From e3ae25faca2f9df3eb9e03594a3b86019817b3cf Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 3 Jul 2024 02:04:37 +0000 Subject: [PATCH 01/24] Update SELinux error Test: scanBugreport Bug: 350831939 Bug: 350832009 Change-Id: Ib8cee5cf5cb6acc734c2334e91b49aa4b7a02863 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 75fe53cf..40ebc957 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,5 @@ +dump_display sysfs file b/350831939 +dumpstate unlabeled file b/350832009 hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 hal_sensors_default sysfs file b/336451433 From b05833237caf7e50e1b4b7879cc29ce182eeac7a Mon Sep 17 00:00:00 2001 From: Aaron Tsai Date: Thu, 23 May 2024 08:40:37 +0000 Subject: [PATCH 02/24] Add permission for setting gril property 05-22 18:00:40.443 948 948 I auditd : type=1400 audit(0.0:854): avc: denied { write } for comm="radioext@1.0-se" name="property_service" dev="tmpfs" ino=851 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Bug: 343012301 Bug: 203824024 Test: manual test Flag: EXEMPT bugfix Change-Id: Ie873e186d3eda618ba832164d9c9713b410977d2 --- whitechapel_pro/hal_radioext_default.te | 1 + whitechapel_pro/property.te | 1 + whitechapel_pro/property_contexts | 3 +++ 3 files changed, 5 insertions(+) diff --git a/whitechapel_pro/hal_radioext_default.te b/whitechapel_pro/hal_radioext_default.te index fb6bc03d..7e21da86 100644 --- a/whitechapel_pro/hal_radioext_default.te +++ b/whitechapel_pro/hal_radioext_default.te @@ -4,6 +4,7 @@ init_daemon_domain(hal_radioext_default) hwbinder_use(hal_radioext_default) get_prop(hal_radioext_default, hwservicemanager_prop) +set_prop(hal_radioext_default, vendor_gril_prop) add_hwservice(hal_radioext_default, hal_radioext_hwservice) binder_call(hal_radioext_default, grilservice_app) diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te index 559511a0..98fd4534 100644 --- a/whitechapel_pro/property.te +++ b/whitechapel_pro/property.te @@ -4,6 +4,7 @@ vendor_internal_prop(vendor_modem_prop) vendor_internal_prop(vendor_persist_config_default_prop) vendor_internal_prop(vendor_cbd_prop) vendor_internal_prop(vendor_rild_prop) +vendor_internal_prop(vendor_gril_prop) vendor_internal_prop(vendor_carrier_prop) vendor_internal_prop(vendor_ssrdump_prop) vendor_internal_prop(vendor_wifi_version) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index 0ff833e8..9f1747b5 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -38,6 +38,9 @@ vendor.sys.rild_reset u:object_r:vendor_rild_prop:s0 persist.vendor.radio. u:object_r:vendor_rild_prop:s0 ro.vendor.config.build_carrier u:object_r:vendor_carrier_prop:s0 +# for GRIL +vendor.gril. u:object_r:vendor_gril_prop:s0 + persist.vendor.config. u:object_r:vendor_persist_config_default_prop:s0 # SSR Detector From e1d272f6c99a048ce310eaf24fcfadd94ec6b520 Mon Sep 17 00:00:00 2001 From: Carl Tsai Date: Tue, 9 Jul 2024 05:38:01 +0000 Subject: [PATCH 03/24] Add to allocate a security context for panel_pwr_vreg type=1400 audit(1719903781.812:18): avc: denied { read } for comm="dump_display" name="panel_pwr_vreg" dev="sysfs" ino=87631 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 350831939 Test: run pts -m PtsSELinuxTestCases -t com.google.android.selinux.pts.SELinuxTest#scanBugreport to check the test is Pass Flag: EXEMPT bugfix Change-Id: Ib03479bece87f26f48d6998dfd9b2dd84d439204 --- whitechapel_pro/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index d8e63eb1..e8150562 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -102,6 +102,7 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extin genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_pwr_vreg u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 From 27df5480c438753f1d67f19a5b1b8946a0ba0e88 Mon Sep 17 00:00:00 2001 From: Mike McTernan Date: Mon, 15 Jul 2024 10:15:13 +0100 Subject: [PATCH 04/24] trusty: storageproxy: add fs_ready_rw property context Flag: EXEMPT bug fix Bug: 350362101 Test: ABTD Change-Id: I2d6d1ab8dbd60c21a16cadc26c5e4d5d290df42d --- whitechapel_pro/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index 9f1747b5..63838701 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -105,6 +105,7 @@ vendor.config.debug. u:object_r:vendor_telephony_app_prop: # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 +ro.vendor.trusty.storage.fs_ready_rw u:object_r:vendor_trusty_storage_prop:s0 # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix From e825da7d84d42cea498dae3f031825739212bd26 Mon Sep 17 00:00:00 2001 From: Daniel Chapin Date: Wed, 24 Jul 2024 20:17:20 +0000 Subject: [PATCH 05/24] Revert "trusty: storageproxy: add fs_ready_rw property context" Revert submission 28318041-rw_storage Reason for revert: Droidfood blocking bug b/355163562 Reverted changes: /q/submissionid:28318041-rw_storage Change-Id: Ifa22c1551e75dd5161a19c5fb5cb372fe669921c --- whitechapel_pro/property_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index 63838701..9f1747b5 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -105,7 +105,6 @@ vendor.config.debug. u:object_r:vendor_telephony_app_prop: # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 -ro.vendor.trusty.storage.fs_ready_rw u:object_r:vendor_trusty_storage_prop:s0 # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix From 3e1197bafbe0943da26820d4c279754ddbc069f4 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 2 Aug 2024 09:17:28 +0000 Subject: [PATCH 06/24] Add kernel vendor_fw_file dir read permission 07-31 05:35:39.208 885 885 W binder:885_5: type=1400 audit(0.0:125): avc: denied { read } for name="firmware" dev="dm-7" ino=48 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_fw_file:s0 tclass=dir Fix: 356530883 Flag: EXEMPT bugfix Change-Id: I1bb8fcfc952c69c991fd978a617eb92558817267 --- whitechapel_pro/kernel.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/whitechapel_pro/kernel.te b/whitechapel_pro/kernel.te index d44eed68..1af0a9a4 100644 --- a/whitechapel_pro/kernel.te +++ b/whitechapel_pro/kernel.te @@ -1,4 +1,4 @@ -allow kernel vendor_fw_file:dir search; +allow kernel vendor_fw_file:dir r_dir_perms; allow kernel vendor_fw_file:file r_file_perms; # ZRam From 3c082cdefdb733d48e1432cf8bc4f88a4fd89ce0 Mon Sep 17 00:00:00 2001 From: Kevin Ying Date: Thu, 1 Aug 2024 21:29:11 +0000 Subject: [PATCH 07/24] Allow camera HAL to access power_state sysfs 08-03 01:41:34.444 791 791 W TaskPool: type=1400 audit(0.0:178): avc: denied { read } for name="power_state" dev="sysfs" ino=86770 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 339690296 Test: Open camera under SELinux enforcing mode, no display avc error Flag: EXEMPT resource update only Change-Id: Ic0f2d149cbcd8a3da5035f6d2788b4548523bbd6 Signed-off-by: Kevin Ying --- whitechapel_pro/genfs_contexts | 2 ++ whitechapel_pro/hal_camera_default.te | 1 + 2 files changed, 3 insertions(+) diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index e8150562..c65e969d 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -103,12 +103,14 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_pwr_vreg u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/power_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c240000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c241000.drmdecon/dqe1/atc u:object_r:sysfs_display:s0 diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te index 25f2ffc4..af2350f7 100644 --- a/whitechapel_pro/hal_camera_default.te +++ b/whitechapel_pro/hal_camera_default.te @@ -88,6 +88,7 @@ allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; # Allow camera HAL to read backlight of display allow hal_camera_default sysfs_leds:dir r_dir_perms; allow hal_camera_default sysfs_leds:file r_file_perms; +allow hal_camera_default sysfs_display:file r_file_perms; # Allow camera HAL to send trace packets to Perfetto userdebug_or_eng(`perfetto_producer(hal_camera_default)') From 2b177e8120a833f0f86a7eeef144d386ab3e0c1d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 13 Aug 2024 07:30:43 +0000 Subject: [PATCH 08/24] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 359428005 Test: scanBugreport Bug: 359427666 Test: scanAvcDeniedLogRightAfterReboot Bug: 359428317 Flag: EXEMPT bugFix Change-Id: Ib4a909b4f6e2bbad977ae66b722ad0de055ef5b5 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 40ebc957..92419c05 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -11,6 +11,7 @@ kernel kernel capability b/336451113 kernel tmpfs chr_file b/321731318 rfsd vendor_cbd_prop file b/317734397 shell sysfs_net file b/329380891 +ssr_detector_app default_prop file b/359428005 surfaceflinger selinuxfs file b/315104594 vendor_init debugfs_trace_marker file b/336451787 vendor_init default_prop file b/315104479 @@ -20,3 +21,5 @@ vendor_init default_prop file b/323086890 vendor_init default_prop file b/329380363 vendor_init default_prop file b/329381126 vendor_init default_prop property_service b/315104803 +vendor_init default_prop property_service b/359427666 +vendor_init default_prop property_service b/359428317 From b958dd13ad83f5d278dcb094f9e4a9daaed5a7f4 Mon Sep 17 00:00:00 2001 From: Xiaofan Jiang Date: Wed, 14 Aug 2024 00:34:31 +0000 Subject: [PATCH 09/24] gs201: update shared_modem_platform sepolicy for UMI Bug: 357139752 Flag: EXEMPT sepolicy [ 68.189198] type=1400 audit(1722986580.568:59): avc: denied { unlink } for comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1 [ 68.189448] type=1400 audit(1722986580.568:60): avc: denied { create } for comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1 Change-Id: I0bbef83a3915e4c0e284296bc5b59e0ce6cf6f15 --- whitechapel_pro/modem_svc_sit.te | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te index 5a703c9e..606cd520 100644 --- a/whitechapel_pro/modem_svc_sit.te +++ b/whitechapel_pro/modem_svc_sit.te @@ -48,4 +48,9 @@ perfetto_producer(modem_svc_sit) # Allow modem_svc_sit to access modem image file/dir allow modem_svc_sit modem_img_file:dir r_dir_perms; allow modem_svc_sit modem_img_file:file r_file_perms; -allow modem_svc_sit modem_img_file:lnk_file r_file_perms; \ No newline at end of file +allow modem_svc_sit modem_img_file:lnk_file r_file_perms; + +# Allow modem_svc_sit to access socket for UMI +userdebug_or_eng(` + allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink }; +') From 84725d0c7ac050c9c6e667b8dd0c0e93cb32f7c5 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 15 Aug 2024 08:53:22 +0000 Subject: [PATCH 10/24] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 360057889 Test: scanBugreport Bug: 359428317 Test: scanAvcDeniedLogRightAfterReboot Bug: 359428317 Flag: EXEMPT bugFix Change-Id: I9d573610f24054bd6ea8bb3307d0102da077dc55 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 92419c05..58f57c8e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -3,6 +3,7 @@ dumpstate unlabeled file b/350832009 hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 hal_sensors_default sysfs file b/336451433 +hal_vibrator_default default_android_service service_manager b/360057889 incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 insmod-sh insmod-sh key b/336451874 From 0eae05186f1ea18a9ea2218a6aaec1134ea7df3c Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 15 Aug 2024 08:30:36 +0000 Subject: [PATCH 11/24] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 360057889 Test: scanBugreport Bug: 359428317 Test: scanAvcDeniedLogRightAfterReboot Bug: 359428317 Flag: EXEMPT bugFix Change-Id: Iaec87b719446dbef5dc3d8d8d563cf3f47a2a584 From 4f8e79e4e5846225f04027bfb978b22faf6d6844 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 15 Aug 2024 08:32:44 +0000 Subject: [PATCH 12/24] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 360057889 Test: scanBugreport Bug: 359428317 Test: scanAvcDeniedLogRightAfterReboot Bug: 359428317 Flag: EXEMPT bugFix Change-Id: I3d4a7bfbaab36136fbde6bbd56239e43cc9b012d From e1a25491683a12b146ba821c9dc6c070df2ee0bf Mon Sep 17 00:00:00 2001 From: "Priyanka Advani (xWF)" Date: Thu, 15 Aug 2024 16:14:44 +0000 Subject: [PATCH 13/24] Revert "gs201: update shared_modem_platform sepolicy for UMI" Revert submission 28762313 Reason for revert: Droidmonitor created revert due to b/360059249. Reverted changes: /q/submissionid:28762313 Change-Id: I0fc3d7d99b999eedf7e3948afb58fd962045f1e1 --- whitechapel_pro/modem_svc_sit.te | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te index 606cd520..5a703c9e 100644 --- a/whitechapel_pro/modem_svc_sit.te +++ b/whitechapel_pro/modem_svc_sit.te @@ -48,9 +48,4 @@ perfetto_producer(modem_svc_sit) # Allow modem_svc_sit to access modem image file/dir allow modem_svc_sit modem_img_file:dir r_dir_perms; allow modem_svc_sit modem_img_file:file r_file_perms; -allow modem_svc_sit modem_img_file:lnk_file r_file_perms; - -# Allow modem_svc_sit to access socket for UMI -userdebug_or_eng(` - allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink }; -') +allow modem_svc_sit modem_img_file:lnk_file r_file_perms; \ No newline at end of file From e8d359e8d486f656587d92f1270e2a55cf743503 Mon Sep 17 00:00:00 2001 From: Xiaofan Jiang Date: Thu, 15 Aug 2024 19:25:28 +0000 Subject: [PATCH 14/24] Revert "Revert "gs201: update shared_modem_platform sepolicy for..." Revert submission 28822848-revert-28762313-SAYUORWKVG Reason for revert: issue identify and fix is ready Reverted changes: /q/submissionid:28822848-revert-28762313-SAYUORWKVG Change-Id: Iae3ca282426fca573b4c42355e1b46eaa74d3c58 --- whitechapel_pro/modem_svc_sit.te | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te index 5a703c9e..606cd520 100644 --- a/whitechapel_pro/modem_svc_sit.te +++ b/whitechapel_pro/modem_svc_sit.te @@ -48,4 +48,9 @@ perfetto_producer(modem_svc_sit) # Allow modem_svc_sit to access modem image file/dir allow modem_svc_sit modem_img_file:dir r_dir_perms; allow modem_svc_sit modem_img_file:file r_file_perms; -allow modem_svc_sit modem_img_file:lnk_file r_file_perms; \ No newline at end of file +allow modem_svc_sit modem_img_file:lnk_file r_file_perms; + +# Allow modem_svc_sit to access socket for UMI +userdebug_or_eng(` + allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink }; +') From 7fd99e1b1b15279db07d70cf89f9d9c4b6b3a11c Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 23 Aug 2024 09:40:57 +0000 Subject: [PATCH 15/24] Update SELinux error Test: scanBugreport Bug: 359428317 Bug: 361726277 Test: scanAvcDeniedLogRightAfterReboot Bug: 359428317 Flag: EXEMPT bugFix Change-Id: I2ce66f1431a2644076ff29b2337a97b366851d17 --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 58f57c8e..28ee2c23 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,6 @@ dump_display sysfs file b/350831939 +dump_modem sscoredump_vendor_data_coredump_file dir b/361726277 +dump_modem sscoredump_vendor_data_logcat_file dir b/361726277 dumpstate unlabeled file b/350832009 hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 From 5e0dca971a9abe521a3b78faf3c00965739091da Mon Sep 17 00:00:00 2001 From: samou Date: Wed, 17 Jul 2024 15:30:01 +0000 Subject: [PATCH 16/24] sepolicy: remove dump_power_gs201.sh Flag: EXEMPT refactor Bug: 349935208 Change-Id: I3c0f48d00d312ef19677fe5ef9f080f063408667 Signed-off-by: samou --- whitechapel_pro/dump_power_gs201.te | 30 ----------------------------- whitechapel_pro/file_contexts | 1 - 2 files changed, 31 deletions(-) delete mode 100644 whitechapel_pro/dump_power_gs201.te diff --git a/whitechapel_pro/dump_power_gs201.te b/whitechapel_pro/dump_power_gs201.te deleted file mode 100644 index b61001cb..00000000 --- a/whitechapel_pro/dump_power_gs201.te +++ /dev/null @@ -1,30 +0,0 @@ - -pixel_bugreport(dump_power_gs201) -allow dump_power_gs201 sysfs_acpm_stats:dir r_dir_perms; -allow dump_power_gs201 sysfs_acpm_stats:file r_file_perms; -allow dump_power_gs201 sysfs_cpu:file r_file_perms; -allow dump_power_gs201 vendor_toolbox_exec:file execute_no_trans; -allow dump_power_gs201 logbuffer_device:chr_file r_file_perms; -allow dump_power_gs201 mitigation_vendor_data_file:dir r_dir_perms; -allow dump_power_gs201 sysfs:dir r_dir_perms; -allow dump_power_gs201 sysfs_batteryinfo:dir r_dir_perms; -allow dump_power_gs201 sysfs_batteryinfo:file r_file_perms; -allow dump_power_gs201 sysfs_bcl:dir r_dir_perms; -allow dump_power_gs201 sysfs_bcl:file r_file_perms; -allow dump_power_gs201 sysfs_wlc:dir r_dir_perms; -allow dump_power_gs201 sysfs_wlc:file r_file_perms; -allow dump_power_gs201 battery_history_device:chr_file r_file_perms; -allow dump_power_gs201 mitigation_vendor_data_file:file r_file_perms; - -userdebug_or_eng(` - allow dump_power_gs201 debugfs:dir r_dir_perms; - allow dump_power_gs201 vendor_battery_debugfs:dir r_dir_perms; - allow dump_power_gs201 vendor_battery_debugfs:file r_file_perms; - allow dump_power_gs201 vendor_charger_debugfs:dir r_dir_perms; - allow dump_power_gs201 vendor_charger_debugfs:file r_file_perms; - allow dump_power_gs201 vendor_pm_genpd_debugfs:file r_file_perms; - allow dump_power_gs201 vendor_maxfg_debugfs:dir r_dir_perms; - allow dump_power_gs201 vendor_maxfg_debugfs:file r_file_perms; - allow dump_power_gs201 vendor_votable_debugfs:dir r_dir_perms; - allow dump_power_gs201 vendor_votable_debugfs:file r_file_perms; -') diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 4bed0472..293afb30 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -40,7 +40,6 @@ /vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 /system_ext/bin/convert_to_ext4\.sh u:object_r:convert-to-ext4-sh_exec:s0 /vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 -/vendor/bin/dump/dump_power_gs201\.sh u:object_r:dump_power_gs201_exec:s0 /vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 /vendor/bin/init\.check_ap_pd_auth\.sh u:object_r:init-check_ap_pd_auth-sh_exec:s0 From a8d35041b30e95214b09c33f5c46c2ef20f21df5 Mon Sep 17 00:00:00 2001 From: samou Date: Tue, 13 Aug 2024 13:00:17 +0000 Subject: [PATCH 17/24] sepolicy: gs201: fix bm selinux - add odpm scale value path - add gpu cur_freq Flag: EXEMPT refactor Bug: 349935208 Change-Id: Ie053ead11eae4abdd0a30f74117d9c3e00eedf53 Signed-off-by: samou --- whitechapel_pro/genfs_contexts | 50 ++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index c65e969d..ba0018e1 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -33,6 +33,7 @@ genfscon sysfs /devices/platform/28000000.mali/dma_buf_gpu_mem u genfscon sysfs /devices/platform/28000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/28000000.mali/kprcs u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/28000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/28000000.mali/cur_freq u:object_r:sysfs_gpu:s0 # Fabric genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0 @@ -64,6 +65,55 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-me genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current11_scale u:object_r:sysfs_odpm:s0 + # Devfreq current frequency genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 From 150634f0877857f6700feedf9b098edcc90c452c Mon Sep 17 00:00:00 2001 From: attis Date: Mon, 26 Aug 2024 10:56:39 +0800 Subject: [PATCH 18/24] Label sysfs node power_mode as sysfs_display. Label power_mode to sysfs_panel to let it be allowed in dumpstate. avc log: 08-26 13:07:49.660 12467 12467 W dump_display: type=1400 audit(0.0:19): avc: denied { read } for name="power_mode" dev="sysfs" ino=89753 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/350831939 Test: ls -Z, adb bugreport. Flag: EXEMPT bugfix Bug: 358505990 Change-Id: I9feeb2a8270f89d214f7d765893364d0e73f7d39 Signed-off-by: attis --- whitechapel_pro/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index ba0018e1..ee65fab8 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -153,6 +153,7 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_pwr_vreg u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_mode u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 From 5e8b0722d0c1f4317cbcde7516e17c7a8015c48f Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Mon, 2 Sep 2024 14:51:29 +0800 Subject: [PATCH 19/24] Storage: label ufs firmware upgrade script Bug: 361093041 Test: local build Change-Id: I312d071ecaaedb09b54976e6b3bfe05e7bc6cdea Signed-off-by: Randall Huang --- whitechapel_pro/device.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te index ae74fea2..24bb1e8a 100644 --- a/whitechapel_pro/device.te +++ b/whitechapel_pro/device.te @@ -1,3 +1,4 @@ +# device.te type modem_block_device, dev_type; type custom_ab_block_device, dev_type; type persist_block_device, dev_type; @@ -20,3 +21,6 @@ type fips_block_device, dev_type; # SecureElement SPI device type st54spi_device, dev_type; type st33spi_device, dev_type; + +# Storage firmware upgrade +type ufs_internal_block_device, dev_type; From b67284dc2f69d38a6d9ec42f6fd0b6d066047f48 Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Wed, 4 Sep 2024 00:01:42 +0800 Subject: [PATCH 20/24] storage: move storage related device type to common folder Bug: 364225000 Test: forrest build Change-Id: Iaed5b07a1d9823ebf3c7210921784d81bf6207a5 Signed-off-by: Randall Huang --- whitechapel_pro/device.te | 5 ----- whitechapel_pro/file_contexts | 1 - whitechapel_pro/ufs_firmware_update.te | 6 +++--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te index 24bb1e8a..d23a1adf 100644 --- a/whitechapel_pro/device.te +++ b/whitechapel_pro/device.te @@ -1,9 +1,6 @@ # device.te type modem_block_device, dev_type; type custom_ab_block_device, dev_type; -type persist_block_device, dev_type; -type efs_block_device, dev_type; -type modem_userdata_block_device, dev_type; type mfg_data_block_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; @@ -22,5 +19,3 @@ type fips_block_device, dev_type; type st54spi_device, dev_type; type st33spi_device, dev_type; -# Storage firmware upgrade -type ufs_internal_block_device, dev_type; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 293afb30..f704078d 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -40,7 +40,6 @@ /vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 /system_ext/bin/convert_to_ext4\.sh u:object_r:convert-to-ext4-sh_exec:s0 /vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 /vendor/bin/init\.check_ap_pd_auth\.sh u:object_r:init-check_ap_pd_auth-sh_exec:s0 # Vendor Firmwares diff --git a/whitechapel_pro/ufs_firmware_update.te b/whitechapel_pro/ufs_firmware_update.te index f33c2da9..121e462b 100644 --- a/whitechapel_pro/ufs_firmware_update.te +++ b/whitechapel_pro/ufs_firmware_update.te @@ -1,11 +1,11 @@ -type ufs_firmware_update, domain; -type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type; - +# ufs ffu init_daemon_domain(ufs_firmware_update) +# ufs ffu allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans; allow ufs_firmware_update block_device:dir r_dir_perms; allow ufs_firmware_update fips_block_device:blk_file rw_file_perms; allow ufs_firmware_update sysfs:dir r_dir_perms; allow ufs_firmware_update sysfs_scsi_devices_0000:dir search; allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms; + From bd7fbe9a022a23ad21a21f6cf316f1693d0eee99 Mon Sep 17 00:00:00 2001 From: Vic Huang Date: Fri, 6 Sep 2024 06:34:21 +0000 Subject: [PATCH 21/24] [BT] Define vendor_bluetooth_prop avc: denied { set } for property=persist.vendor.service.bdroid.bdaddr pid=860 uid=1002 gid=1002 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0 Bug: 359428216 Test: Forest build Flag: EXEMPT N/A Change-Id: I1aeb04e32620b2815db02f34ee40eae94deeed3c --- whitechapel_pro/property.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te index 98fd4534..c727d8e3 100644 --- a/whitechapel_pro/property.te +++ b/whitechapel_pro/property.te @@ -1,3 +1,5 @@ +# whitechapel_pro Property Define + vendor_internal_prop(vendor_diag_prop) vendor_internal_prop(vendor_slog_prop) vendor_internal_prop(vendor_modem_prop) @@ -45,3 +47,6 @@ vendor_restricted_prop(vendor_arm_runtime_option_prop) # SJTAG lock state vendor_internal_prop(vendor_sjtag_lock_state_prop) + +# Bluetooth props +vendor_restricted_prop(vendor_bluetooth_prop) From c841b33df06ca38f54373c99f035db7c572c27b6 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Thu, 12 Sep 2024 14:25:32 +0800 Subject: [PATCH 22/24] Update SELinux error Test: SELinuxUncheckedDenialBootTest Flag: EXEMPT NDK Bug: 366116786 Change-Id: I6d17ac72f8bdcc3fc54d08b7c23a0f5e0fd83d23 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 28ee2c23..aa33000f 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -16,6 +16,7 @@ rfsd vendor_cbd_prop file b/317734397 shell sysfs_net file b/329380891 ssr_detector_app default_prop file b/359428005 surfaceflinger selinuxfs file b/315104594 +system_server vendor_default_prop file b/366116786 vendor_init debugfs_trace_marker file b/336451787 vendor_init default_prop file b/315104479 vendor_init default_prop file b/315104803 From a5eb284c4a0f694aa134c04301605b05a9e2d362 Mon Sep 17 00:00:00 2001 From: Prochin Wang Date: Thu, 12 Sep 2024 05:04:16 +0000 Subject: [PATCH 23/24] Change vendor_fingerprint_prop to vendor_restricted_prop This is to allow the fingerprint HAL to access the property. Bug: 366105474 Flag: build.RELEASE_PIXEL_BOOST_DATALAYER_PSA_ENABLED Test: mm Change-Id: I5b07acfd7599b099997d46b297e1f7400a9fe478 --- whitechapel_pro/property.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te index c727d8e3..2dfe16d1 100644 --- a/whitechapel_pro/property.te +++ b/whitechapel_pro/property.te @@ -26,7 +26,7 @@ vendor_internal_prop(vendor_persist_sys_default_prop) vendor_internal_prop(vendor_display_prop) # Fingerprint -vendor_internal_prop(vendor_fingerprint_prop) +vendor_restricted_prop(vendor_fingerprint_prop) # UWB calibration system_vendor_config_prop(vendor_uwb_calibration_prop) From 077e59c64f1e8065c79d1c0139efa9db799ee4f4 Mon Sep 17 00:00:00 2001 From: Tej Singh Date: Fri, 20 Sep 2024 21:34:56 -0700 Subject: [PATCH 24/24] Make android.framework.stats-v2-ndk app reachable For libedgetpu Test: TH Bug: 354763040 Flag: EXEMPT bugfix Change-Id: If78bc951a9a4cfc223d01970ca6819fe2b5c6335 --- whitechapel_pro/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index f704078d..9dc374fd 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -58,6 +58,7 @@ /vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/android\.frameworks\.stats-V2-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0