From 4a8ab113b826b00388599f16c29ee5ead8c542e5 Mon Sep 17 00:00:00 2001 From: Daniel Chapin Date: Wed, 24 Jul 2024 20:17:20 +0000 Subject: [PATCH 01/25] Revert "trusty: storageproxy: add fs_ready_rw property context" Revert submission 28318041-rw_storage Reason for revert: Droidfood blocking bug b/355163562 Reverted changes: /q/submissionid:28318041-rw_storage (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e825da7d84d42cea498dae3f031825739212bd26) Merged-In: Ifa22c1551e75dd5161a19c5fb5cb372fe669921c Change-Id: Ifa22c1551e75dd5161a19c5fb5cb372fe669921c --- whitechapel_pro/property_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index 63838701..9f1747b5 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -105,7 +105,6 @@ vendor.config.debug. u:object_r:vendor_telephony_app_prop: # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 -ro.vendor.trusty.storage.fs_ready_rw u:object_r:vendor_trusty_storage_prop:s0 # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix From 9b5919e9e7c2c0ff325d22b0995e51f344d6fc78 Mon Sep 17 00:00:00 2001 From: Daniel Chapin Date: Wed, 24 Jul 2024 20:17:20 +0000 Subject: [PATCH 02/25] Revert "trusty: storageproxy: add fs_ready_rw property context" Revert submission 28318041-rw_storage Reason for revert: Droidfood blocking bug b/355163562 Reverted changes: /q/submissionid:28318041-rw_storage (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e825da7d84d42cea498dae3f031825739212bd26) Merged-In: Ifa22c1551e75dd5161a19c5fb5cb372fe669921c Change-Id: Ifa22c1551e75dd5161a19c5fb5cb372fe669921c --- whitechapel_pro/property_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index 63838701..9f1747b5 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -105,7 +105,6 @@ vendor.config.debug. u:object_r:vendor_telephony_app_prop: # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 -ro.vendor.trusty.storage.fs_ready_rw u:object_r:vendor_trusty_storage_prop:s0 # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix From 3f3827410cd7b8b70d6595a2b5a6ba6a5916f8b1 Mon Sep 17 00:00:00 2001 From: samou Date: Fri, 4 Oct 2024 14:31:21 +0000 Subject: [PATCH 03/25] sepolicy: allow dumpstate to execute dump_power 10-04 19:36:47.308 7141 7141 I android.hardwar: type=1400 audit(0.0:6974): avc: denied { execute_no_trans } for path="/vendor/bin/dump/dump_power" dev="overlay" ino=91 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6975): avc: denied { read } for name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6976): avc: denied { open } for path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6977): avc: denied { search } for name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6978): avc: denied { read } for name="core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6979): avc: denied { open } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.332 7141 7141 I dump_power: type=1400 audit(0.0:6980): avc: denied { getattr } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-04 19:36:47.336 7141 7141 I dump_power: type=1400 audit(0.0:6981): avc: denied { read } for name="time_in_state" dev="sysfs" ino=50604 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:25): avc: denied { read } for name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:26): avc: denied { read } for name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:27): avc: denied { read } for name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:28): avc: denied { read } for name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:29): avc: denied { read } for name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:30): avc: denied { read } for name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:29): avc: denied { search } for name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:30): avc: denied { search } for name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:31): avc: denied { search } for name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:32): avc: denied { search } for name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:46:57.664 7194 7194 W dump_power: type=1400 audit(0.0:33): avc: denied { search } for name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18792): avc: denied { search } for name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18793): avc: denied { read } for name="uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18794): avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18795): avc: denied { getattr } for path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18796): avc: denied { search } for name="8-003c" dev="sysfs" ino=55942 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18797): avc: denied { read } for name="maxfg" dev="sysfs" ino=62568 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18798): avc: denied { read } for name="logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18799): avc: denied { open } for path="/dev/logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6191): avc: denied { search } for name="mitigation" dev="dm-50" ino=3758 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6192): avc: denied { read } for name="thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6193): avc: denied { open } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6194): avc: denied { getattr } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6195): avc: denied { search } for name="mitigation" dev="sysfs" ino=85222 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6196): avc: denied { read } for name="last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6197): avc: denied { open } for path="/sys/devices/virtual/pmic/mitigation/last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1 10-04 22:01:08.400 7074 7074 I dump_power: type=1400 audit(0.0:6198): avc: denied { read } for name="batoilo_count" dev="sysfs" ino=85287 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:875): avc: denied { read } for name="thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:876): avc: denied { open } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-04 23:49:14.616 6976 6976 I dump_power: type=1400 audit(0.0:877): avc: denied { getattr } for path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:878): avc: denied { read } for name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:879): avc: denied { open } for path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.540 7085 7085 I dump_power: type=1400 audit(0.0:880): avc: denied { search } for name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:881): avc: denied { read } for name="core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:882): avc: denied { open } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:883): avc: denied { getattr } for path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:884): avc: denied { read } for name="time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 10-05 00:00:44.544 7085 7085 I dump_power: type=1400 audit(0.0:885): avc: denied { open } for path="/sys/devices/platform/cpupm/cpupm/time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1 Flag: EXEMPT refactor Bug: 364989823 Signed-off-by: samou (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:315cc63557dfd4367f8aed06858531b21b9ee073) Merged-In: Ie4637b1295975c716f50333ad6635b9694a624b8 Change-Id: Ie4637b1295975c716f50333ad6635b9694a624b8 --- whitechapel_pro/dump_power.te | 15 +++++++++++++++ whitechapel_pro/file_contexts | 1 + 2 files changed, 16 insertions(+) create mode 100644 whitechapel_pro/dump_power.te diff --git a/whitechapel_pro/dump_power.te b/whitechapel_pro/dump_power.te new file mode 100644 index 00000000..d745b20d --- /dev/null +++ b/whitechapel_pro/dump_power.te @@ -0,0 +1,15 @@ +# Allow dumpstate to execute dump_power +pixel_bugreport(dump_power); + +allow dump_power sysfs_acpm_stats:dir r_dir_perms; +allow dump_power sysfs_acpm_stats:file r_file_perms; +allow dump_power sysfs_cpu:file r_file_perms; +allow dump_power sysfs_wlc:file r_file_perms; +allow dump_power sysfs_wlc:dir search; +allow dump_power sysfs_batteryinfo:dir r_dir_perms; +allow dump_power sysfs_batteryinfo:file r_file_perms; +allow dump_power logbuffer_device:chr_file r_file_perms; +allow dump_power mitigation_vendor_data_file:dir r_dir_perms; +allow dump_power mitigation_vendor_data_file:file r_file_perms; +allow dump_power sysfs_bcl:dir r_dir_perms; +allow dump_power sysfs_bcl:file r_file_perms; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 9dc374fd..dc8e89b4 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -15,6 +15,7 @@ /vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 /vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 +/vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0 /vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 From 491a1ccb19c07da4e7596ff3131ed5f023b7571e Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Fri, 1 Nov 2024 15:13:29 +0000 Subject: [PATCH 04/25] sepolicy: allow dump_power to read debugfs 11-01 11:59:42.836 11781 11781 W dump_power: type=1400 audit(0.0:46): avc: denied { search } for name="usb" dev="debugfs" ino=2059 scontext=u:r:dump_power:s0 tcontext=u:object_r:vendor_usb_debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:47): avc: denied { search } for name="google_battery" dev="debugfs" ino=18509 scontext=u:r:dump_power:s0 tcontext=u:object_r:vendor_battery_debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:48): avc: denied { read } for name="maxfg" dev="debugfs" ino=16428 scontext=u:r:dump_power:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:49): avc: denied { read } for name="/" dev="debugfs" ino=1 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:50): avc: denied { read } for name="/" dev="debugfs" ino=1 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=dir permissive=0 11-01 11:59:42.844 11781 11781 W dump_power: type=1400 audit(0.0:51): avc: denied { read } for name="/" dev="debugfs" ino=1 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=dir permissive=0 Bug: 376080915 Test: adb bugreport without audit Flag: EXEMPT bugfix Change-Id: Ib0a81269edf683428720e6e380f7d7959d71decf Signed-off-by: Spade Lee --- whitechapel_pro/dump_power.te | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/whitechapel_pro/dump_power.te b/whitechapel_pro/dump_power.te index d745b20d..cf7c14ed 100644 --- a/whitechapel_pro/dump_power.te +++ b/whitechapel_pro/dump_power.te @@ -13,3 +13,12 @@ allow dump_power mitigation_vendor_data_file:dir r_dir_perms; allow dump_power mitigation_vendor_data_file:file r_file_perms; allow dump_power sysfs_bcl:dir r_dir_perms; allow dump_power sysfs_bcl:file r_file_perms; + +userdebug_or_eng(` + r_dir_file(dump_power, vendor_battery_debugfs) + r_dir_file(dump_power, vendor_maxfg_debugfs) + r_dir_file(dump_power, vendor_charger_debugfs) + r_dir_file(dump_power, vendor_votable_debugfs) + allow dump_power debugfs:dir r_dir_perms; + allow dump_power vendor_usb_debugfs:dir { search }; +') From d2f8dde307cc4b5478ba89a6559291571b8c8aec Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Thu, 7 Nov 2024 14:36:44 +0800 Subject: [PATCH 05/25] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 377811773 Flag: EXEMPT NDK Bug: 377781394 Change-Id: I6e2361b6b3500773a5cd8e5c98905a3f50513472 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 9572df7a..e41de3b4 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -14,6 +14,8 @@ kernel dm_device blk_file b/319403445 kernel kernel capability b/336451113 kernel tmpfs chr_file b/321731318 pixelstats_vendor block_device dir b/369540701 +platform_app vendor_fw_file dir b/377811773 +platform_app vendor_rild_prop file b/377811773 ramdump ramdump capability b/369475655 rfsd vendor_cbd_prop file b/317734397 shell sysfs_net file b/329380891 From 8b6e65478125ed2d2c742e0e49a0ed7fc30eb8cb Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Thu, 7 Nov 2024 17:30:16 +0000 Subject: [PATCH 06/25] sepolicy: allow dump_power to read battery_history_device avc: denied { open } for path="/dev/maxfg_history" dev="tmpfs" ino=1235 scontext=u:r:dump_power:s0 tcontext=u:object_r:battery_history_device:s0 tclass=chr_file permissive=0 avc: denied { read } for name="maxfg_history" dev="tmpfs" ino=1250 scontext=u:r:dump_power:s0 tcontext=u:object_r:battery_history_device:s0 tclass=chr_file permissive=0 Bug: 377895720 Flag: EXEMPT bugfix Test: /dev/maxfg_history correctly dumped Change-Id: I766f8a21468370e69a7c11b028b2326434ad2380 Signed-off-by: Spade Lee --- whitechapel_pro/dump_power.te | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel_pro/dump_power.te b/whitechapel_pro/dump_power.te index cf7c14ed..66115230 100644 --- a/whitechapel_pro/dump_power.te +++ b/whitechapel_pro/dump_power.te @@ -13,6 +13,7 @@ allow dump_power mitigation_vendor_data_file:dir r_dir_perms; allow dump_power mitigation_vendor_data_file:file r_file_perms; allow dump_power sysfs_bcl:dir r_dir_perms; allow dump_power sysfs_bcl:file r_file_perms; +allow dump_power battery_history_device:chr_file r_file_perms; userdebug_or_eng(` r_dir_file(dump_power, vendor_battery_debugfs) From 4f115380154ec5941f6e0b0839f5394f02fe51a5 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Fri, 15 Nov 2024 11:44:27 +0800 Subject: [PATCH 07/25] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 379206608 Bug: 379206941 Flag: EXEMPT NDK Change-Id: Ib636252a3a8eb38a56099b4e6ea14a5a4e341b4d --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e41de3b4..4d058538 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -9,6 +9,7 @@ hal_sensors_default sysfs file b/336451433 hal_vibrator_default default_android_service service_manager b/360057889 incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 +init init capability b/379206608 insmod-sh insmod-sh key b/336451874 kernel dm_device blk_file b/319403445 kernel kernel capability b/336451113 @@ -32,3 +33,4 @@ vendor_init default_prop file b/329381126 vendor_init default_prop property_service b/315104803 vendor_init default_prop property_service b/359427666 vendor_init default_prop property_service b/359428317 +zygote zygote capability b/379206941 From edc0829d7531650cb357ac1f5b0059fb397c24fa Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Fri, 15 Nov 2024 18:30:06 +0800 Subject: [PATCH 08/25] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 379246129 Bug: 379245515 Bug: 379245738 Flag: EXEMPT NDK Change-Id: I20793d45a89b56ecea82f425f90800d66eacfb42 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 4d058538..12246ff3 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,4 @@ +bluetooth audio_config_prop file b/379245738 dump_display sysfs file b/350831939 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277 dump_modem sscoredump_vendor_data_logcat_file dir b/361726277 @@ -17,12 +18,14 @@ kernel tmpfs chr_file b/321731318 pixelstats_vendor block_device dir b/369540701 platform_app vendor_fw_file dir b/377811773 platform_app vendor_rild_prop file b/377811773 +priv_app audio_config_prop file b/379246129 ramdump ramdump capability b/369475655 rfsd vendor_cbd_prop file b/317734397 shell sysfs_net file b/329380891 ssr_detector_app default_prop file b/359428005 surfaceflinger selinuxfs file b/315104594 system_server vendor_default_prop file b/366116786 +untrusted_app audio_config_prop file b/379245515 vendor_init debugfs_trace_marker file b/336451787 vendor_init default_prop file b/315104479 vendor_init default_prop file b/315104803 From cde7e1417d982876f4035bcc41983fe5789e20cb Mon Sep 17 00:00:00 2001 From: Boon Jun Date: Mon, 11 Nov 2024 06:59:05 +0000 Subject: [PATCH 09/25] Update ldaf sensor device filename LDAF sensor device filename changed after kernel upgrade from v5.10 to v6.1 in some of our in-market devices. We need to update the device filename to access the LDAF with this new kernel version. Bug: 378045567 Test: Open camera, and observe available LDAF sensor in logs Flag: EXEMPT bugfix Change-Id: I92313633fc31928ae4f3485c7e49cdd257e1c7bc --- whitechapel_pro/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 77fe8ccc..1b200b21 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -82,7 +82,7 @@ /dev/janeiro u:object_r:edgetpu_device:s0 /dev/bigocean u:object_r:video_device:s0 /dev/goodix_fp u:object_r:fingerprint_device:s0 -/dev/stmvl53l1_ranging u:object_r:rls_device:s0 +/dev/ispolin_ranging u:object_r:rls_device:s0 /dev/watchdog0 u:object_r:watchdog_device:s0 /dev/mali0 u:object_r:gpu_device:s0 /dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 From 1b9fcdf1af9bd13965f16e78eaf5f9cd1807e3d1 Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Wed, 20 Nov 2024 08:20:38 +0000 Subject: [PATCH 10/25] modem_svc: move shared_modem_platform related sepolicy to gs-common Bug: 372400955 Change-Id: Ibcdc907b7fe4e8efcbd3217700b4c62873cd124d Flag: NONE local testing only --- gs201-sepolicy.mk | 2 +- whitechapel_pro/file_contexts | 1 - whitechapel_pro/modem_svc_sit.te | 3 --- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/gs201-sepolicy.mk b/gs201-sepolicy.mk index 2c5da1fc..645ca751 100644 --- a/gs201-sepolicy.mk +++ b/gs201-sepolicy.mk @@ -1,5 +1,5 @@ # sepolicy that are shared among devices using whitechapel -BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel_pro +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel_pro # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/tracking_denials diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 1b200b21..0d5a2fb1 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -5,7 +5,6 @@ /vendor/bin/vcd u:object_r:vcd_exec:s0 /vendor/bin/chre u:object_r:chre_exec:s0 /vendor/bin/cbd u:object_r:cbd_exec:s0 -/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 /vendor/bin/rfsd u:object_r:rfsd_exec:s0 /vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0 /vendor/bin/storageproxyd u:object_r:tee_exec:s0 diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te index d93789d7..0097a46a 100644 --- a/whitechapel_pro/modem_svc_sit.te +++ b/whitechapel_pro/modem_svc_sit.te @@ -38,9 +38,6 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) -# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. -hal_server_domain(modem_svc_sit, hal_shared_modem_platform) - userdebug_or_eng(` allow modem_svc_sit radio_test_device:chr_file rw_file_perms; ') From 2c027c6288a86512da9cec6f5a7c2c7f3d8385d4 Mon Sep 17 00:00:00 2001 From: "Liana Kazanova (xWF)" Date: Thu, 21 Nov 2024 17:53:56 +0000 Subject: [PATCH 11/25] Revert "modem_svc: move shared_modem_platform related sepolicy t..." Revert submission 30519089-move_modem_sepolicy Reason for revert: DroidMonitor: Potential culprit for http://b/380274930 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted. Reverted changes: /q/submissionid:30519089-move_modem_sepolicy Change-Id: I90d720b8bf396f3785c00e9cfa67f55a62a020b2 --- gs201-sepolicy.mk | 2 +- whitechapel_pro/file_contexts | 1 + whitechapel_pro/modem_svc_sit.te | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/gs201-sepolicy.mk b/gs201-sepolicy.mk index 645ca751..2c5da1fc 100644 --- a/gs201-sepolicy.mk +++ b/gs201-sepolicy.mk @@ -1,5 +1,5 @@ # sepolicy that are shared among devices using whitechapel -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel_pro +BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel_pro # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/tracking_denials diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 0d5a2fb1..1b200b21 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -5,6 +5,7 @@ /vendor/bin/vcd u:object_r:vcd_exec:s0 /vendor/bin/chre u:object_r:chre_exec:s0 /vendor/bin/cbd u:object_r:cbd_exec:s0 +/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 /vendor/bin/rfsd u:object_r:rfsd_exec:s0 /vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0 /vendor/bin/storageproxyd u:object_r:tee_exec:s0 diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te index 0097a46a..d93789d7 100644 --- a/whitechapel_pro/modem_svc_sit.te +++ b/whitechapel_pro/modem_svc_sit.te @@ -38,6 +38,9 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) +# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. +hal_server_domain(modem_svc_sit, hal_shared_modem_platform) + userdebug_or_eng(` allow modem_svc_sit radio_test_device:chr_file rw_file_perms; ') From 0c22beaf9c90a6c0417f96a67ec16686039ab91d Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Thu, 28 Nov 2024 10:57:12 +0800 Subject: [PATCH 12/25] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 381326452 Flag: EXEMPT sepolicy Change-Id: I02cc7a8054c274c7d487c42366270b815b7a759f --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 12246ff3..6982f87c 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,4 @@ +aconfigd apex_info_file file b/381326452 bluetooth audio_config_prop file b/379245738 dump_display sysfs file b/350831939 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277 From 8059774fe77c46e20e6c8d672ac0801ee9c678c1 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Thu, 5 Dec 2024 10:50:05 +0800 Subject: [PATCH 13/25] Update SELinux error Flag: EXEMPT sepolicy Test: SELinuxUncheckedDenialBootTest Bug: 382362323 Bug: 360057889 Change-Id: Ic2a2c36368039b4d95ddb9b58b630267c33660a1 --- tracking_denials/bluetooth.te | 2 ++ tracking_denials/bug_map | 1 - tracking_denials/hal_vibrator_default.te | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 tracking_denials/bluetooth.te create mode 100644 tracking_denials/hal_vibrator_default.te diff --git a/tracking_denials/bluetooth.te b/tracking_denials/bluetooth.te new file mode 100644 index 00000000..0b18dd9e --- /dev/null +++ b/tracking_denials/bluetooth.te @@ -0,0 +1,2 @@ +# b/382362323 +dontaudit bluetooth default_android_service:service_manager { find }; diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 6982f87c..0d6c70f9 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -8,7 +8,6 @@ hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 hal_sensors_default property_socket sock_file b/373755350 hal_sensors_default sysfs file b/336451433 -hal_vibrator_default default_android_service service_manager b/360057889 incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 init init capability b/379206608 diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te new file mode 100644 index 00000000..87fc4f03 --- /dev/null +++ b/tracking_denials/hal_vibrator_default.te @@ -0,0 +1,2 @@ +# b/360057889 +dontaudit hal_vibrator_default default_android_service:service_manager { find }; From a3d0621213aa2b3e02534981e81e6ced548f43e1 Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Fri, 6 Dec 2024 03:47:25 +0000 Subject: [PATCH 14/25] Allow tachyon service to make binder calls to GCA This permission is needed for tachyon service to call callbacks. AVC Error seen when tachyon tries accessing GCA: 12-02 11:40:03.212 6987 6987 W com.google.edge: type=1400 audit(0.0:17): avc: denied { call } for scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:google_camera_app:s0:c145,c256,c512,c768 tclass=binder permissive=0 12-03 07:12:26.424 4166 4166 W com.google.edge: type=1400 audit(0.0:254): avc: denied { call } for scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:debug_camera_app:s0:c67,c257,c512,c768 tclass=binder permissive=0 Bug: 381787911 Flag: EXEMPT updates device sepolicy only Change-Id: I0913bafb24f02de9090e2d02011287e4deab0d4f --- whitechapel_pro/debug_camera_app.te | 4 ++++ whitechapel_pro/google_camera_app.te | 3 +++ 2 files changed, 7 insertions(+) diff --git a/whitechapel_pro/debug_camera_app.te b/whitechapel_pro/debug_camera_app.te index 427a7735..9d7bcd87 100644 --- a/whitechapel_pro/debug_camera_app.te +++ b/whitechapel_pro/debug_camera_app.te @@ -1,3 +1,4 @@ +# File containing sepolicies for GCA-Eng & GCA-Next. userdebug_or_eng(` # Allows camera app to access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; @@ -9,4 +10,7 @@ userdebug_or_eng(` # Allows GCA-Eng to find and access the EdgeTPU. allow debug_camera_app edgetpu_app_service:service_manager find; allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + + # Allows tachyon_service to communicate with GCA-Eng via binder. + binder_call(edgetpu_tachyon_server, debug_camera_app); ') diff --git a/whitechapel_pro/google_camera_app.te b/whitechapel_pro/google_camera_app.te index 0ef04cc4..a40f433f 100644 --- a/whitechapel_pro/google_camera_app.te +++ b/whitechapel_pro/google_camera_app.te @@ -8,3 +8,6 @@ allow google_camera_app vendor_fw_file:dir search; # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Allows tachyon service to communicate with google_camera_app via binder. +binder_call(edgetpu_tachyon_server, google_camera_app); From 438a3edc88d43fe177a2ad2122e634ca13b4f350 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Mon, 9 Dec 2024 11:40:41 +0800 Subject: [PATCH 15/25] Update SELinux error copy bug_map entry from gs201 Test: SELinuxUncheckedDenialBootTest Bug: 383013727 Flag: EXEMPT sepolicy Change-Id: I78e6c558e24cc0c444143510470151ebb3c258af --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 0d6c70f9..9246974a 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,6 +4,7 @@ dump_display sysfs file b/350831939 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277 dump_modem sscoredump_vendor_data_logcat_file dir b/361726277 dumpstate unlabeled file b/350832009 +hal_camera_default aconfig_storage_metadata_file dir b/383013727 hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 hal_sensors_default property_socket sock_file b/373755350 From d1f806c78b9e0d29918533958af8c04b4715193c Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Sun, 8 Dec 2024 06:52:24 +0000 Subject: [PATCH 16/25] modem_svc: move shared_modem_platform related sepolicy to gs-common Bug: 372400955 Change-Id: I3e19432ab7cf6b18b277a877d1cdbc9ebf687af9 Flag: NONE local testing only --- gs201-sepolicy.mk | 2 +- whitechapel_pro/file_contexts | 1 - whitechapel_pro/modem_svc_sit.te | 3 --- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/gs201-sepolicy.mk b/gs201-sepolicy.mk index 2c5da1fc..645ca751 100644 --- a/gs201-sepolicy.mk +++ b/gs201-sepolicy.mk @@ -1,5 +1,5 @@ # sepolicy that are shared among devices using whitechapel -BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel_pro +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel_pro # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/tracking_denials diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 1b200b21..0d5a2fb1 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -5,7 +5,6 @@ /vendor/bin/vcd u:object_r:vcd_exec:s0 /vendor/bin/chre u:object_r:chre_exec:s0 /vendor/bin/cbd u:object_r:cbd_exec:s0 -/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 /vendor/bin/rfsd u:object_r:rfsd_exec:s0 /vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0 /vendor/bin/storageproxyd u:object_r:tee_exec:s0 diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te index d93789d7..0097a46a 100644 --- a/whitechapel_pro/modem_svc_sit.te +++ b/whitechapel_pro/modem_svc_sit.te @@ -38,9 +38,6 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) -# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. -hal_server_domain(modem_svc_sit, hal_shared_modem_platform) - userdebug_or_eng(` allow modem_svc_sit radio_test_device:chr_file rw_file_perms; ') From e41a25055a003a6f417d51f46cb475de6d0ed55e Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Wed, 11 Dec 2024 13:31:47 +0800 Subject: [PATCH 17/25] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 383438008 Flag: EXEMPT sepolicy Change-Id: Ia2eb5910086ad0ee92d655ab39948eb47d262158 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 9246974a..3c13d1ea 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -20,6 +20,7 @@ pixelstats_vendor block_device dir b/369540701 platform_app vendor_fw_file dir b/377811773 platform_app vendor_rild_prop file b/377811773 priv_app audio_config_prop file b/379246129 +priv_app metadata_file dir b/383438008 ramdump ramdump capability b/369475655 rfsd vendor_cbd_prop file b/317734397 shell sysfs_net file b/329380891 From a8fbbdb7d73e3df2373245b87baf24aebda22fa8 Mon Sep 17 00:00:00 2001 From: chenkris Date: Thu, 12 Dec 2024 08:15:11 +0000 Subject: [PATCH 18/25] gs201: Add selinux permission for fth Fix the following avc denials: avc: denied { open } for path="/dev/fth_fd" dev="tmpfs" ino=1575 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 avc: denied { read } for name="wakeup96" dev="sysfs" ino=101698 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0 Bug: 383048849 Test: ls -lZ /sys/devices/platform/odm//odm:fps_touch_handler/wakeup Test: authenticate fingerprint Flag: EXEMPT NDK Change-Id: I0516b20ea21a4aed33026b9af4a3dae6bc8defd4 --- whitechapel_pro/file_contexts | 1 + whitechapel_pro/genfs_contexts | 3 +++ 2 files changed, 4 insertions(+) diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 0d5a2fb1..2e1a5b85 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -81,6 +81,7 @@ /dev/janeiro u:object_r:edgetpu_device:s0 /dev/bigocean u:object_r:video_device:s0 /dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/fth_fd u:object_r:fingerprint_device:s0 /dev/ispolin_ranging u:object_r:rls_device:s0 /dev/watchdog0 u:object_r:watchdog_device:s0 /dev/mali0 u:object_r:gpu_device:s0 diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index ee65fab8..54b97796 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -275,6 +275,9 @@ genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/wakeup u:object_r:sysfs_wakeup:s0 + #SecureElement genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0 From e66afa8cd6dc5800dc5e70fcbbd7f3f105b6dd32 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Fri, 13 Dec 2024 14:35:29 +0800 Subject: [PATCH 19/25] Update SELinux error Test: SELinuxUncheckedDenialBootTest Flag: EXEMPT sepolicy Bug: 383949172 Change-Id: I93bce4c72d2190fc6636102c2167099e167dc354 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 3c13d1ea..5220f4b5 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -38,4 +38,5 @@ vendor_init default_prop file b/329381126 vendor_init default_prop property_service b/315104803 vendor_init default_prop property_service b/359427666 vendor_init default_prop property_service b/359428317 +zygote aconfig_storage_metadata_file dir b/383949172 zygote zygote capability b/379206941 From 4f5612fc4628af4c3a541c3d01acd4e44e7e9006 Mon Sep 17 00:00:00 2001 From: timmyli Date: Mon, 16 Dec 2024 06:51:52 +0000 Subject: [PATCH 20/25] Remove hal_camera_default aconfig_storage_metadata_file bugmap Bug: 383013727 Test: compiles manual test Flag: EXEMPT refactor Change-Id: Ib9de507763ea1c81b540e71d1ba85f7282977a3b --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 5220f4b5..214b1861 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,7 +4,6 @@ dump_display sysfs file b/350831939 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277 dump_modem sscoredump_vendor_data_logcat_file dir b/361726277 dumpstate unlabeled file b/350832009 -hal_camera_default aconfig_storage_metadata_file dir b/383013727 hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 hal_sensors_default property_socket sock_file b/373755350 From e93699de2a35bfdde496f45ebfe9c3c152669cf4 Mon Sep 17 00:00:00 2001 From: Timmy Li Date: Mon, 16 Dec 2024 16:34:50 -0800 Subject: [PATCH 21/25] Revert "Remove hal_camera_default aconfig_storage_metadata_file ..." Revert submission 30930671-hal_camera_default_ aconfig_storage_metadata_file2 Reason for revert: b/384580942 Reverted changes: /q/submissionid:30930671-hal_camera_default_+aconfig_storage_metadata_file2 Change-Id: I59f7b9e2dcbdb0ed9f6690bc1b53b0360c6a835f --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 214b1861..5220f4b5 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,6 +4,7 @@ dump_display sysfs file b/350831939 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277 dump_modem sscoredump_vendor_data_logcat_file dir b/361726277 dumpstate unlabeled file b/350832009 +hal_camera_default aconfig_storage_metadata_file dir b/383013727 hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 hal_sensors_default property_socket sock_file b/373755350 From 01b373e61fe276095f7a16ad98997cc598ac9947 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Tue, 24 Dec 2024 18:33:04 +0800 Subject: [PATCH 22/25] Update SELinux error. Test: SELinuxUncheckedDenialBootTest Bug: 385858933 Bug: 385858800 Bug: 385829048 Flag: EXEMPT bugfix Change-Id: Ibbe27e7ab4239b0ae55b109a3e98bf78c1a95f64 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 5220f4b5..6e228a71 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -13,6 +13,7 @@ incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 init init capability b/379206608 insmod-sh insmod-sh key b/336451874 +insmod-sh vendor_edgetpu_debugfs dir b/385858933 kernel dm_device blk_file b/319403445 kernel kernel capability b/336451113 kernel tmpfs chr_file b/321731318 @@ -22,6 +23,7 @@ platform_app vendor_rild_prop file b/377811773 priv_app audio_config_prop file b/379246129 priv_app metadata_file dir b/383438008 ramdump ramdump capability b/369475655 +ramdump_app privapp_data_file lnk_file b/385858800 rfsd vendor_cbd_prop file b/317734397 shell sysfs_net file b/329380891 ssr_detector_app default_prop file b/359428005 From 4206d28824669c6b2b3f711b37a019e0f0715143 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 26 Dec 2024 08:28:21 +0000 Subject: [PATCH 23/25] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 386148928 Flag: EXEMPT update sepolicy Change-Id: I5366a1f150a6afa072494469112c5689be4438d8 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 6e228a71..0fe3dbd5 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -23,6 +23,7 @@ platform_app vendor_rild_prop file b/377811773 priv_app audio_config_prop file b/379246129 priv_app metadata_file dir b/383438008 ramdump ramdump capability b/369475655 +ramdump_app default_prop file b/386148928 ramdump_app privapp_data_file lnk_file b/385858800 rfsd vendor_cbd_prop file b/317734397 shell sysfs_net file b/329380891 From 6e58ad004d279a9ed1d24ab1735860762a676bd8 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 27 Dec 2024 07:20:57 +0000 Subject: [PATCH 24/25] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 386303831 Flag: EXEMPT update sepolicy Change-Id: I069f1df8349426695f850b5814da2a4455d83550 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 0fe3dbd5..fe1639ee 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,6 +4,7 @@ dump_display sysfs file b/350831939 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277 dump_modem sscoredump_vendor_data_logcat_file dir b/361726277 dumpstate unlabeled file b/350832009 +hal_bluetooth_synabtlinux device chr_file b/386303831 hal_camera_default aconfig_storage_metadata_file dir b/383013727 hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 From 56f1333908810f00be601ae517da30a82cce74ca Mon Sep 17 00:00:00 2001 From: YiKai Peng Date: Mon, 30 Dec 2024 05:08:47 -0800 Subject: [PATCH 25/25] sepolicy: gs201: add genfscon wireless into sysfs_batteryinfo Bug: 377264254 Flag: EXEMPT bugfix Test: ABTD Change-Id: I4ec2350e7129e7630e6d6629a7f81820e679008e Signed-off-by: YiKai Peng --- whitechapel_pro/genfs_contexts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index 54b97796..a6dcae68 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -212,6 +212,10 @@ genfscon sysfs /devices/platform/google,battery/power_supply/battery genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 + genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde u:object_r:sysfs_devices_block:s0 # P22 battery