Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
278 commits 1 branch 0 tags 494 MiB
Commit graph

278 commits

This branch
This branch
All branches
Author SHA1 Message Date
Oleg Matcovschi
6862b8e239 vendor: remove sscoredump policies 
Bug: 180760068
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: Ib8d360b227286bdea7de00125ef2ed6ad7978e67
 2021-03-28 21:26:34 -07:00
TreeHugger Robot
6d56fb7391 Merge "SELinux: Grant camera HAL TEE access" into sc-dev 2021-03-26 06:21:05 +00:00
Kevin DuBois
978b3b4e9b Merge "hal_neuralnetworks_armnn: allow GPU access" into sc-dev 2021-03-25 22:01:42 +00:00
Jidong Sun
eda148cd47 SELinux: Grant camera HAL TEE access 
Bug: 183714594
Signed-off-by: Jidong Sun <jidong@google.com>
Change-Id: I84fd3a7cf18bc3b574632b665be86c0fcb505704
 2021-03-25 20:01:12 +00:00
Kevin DuBois
9c8327de8d hal_neuralnetworks_armnn: allow GPU access 
Neuralnetworks for armnn driver needs GPU access in order to issue
OpenCL commands to GPU. Add rule that allows this.

Fixes: 183673130
Test: setenforce 1, stop and start hal, see that hal started.
Change-Id: I9be0ee4326e5e128a37f2c4df0878f8fbbea7f8d
 2021-03-25 11:10:40 -07:00
Krzysztof Kosiński
74bc4bf947 Merge "Mark libGrallocWrapper.so as same-process HAL." into sc-dev 2021-03-25 16:34:28 +00:00
Terry Huang
bea1d217b5 Merge "Fix VT issue avc denied" into sc-dev 2021-03-25 15:21:53 +00:00
Steven Liu
acf218cb51 Merge "Add sepolicy for the wifi firmware config OTA feature" into sc-dev 2021-03-25 14:40:18 +00:00
terrycrhuang
3316a7135d Fix VT issue avc denied 
03-25 19:59:12.604 E SELinux : avc:  denied  { find } for pid=3822
uid=10264 name=media.camera
scontext=u:r:vendor_ims_app:s0:c8,c257,c512,c768
tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager
permissive=0

03-25 19:59:19.283 E SELinux : avc:  denied  { find } for pid=3822
uid=10264 name=media.player
scontext=u:r:vendor_ims_app:s0:c8,c257,c512,c768
tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager
permissive=0

Bug: 183698793
Test: Manual

Change-Id: I5ccff82df99b6bcb3883b880ef1fbfe8710b2e99
 2021-03-25 21:22:33 +08:00
terrycrhuang
dbef5fe678 Fix pktrouter avc denied 
03-25 15:28:05.656 I auditd  : type=1400 audit(0.0:48): avc: denied {
net_raw } for comm="wfc-pkt-router" capability=13
scontext=u:r:pktrouter:s0 tcontext=u:r:pktrouter:s0 tclass=capability
permissive=0

Bug: 183664765
Test: Manual

Change-Id: I378b2c0ed8af9e4ba1accfdcc5380a1f9f066b81
 2021-03-25 15:56:35 +08:00
terrycrhuang
986fe49987 Fix vendor.pktrouter avc denied 
03-24 19:45:17.324 E init : Do not have permissions to set
'vendor.pktrouter' to '1' in property file '/vendor/build.prop': SELinux
permission check failed

Bug: 183664765
Test: Manual

Change-Id: Ibf0f764c905c4797b179dff2cdd1faa98fae5bc0
 2021-03-25 14:36:05 +08:00
TreeHugger Robot
f112196d64 Merge "Fix avc denied for vendor_ims_app" into sc-dev 2021-03-25 04:59:51 +00:00
Ilya Matyukhin
3233492f78 Add sepolicy for Goodix AIDL HAL 
Bug: 183054007
Test: adb logcat | grep "avc: denied"
Change-Id: Iea9a652dbc78c488a72600b4226140ccf123b004
 2021-03-24 21:00:41 -07:00
terrycrhuang
9778af3cef Fix avc denied for vendor_ims_app 
03-25 09:24:16.810 E SELinux : avc:  denied  { find } for pid=3681
uid=10272 name=media.audio_flinger
scontext=u:r:vendor_ims_app:s0:c16,c257,c512,c768
tcontext=u:object_r:audioserver_service:s0 tclass=service_manager
permissive=0

Bug: 183593669
Test: Manual

Change-Id: I9d659b475d5d19ae5dd1642974f9064c152ee4b0
 2021-03-25 10:57:57 +08:00
Aaron Tsai
d135bde241 Fix selinux errors for rild 
03-10 09:33:20.380   849   849 I rild_exynos: type=1400 audit(0.0:11): avc: denied { map } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
03-10 09:33:20.380   849   849 I rild_exynos: type=1400 audit(0.0:10): avc: denied { getattr } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
03-10 09:33:20.380   849   849 I rild_exynos: type=1400 audit(0.0:9): avc: denied { open } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
03-10 09:33:20.380   849   849 I rild_exynos: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
[   16.814981] type=1400 audit(1615340000.380:8): avc: denied { read } for comm="rild_exynos" name="u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
[   16.815057] type=1400 audit(1615340000.380:9): avc: denied { open } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
[   16.815089] type=1400 audit(1615340000.380:10): avc: denied { getattr } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1
[   16.815108] type=1400 audit(1615340000.380:11): avc: denied { map } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1

Bug: 182320172
Test: verified with the forrest ROM and error log gone
Change-Id: Ib0300629de5a0186c4f9fd2f603be52aefd085bc
 2021-03-25 02:47:16 +00:00
TreeHugger Robot
14ff0e6ac5 Merge "Fix hangup Volte call fail" into sc-dev 2021-03-25 02:19:49 +00:00
Eddie Tashjian
5dbe586a1d Merge "Allow init to set RIL properties." into sc-dev 2021-03-25 01:51:20 +00:00
terrycrhuang
8b3601f87d Fix hangup Volte call fail 
03-24 19:45:59.920 I auditd  : type=1107 audit(0.0:35): uid=0
auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set }
for property=persist.radio.call.audio.output pid=2328 uid=10260
gid=10260 scontext=u:r:vendor_ims_app:s0:c4,c257,c512,c768
tcontext=u:object_r:radio_prop:s0 tclass=property_service permissive=0'

03-24 19:45:59.923 W libc    : Unable to set property
"persist.radio.call.audio.output" to "0": error code: 0x18

Bug: 183593669
Bug: 182978936
Test: Manual
Change-Id: I7f4491348ca6d97e0997f51359f1c42d98d61c75
 2021-03-25 05:33:56 +08:00
Krzysztof Kosiński
1314a15cb9 Merge "Revert "Add lazy service binary to hal_camera_default domain."" into sc-dev 2021-03-24 20:57:35 +00:00
Eddie Tashjian
d3579bb3ec Allow init to set RIL properties. 
Init sequence needs to set several properties under *vendor.ril*. Change
permission to set instead of get.

Bug: 183633407
Test: Check selinux denials.
Change-Id: Id7ecff48f36ee87f251ee6121f1782fa57b39844
 2021-03-24 13:35:11 -07:00
Krzysztof Kosiński
9818e25500 Revert "Add lazy service binary to hal_camera_default domain." 
This reverts commit d02e73b966.

Reason for revert: This HAL is actually not intended to be present
on GS101 devices. The denial logs come from people who did "adb sync"
after building binaries that are not included in the device image.
SELinux should not allow access to this HAL.

Change-Id: Id179023eeb79d749a0bde13e1d83af41fc42780e
 2021-03-24 15:59:55 +00:00
Steven Liu
c6eca53b9e Add sepolicy for the wifi firmware config OTA feature 
Bug: 177083009
Test: the OTA updated files can be updated and applied.
Change-Id: I2f269dbc146aae41cab57abd568af7e26fd23876
 2021-03-24 06:59:08 -07:00
Krzysztof Kosiński
7e469b9941 Mark libGrallocWrapper.so as same-process HAL. 
This library is indirectly loaded by lib_aion_buffer.so, which
is an ABI-stable wrapper for some vendor-specific APIs used by
GCA (the Pixel camera app)

Bug: 182962346
Test: ran GCA on oriole
Change-Id: Ida5171110081cac0ac13ea769f9d434499faebe6
 2021-03-24 06:42:05 -07:00
Adam Shih
5b5a004593 allow bootctl to access devinfo 
[   22.798274] type=1400 audit(1616580486.404:10): avc:
denied { write } for comm="boot@1.2-servic" name="sdd1"
dev="tmpfs" ino=705 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:devinfo_block_device:s0 tclass=blk_file
permissive=1
Bug: 177882574
Test: boot to home after factory reset
Change-Id: I6774ffd46a74c75b2fee962757901ea97e9033fe
 2021-03-24 10:32:37 +00:00
SalmaxChang
3a27f85dc8 mds: Update radio_vendor_data_file permission 
Bug: 181174034
Change-Id: Ie22e19b179d41a97198c07cb922dd5c60f095ad4
 2021-03-24 09:23:18 +00:00
Adam Shih
c58780d645 Merge "fix reset problem caused by ims" into sc-dev 2021-03-24 08:13:23 +00:00
Adam Shih
692faeedaf fix reset problem caused by ims 
Bug: 183209764
Test: unplug device, reboot, enter sim code and survived
Change-Id: I23c39290731a76ec4a364e4f92d3994254d70eae
 2021-03-24 14:31:31 +08:00
TreeHugger Robot
e8ac32ef2e Merge "Remove tracking_denials/bootanim.te" into sc-dev 2021-03-24 05:06:44 +00:00
TreeHugger Robot
9e41379b9e Merge "work around for uwb" into sc-dev 2021-03-24 05:01:12 +00:00
SalmaxChang
14d068b640 vendor_init: Update tracking denials 
Bug: 176528556
Change-Id: I1ad621c14a1705420f63aeb63b0c68452d991f93
 2021-03-24 03:49:03 +00:00
Jesse Hall
6efd563361 Remove tracking_denials/bootanim.te 
The action that was being denied no longer occurs.

Bug: 180567480
Test: boot past bootanim, check audit log
Change-Id: I58a1b307538a1198d69120c0797a9e0542f30bdf
 2021-03-23 20:43:59 -07:00
TreeHugger Robot
1bc06a6de6 Merge "update error on ROM 7230950" into sc-dev 2021-03-24 03:28:03 +00:00
TreeHugger Robot
fb3fe04feb Merge "Add se-policy for new GRIL service and RadioExt hal APIs" into sc-dev 2021-03-24 02:39:23 +00:00
TreeHugger Robot
40df476219 Merge "Add the sepolicy for UWB hal" into sc-dev 2021-03-24 02:13:43 +00:00
Adam Shih
d28724fdb1 update error on ROM 7230950 
Bug: 183560076
Bug: 183560282
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I329cd3f1e4c5eed986c21724bf42730bed46ab3b
 2021-03-24 10:03:35 +08:00
Adam Shih
77f6de6ea6 work around for uwb 
Bug: 171943668
Test: dw3000 kthread and uwb service came up fine
Change-Id: I4288e07b9b9a2741bfe64b35bd4681ffe4a66039
 2021-03-24 00:41:27 +00:00
TreeHugger Robot
835a255138 Merge "Fix denials for ril_config_service_app" into sc-dev 2021-03-24 00:41:22 +00:00
TreeHugger Robot
d70813575b Merge "Allow Exoplayer access to the vstream-secure heap for secure playback" into sc-dev 2021-03-24 00:26:19 +00:00
labib
a0c5ec2305 Add se-policy for new GRIL service and RadioExt hal APIs 
Bug: 172294179
Change-Id: Ief4c7ec7959676126f35037006016e1454a34f5e
 2021-03-24 06:16:03 +08:00
Christine Franks
28ab0ae8c3 Merge "Add uhid access for exo" into sc-dev 2021-03-23 21:57:15 +00:00
Hridya Valsaraju
fb862c0888 Allow Exoplayer access to the vstream-secure heap for secure playback 
Fixes the following denials:

avc: denied { read } for name="vstream-secure" dev="tmpfs"
ino=736 scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0 tclass=chr_file permissive=0
app=com.google.android.exoplayer.demo
avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=736
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0
tclass=chr_file permissive=0 app=com.google.android.exoplayer.demo
avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=736
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0
tclass=chr_file permissive=0 app=com.google.android.exoplayer.demo

Bug: 178865267
Test: no more denials
Change-Id: I6612bd56c49558b13e2ae72cfbf3552715729e7a
Signed-off-by: Hridya Valsaraju <hridya@google.com>
 2021-03-23 14:37:01 -07:00
Greg Kaiser
9ec1be4eb9 Merge "Revert "Add se-policy for new GRIL service and RadioExt hal APIs"" into sc-dev 2021-03-23 19:12:13 +00:00
LABIB MD RASHID
97bfa35d4f Revert "Add se-policy for new GRIL service and RadioExt hal APIs" 
Revert "BT SAR client implementation for GRIL"

Revert submission 13944227-gril-bt-sar

Reason for revert: TreeHugger builds failing due to changes requiring se-linux permissions for GRIL. Need to add permissions for more devices before attempting this change again.

Reverted Changes:
I556657928:Add se-policy for new GRIL service and RadioExt ha...
I96cf9176a:BT SAR client implementation for GRIL

Change-Id: Ib800962d07d305a5a42ee40f019535f663beacd1
 2021-03-23 19:00:57 +00:00
TreeHugger Robot
25e39f7d37 Merge "Add se-policy for new GRIL service and RadioExt hal APIs" into sc-dev 2021-03-23 16:02:35 +00:00
TreeHugger Robot
3bf9cddeb7 Merge "modem_svc_sit: Fix avc errors" into sc-dev 2021-03-23 11:16:25 +00:00
TreeHugger Robot
1cf98386f6 Merge "update error on ROM 7228492" into sc-dev 2021-03-23 11:16:22 +00:00
Hongbo Zeng
4211025746 Fix denials for ril_config_service_app 
- RilConfigService is a common google project in vendor/google/tools,
  sync related rules from the previous project(ag/6697240, ag/7153946)
  to allow it to:
  (1) receive intents
  (2) update database files under /data/vendor/radio
  (3) update RIL properties
- Two new denials found in this project only:
  avc: denied { search } for name="data" dev="dm-7" ino=93
      scontext=u:r:ril_config_service_app:s0
      tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=1
  avc: denied { search } for name="0" dev="dm-7" ino=192
      scontext=u:r:ril_config_service_app:s0
      tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=1

Bug: 182715439
Test: apply these rules and check there is no denial for
      RilConfigService finally
Change-Id: Icfb0e121d0d11600bda900dff0511187518105ab
 2021-03-23 17:22:33 +08:00
labib
6516f369ff Add se-policy for new GRIL service and RadioExt hal APIs 
Bug: 172294179
Change-Id: I556657928caa441b3530bb371902d5f4ce0be257
 2021-03-23 09:20:18 +00:00
SalmaxChang
b4fbecb9fb modem_svc_sit: Fix avc errors 
avc: denied { search } for comm="modem_svc_sit" name="vendor" dev="tmpfs" ino=2 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir
avc: denied { write open } for path="/mnt/vendor/modem_userdata/replay/dds.bin" dev="sda7" ino=14 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=file
avc: denied { remove_name } for name="dds.bin" dev="sda7" ino=14 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir

Bug: 183467321
Change-Id: Ic5b8fcf324bb0a8b0f6312b3ae755d73a53f0e9c
 2021-03-23 15:11:38 +08:00
Adam Shih
01376cbe06 update error on ROM 7228492 
Bug: 183467306
Bug: 183467321
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia8473c1a4e1f56cc52bc765dea56e3bc497c7cc9
 2021-03-23 15:11:24 +08:00