:00
SHUCHI LILU
54780f7ae3 Merge "Update avc error on ROM 7527858" into sc-dev 2021-07-08 02:53:28 +00:00
KRIS CHEN
11ce7d0f20 Merge "Add sepolicy rules for fingerprint hal" into sc-dev am: ba9051de47
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15223175

Change-Id: I52fc30783edc40b0e4a27307719a95e5ade1b4a4
2021-07-08 02:21:15 +00:00
Bo-Yuan Ye
20dd1ef66c [3A Coordinator] Enable to property_set for log.tag. prefix
major changes:
        1. add log_tag_prop for hal_camera_default

Test: go/p21-camera-test-checklist
Bug: 191923902
Change-Id: I767c235666c6761af6d21178d829a0f7cb8d42c8
2021-07-08 10:15:23 +08:00
KRIS CHEN
ba9051de47 Merge "Add sepolicy rules for fingerprint hal" into sc-dev 2021-07-08 02:05:03 +00:00
Myung-jong Kim
99e75b6ab9 [RCS] Update sepolicy for RCS
Fix seapp_contexts sepolicy for shannon-rcs, where
:shannonrcsservice process exceptions are not handled

Bug: 190581528
Signed-off-by: Myung-jong Kim <mj610.kim@samsung.com>
Change-Id: I15cbf103cea70f6db878305a8fca6b35aa521f9b
2021-07-07 10:57:12 -07:00
Kris Chen
a5c9028ced Add sepolicy rules for fingerprint hal
Fix following avc denial:
servicemanager: type=1400 audit(0.0:8): avc: denied { call } for scontext=u:r:servicemanager:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=binder permissive=0

Bug: 192040144
Test: No above avc denial in logcat.
Change-Id: I1b93474cac4ccb24736bc97665a7ca533ef0a7d3
2021-07-08 00:59:49 +08:00
Maciej Zenczykowski
cb63eaae07 Merge "add sepolicy for set_usb_irq.sh" into sc-dev am: 9b270f0fc5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15219696

Change-Id: Id1c777f39de6b69e459b7c0f6fb4042f78a19798
2021-07-07 16:35:39 +00:00
Maciej Zenczykowski
9b270f0fc5 Merge "add sepolicy for set_usb_irq.sh" into sc-dev 2021-07-07 16:23:13 +00:00
Maciej Żenczykowski
714075eba7 add sepolicy for set_usb_irq.sh
Bug: 185092876
Test: TreeHugger, booted on oriole, enabled/disabled tethering
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7361a4390197e04b27eaf153a696e3f800f79b55
2021-07-07 16:22:33 +00:00
sukiliu
a2d9731099 Update avc error on ROM 7527858
avc:  denied  { find } for pid=2874 uid=1083 name=isub scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0

Bug: 193009345
Bug: 192924316
Test: PtsSELinuxTestCases
Change-Id: I694c1a98ab57123c44717d2af5e57cfc486f76a1
2021-07-07 20:01:18 +08:00
SHUCHI LILU
61771fb7a7 Merge "Update avc error on ROM 7526917" into sc-dev am: 72bc4971df
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15219030

Change-Id: Ia915f2d56f5f4c0d378201bd5e81b480293028b8
2021-07-07 07:49:38 +00:00
SHUCHI LILU
72bc4971df Merge "Update avc error on ROM 7526917" into sc-dev 2021-07-07 07:33:25 +00:00
sukiliu
81a8e5b4ce Update avc error on ROM 7526917
Bug: 192980495
Bug: 192980564
Bug: 192924316
Test: PtsSELinuxTestCases
Change-Id: If1042973df8d8eac24065e50e64d5a60c5a4dc49
2021-07-07 10:57:30 +08:00
Randall Huang
b53d43c8c0 Fix overlayfs avc denied am: d328008234
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15211714

Change-Id: I7facca6571dbd8afb8eba75112d575ab4cd41cf4
2021-07-07 02:07:05 +00:00
Randall Huang
d328008234 Fix overlayfs avc denied
avc: denied { rename } for comm="init" name="#b" dev="dm-6" ino=52
scontext=u:r:init:s0 tcontext=u:object_r:overlayfs_file:s0
tclass=file permissive=1

avc: denied { unlink } for comm="init" name="#b" dev="dm-6" ino=53
scontext=u:r:init:s0 tcontext=u:object_r:overlayfs_file:s0
tclass=chr_file permissive=1

Bug: 192617244
Test: boot & adb remount
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I740ff317520439034d2bf6e0659b1418bf6dac5c
2021-07-06 18:19:04 +08:00
sukiliu
d4425d3438 Update avc error on ROM 7522385 am: 46dfc784f5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15208469

Change-Id: I5a50d404c72eec58c2ac3e14050949331c1cccbc
2021-07-06 03:20:30 +00:00
sukiliu
46dfc784f5 Update avc error on ROM 7522385
avc: denied { read } for name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=220 scontext=u:r:incidentd:s0 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0
avc: denied { read } for comm="app_process" name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=220 scontext=u:r:incidentd:s0 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0

Bug: 192895524
Test: PtsSELinuxTestCases
Change-Id: I770c953e80920388e9c21e6dc8a12762c1f4fb8a
2021-07-06 09:42:31 +08:00
TreeHugger Robot
3921e74df1 Merge "Add system file of INT clock to sysfs_fabric group" into sc-dev am: 8318f84aef
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15152132

Change-Id: I9cffa8ae546c323679dd286eb79497094c02f25e
2021-07-06 01:26:34 +00:00
TreeHugger Robot
8318f84aef Merge "Add system file of INT clock to sysfs_fabric group" into sc-dev 2021-07-06 01:12:21 +00:00
Yu(Swim) Chih Ren
3aa97b5012 Add system file of INT clock to sysfs_fabric group
It is for power hal can access system file of INT clock

Bug: 168654554

Test: 1. Check file group of INT clock system file
      2. P21 Camera Test Checklist done

Change-Id: I1952c5d2ae39c338c9d2ccb8db49d1d119943c06
2021-07-06 00:33:55 +00:00
Miller Liang
8fc8ba0691 Merge "Fix AAudio avc denied" into sc-dev am: a21c6081c9
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15197030

Change-Id: I486f17f84c991e66b620478b5218af90e00b615c
2021-07-05 02:45:26 +00:00
Miller Liang
a21c6081c9 Merge "Fix AAudio avc denied" into sc-dev 2021-07-05 02:32:11 +00:00
millerliang
1e748ab270 Fix AAudio avc denied
E SELinux : avc:  denied  { find } for pid=765 uid=1041 name=audio
scontext=u:r:audioserver:s0 tcontext=u:object_r:audio_service:s0
tclass=service_manager permissive=0

Bug: 191103346
Test: build and run CtsNativeMediaAAudioTestCases
Change-Id: I8e9a41360a382ba5f461818b9f8d6658dd53c62a
2021-07-03 05:40:22 +00:00
sukiliu
334126304a Update avc error on ROM 7515047 am: 755c601dd8
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15175228

Change-Id: I19115f16b02be297118ff2055db15eb8f3fc172d
2021-07-02 12:03:28 +00:00
sukiliu
755c601dd8 Update avc error on ROM 7515047
Bug: 192617242
Bug: 192617244
Test: PtsSELinuxTestCases
Change-Id: I94f7fa36632147676adc46f520e9a2a4f9b413cd
2021-07-02 10:34:49 +08:00
YongWook Shin
eee09878b6 Allowed HWC HAL access TUI status node
Bug: 157272869
Signed-off-by: YongWook Shin <yongwook.shin@samsung.com>
Change-Id: Id4abb0277bda9c9ff13f753e6f74438ce55be0ab
2021-07-01 12:08:34 -07:00
TreeHugger Robot
c077524883 Merge "Fix hal_uwb_default dumpstate SELinux errors" into sc-dev am: 846cba7286
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15164003

Change-Id: Iec3adee2e2fbf126790a00719da38cef9f499e30
2021-07-01 08:24:42 +00:00
TreeHugger Robot
846cba7286 Merge "Fix hal_uwb_default dumpstate SELinux errors" into sc-dev 2021-07-01 08:07:05 +00:00
Michael Ayoubi
56beb62f69 Fix hal_uwb_default dumpstate SELinux errors
Fixes: b/192026913
Test: Run dumpstate and confirm no avc denials

Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I3d818fb066a834663dc63b8757bd16c08a1a0e9e
2021-07-01 06:55:42 +00:00
TreeHugger Robot
e86ced7327 Merge "remove obsolete errors" into sc-dev am: 5b4e06670f
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15143009

Change-Id: Ic6d0bf859005720f75cc9e7d61595a7110a32bfe
2021-07-01 04:11:55 +00:00
TreeHugger Robot
5b4e06670f Merge "remove obsolete errors" into sc-dev 2021-07-01 04:01:19 +00:00
TreeHugger Robot
3de85f4a86 Merge "Remove dontaudit form tracking_denials for maxfg and regmap" into sc-dev am: 2ee38e55f1
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15143006

Change-Id: I7b0c3e0787280be673678827aec4d29d18456a47
2021-07-01 03:36:32 +00:00
TreeHugger Robot
2ee38e55f1 Merge "Remove dontaudit form tracking_denials for maxfg and regmap" into sc-dev 2021-07-01 03:18:01 +00:00
Adam Shih
1a2d199a28 remove obsolete errors
Bug: 183338543
Bug: 187015705
Bug: 191133059
Bug: 180963348
Bug: 187016930
Bug: 190563838
Test: boot with no relevant error
Change-Id: I8d194415dc823da9dec5c315a6068d0d2c2d4a6c
2021-07-01 10:49:59 +08:00
Krzysztof Kosiński
54a9267749 Allow Power Stats HAL to access EdgeTPU sysfs files. am: 6d6a7c96ab
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15162531

Change-Id: I3f590b13d415682fe01024812084308de9be404a
2021-06-30 23:57:10 +00:00
Krzysztof Kosiński
6d6a7c96ab Allow Power Stats HAL to access EdgeTPU sysfs files.
Should fix intermittent failures of SELinuxUncheckedDenialBootTest.

Bug: 192485697
Test: build, checked for denials in logcat
Change-Id: I3b9cafd99f9ff343e5ab5c67f5f268e5eb4382d6
2021-06-30 14:02:27 -07:00
Michael Ayoubi
0536297aed Merge "allow recovery and fastboot to access secure elment" into sc-dev am: 075ba05575
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15152134

Change-Id: I46ad2d1546b4145d8408aee5677b4395c4d8e1d6
2021-06-30 17:56:53 +00:00