aml_tz6_351400020 (13155446,com.google.android.go.tzdata6,com.google.android.tzdata6)

-----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ9i73wAKCRDorT+BmrEO eA9fAKCEH6U0VsfJnZu7EsJrm3Jf2R/79QCfS2R7cLBCbgZRnRF9NdZFLFSCmag= =LJEp -----END PGP SIGNATURE----- gpgsig -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ +rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQAYiKBVct1aIguY8rrkYnrpAuHwlbQCQQK+84wJW0o1CMIj5LZ7AHuGYnlweaKSRn1 MyYXYmaRM30E8SYdiP5AA= -----END SSH SIGNATURE----- Merge tag 'aml_tz6_351400020' into staging/lineage-23.0_merge-aml_tz6_351400020 aml_tz6_351400020 (13155446,com.google.android.go.tzdata6,com.google.android.tzdata6) # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ9i73wAKCRDorT+BmrEO # eA9fAKCEH6U0VsfJnZu7EsJrm3Jf2R/79QCfS2R7cLBCbgZRnRF9NdZFLFSCmag= # =LJEp # -----END PGP SIGNATURE----- # gpg: Signature made Tue Mar 18 02:18:39 2025 EET # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate] # By Nina Chen (7) and others # Via Android Build Coastguard Worker (8) and others * tag 'aml_tz6_351400020': Add udc sysfs to udc_sysfs fs context Remove unnecessary dontaudit rule Update SELinux error Update SELinux error RamdumpService: Fix the SELinux errors from introducing Firebase Analytics. init-display-sh: Don't audit writing to kmsg Remove sced sepolicy rule gs201: update selinux to allow UMI on user build Update SELinux error sepolicy: gs201: add genfscon wireless into sysfs_batteryinfo Update SELinux error Update SELinux error Update SELinux error. Revert "Remove hal_camera_default aconfig_storage_metadata_file ..." Remove hal_camera_default aconfig_storage_metadata_file bugmap Update SELinux error gs201: Add selinux permission for fth Update SELinux error Change-Id: I5e1ace4f2a3d2cde00d9d851f943f679cc12906a
2025-06-23 05:20:37 +03:00 · 2025-06-23 05:20:37 +03:00 · 59ea5d1657
commit 59ea5d1657
parent dfc9c90494 dca6e8d7af
8 changed files with 24 additions and 28 deletions
--- a/sepolicy/tracking_denials/bug_map
+++ b/sepolicy/tracking_denials/bug_map
@ -4,7 +4,10 @@ dump_display sysfs file b/350831939
 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277
 dump_modem sscoredump_vendor_data_logcat_file dir b/361726277
 dumpstate unlabeled file b/350832009
+hal_bluetooth_synabtlinux device chr_file b/386303831
 hal_camera_default aconfig_storage_metadata_file dir b/383013727
+hal_drm_widevine system_userdir_file dir b/393956479
+hal_drm_widevine widevine_sys_vendor_prop file b/393956479
 hal_face_default traced_producer_socket sock_file b/305600808
 hal_power_default hal_power_default capability b/237492146
 hal_sensors_default property_socket sock_file b/373755350
@ -12,7 +15,10 @@ hal_sensors_default sysfs file b/336451433
 incidentd debugfs_wakeup_sources file b/282626428
 incidentd incidentd anon_inode b/282626428
 init init capability b/379206608
+init-display-sh kmsg_device chr_file b/388949662
 insmod-sh insmod-sh key b/336451874
+insmod-sh kmsg_device chr_file b/388949536
+insmod-sh vendor_edgetpu_debugfs dir b/385858933
 kernel dm_device blk_file b/319403445
 kernel kernel capability b/336451113
 kernel tmpfs chr_file b/321731318
@ -20,7 +26,9 @@ pixelstats_vendor block_device dir b/369540701
 platform_app vendor_fw_file dir b/377811773
 platform_app vendor_rild_prop file b/377811773
 priv_app audio_config_prop file b/379246129
+priv_app metadata_file dir b/383438008
 ramdump ramdump capability b/369475655
+ramdump_app default_prop file b/386148928
 rfsd vendor_cbd_prop file b/317734397
 shell sysfs_net file b/329380891
 ssr_detector_app default_prop file b/359428005
@ -37,4 +45,5 @@ vendor_init default_prop file b/329381126
 vendor_init default_prop property_service b/315104803
 vendor_init default_prop property_service b/359427666
 vendor_init default_prop property_service b/359428317
+zygote aconfig_storage_metadata_file dir b/383949172
 zygote zygote capability b/379206941
--- a/sepolicy/whitechapel_pro/file_contexts
+++ b/sepolicy/whitechapel_pro/file_contexts
@ -1,7 +1,6 @@
 # Binaries
 /vendor/bin/dmd                                                             u:object_r:dmd_exec:s0
 /vendor/bin/modem_logging_control                                           u:object_r:modem_logging_control_exec:s0
-/vendor/bin/sced                                                            u:object_r:sced_exec:s0
 /vendor/bin/vcd                                                             u:object_r:vcd_exec:s0
 /vendor/bin/chre                                                            u:object_r:chre_exec:s0
 /vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
@ -82,6 +81,7 @@
 /dev/janeiro                                                                u:object_r:edgetpu_device:s0
 /dev/bigocean                                                               u:object_r:video_device:s0
 /dev/goodix_fp                                                              u:object_r:fingerprint_device:s0
+/dev/fth_fd                                                                 u:object_r:fingerprint_device:s0
 /dev/ispolin_ranging                                                        u:object_r:rls_device:s0
 /dev/watchdog0                                                              u:object_r:watchdog_device:s0
 /dev/mali0                                                                  u:object_r:gpu_device:s0
--- a/sepolicy/whitechapel_pro/genfs_contexts
+++ b/sepolicy/whitechapel_pro/genfs_contexts
@ -212,6 +212,10 @@ genfscon sysfs /devices/platform/google,battery/power_supply/battery
 genfscon sysfs /devices/platform/google,cpm                                     u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/google,charger                                 u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/10d60000.hsi2c                                 u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /class/power_supply/wireless/device/version                      u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /class/power_supply/wireless/device/status                       u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /class/power_supply/wireless/device/fw_rev                       u:object_r:sysfs_batteryinfo:s0
+
 genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde   u:object_r:sysfs_devices_block:s0

 # P22 battery
@ -275,6 +279,9 @@ genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup
 genfscon sysfs /devices/platform/sound-aoc/wakeup                                                                           u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/wakeup                                                 u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/wakeup                                                 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/power/wakeup                                                     u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/wakeup                                                           u:object_r:sysfs_wakeup:s0
+

 #SecureElement
 genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0
@ -353,3 +360,6 @@ genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby

 # WLC
 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c                  u:object_r:sysfs_wlc:s0
+
+# USB
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state   u:object_r:sysfs_udc:s0
--- a/sepolicy/whitechapel_pro/hal_usb_impl.te
+++ b/sepolicy/whitechapel_pro/hal_usb_impl.te
@ -33,3 +33,4 @@ allow hal_usb_impl usb_device:dir r_dir_perms;
 # For monitoring usb sysfs attributes
 allow hal_usb_impl sysfs_wakeup:dir search;
 allow hal_usb_impl sysfs_wakeup:file r_file_perms;
+allow hal_usb_impl sysfs_udc:file r_file_perms;
--- a/sepolicy/whitechapel_pro/init-display-sh.te
+++ b/sepolicy/whitechapel_pro/init-display-sh.te
@ -8,3 +8,5 @@ allow init-display-sh vendor_toolbox_exec:file execute_no_trans;

 dontaudit init-display-sh proc_cmdline:file r_file_perms;

+# Allow modprobe to log to kmsg.
+allow init-display-sh kmsg_device:chr_file w_file_perms;
--- a/sepolicy/whitechapel_pro/modem_svc_sit.te
+++ b/sepolicy/whitechapel_pro/modem_svc_sit.te
@ -52,6 +52,4 @@ allow modem_svc_sit modem_img_file:file r_file_perms;
 allow modem_svc_sit modem_img_file:lnk_file r_file_perms;

 # Allow modem_svc_sit to access socket for UMI
-userdebug_or_eng(`
-  allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
-')
+allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink write };
--- a/sepolicy/whitechapel_pro/sced.te
+++ b/sepolicy/whitechapel_pro/sced.te
@ -1,23 +0,0 @@
-type sced, domain;
-type sced_exec, vendor_file_type, exec_type, file_type;
-
-userdebug_or_eng(`
-  init_daemon_domain(sced)
-  typeattribute sced vendor_executes_system_violators;
-
-  hwbinder_use(sced)
-  binder_call(sced, dmd)
-  binder_call(sced, vendor_telephony_silentlogging_app)
-
-  get_prop(sced, hwservicemanager_prop)
-  allow sced self:packet_socket create_socket_perms_no_ioctl;
-
-  allow sced self:capability net_raw;
-  allow sced shell_exec:file rx_file_perms;
-  allow sced tcpdump_exec:file rx_file_perms;
-  allow sced vendor_shell_exec:file x_file_perms;
-  allow sced vendor_slog_file:dir create_dir_perms;
-  allow sced vendor_slog_file:file create_file_perms;
-  allow sced hidl_base_hwservice:hwservice_manager add;
-  allow sced hal_vendor_oem_hwservice:hwservice_manager { add find };
-')
--- a/sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te
+++ b/sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te
@ -10,7 +10,6 @@ allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms
 allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
 allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
 binder_call(vendor_telephony_silentlogging_app, dmd)
-binder_call(vendor_telephony_silentlogging_app, sced)

 userdebug_or_eng(`
 # Silent Logging