From 775523d1eb5976c85c36c9d5632ff199686e48e6 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan Date: Mon, 21 Feb 2022 20:34:39 -0800 Subject: [PATCH] android.hardware.usb.IUsb AIDL migration android.hardware.usb.IUsb is migrated to AIDL and runs in its own process. android.hardware.usb.gadget.IUsbGadget is now published in its own exclusive process (android.hardware.usb.gadget-service). Creating file_context and moving the selinux linux rules for IUsbGadget implementation. [ 37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1 [ 37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1 [ 39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1 [ 39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1 ... [ 42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1 [ 42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1 [ 42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1 [ 42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1 [ 43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1 [ 43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1 [ 43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1 [ 43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1' Bug: 200993386 Change-Id: Ia8c24610244856490c8271433710afb57d3da157 --- whitechapel_pro/file.te | 3 +++ whitechapel_pro/file_contexts | 3 ++- whitechapel_pro/genfs_contexts | 5 +++++ whitechapel_pro/hal_usb_gadget_impl.te | 10 ++++++++++ whitechapel_pro/hal_usb_impl.te | 14 ++++++++++++++ 5 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 whitechapel_pro/hal_usb_gadget_impl.te diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te index e4248525..c242e448 100644 --- a/whitechapel_pro/file.te +++ b/whitechapel_pro/file.te @@ -102,3 +102,6 @@ type sysfs_sjtag, fs_type, sysfs_type; userdebug_or_eng(` typeattribute sysfs_sjtag mlstrustedobject; ') + +# USB-C throttling stats +type sysfs_usbc_throttling_stats, sysfs_type, fs_type; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 845d50c1..ec661202 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -34,7 +34,8 @@ /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 /vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0 -/vendor/bin/hw/android\.hardware\.usb@1\.3-service\.gs201 u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index 4b3b3ca2..b77832f3 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -215,3 +215,8 @@ genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_t # SJTAG genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0 genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0 + +# USB-C throttling stats +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0 diff --git a/whitechapel_pro/hal_usb_gadget_impl.te b/whitechapel_pro/hal_usb_gadget_impl.te new file mode 100644 index 00000000..83dff037 --- /dev/null +++ b/whitechapel_pro/hal_usb_gadget_impl.te @@ -0,0 +1,10 @@ +type hal_usb_gadget_impl, domain; +hal_server_domain(hal_usb_gadget_impl, hal_usb) +hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget) + +type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_usb_gadget_impl) + +allow hal_usb_gadget_impl configfs:dir { create rmdir }; +allow hal_usb_gadget_impl functionfs:dir { watch watch_reads }; +set_prop(hal_usb_gadget_impl, vendor_usb_config_prop) diff --git a/whitechapel_pro/hal_usb_impl.te b/whitechapel_pro/hal_usb_impl.te index 067baf3c..a5da3ce1 100644 --- a/whitechapel_pro/hal_usb_impl.te +++ b/whitechapel_pro/hal_usb_impl.te @@ -10,3 +10,17 @@ allow hal_usb_impl functionfs:dir { watch watch_reads }; allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; + +# Needed for reporting Usb Overheat suez event through statsd +allow hal_usb_impl fwk_stats_service:service_manager find; +binder_call(hal_usb_impl, servicemanager) + +# Needed for monitoring usb port temperature +allow hal_usb_impl self:capability2 wake_alarm; +wakelock_use(hal_usb_impl); + +# For interfacing with ThermalHAL +hal_client_domain(hal_usb_impl, hal_thermal); + +# For reading the usb-c throttling stats +allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms;