device_google_gs101

Author	SHA1	Message	Date
Michael Eastwood	f648f3c989	Update SELinux policy to allow camera HAL to send Perfetto trace packets Example denials: 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr aced:s0 tclass=fd permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext =u:object_r:traced_tmpfs:s0 tclass=file permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u: object_r:traced_tmpfs:s0 tclass=file permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1 Bug: 222684359 Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto. Change-Id: I0180c6bccf8cb65f444b8fb687ab48422c211bac	2022-03-08 13:54:34 -08:00
chenpaul	37d4cfa648	Remove wifi_logger related sepolicy settings Due to the fact that /vendor/bin/wifi_logger no longer exists on the P21 master branch any more, we remove obsolete sepolicy. Bug: 201599426 Test: wlan_logger in Pixel Logger is workable Change-Id: I22d99c3577f3cceb786e2ffd01c327a67d420202	2021-11-15 02:05:06 +00:00
Jiyong Park	90d1e82ae6	Remove ndk_platform backend. Use the ndk backend. The ndk_platform backend will soon be deprecated because the ndk backend can serve the same purpose. This is to eliminate the confusion about having two variants (ndk and ndk_platform) for the same ndk backend. Bug: 161456198 Test: m Merged-In: Icc9af3798ac89742fa56b1cb37d8116d99b4a9c2 Change-Id: Icc9af3798ac89742fa56b1cb37d8116d99b4a9c2 (cherry picked from commit `5cc5d52bd7`)	2021-10-26 14:59:28 +09:00
Roshan Pius	04fbca104c	gs101-sepolicy: Rename hal_uwb -> hal_uwb_vendor Since we are now creating an AOSP HAL for uwb. Rename qorvo's internal HAL to hal_uwb_vendor to avoid conflicts with the AOSP HAL sepolicy rules. Bug: 195308730 Test: Compiles Change-Id: Ief48eacde68b062b2199b20c0c1bb3af23795240 Merged-In: Ief48eacde68b062b2199b20c0c1bb3af23795240	2021-08-25 17:32:53 +00:00
Bart Van Assche	79b41e3c3a	Add the 'bdev_type' attribute to all block device types am: `37b5741301` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15517922 Change-Id: I52ac9161ae22eafecd60a8317370ddc3b243263d	2021-08-18 00:31:25 +00:00
Bart Van Assche	37b5741301	Add the 'bdev_type' attribute to all block device types The following patch introduces code that iterates over all block devices: https://android-review.googlesource.com/c/platform/system/core/+/1783847/9 The following patch grants 'init' and 'apexd' permission to iterate over all block devices: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947 The above SELinux policy change requires to add the 'bdev_type' attribute to all block devices. Hence this patch. Bug: 194450129 Bug: 196982345 Test: Built Android images that include this change and verified that neither init nor apexd triggers any SELinux access denied errors. Change-Id: I6ce1127f199c5b33812f15fe280d86594d7d7ebf Signed-off-by: Bart Van Assche <bvanassche@google.com>	2021-08-17 15:23:23 -07:00
Edmond Chung	d5f9036c8e	Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev am: `7e581b9a7b` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15584607 Change-Id: Icf58b2d5fef01a62ef5ec8c5009690224a15a939	2021-08-16 22:16:13 +00:00
Edmond Chung	7e581b9a7b	Merge "gs101: Allow camera HAL to access interrupt handles" into sc-dev	2021-08-16 22:01:46 +00:00
Edmond Chung	6b30dbc54c	gs101: Allow camera HAL to access interrupt handles This is to allow camera HAL to modify IRQ affinity for different use cases. Bug: 196058977 Test: Camera use cases Change-Id: I498b0ac763b735d05299e1f4b09de14e131fd6e3	2021-08-16 10:52:27 -07:00
Rick Yiu	7b8fe23d74	gs101-sepolicy: Use untrusted_app_all for vendor_sched denials am: `2ef3daba50` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15531061 Change-Id: I1870542193c2b06de1f1e53f38e84fb800a74839	2021-08-16 13:54:01 +00:00
Rick Yiu	2ef3daba50	gs101-sepolicy: Use untrusted_app_all for vendor_sched denials Use untrusted_app_all to cover all Use untrusted_app versions. Bug: 196109806 Test: no untrusted_app denials for vendor_sched Change-Id: Ic6426b26b8a05f8a0bc7e2a4a4a293b2988812d3	2021-08-16 13:40:32 +00:00
Siqi Lin	1a27d3d66e	Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-dev am: `df73384b2e` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15475450 Change-Id: I3f6115d79ff01ba2afb58704fd1fba63a0c3acab	2021-08-09 20:03:56 +00:00
Siqi Lin	df73384b2e	Merge "sepolicy: gs101: allow dumpstate to access AoC stats" into sc-dev	2021-08-09 19:52:02 +00:00
TreeHugger Robot	6727e33988	Merge "Add sepolicy to allow camera HAL to read display backlight" into sc-dev am: `cfcf725081` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15453996 Change-Id: I98b62dffd1fa65bd69bff78b0a5fe11a841efdfb	2021-08-06 14:16:48 +00:00
TreeHugger Robot	cfcf725081	Merge "Add sepolicy to allow camera HAL to read display backlight" into sc-dev	2021-08-06 14:04:38 +00:00
Siqi Lin	57d81aa6c1	sepolicy: gs101: allow dumpstate to access AoC stats Add AP wakeups from AoC DRAM exceptions to bugreports. Bug: 186456919 Change-Id: I31df82addf1b5024b8e33c6284e5da1f473ac5d9	2021-08-05 10:47:13 -07:00
Alice Yang	0d7ab6ea8b	Add sepolicy to allow camera HAL to read display backlight Add sepolicy to allow camera HAL to read display backlight to use in gabc algorithm. Bug: 187917645 Test: build pass, go/p21-camera-test-checklist Change-Id: I628ee2dedd48dd1360d0818137ba9139ae194029	2021-08-03 16:31:12 +00:00
Erik Staats	0bb21fc708	Merge "Allow sensor HAL to read AoC dumpstate." into sc-dev am: `1b7ae244b0` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15444398 Change-Id: Ie5f9c63a4e4eba2c74b667fa8bd5a50a716d3ee9	2021-08-03 15:47:34 +00:00
Erik Staats	1b7ae244b0	Merge "Allow sensor HAL to read AoC dumpstate." into sc-dev	2021-08-03 15:27:12 +00:00
Charles Chiu	300d1b34aa	Merge "Allow init to set Camera properties." into sc-dev am: `50ebe02d44` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15427051 Change-Id: I3f71a63c3c02b7234722dd74da600116da440965	2021-08-03 06:09:38 +00:00
Charles Chiu	50ebe02d44	Merge "Allow init to set Camera properties." into sc-dev	2021-08-03 05:52:49 +00:00
Erik Staats	ad42045b87	Allow sensor HAL to read AoC dumpstate. Bug: 194021578 Test: Simulated communication failure and verified AoC services state log. Test: See details in testing done comment in https://googleplex-android-review.git.corp.google.com/15444398 . Change-Id: I76f376577abad26fe86b5ecb6a570716381227f0	2021-08-02 15:56:57 -07:00
Quinn Yan	c2a7ad88f8	Merge "Revert the unnecessary sepolicy rules for hal_neuralnetworks_darwinn." into sc-dev am: `be5aa28148` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15434450 Change-Id: Ieb2059ae8096f31c92a63b3721628cb69a83cfea	2021-08-02 18:17:06 +00:00
Quinn Yan	be5aa28148	Merge "Revert the unnecessary sepolicy rules for hal_neuralnetworks_darwinn." into sc-dev	2021-08-02 18:01:50 +00:00
Charles Chiu	718a856e26	Allow init to set Camera properties. Test: Camera CTS Bug: 194656156 Change-Id: I2f8f89a02984bfb9fea96df7b0a1d4150c9fdd8d	2021-08-02 23:21:14 +08:00
Mark Chang	978b04ae9e	Merge "[DO NOT MERGE] sepolicy: Add "dontaudit" for twoshay dac_override." into sc-dev am: `f7fa1fa877` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15416442 Change-Id: I1bcc7dbca6a14c15b65df96b57ffe3108f0010a6	2021-07-31 00:11:04 +00:00
Mark Chang	70a9ce2df2	[DO NOT MERGE] sepolicy: Add "dontaudit" for twoshay dac_override. am: `a1aab562ca` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15416442 Change-Id: Iecfcfb1daa0b1d91ddf3c2fb056526c5c011aa8e	2021-07-31 00:11:02 +00:00
Mark Chang	f7fa1fa877	Merge "[DO NOT MERGE] sepolicy: Add "dontaudit" for twoshay dac_override." into sc-dev	2021-07-31 00:01:26 +00:00
qinyiyan	ee4e7f45ce	Revert the unnecessary sepolicy rules for hal_neuralnetworks_darwinn. Bug: 194241380 Test: flashed forrest build and ran PtsSELinuxTestCases Change-Id: Ie2f0572a368f09e522bc2cdfdf9da1859c1c44e7	2021-07-30 23:36:06 +00:00
TreeHugger Robot	c2ebcd6fb7	Merge "Add vendor SELinux denial to allowlist" into sc-dev am: `4720a91c52` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15422669 Change-Id: I2a0ebc95b3165252ada97313072601cbd144d748	2021-07-30 13:23:21 +00:00
TreeHugger Robot	4720a91c52	Merge "Add vendor SELinux denial to allowlist" into sc-dev	2021-07-30 13:12:12 +00:00
Rick Yiu	01c5111d3b	Merge "gs101: Remove vendor_sched" into sc-dev am: `dba7013033` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15402045 Change-Id: Ic3d57039bea5c589a60898ec59aba38da1456a2a	2021-07-30 07:04:45 +00:00
Rick Yiu	dba7013033	Merge "gs101: Remove vendor_sched" into sc-dev	2021-07-30 06:52:10 +00:00
Rick Yiu	7de8a5d4a7	gs101: Remove vendor_sched Moved to system/sepolicy. Bug: 194656257 Test: build pass Change-Id: Ia5ea1bbc05bdc52b43cb403d99994bad70613e08 Merged-In: Ia5ea1bbc05bdc52b43cb403d99994bad70613e08	2021-07-30 03:13:39 +00:00
Mark Chang	a1aab562ca	[DO NOT MERGE] sepolicy: Add "dontaudit" for twoshay dac_override. Bug: 193224954 Test: build pass and boot to home Signed-off-by: Mark Chang <changmark@google.com> Change-Id: I5c330564cc026e113c5d33d5d093dbcdb3ede5e4	2021-07-30 01:49:59 +00:00
Jaineel Mehta	0474bcf10e	Add vendor SELinux denial to allowlist Change-Id: If7435e9c62811ef3c9757f22f06018c32a8d3597 Test: None Bug: 194281028	2021-07-29 21:23:34 +00:00
TreeHugger Robot	c28011e995	Merge "gs101: Allow camera hal to create file in persist camera folder" into sc-dev am: `750888bc5b` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15354010 Change-Id: Ic99958700c8b28e81404a15b1446f7108fa7f7c6	2021-07-29 09:13:58 +00:00
TreeHugger Robot	750888bc5b	Merge "gs101: Allow camera hal to create file in persist camera folder" into sc-dev	2021-07-29 08:40:36 +00:00
Michael Eastwood	ebd0f6cb6d	Merge "Allow hal_dumpstate_default to access vendor_camera_debug_prop" into sc-dev am: `9bfbb3c0d4` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15406130 Change-Id: I2f951ec888186bd93fa3a671be8bd35dc61826fc	2021-07-28 21:53:39 +00:00
Michael Eastwood	9bfbb3c0d4	Merge "Allow hal_dumpstate_default to access vendor_camera_debug_prop" into sc-dev	2021-07-28 21:36:38 +00:00
Michael Eastwood	30bd5e8ed6	Allow hal_dumpstate_default to access vendor_camera_debug_prop Bug: 193365129 Test: atest com.google.android.selinux.pts.SELinuxTest#scanBugreport Change-Id: I43e389d46e8116844bb9ca4259e5ea28e86c50f4	2021-07-27 17:22:47 -07:00
TreeHugger Robot	bac578c7e4	Merge "Add AoC wakeup stats to dump state" into sc-dev am: `fead41d573` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15393321 Change-Id: I885c2707858cd57aece41f8b91f3267a91607710	2021-07-27 19:42:54 +00:00
TreeHugger Robot	fead41d573	Merge "Add AoC wakeup stats to dump state" into sc-dev	2021-07-27 19:23:06 +00:00
Jack Wu	e0c7fa7433	sepolicy: gs101: allows pixelstat to access pca file nodes am: `d6c1a50bba` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15360184 Change-Id: I904398c0eb47626b0398a5cb1fcea961ef35e6fb	2021-07-27 02:26:35 +00:00
Max Kogan	5374497df5	Add AoC wakeup stats to dump state Need add support for wakeup stats to track AoC to AP messages resulting in frequent wake-ups. Bug: 192668026 Change-Id: I073406cc101e114135c863b0e0b86357e93c0415	2021-07-26 22:45:16 +00:00
Jack Wu	d6c1a50bba	sepolicy: gs101: allows pixelstat to access pca file nodes 07-23 14:24:45.512 1000 3001 3001 I pixelstats-vend: type=1400 audit(0.0:10): avc: denied { open } for path="/sys/devices/platform/10d50000.hsi2c/i2c-5/5-0057/chg_stats" dev="sysfs" ino=72245 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 07-23 14:24:45.512 1000 3001 3001 I pixelstats-vend: type=1400 audit(0.0:11): avc: denied { getattr } for path="/sys/devices/platform/10d50000.hsi2c/i2c-5/5-0057/chg_stats" dev="sysfs" ino=72245 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 07-23 14:24:57.536 1000 3001 3001 I pixelstats-vend: type=1400 audit(0.0:12): avc: denied { read } for name="chg_stats" dev="sysfs" ino=72245 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 07-23 14:24:57.536 1000 3001 3001 I pixelstats-vend: type=1400 audit(0.0:13): avc: denied { open } for path="/sys/devices/platform/10d50000.hsi2c/i2c-5/5-0057/chg_stats" dev="sysfs" ino=72245 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 07-23 14:24:57.536 1000 3001 3001 I pixelstats-vend: type=1400 audit(0.0:14): avc: denied { getattr } for path="/sys/devices/platform/10d50000.hsi2c/i2c-5/5-0057/chg_stats" dev="sysfs" ino=72245 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 07-23 14:24:57.536 1000 3001 3001 I pixelstats-vend: type=1400 audit(0.0:15): avc: denied { write } for name="chg_stats" dev="sysfs" ino=72245 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 Bug: 194386750 Test: manually test, no avc: denied Signed-off-by: Jack Wu <wjack@google.com> Change-Id: I1a16edb5bb7820f62b3ce598aa50eba2d9455927	2021-07-24 06:42:39 +00:00
TreeHugger Robot	5cdaa6a45f	Merge "Add SE policies for memtrack HAL" into sc-dev am: `b3225f0f6c` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15283133 Change-Id: Iff4c3146f074c8dc40af1598002629bd9c0d46f3	2021-07-23 21:24:35 +00:00
TreeHugger Robot	b3225f0f6c	Merge "Add SE policies for memtrack HAL" into sc-dev	2021-07-23 20:52:52 +00:00
Ankit Goyal	0f9820830c	Add SE policies for memtrack HAL Bug: 191966412 Test: adb shell dumpsys meminfo Change-Id: Ia7ec64840d2bb7c3ae0d61304e109d2ceb9e5f78	2021-07-24 02:18:36 +08:00
Max Shi	0f58b38401	Allow USF sensor HAL to read camera persist files. am: `0bd50d1eb5` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15352099 Change-Id: I585215a1e0266ebb52ccec18834c4f0e68ec6c69	2021-07-22 23:45:02 +00:00

1 2 3 4 5 ...

986 commits