Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1414 commits 1 branch 0 tags 494 MiB
Commit graph

698 commits

Author SHA1 Message Date
Srinivas Patibandla
0d3d449ced Update time sync seinfo to not use platform signature am: 51c891fa7b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15014432

Change-Id: I1ae881f223b3e014b74af2495255ef18c0e30ffc
 2021-06-21 19:54:51 +00:00
Alex Hong
c598db170c Move the genfs_contexts of sched nodes from vendor to product 
For sched nodes, "proc_vendor_sched" and "sysfs_vendor_sched",
their type definition is in product sepolicy,
while genfs_contexts is in vendor sepolicy.
In this case, genfs_contexts cannot be resolved after product sepolicy
is replaced by Dynamic System Update.

Need to keep the type definition and genfs_contexts in the same partition.
Now move genfs_contexts because the type definition has to be in product for now
since other private domains are accessing these sched nodes.

Test: $ make selinux_policy
      The device can boot to home after replacing with GSI.
Bug: 191236468
Change-Id: I02ea78b04dfcade4ceb426ff6ebf498daa81ac32
 2021-06-21 14:55:08 +00:00
Srinivas Patibandla
51c891fa7b Update time sync seinfo to not use platform signature 
Bug: b/190695230
Change-Id: I2dbee2e624c8794b3aa9ff85d8985a15ee159a0f
 2021-06-21 14:47:28 +00:00
Jack Wu
4266de165e sepolicy: gs101: allows pixelstat to access wlc file nodes am: 2794370557 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14732233

Change-Id: I1568bee94e97333056a76bddf174a8dd75926e5a
 2021-06-19 02:58:13 +00:00
Jack Wu
2794370557 sepolicy: gs101: allows pixelstat to access wlc file nodes 
05-31 11:14:57.280  1000  3126  3126 W pixelstats-vend: type=1400 audit(0.0:162): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=60862 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=0
05-31 11:14:57.280  1000  3126  3126 W pixelstats-vend: type=1400 audit(0.0:163): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=60862 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=0

05-31 13:12:23.940  1000  2838  2838 W pixelstats-vend: type=1400 audit(0.0:182): avc: denied { read } for name="charge_stats" dev="sysfs" ino=73276 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0

05-31 15:02:02.215  1000 13169 13169 W pixelstats-vend: type=1400 audit(0.0:166): avc: denied { write } for name="charge_stats" dev="sysfs" ino=73483 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
05-31 15:02:02.215  1000 13169 13169 W pixelstats-vend: type=1400 audit(0.0:167): avc: denied { write } for name="charge_stats" dev="sysfs" ino=73483 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0

Bug: 176195960
Test: manually test, no avc: denied
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I0af03dd8099e246c5f94e8e8530d7b2bcf50ff95
 2021-06-18 13:50:59 +00:00
Krzysztof Kosiński
e154e0957c Merge changes I18cbcf1b,I28a27741 into sc-dev am: c18265aaaa 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15020911

Change-Id: Ibdc7bbd8f3943e08f3202e15f8a6eff51dd65d7b
 2021-06-18 08:05:55 +00:00
Krzysztof Kosiński
c18265aaaa Merge changes I18cbcf1b,I28a27741 into sc-dev 
* changes:
  Allow camera HAL to set vendor.camera properties
  Allow rlsservice/camera HAL to read /apex/apex-info-list.xml
 2021-06-18 07:46:33 +00:00
Adam Shih
5e7be474d4 organize confirmationui settings am: d77bc5a970 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15021790

Change-Id: I759065d2cbd5c0e8a5fc7153273c3f1016137000
 2021-06-18 06:57:36 +00:00
Yuriy Romanenko
6bf4661e8f Allow camera HAL to set vendor.camera properties 
Bug: 188246923
Test: See topic
Change-Id: I18cbcf1b622ad7cd6d6bd1ea258b3d537db54412
 2021-06-17 21:58:54 -07:00
Adam Shih
d77bc5a970 organize confirmationui settings 
Bug: 190331547
Bug: 190331370
Test: build ROM and make sure file and sepolicy is still there
Change-Id: I4cabf9280ab5e21038bcb72615799b7ed0fb1670
 2021-06-18 12:56:05 +08:00
Badhri Jagan Sridharan
04302e6743 Merge "Add file context for /dev/logbuffer_tcpm" into sc-dev am: d9876fd266 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15019635

Change-Id: Ibd2e13f7069bec378076c40f187d9707c85f6227
 2021-06-18 03:55:10 +00:00
Badhri Jagan Sridharan
d9876fd266 Merge "Add file context for /dev/logbuffer_tcpm" into sc-dev 2021-06-18 03:38:35 +00:00
Badhri Jagan Sridharan
eb3881dbe7 Add file context for /dev/logbuffer_tcpm 
/dev/logbuffer_tcpm gets accessed by dumpstate while bugreport
generation.

Bug: 189792358
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ica0f3557ad9c41844f8411b0bdf68d66fbba00e5
 2021-06-17 16:11:28 -07:00
Craig Dooley
5f7548f746 Merge "Allow hal_dumpstate to collect AoC statistics" into sc-dev am: 7fe9d053e8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15000356

Change-Id: I41d370542b4be1b052ba863df7c28c265ccd036c
 2021-06-17 16:49:11 +00:00
Craig Dooley
7fe9d053e8 Merge "Allow hal_dumpstate to collect AoC statistics" into sc-dev 2021-06-17 16:32:38 +00:00
Yuriy Romanenko
14786d9b40 Allow rlsservice/camera HAL to read /apex/apex-info-list.xml 
To detect apex updates

Bug: 188246923
Test: See topic
Change-Id: I28a27741c1c285f8b49a2aa50bc0665143c1b7cb
 2021-06-16 20:55:38 -07:00
TreeHugger Robot
c3d33dfd8f Merge "vendor_telephony_app.te: add selinuxfs:file" into sc-dev am: 502b653380 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963703

Change-Id: Id126e3c4849db6a693458c67215c81e08c33c1a2
 2021-06-17 01:44:20 +00:00
TreeHugger Robot
502b653380 Merge "vendor_telephony_app.te: add selinuxfs:file" into sc-dev 2021-06-17 01:14:20 +00:00
Craig Dooley
3031b077a3 Allow hal_dumpstate to collect AoC statistics 
Bug: 188114650
Signed-off-by: Craig Dooley <dooleyc@google.com>
Change-Id: Iba5525af2c651070b9a5f7769c0439ef320d666b
 2021-06-16 17:18:55 +00:00
Adam Shih
56f9c7730f Merge "remove vcd from user ROM" into sc-dev am: 2cdde93f15 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14934449

Change-Id: Idceee76892481baf7c7c6339f088f003a7e735f3
 2021-06-16 06:54:18 +00:00
Adam Shih
2cdde93f15 Merge "remove vcd from user ROM" into sc-dev 2021-06-16 06:40:28 +00:00
TreeHugger Robot
0bf84fa3c0 Merge "Use label persist_ss_file" into sc-dev am: 6550281b13 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14987305

Change-Id: I4336b65c246f69138f6534fc76ea12ead51f786e
 2021-06-16 06:04:59 +00:00
Wenhao Wang
dc0cdc36f3 Use label persist_ss_file 
The label "persist_ss_file" was created for "/mnt/vendor/persist/ss(/.*)?".
But we erroneously didn't assign the label to the path.
This patch fixes the error.

Bug: 173971240
Bug: 173032298
Test: Trusty storage tests
Change-Id: I8e891ebd90ae47ab8a4aad1c2b0a3bbb734174d8
 2021-06-15 17:24:01 -07:00
Armelle Laine
4847b5d1f4 Merge "add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal" into sc-dev am: 10e8126e2d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14961880

Change-Id: I9c29b33df803b368a71d68ce59e0f16cf3a2b66c
 2021-06-15 14:52:27 +00:00
Armelle Laine
10e8126e2d Merge "add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal" into sc-dev 2021-06-15 14:35:43 +00:00
Jiyoung
02ada4f463 vendor_telephony_app.te: add selinuxfs:file 
- add selinuxfs:file for AP TCP dump
- allow userdebug or eng

Bug: 188422036

Signed-off-by: Jiyoung <ji_young.bae@samsung.com>
Change-Id: I9502f9f7320ca4ee298b38e40da0ccf11adfba7f
 2021-06-15 15:06:39 +08:00
sukiliu
8657bfaf73 Move oriole bug map to whitechapel folder am: 90ae782e26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14963698

Change-Id: I697e2270c71c1f5ce48318e9a3498ef05d954c82
 2021-06-15 06:17:36 +00:00
sukiliu
90ae782e26 Move oriole bug map to whitechapel folder 
Bug: 190563896
Bug: 190671898
Test: PtsSELinuxTestCases
Change-Id: I15f1a6d2ebab9c5794a79abccf3530eb4bfc8307
 2021-06-15 04:39:50 +00:00
Armelle Laine
5bb07db1de add se-policy to /dev/trusty-log0 so it can be accessed by dumpstate hal 
reuse logbuffer_device group as dumpstate hal already has read perms
on this group.

Bug: 188285071
Test: adb bugreport to include a trusty section in dumpstate_board.txt
Change-Id: I623a5d450bdbe2ceef4fe460bf31bfe740d847b2
 2021-06-13 23:59:37 +00:00
Richard Hsu
64d8da84f2 Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev am: 753e62f39c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14555068

Change-Id: Ie75eea82a16cd39cc56a015c96896a4fcd398138
 2021-06-13 06:24:40 +00:00
Richard Hsu
753e62f39c Merge "[BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service" into sc-dev 2021-06-13 06:11:41 +00:00
Jayachandran Chinnakkannu
40c2dd6b2e Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev am: 1c130a7e1d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14950196

Change-Id: Ic723bb2542a94bb3c86d315a89f415eb962f6c39
 2021-06-12 17:31:26 +00:00
Jayachandran Chinnakkannu
1c130a7e1d Merge "Allow telephony to access the file descriptor of the priv_apps tcp_socket" into sc-dev 2021-06-12 17:19:33 +00:00
TreeHugger Robot
a45a1ffc4d Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev am: 694694857a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14692156

Change-Id: I2bc53103a317ac5e19642fb7bb8fe0586aab81dd
 2021-06-12 10:28:06 +00:00
Kris Chen
89a68b0fac Add sepolicy to let fingerprint access power service am: 7db400b679 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14665430

Change-Id: Ieb52fb6f5ee68d0155f9acacda9853757fed4200
 2021-06-12 10:27:55 +00:00
TreeHugger Robot
694694857a Merge "qllow priv-app to access Pixel power HAL extension." into sc-dev 2021-06-12 10:22:24 +00:00
Jayachandran C
5492a92a39 Allow telephony to access the file descriptor of the priv_apps tcp_socket 
The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.

This addresses the following SE policy denial
auditd  : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0

Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
 2021-06-12 05:18:15 +00:00
Adam Shih
d0bb828434 remove vcd from user ROM 
Bug: 190331325
Test: build all ROM variants with only user ROM without vcd
Change-Id: If9dc555ee8582b605ccdf9d60c3a9c89cd6634d8
 2021-06-11 11:46:22 +08:00
Richard Hsu
8c979899cc [BugFix] SEPolicy for libedgetpu_darwinn2.so logging to stats service 
In order to access the darwinn metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses. This CL adds the same_process_hal_file tag to allow this exception.

Bug: 190661153, 151063663

Test: App can load the .so and not crash after this change.
Before: No permission to access namespace.
(https://paste.googleplex.com/6602755121610752)
After: GCA doesn't crash on load.

Change-Id: I8671732184bbbe283c94d1acd3bb1ff397fe651c
 2021-06-10 19:36:35 -07:00
Kris Chen
7db400b679 Add sepolicy to let fingerprint access power service 
Fix the following avc denial:
SELinux : avc:  denied  { find } for pid=1055 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 185893477
Test: Observe from systrace that the CPU frequency is boosted when
      running fingerprint algorithm.
Change-Id: I245058b912ec2af3555154934dbe722b445181a9
 2021-06-10 21:31:06 +00:00
Sung-fang Tsai
985aa698c7 qllow priv-app to access Pixel power HAL extension. 
SELinux issues to solve:

native  : aion.cc:780 Error loading lib_aion_buffer.so dlopen failed: library "pixel-power-ext-V1-ndk_platform.so" not found: needed by /vendor/lib64/lib_aion_buffer.so in namespace sphal

05-23 10:11:32.055   420   420 E SELinux : avc:  denied  { find } for pid=6630 uid=10089 name=android.hardware.power.IPower/default scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Bug: 187373665
Test: Passed, procedure listed in b/187373665#comment8 with forrest.
Change-Id: Ice7c69bca4a029a61ca1ccb7087ea01948ae5f24
 2021-06-10 17:56:17 +00:00
TreeHugger Robot
e7d53d61b0 Merge "gs101-sepolicy: Fix avc denial for sysfs_vendor_sched" into sc-dev am: a501b656dd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14911637

Change-Id: I64965eae7d9d39ed1495bb87b51358a55c894301
 2021-06-10 07:39:05 +00:00
TreeHugger Robot
a501b656dd Merge "gs101-sepolicy: Fix avc denial for sysfs_vendor_sched" into sc-dev 2021-06-10 07:20:58 +00:00
Adam Shih
922b7f6057 Merge "reorganize trusty_metricsd settings" into sc-dev am: a81732dd6f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14911639

Change-Id: I668f8e93d4edf03746aea4cf76155af17df5fb50
 2021-06-10 06:13:24 +00:00
Adam Shih
a81732dd6f Merge "reorganize trusty_metricsd settings" into sc-dev 2021-06-10 05:52:40 +00:00
TreeHugger Robot
15c7fdc5bb Merge "update wakeup node" into sc-dev am: d3b0256025 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14928571

Change-Id: I787229985b0214fff17ea2feae9b4788e9a35d95
 2021-06-10 04:12:58 +00:00
Rick Yiu
797b646234 gs101-sepolicy: Fix avc denial for sysfs_vendor_sched 
Fix mediaprovider_app and bluetooth

Bug: 190563839
Bug: 190563916
Test: build pass
Change-Id: I477325ee812d1362db4d5005e999cba989a44216
 2021-06-10 04:10:24 +00:00
TreeHugger Robot
d3b0256025 Merge "update wakeup node" into sc-dev 2021-06-10 03:56:50 +00:00
Adam Shih
ef113ab8ac update wakeup node 
Bug: 190672147
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I3a8e8fa8b9007f556a5bfb402c4e8c726499d66f
 2021-06-10 03:23:52 +00:00
Adam Shih
6f1be4dcf7 Merge "organize EdgeTPU modules and sepolicy" into sc-dev am: 22fae537b5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14911633

Change-Id: I4e35a44d8e36220eb05fd478cbdfe8a264d90c29
 2021-06-10 03:12:38 +00:00