Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2856 commits 1 branch 0 tags 494 MiB
Commit graph

2856 commits

This branch
This branch
All branches
Author SHA1 Message Date
Krzysztof Kosiński
fbcf66a04a gs101: Add dontaudit statements to camera HAL policy. 
The autogenerated dontaudit statements in tracking_denials are
actually the correct policy. Move them to the correct file and
add comments.

Fix: 178980085
Fix: 180567725
Fix: 218585004
Test: build & camera check on raven
Change-Id: I3f3a1f64d403182d4f592f1cacc6ef8d1418062d
(cherry picked from commit b71d24d62c)
 2022-06-09 20:53:05 +00:00
Jidong Sun
1745c41b8a gs101: Allow BootControl to access sysfs blow_ar am: f276625942 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18740593

Change-Id: Idb48be108f2ebc98d802edf93e13d4359d164821
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 20:32:07 +00:00
Jidong Sun
f276625942 gs101: Allow BootControl to access sysfs blow_ar 
Bug: 232277507
Signed-off-by: Jidong Sun <jidong@google.com>
Change-Id: I120672722a5ab8b5cadf0dce6d872e00c9fae642
 2022-06-04 01:23:40 +00:00
Kyle Tso
caa8dc57b3 Add logbuffer_pogo_transfer file_contexts am: 7347d18b73 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18400416

Change-Id: Ie065459ae6edfb07701cc5d53758f248f6e0ea3c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 00:53:51 +00:00
Kyle Tso
7347d18b73 Add logbuffer_pogo_transfer file_contexts 
Bug: 232556226
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: I1037d39f4187807e6aa9753339fae29e3bc89359
Merged-In: I1037d39f4187807e6aa9753339fae29e3bc89359
 2022-05-21 15:25:58 +00:00
Joner Lin
9955721f73 Merge "Grant policy for BluetoothHal Extionsion feature" into tm-dev am: 5a222bc64e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18349808

Change-Id: If769c5b2f24bbb04f842c65e1e71bf21e86c4078
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 12:20:46 +00:00
Joner Lin
5a222bc64e Merge "Grant policy for BluetoothHal Extionsion feature" into tm-dev 2022-05-20 05:06:32 +00:00
jonerlin
9f214e0453 Grant policy for BluetoothHal Extionsion feature 
Bug: 228943442
Test: Manually
Change-Id: I00b37c1f74ca9b904df2319d2c58d34228e9678b
 2022-05-19 09:59:56 +08:00
TreeHugger Robot
ed1ec96363 Merge "Allow mediacodec to access vendor_data_file" into tm-dev am: c0d38cbc9f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18186340

Change-Id: Iffeee5071854c1f2af2cad5c7a5783421980b153
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 09:49:23 +00:00
TreeHugger Robot
c0d38cbc9f Merge "Allow mediacodec to access vendor_data_file" into tm-dev 2022-05-13 09:24:01 +00:00
Lily Lin
5389123249 Merge "Add selinux permissions to r/w sysfs st33spi_state" into tm-dev am: e910a12468 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17988448

Change-Id: Ib4dd93e176fe6bf1ead64e4ed55999d4afa2fd59
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-11 01:58:06 +00:00
Will McVicker
6c256f9fee genfs_contexts: fix more i2c raw paths am: 9cbc9eceec 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18192191

Change-Id: Ia370a2ce14f323d16f3e34a8e4d0ef9ff9fd12d8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-11 01:57:53 +00:00
Lily Lin
e910a12468 Merge "Add selinux permissions to r/w sysfs st33spi_state" into tm-dev 2022-05-11 01:22:36 +00:00
Jerry Huang
a5e9b426eb Allow mediacodec to access vendor_data_file 
For dumping output buffer of HDR to SDR fliter.

This patch fixes the following denial:

05-06 15:26:54.248  1046   856   856 W HwBinder:856_4: type=1400 audit(0.0:174404): avc: denied { getattr } for name="/" dev="dmabuf" ino=1 scontext=u:r:mediacodec:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=0

Bug: 229360116
Change-Id: I41acb29407a7ddb27279a834e27c5ee515efe666
 2022-05-10 09:22:12 +00:00
Lily Lin
59f29edf92 Add selinux permissions to r/w sysfs st33spi_state 
Bug: 228655141
Test: Confirm can read/write st33spi_state
Change-Id: I65299414d6268580dc532170759459147378418b
 2022-05-10 16:32:45 +08:00
Richard Hsu
4f5bb2c0aa Merge "[SELinux] Allow NNAPI HAL to log traces to perfetto under userdebug builds" into tm-d1-dev 2022-05-09 17:55:47 +00:00
Richard Hsu
5675757d41 [SELinux] Allow NNAPI HAL to log traces to perfetto under userdebug builds 
Allows DarwiNN NNAPI HAL to log traces to perfetto only under userdebug builds. This is similar to the camera HAL fix in ag/17080874

Error message:
TracingMuxer: type=1400 audit(0.0:486): avc: denied { write } for name="traced_producer" dev="tmpfs" ino=1116 scontext=u:r:hal_neuralnetworks_darwinn:s0

This rule is common for EdgeTPU in both WHI and PRO.

Bug: 231838536

Test: tested on PRO before and after the change, and the traces now shows up.

Example: https://ui.perfetto.dev/#!/?s=ab911b3972bc16a1a831e148a7446c09757a08426bbe3c3b16d31a728b1d923
https://screenshot.googleplex.com/3roWETkTFyiDjW9

Change-Id: I8d4a57e262087aa4ec6670a487d7b06d2f2cde69
 2022-05-07 22:28:22 -07:00
Will McVicker
9cbc9eceec genfs_contexts: fix more i2c raw paths 
These were added in commit 8a19d8be9c ("genfs_contexts: fix path for
i2c peripheral devices") to address missing i2c paths when kernel
modules are loaded in parallel. The raw i2c paths were not added in that
commit. So add them here in order to fix a vibrator crash for
P21-mainline due to not having the named i2c paths.

Bug: 231637004
Fixes: 8a19d8be9c ("genfs_contexts: fix path for i2c peripheral devices")
Change-Id: I02dfff504704f761c99c328b39595789c2cbeef5
 2022-05-05 16:04:31 -07:00
TreeHugger Robot
82a83b366a Merge changes from topic "gs101-move-dwc3-irq" into tm-dev am: 36f7fe941d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18164764

Change-Id: Ie610b6f31e218dece80fb0dc52b66050382d4e26
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 07:27:14 +00:00
Ray Chi
b5c3f6e0ba Allow hal_usb_gadget_impl to access proc_irq am: 7ac349e932 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17313628

Change-Id: I12709e8375ab34a1ed08ae48ce2db522d98f188c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 07:27:12 +00:00
TreeHugger Robot
36f7fe941d Merge changes from topic "gs101-move-dwc3-irq" into tm-dev 
* changes:
  Revert "add sepolicy for set_usb_irq.sh"
  Allow hal_usb_gadget_impl to access proc_irq
 2022-05-05 07:08:20 +00:00
Yichi Chen
b2c0884cd9 Merge "Allow hal_fingerprint_default to access hal_pixel_display_service" into tm-dev am: 650209645c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17823364

Change-Id: I3053433540b747906ef69eed537d9eb600923a2a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 02:19:25 +00:00
Yichi Chen
650209645c Merge "Allow hal_fingerprint_default to access hal_pixel_display_service" into tm-dev 2022-05-05 02:03:49 +00:00
William McVicker
18cb713b62 Merge "genfs_contexts: add raw i2c-s2mpg10mfd and i2c-s2mpg11mfd nodes" into tm-dev am: e6250cd86e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/18123741

Change-Id: I8abb96731bc5d3b3f95168607dcfe8932d3f3727
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-04 16:39:32 +00:00
William McVicker
e6250cd86e Merge "genfs_contexts: add raw i2c-s2mpg10mfd and i2c-s2mpg11mfd nodes" into tm-dev 2022-05-04 16:10:16 +00:00
Ray Chi
503fa09010 Revert "add sepolicy for set_usb_irq.sh" 
This reverts commit 714075eba7.

Bug: 224699556
Test: build pass
Change-Id: Ie275e48ee87c4e9f5c83b7802c3f3baa12ad30af
Merged-In: Ie275e48ee87c4e9f5c83b7802c3f3baa12ad30af
(cherry picked from commit bf9ec40ab7)
 2022-05-04 11:45:26 +00:00
Ray Chi
7ac349e932 Allow hal_usb_gadget_impl to access proc_irq 
Bug: 224699556
Test: build pass
Change-Id: Id9a9adbdc921629b6e89d0850dd8acaf76b1a891
Merged-In: Id9a9adbdc921629b6e89d0850dd8acaf76b1a891
(cherry picked from commit 455c3c165348fa9ea65c65b004d4dda1426d04be)
 2022-05-04 11:45:08 +00:00
Jenny Ho
d1b13f7695 Merge "sepolicy: allow access debugfs charger register dump" into tm-dev am: 9b27bbdab6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17944214

Change-Id: I58800e42bead3292e710f361e43829b221c4ee67
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 13:31:51 +00:00
Jenny Ho
9b27bbdab6 Merge "sepolicy: allow access debugfs charger register dump" into tm-dev 2022-05-03 10:39:21 +00:00
Will McVicker
12b3700a38 genfs_contexts: add raw i2c-s2mpg10mfd and i2c-s2mpg11mfd nodes 
This adds the [067]-001f and [178]-002f raw i2c numberings to the
sepolicy for the P21-mainline driver which doesn't use the i2c vendor
hook to rename these numberings. This is required for the thermal hal to
work.

Bug: 231155356
Signed-off-by: Will McVicker <willmcvicker@google.com>
Change-Id: I8e4bbbd0768e63e708f46eb42bddb5fc28b29caa
 2022-05-02 10:12:15 -07:00
Kris Chen
c6eea8a657 Allow hal_fingerprint_default to access hal_pixel_display_service 
Fix the following avc denial:
avc: denied  { find } for pid=1158 uid=1000 name=com.google.hardware.pixel.display.IDisplay/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_pixel_display_service:s0 tclass=service_manager permissive=0
avc: denied { call } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder permissive=0

Bug: 229716695
Bug: 224573604
Test: build and test fingerprint on device.
Change-Id: Id24e65213221048d6dfdeae6ed2bcb7b762a0f75
 2022-04-28 03:08:47 +00:00
Wei Wang
b94efeaff0 allow udfps hal to access trusty am: 615f85c22d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17982120

Change-Id: I021692200c0bc229f23d573685f1ca75c4fb0ca1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-28 01:15:56 +00:00
Wei Wang
615f85c22d allow udfps hal to access trusty 
Bug: 229350721
Bug: 230492593
Test: UDFPS with stress
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: Ib1abe0e0318689528a6658f3597f1c11ad9fa1c3
 2022-04-27 20:20:43 +00:00
Jenny Ho
15036785cf sepolicy: allow access debugfs charger register dump 
[  438.549652] type=1400 audit(1651035282.616:8): avc: denied { read } for comm="dumpstate@1.1-s" name="registers" dev="debugfs" ino=31549 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0
[  438.550252] type=1400 audit(1651035282.616:9): avc: denied { read } for comm="dumpstate@1.1-s" name="registers" dev="debugfs" ino=31532 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0

Bug: 230360103
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: I102a159ca23a65d99a52cac3d011f5ce535a37e7
 2022-04-27 10:09:48 +00:00
Wei Wang
dff2ecee1c Merge "Grant trusty to power hal" into tm-dev am: 5e9a38799a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17927853

Change-Id: I93b6b6da30c68efc6df038a4ba9d30e037abd8bd
Ignore-AOSP-First: this is an automerge
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-26 17:09:57 +00:00
Wei Wang
5e9a38799a Merge "Grant trusty to power hal" into tm-dev 2022-04-26 16:47:14 +00:00
Edmond Chung
0ddf256588 Camera: add setsched capability. am: 2715a08a73 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17928357

Change-Id: I226c2636c54592127c8786e1e7a8e58e182159db
Ignore-AOSP-First: this is an automerge
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-25 08:30:22 +00:00
Edmond Chung
2715a08a73 Camera: add setsched capability. 
The camera HAL needs to configure schedule policies for
performance optimizations.

Bug: 228632527
Test: GCA, adb logcat
Change-Id: Ifbf433c026549ca774a9521704d0b0b75c9e9f23
 2022-04-24 23:08:42 +00:00
Wei Wang
1291c3cec9 Grant trusty to power hal 
Bug: 229350721
Test: UDFPS with stress
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: Ia88d6cff1d21940e22ae5122dbfcf52de27ad700
 2022-04-24 04:30:03 +00:00
chungkai
b32938a781 sepolicy: Remove tracking denials files and fix avc problems am: 11770d9dfe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17874685

Change-Id: I235258b04149250eddee697483cb33ccdbd915ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 07:47:48 +00:00
chungkai
11770d9dfe sepolicy: Remove tracking denials files and fix avc problems 
04-19 10:53:57.364 W binder:575_2: type=1400 audit(0.0:17):
avc: denied { read } for name="wakeup11" dev="sysfs" ino=59892
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir
permissive=0

Bug: 229670628
Test: pass
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I6a83b77c4a4bb836e4014cf865cb720a360fd981
 2022-04-21 07:24:21 +00:00
Alistair Delva
12d69967ca [automerger skipped] Merge "Remove sysfs_gpu type definition" am: e48b455651 am: f482ea00d9 am: 4f17770b62 -s ours am: 0007374b65 -s ours 
am skip reason: Merged-In I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7 with SHA-1 f2be252260 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1999630

Change-Id: I61d5c134852af261576dd1fab6b126f5c02130bd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 05:29:03 +00:00
Alistair Delva
0007374b65 [automerger skipped] Merge "Remove sysfs_gpu type definition" am: e48b455651 am: f482ea00d9 am: 4f17770b62 -s ours 
am skip reason: Merged-In I6fcafa87541ed0cbaf3ba74fa5ff4dbdebd533f7 with SHA-1 f2be252260 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1999630

Change-Id: I5e6e351d60353e593234ccb3732ee147c2e7d2d4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 05:13:13 +00:00
Alistair Delva
4f17770b62 Merge "Remove sysfs_gpu type definition" am: e48b455651 am: f482ea00d9 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1999630

Change-Id: I0edd9718f21b1f31801a793a79dad5d3708b9c10
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 04:58:50 +00:00
Alistair Delva
f482ea00d9 Merge "Remove sysfs_gpu type definition" am: e48b455651 
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/1999630

Change-Id: I144bf39a8eb4c8fda36cfbceb03e7813faf31f3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 04:43:57 +00:00
Alistair Delva
e48b455651 Merge "Remove sysfs_gpu type definition" 2022-04-21 04:21:45 +00:00
Xin Li
a809ae5221 [automerger skipped] Empty merge of sc-v2-dev-plus-aosp-without-vendor@8433047 am: 7a573b067c -s ours am: 104e2d21c2 -s ours am: 7111ceb7e8 -s ours 
am skip reason: Merged-In I7f65597f91db5a16d4f9de4f6bb018bd5b50a965 with SHA-1 e60773b926 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17805214

Change-Id: Id4134dfcb8163f03797be1a0f5e66ba92050b046
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 08:26:32 +00:00
Xin Li
7111ceb7e8 [automerger skipped] Empty merge of sc-v2-dev-plus-aosp-without-vendor@8433047 am: 7a573b067c -s ours am: 104e2d21c2 -s ours 
am skip reason: Merged-In I7f65597f91db5a16d4f9de4f6bb018bd5b50a965 with SHA-1 e60773b926 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17805214

Change-Id: Icd2489bcc9f6e26fb8e76c0a774ca174e38fada5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 05:55:38 +00:00
Chung-Kai (Michael) Mei
cdff8c6efa Merge "sepolicy: fix avc denials" into tm-dev am: 1875f214c6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/17800050

Change-Id: I2636b915fe91b575d6e97764ad17fc5f4da2b473
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 03:03:09 +00:00
Chung-Kai (Michael) Mei
1875f214c6 Merge "sepolicy: fix avc denials" into tm-dev 2022-04-20 02:21:49 +00:00