Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2756 commits 1 branch 0 tags 494 MiB
Commit graph

2756 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jasmine Cha
d57668f3cc audio: add sepolicy for getting thermal event am: 2abecb1519 am: 54e84e9978 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944690

Change-Id: Iddcd4b760301c761c273d53231147a6c1b0927da
 2022-01-21 22:29:29 +00:00
Jasmine Cha
8b5831f247 audio: add permission to request health/sensor data am: a21b7f8800 am: cdcccbbd02 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944689

Change-Id: I16f8196bfe5e3b49575b936ee6d2376e878aa9be
 2022-01-21 22:29:12 +00:00
David Anderson
b7b8477e12 Fix sepolicy denial in update_engine. am: 2fe229352b am: e999b85d07 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1934897

Change-Id: I45ccf375ccb5b97f848a1db62de77271de5c0b86
 2022-01-21 22:28:55 +00:00
Matt Buckley
773506d408 Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags am: 317166636f am: 8670a782de 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1934617

Change-Id: I2478a1ce77383d66cd7cb677406920b25bf165da
 2022-01-21 22:28:26 +00:00
Joel Galenson
047d2a31ed Include core policy OWNERS. am: b287da183e am: 453006460d 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1931017

Change-Id: Ia079ef87912e57d704629f397bf6054a83f394bb
 2022-01-21 22:27:53 +00:00
Xin Li
4f9be8d5b2 [automerger skipped] Merge Android 12 QPR1 am: 0d05632eb8 -s ours am: 01d5ec6d2a -s ours 
am skip reason: Merged-In Ie31b278a639fd5a9e249ca934d543de770fb3217 with SHA-1 856fe3d040 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1921233

Change-Id: I716fc9fc6a34b69afcdfb0332b3870e19f536f1a
 2022-01-21 22:26:43 +00:00
chenpaul
ebc02c3437 Remove wifi_logger related sepolicy settings am: 37d4cfa648 am: 9a9bf7fc09 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1881116

Change-Id: I6402127385b8141c67e44d7f0c8e6d5625fbdc2e
 2022-01-21 22:25:47 +00:00
linpeter
af647ece2f atc context change am: 85d5a9a60a 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1951025

Change-Id: I04d30ff685f7ad74d9f5eff43ff360edf7cf0fd3
 2022-01-21 22:12:40 +00:00
Treehugger Robot
3cde81c794 Merge "Allow TEE storageproxyd permissions needed for DSU handling" am: 05ca30173e 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1923363

Change-Id: I38635cce32595befc29dc3319ba5dd48a5010023
 2022-01-21 22:12:31 +00:00
TeYuan Wang
a76533f48b Label TMU as sysfs_thermal am: 32458cdc49 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1937119

Change-Id: Idc76bdeb58cdff9eb83ae817d8ed01dee9253032
 2022-01-21 22:12:21 +00:00
Yabin Cui
1a59c0625f Merge "Add SOC specific ETM sysfs paths" am: 9ee70a3d7f 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1943866

Change-Id: I89a806d01292ec28a0b22bef7833fae566d1d941
 2022-01-21 22:12:12 +00:00
Jasmine Cha
54e84e9978 audio: add sepolicy for getting thermal event am: 2abecb1519 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944690

Change-Id: I7d33c5cf635907493462d49d8b3a2ceacc128f00
 2022-01-21 22:12:02 +00:00
Jasmine Cha
cdcccbbd02 audio: add permission to request health/sensor data am: a21b7f8800 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1944689

Change-Id: I0ec1f8e2c389b199e0b0646397bdd40593b3c374
 2022-01-21 22:11:55 +00:00
David Anderson
e999b85d07 Fix sepolicy denial in update_engine. am: 2fe229352b 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1934897

Change-Id: Ie42aaf3f8b972471ccf43fda689e32bc4b388bf8
 2022-01-21 22:11:24 +00:00
Matt Buckley
8670a782de Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags am: 317166636f 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1934617

Change-Id: I20977b9d52ecd10ce3feac4111677e278cadd3c2
 2022-01-21 22:11:00 +00:00
Joel Galenson
453006460d Include core policy OWNERS. am: b287da183e 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1931017

Change-Id: I91c6a5a9e6fde086d82b2def66207b938f18adae
 2022-01-21 22:10:13 +00:00
Xin Li
01d5ec6d2a [automerger skipped] Merge Android 12 QPR1 am: 0d05632eb8 -s ours 
am skip reason: Merged-In Ie31b278a639fd5a9e249ca934d543de770fb3217 with SHA-1 856fe3d040 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1921233

Change-Id: Icf501a9eaa676a0fbf49f2862e76fe482dfa6238
 2022-01-21 22:09:34 +00:00
chenpaul
9a9bf7fc09 Remove wifi_logger related sepolicy settings am: 37d4cfa648 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1881116

Change-Id: I4537982542fcf8f47e7b9fbaacf326db2cc12dc7
 2022-01-21 22:08:19 +00:00
Jagadeesh Pakaravoor
400b93eb0b camera_hal: allow changing kthread priority 
Allow changing kthread priority during insmod for camera-hal/LWIS.

Bug: 199950581
Test: boot, local camera testing
Change-Id: If59bfe101cab17854a5472ef388411bd19ef0a68
 2022-01-21 14:58:07 +08:00
Presubmit Automerger Backend
03b2c4e33e [automerge] Add vendor SELinux denial to allowlist 2p: ed2c8d78ae am: bb9f892d56 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16672552

Change-Id: I991901e8d67be19d479d0cba5852aa7cca3d8301
 2022-01-21 06:24:13 +00:00
Presubmit Automerger Backend
bb9f892d56 [automerge] Add vendor SELinux denial to allowlist 2p: ed2c8d78ae 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16672552

Bug: 215640468
Change-Id: Ie94576056af0683b0cb23b51ae8543ef14b2bca7
 2022-01-21 03:37:25 +00:00
eddielan
ed2c8d78ae Add vendor SELinux denial to allowlist 
Bug: 215640468
Test: Build Pass
Change-Id: I8c2aa5ce4c6cc229837f763c6a20a1c27e1978a6
 2022-01-21 03:37:16 +00:00
Stephen Crane
b69ac35ff0 Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Merged-In: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2022-01-18 11:43:16 -08:00
linpeter
85d5a9a60a atc context change 
Give atc nodes are changed to dqe0 form.

Bug: 213133646
test: test: check avc denied
Change-Id: Ibbcb7538b7874912f8c7e19a77ae6dd32f097ab0
 2022-01-17 16:53:53 +08:00
Treehugger Robot
05ca30173e Merge "Allow TEE storageproxyd permissions needed for DSU handling" 2022-01-12 23:34:32 +00:00
YiHo Cheng
5254b52656 Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev am: e400db11ba am: b4024884f1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16569088

Change-Id: Icf3374f059b914f09e5dd6650a60c7f0a825672d
 2022-01-12 23:26:50 +00:00
YiHo Cheng
b4024884f1 Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev am: e400db11ba 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16569088

Change-Id: I3c9929f0ec857786766b892e415d4b58163797be
 2022-01-12 23:14:55 +00:00
YiHo Cheng
e400db11ba Merge "thermal: Label tmu register dump sysfs" into sc-v2-dev 2022-01-12 23:03:42 +00:00
TeYuan Wang
32458cdc49 Label TMU as sysfs_thermal 
Bug: 202805103
Test: switch thermal tj property and check thermal threshold
Change-Id: Id113b80f856e26412e2e07b9c9b4a61d519b194f
 2022-01-12 10:16:49 +08:00
Yabin Cui
9ee70a3d7f Merge "Add SOC specific ETM sysfs paths" 2022-01-11 19:40:23 +00:00
TreeHugger Robot
1d086e460c Merge "Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags" 2022-01-11 18:59:33 +00:00
Jasmine Cha
2abecb1519 audio: add sepolicy for getting thermal event 
type=1400 audit(0.0:15): avc: denied { call } for scontext=u:r:hal_audio_default:s0
tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1

type=1400 audit(0.0:16): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0
tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1

Bug: 204271308
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I900de2a2d8bf0753543ef4428374e782908e7aee
 2022-01-11 13:42:58 +08:00
Jasmine Cha
a21b7f8800 audio: add permission to request health/sensor data 
- Add audio hal into hal_health clients
- Allow audio hal to find fwk_sensor_hwservice
SELinux : avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1
SELinux : avc:  denied  { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1
audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1
audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1

Bug: 199382564
Bug: 199801586
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
Merged-In: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2
 2022-01-11 13:42:55 +08:00
YiHo Cheng
ca06222472 thermal: Label tmu register dump sysfs 
Allow dumpstate to access tmu register dump sysfs

[ 1155.422181] type=1400 audit(1641335196.892:8): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_state" dev="sysfs"
ino=68561
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0
[ 1155.423398] type=1400 audit(1641335196.892:9): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_current_temp" dev="sysfs"
ino
=68562 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.443740] type=1400 audit(1641335196.896:10): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_rise_thres"
dev="sysfs"
ino=68563 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.466064] type=1400 audit(1641335196.896:11): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_fall_thres"
dev="sysfs"
ino=68565 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.488251] type=1400 audit(1641335196.916:12): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_rise_thres"
dev="sysfs" ino=68564 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 1155.510614] type=1400 audit(1641335196.960:13): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_fall_thres"
dev="sysfs"
ino=68566 scontext=u:r:hal_dumpstate_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
o

Bug: 202736838
Test: check thermal section in dumpstate
Change-Id: Icecca9f69ee9b57d43aa2864864951bf66c4905f
 2022-01-11 08:42:45 +08:00
Yabin Cui
1459e9734a Add SOC specific ETM sysfs paths 
Bug: 213519191
Test: run profcollectd on oriole
Change-Id: Ib1ae7466c76362b8242f2bb8560bb8b1d80c4253
 2022-01-10 11:25:25 -08:00
Vinay Kalia
72ac373dfd [automerger skipped] [DO NOT MERGE] Allow media codec to access power HAL am: 8337626f4a am: 97addf8500 -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16483773

Change-Id: Ife2d22606bc4da9a4f94fa65ae0d36a86b4c2ed2
 2022-01-10 06:32:26 +00:00
Vinay Kalia
97addf8500 [DO NOT MERGE] Allow media codec to access power HAL am: 8337626f4a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16483773

Change-Id: I4ce0bb633c8d27e798c7a8e80e1d23eb06b3a2a0
 2022-01-10 06:13:59 +00:00
Matt Buckley
c876449a7b Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags 
For the hardware composer and surfaceflinger to coordinate on certain features, it is necessary for the hardware composer to be able to read the surface_flinger_native_boot_prop to know what should be enabled.

Bug: b/195990840
Test: None
Change-Id: I41e1aa0f80c1138cf46f4f139253158b005a8634
 2022-01-08 00:00:58 +00:00
Joel Galenson
cbb76860dd Merge "Include core policy OWNERS." 2022-01-07 14:17:21 +00:00
Yifan Hong
ca7275beee Merge "Implement health AIDL HAL." 2022-01-06 23:01:32 +00:00
Vinay Kalia
8337626f4a [DO NOT MERGE] Allow media codec to access power HAL 
This commit fixes the following denials:

W /vendor/bin/hw/google.hardware.media.c2@1.0-service: type=1400 audit(0.0:276): avc: denied
{ call } for comm=436F646563322E30204C6F6F706572 scontext=u:r:mediacodec:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

bug: 206687836
Test: Secure HFR AV1 video playback with resolution change.
Signed-off-by: Vinay Kalia <vinaykalia@google.com>
Change-Id: I79c20bda87af6066ae667a5176747378718a3a62
 2022-01-06 20:18:34 +00:00
Joel Galenson
b0880417ff Include core policy OWNERS. 
Test: None
Change-Id: I053d84eba7695fe125783b536421d43117b3f16d
(cherry picked from commit b287da183e)
 2022-01-06 10:17:14 -08:00
Yifan Hong
5521fb530c Implement health AIDL HAL. 
Test: VTS
Test: manual charger mode
Test: recovery
Bug: 213273090
Change-Id: Iabaf31644f4406092a881841fb4084499fb4de89
 2022-01-05 23:08:07 -08:00
David Anderson
2fe229352b Fix sepolicy denial in update_engine. 
pvmfw is an A/B partition but is not properly labeled and update_engine
gets a denial trying to write to it.

Bug: N/A
Test: m otapackage, apply OTA, check for denials
Change-Id: I55f41a8937384d3bcda5797b5df3f34257f7a114
 2021-12-28 21:52:12 -08:00
Matt Buckley
317166636f Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags 
For the hardware composer and surfaceflinger to coordinate on certain features, it is necessary for the hardware composer to be able to read the surface_flinger_native_boot_prop to know what should be enabled.

Bug: b/195990840
Test: None
Change-Id: Idc1599820026febecda84233d60982e7db7b14b5
 2021-12-28 19:08:06 +00:00
Joel Galenson
b287da183e Include core policy OWNERS. 
Test: None
Change-Id: I053d84eba7695fe125783b536421d43117b3f16d
 2021-12-21 07:27:03 -08:00
Cyan Hsieh
6e1c9d88cd Merge "Add pvmfw to custom_ab_block_device" 2021-12-20 03:22:22 +00:00
Cyan_Hsieh
0b5b4a9692 Add pvmfw to custom_ab_block_device 
Bug: 211070100
Change-Id: Icd8f6d1837b8124bd8cd7b3d59d43b755455bae6
 2021-12-20 10:10:46 +08:00
TreeHugger Robot
899faa57e4 Merge "Allow vendor init to read gesture_prop." 2021-12-15 09:01:23 +00:00
Stephen Crane
3f9a11fa0b Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
 2021-12-14 14:33:56 -08:00