Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7697 commits 1 branch 0 tags 63 MiB
Commit graph

7697 commits

This branch
This branch
All branches
Author SHA1 Message Date
Oleg Matcovschi
48d1b71ab1 sepolicy: Remove sscoredump tracking denials file 
Bug: 205073166
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I67d2500a5323203577c7fb90741c8dfec1cffd83
 2021-11-24 18:50:15 +00:00
Kyle Lin
f80cb8ae4e Add policy for memlat governor needs create/delete perf events 
[46756.223414] type=1400 audit(1637720953.624:1227238): avc: denied { cpu } for comm="cpuhp/3" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[46791.079905] type=1400 audit(1637720988.480:1228172): avc: denied { cpu } for comm="cpuhp/5" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[46831.825465] type=1400 audit(1637721029.228:1230804): avc: denied { cpu } for comm="cpuhp/4" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[47068.752724] type=1400 audit(1637721266.152:1237844): avc: denied { cpu } for comm="cpuhp/3" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[47227.488992] type=1400 audit(1637721424.888:1241154): avc: denied { cpu } for comm="cpuhp/7" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1

Bug: 207047575
Test: build, boot and check warning message
Change-Id: I735d5cfa5eb5614114d83a7892123d37c980d531
 2021-11-24 17:13:10 +00:00
wenchangliu
4bb1061c2d Add SELinux policy for mediacodec_samsung 
mediacodec_samsung is separated from mediacodec for
mfc encoder/decoder. Add assumption from mediacodec.te
as well.

Bug: 204718809
Test: boot to home
Change-Id: I67ce385903cf5abd2ba9dc62b7229320b3f7daa9
 2021-11-24 07:46:27 +00:00
wenchangliu
ecdcc0f739 Allow mediacodec_samsung to fallback crash dump 
avc: denied { write } for name="tombstoned_crash" \
dev="tmpfs" ino=948 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:tombstoned_crash_socket:s0 \
tclass=sock_file permissive=1

avc: denied { connectto } for path="/dev/socket/tombstoned_crash" \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:tombstoned:s0 \
tclass=unix_stream_socket permissive=1

avc: denied { write } for path="pipe:[63031]" dev="pipefs" ino=63031 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:system_server:s0 \
tclass=fifo_file permissive=1

avc: denied { append } for path="pipe:[63031]" dev="pipefs" ino=63031 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:system_server:s0 \
tclass=fifo_file permissive=

Bug: 204718809
Test: boot to home
Change-Id: Iad67f936ac9d6d11e5f5646918074153372b8b00
 2021-11-24 07:46:27 +00:00
wenchangliu
fae7e19893 Allow mediacodec_samsung to access graphics allocator 
avc:  denied  { find } for interface=android.hardware.graphics.mapper::IMapper \
sid=u:r:mediacodec_samsung:s0 pid=792 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:hal_graphics_mapper_hwservice:s0 tclass=hwservice_manager permissive=1

avc: denied { use } for path="/dmabuf:" dev="dmabuf" ino=94523 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:hal_graphics_allocator_default:s0 \
tclass=fd permissive=1

Bug: 205657093
Test: video playback / screen recording
Change-Id: I6c64b4d2483b146358ef678c56aec68dd86eb878
 2021-11-24 07:46:27 +00:00
wenchangliu
f2b1870b23 Allow mediacodec_samsung to access video device and system-uncached DMA-BUF heap 
This patch fixes the following denial:

avc: denied { getattr } for path="/dev/dma_heap/system-uncached" \
dev="tmpfs" ino=487 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1

avc: denied { getattr } for path="/dev/video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { read write } for name="video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { open } for path="/dev/video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { ioctl } for path="/dev/video6" dev="tmpfs" ino=477 \
ioctlcmd=0x561b scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=1

Bug: 205657093
Test: video playback / screen recording
Change-Id: Ia09bd29652b8197b4d5009f84077f6d5bb5551e2
 2021-11-24 07:46:27 +00:00
wenchangliu
0df2e47cb1 Allow mediacodec_samsung can route /dev/binder traffic to /dev/vndbinder 
This patch fixes the following denial:

avc: denied { call } for scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1

avc: denied { transfer } for scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1

Bug: 205904381
Test: boot to home
Change-Id: Ie2c0577bdf987466b4f729d9f78d1a6704cd9d24
 2021-11-24 07:46:27 +00:00
Kyle Lin
af8d6b2439 memlat: correct the memlat setting 
Bug: 207047575
Test: build, boot and verify the value
Change-Id: I20b0a54240102c283f5421838aa13c91ca7abd93
 2021-11-24 07:34:20 +00:00
Adam Shih
5e6beee1e6 update error on ROM 7941916 
Bug: 207571335
Bug: 207571546
Bug: 207571417
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I7b75837d13b532793ccbc326379c1d95aada429b
 2021-11-24 10:41:32 +08:00
Firman Hadi Prayoga
7599ba8e55 Add /dev/lwis-eeprom-m24c64x-3j1 entry to selinux policy. 
lwis-eeprom-m24c64x-3j1 used by camera hal to access
P22 front camere EEPROM device.

Bug: 207062209
Fix: 207062209
Test: Boot, no avc denied logs for eeprom
Change-Id: Ia12da5dbed1baef6d8a8ab2bf421b2987639e826
 2021-11-24 01:01:44 +00:00
SalmaxChang
742cbc29b8 ssr_detector_app: fix avc error 
avc: denied { read } for name="u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=320 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1

Bug: 205202542
Change-Id: I84cbdb9d85ab58219554bfe0da35a00464a955ff
 2021-11-23 12:17:51 +00:00
SalmaxChang
5e2ac8ab48 Fix modem related avc errors 
avc: denied { read } for name="u:object_r:vendor_modem_prop:s0" dev="tmpfs" ino=317 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_modem_prop:s0 tclass=file permissive=1
avc: denied { read } for comm="dmd" name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:dmd:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { read } for name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:vcd:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1

Bug: 205073232
Bug: 205073025
Bug: 206045605
Change-Id: I3f76a138b4d6eeffb488fb5e5e15985ac6ef707d
 2021-11-23 12:17:51 +00:00
George Chang
3dc2515efe Update SecureElement sysfs_st33spi Sepolicy 
Add rules for sysfs_st33spi

Bug: 205250948
Test: check avc without secure_element
Change-Id: I1ccf39ca09c6b19a597114f04803800d38fdf774
 2021-11-23 11:40:16 +00:00
Cheney Ni
85a99ae592 Bluetooth: Owns /dev/btpower nodes 
Bug: 202113218
Test: manually
Change-Id: I4f4e2ba1ce7d87b3a072f1ed3c09d48e77d12283
 2021-11-23 09:42:50 +00:00
Cheney Ni
0cf19f1da1 Bluetooth: Not specify the HIDL at chipset level 
Move the Bluetooth HIDL manifest to each projects.

Bug: 202113218
Test: manually
Change-Id: I52e5405e31c5e2713aa17512dfaeda80c374be77
 2021-11-23 07:46:10 +00:00
Adam Shih
e5e4f9f2b7 make libOpenCL reachable 
Bug: 207300281
Test: boot with no relevant error log
Change-Id: I294d23e2b29afd62da5c2327175f0c163da98cf0
 2021-11-23 06:00:16 +00:00
Adam Shih
851a7bb16b label extcon and remove obsolete zygote error 
Bug: 205904404
Bug: 206045368
Bug: 207062229
Test: boot with no relevant error logs
Change-Id: If4c2f5591907bfcab2fd638f1222f84377270623
 2021-11-23 05:28:39 +00:00
Adam Shih
f6f699700c update error on ROM 7938763 
Bug: 207431041
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I775a28827b107d43b47d3486e70f87a36a6babcc
 2021-11-23 04:15:22 +00:00
Adam Shih
48435ccfaa let uwb app access secure element property 
Bug: 207300261
Test: boot with no relevant error log
Change-Id: I10f505d1ef3cbbc118082e5c44381c1b55389da3
 2021-11-23 03:25:46 +00:00
Randall Huang
1a57e5c346 Fix selinux for vold idle-maint 
Bug: 206741894
Bug: 207062776
Test: adb shell sm idle-maint run
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Ieb55fe439d3250b6d819381c4bc97e3e895ac23f
 2021-11-23 03:24:56 +00:00
George Chang
8a4d5bd3b5 Fix nfc avc denials for sysfs_vendor_sched 
11-19 12:38:54.416  2631  2631 I com.android.nfc: type=1400 audit(0.0:404): avc: denied { search } for comm=4173796E635461736B202331 name="vendor_sched" dev="sysfs" ino=45736 scontext=u:r:nfc:s0 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=dir permissive=1

Bug: 207062484
Test: check avc without nfc
Change-Id: I50507934c071745e257434f512d9dc835790e669
 2021-11-23 03:14:55 +00:00
Randall Huang
a2b1ca5f7e Fix selinux for adb bugreport 
Bug: 206741894
Test: adb bugreport
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: If82f30392676f414a79ddabe27d73ce751d61eee
 2021-11-23 02:58:21 +00:00
Adam Shih
ed245711ec fix sysfs_vendor_sched access 
Bug: 207062776
Bug: 207062777
Bug: 207062877
Bug: 207062211
Bug: 207062232
Bug: 207062208
Test: boot with no relevant access
Change-Id: I585653383ad0061fc6e9669c0590432c235f7e14
 2021-11-23 02:51:59 +00:00
Adam Shih
c90030d1f7 label system_suspend wakeup files 
use "adb shell ls -l sys/class/wakeup" to get all paths
Bug: 207062779
Test: boot with no relevant error log

Change-Id: Ib43090cecf3d74e5c8b07e7e13de58cf6ee7ddbe
 2021-11-23 02:51:46 +00:00
Oleg Matcovschi
a4a0b90afb sepolicy: add persist.vendor.sys.ssr property context 
Bug: 205073166
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I81794ab8d320affcfef8f77895712aaa840f7abc
 2021-11-22 19:54:08 +00:00
Randall Huang
3ba42745f4 Allow vendor_init to modify read_ahead_kb 
Bug: 206741894
Bug: 207062206
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I6cc59722520df12aef103fc330f9acd8e800318d
 2021-11-22 06:55:58 +00:00
George Chang
d15185b2d7 Fix SELinux error coming from hal_secure_element_gto and gto_ese2 
update hal_secure_element_st54spi/st33spi form gto/gto_ese2

hal_secure_element_gto.te => hal_secure_element_st54spi.te
[   10.846098] type=1400 audit(1637296724.408:40): avc: denied { map } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:40): avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:39): avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:38): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:37): avc: denied { read } for name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846033] type=1400 audit(1637296724.408:37): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846072] type=1400 audit(1637296724.408:38): avc: denied { open } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846086] type=1400 audit(1637296724.408:39): avc: denied { getattr } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:100): avc: denied { write } for name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:101): avc: denied { connectto } for path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593472] type=1400 audit(1636594739.132:101): avc: denied { connectto } for comm="secure_element@" path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593175] type=1400 audit(1636594739.132:100): avc: denied { write } for comm="secure_element@" name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:135): avc: denied { open } for path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.142141] type=1400 audit(1636430648.620:135): avc: denied { open } for comm="secure_element@" path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.141947] type=1400 audit(1636430648.620:134): avc: denied { read write } for comm="secure_element@" name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:134): avc: denied { read write } for name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-04 13:27:24.564     1     1 I /system/bin/init: type=1107 audit(0.0:52): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.se.reset pid=772 uid=1068 gid=1068 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=property_service permissive=1'
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:49): avc: denied { read write } for name="st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:50): avc: denied { open } for path="/dev/st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1

hal_secure_element_gto_ese2 =>  hal_secure_element_st33spi.te
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:137): avc: denied { open } for path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660987] type=1400 audit(1636430649.140:137): avc: denied { open } for comm="secure_element@" path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660845] type=1400 audit(1636430649.140:136): avc: denied { read write } for comm="secure_element@" name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:136): avc: denied { read write } for name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1

Bug: 207062261
Bug: 205073164
Bug: 205656951
Bug: 205657039
Bug: 205904452
Test: check avc without secure_element
Change-Id: I312299deb6d6bfa353e7936d41a723e75d3ea06b
 2021-11-22 02:59:34 +00:00
Adam Shih
a1a5f11872 label google battery sysfs file 
Bug: 207062874
Test: boot with no relevant error log
Change-Id: Ic5477f0deb24f0bd9c46aef70459f0b629cdb5ef
 2021-11-22 10:17:50 +08:00
Adam Shih
78d0abfb73 update error on ROM 7935766 
Bug: 207300335
Bug: 207300298
Bug: 207300281
Bug: 207300315
Bug: 207300261
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia79829128db2286ec8ae9c20520be8a25c195cb0
 2021-11-22 09:59:08 +08:00
Randall Huang
a578c846fa storage: update sepolicy for storage suez 
Bug: 206741894
Bug: 188793183
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I206178e34156f0b02c4a5b743ac9467e7dafb74f
 2021-11-19 17:45:48 +08:00
Randall Huang
f317331d7a allow init to set scsi tunables 
Bug: 206741894
Bug: 207062776
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Iff52af62e6495e4390c7f961f11b3d8702b09ef9
 2021-11-19 16:12:54 +08:00
Adam Shih
6dc46556e3 update error on ROM 7930790 
Bug: 207062875
Bug: 207062775
Bug: 207062209
Bug: 207062260
Bug: 207062874
Bug: 207062172
Bug: 207062562
Bug: 207062564
Bug: 207062210
Bug: 207062261
Bug: 207062541
Bug: 207062542
Bug: 207062207
Bug: 207062231
Bug: 207062151
Bug: 207062776
Bug: 207062777
Bug: 207062780
Bug: 207062877
Bug: 207062484
Bug: 207062781
Bug: 207062833
Bug: 207062258
Bug: 207062211
Bug: 207062229
Bug: 207062779
Bug: 207062232
Bug: 207062206
Bug: 207062540
Bug: 207062208
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I23da4247c6d3d24d193a8a7ce28da9ac1ea88842
 2021-11-19 05:14:34 +00:00
Adam Shih
6459d30fb1 unleash all SELinux error 
Bug: 205212735
Test: boot with all the selinux error showing up
Change-Id: If34d16a26f788458510cf5d920e8978bc68211be
 2021-11-19 00:48:32 +00:00
Shiyong Li
11994a8ca0 allow systemui to toggle display lhbm node 
Fix the following selinux violation:
avc: denied { call } for scontext=u:r:platform_app:s0:c512,c768
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=1 app=com.android.systemui

Bug: 205640231
Test: check avc logs while using udfps
Signed-off-by: Shiyong Li <shiyongli@google.com>
Change-Id: I196ade950541d56affd3dc38568b0275f159c799
 2021-11-18 17:36:48 +00:00
Ray Chi
bdd4728a17 usb: modify the permission of USB gadget hal 
Currently, USB gadgdet hal couldn't access configfs nodes during
device booting. The permission of configfs nodes are root as default,
and they are modified to system by init process. Therefore, USB
gadget HAL can't access them before permission changes completely.

The patch will modify permission of USB gadget hal so that it can
access configfs nodes without permission change.

Bug: 204378488
Test: check connection time
Change-Id: I97f5446a51183225227744043e4a6e0088fecf0b
 2021-11-18 17:06:56 +08:00
George Chang
646216405f Fix SELinux error coming from vendor_init for nfc and se 
avc: denied { set } for property=persist.vendor.nfc.streset
avc: denied { set } for property=persist.vendor.se.strese

Bug: 205070818
Test: no nfc se vendor_init avc errors
Change-Id: Id5002bd93e155d81cb8d56ba0cf38cb58b9409c6
 2021-11-18 07:12:05 +00:00
chenpaul
966f3dc7a0 Remove wifi_logger related sepolicy settings 
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.

Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: Iaa7e4da6564a4ea2b0938db34bb7efff6ed54ee0
 2021-11-18 04:49:04 +00:00
Chungkai Mei
149dec3f70 selinux: hal_camera_default: fix avc denied logs 
avc: denied { transfer } for comm="android.hardwar" scontext=u:r:hal_power_default:s0
tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=1

Bug: 205904442
Test: local build pass
Signed-off-by: Chungkai Mei <chungkai@google.com>
Change-Id: I39e84cfa895b56d44f248015dddb5f99d099fd76
 2021-11-18 03:46:39 +00:00
Adam Shih
e72ecd59d8 fix UWB app settings and zygote library access 
11-16 14:46:01.647   446   446 E SELinux : avc:  denied  { add } for pid=2502 uid=1083 name=uwb_vendor scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1
11-16 14:41:41.238   440   440 E SELinux : avc:  denied  { find } for pid=2555 uid=1083 name=hardware.qorvo.uwb.IUwb/default scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1
Bug: 206331617
Bug: 206045471
Bug: 205904384
Test: boot with no zygote errors

Change-Id: I5fe048434d430120334d172481b9cc07cff141dd
 2021-11-18 02:20:49 +00:00
Adam Shih
4c66de3d3b allow pixelstats_vendor binder access 
Bug: 205904433
Test: boot with no relevant error logs
Change-Id: I897a5feb41e8c127834fb3ed795aaeb5d3f3fc54
 2021-11-18 02:20:49 +00:00
Randall Huang
895dfe3008 Fix zram avc denied 
Bug: 205657025
Bug: 205657090
Bug: 205779799
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Ib23d40c2f9e96680108311d23aca708a8db4b67b
 2021-11-17 06:26:34 +00:00
Ruofei Ma
fded60a79e Add SELinux policy for mediacodec_google 
mediacodec_google represents google av1 decoder
hal service.

Bug: 205657135

Signed-off-by: Ruofei Ma <ruofeim@google.com>
Change-Id: Ied61107d1991a22b24170b055bf3613165cbe050
 2021-11-17 00:57:08 +00:00
Shiyong Li
f574475006 display: allow framework to access local hbm node 
Change local hbm node ownership to allow framework to access.

Bug: 205640231
Test: check ownership after boot
Signed-off-by: Shiyong Li <shiyongli@google.com>
Change-Id: Iba041a9cf8672682411f2167f8677b30e5979027
 2021-11-16 20:19:16 +00:00
Adam Shih
bc651b87ce let citadel and camera hal use binder 
Bug: 205904207
Test: boot with no relevant error log
Change-Id: I0544f0ea645c5e594279bfda5aef4714c7929d26
 2021-11-16 11:37:38 +08:00
Adam Shih
32db046e67 suppress bootanim android watch behavior on phones 
Bug: 205780088
Test: boot with no relevant error log
Change-Id: Ic928d3212a016984ff31f358486109022d82b1ee
 2021-11-16 11:02:46 +08:00
Adam Shih
af53f729cf allow kernel to access firmware and zram 
Bug: 205780090
Test: boot with no relevant error log
Change-Id: I272d9babfb0283e46cfc2e65e0bb85323bf8b7a2
 2021-11-16 02:13:10 +00:00
Adam Shih
d66ba1bd25 allow system ui to call hal_wlc 
Bug: 205904327
Test: Boot with no relevant error log
Change-Id: Ieeb3a27266055ead7fd8e0bb5aaa85c4137bccef
 2021-11-16 02:13:04 +00:00
Adam Shih
2ef225b9c5 label oemrilservice_app and grant relevant permission 
11-15 11:32:41.059   442   442 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:oemrilservice_app:s0:c195,c256,c512,c768 pid=1866 scontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=1
11-15 11:32:41.060  1013  1013 I rild_exynos: type=1400 audit(0.0:5): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tclass=binder permissive=1
11-15 11:32:41.368  1013  1013 I rild_exynos: type=1400 audit(0.0:6): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tclass=binder permissive=1
11-15 11:32:41.890   441   441 E SELinux : avc:  denied  { find } for pid=1866 uid=10195 name=isub scontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1
Bug: 205904553
Bug: 205073117
Bug: 204718782
Bug: 205904441
Test: boot with no relevant error log

Change-Id: I258aa58b4d3c95b901405e9181138c0d68c2b154
 2021-11-16 02:12:53 +00:00
Tommy Chiu
94f78934d9 Keymint: Fix SELinux denial 
Also remove -dontaudit- configuration.

Bug: 205073229
Bug: 205655569
Bug: 205904323
Change-Id: If8de3b4e6ee01488fdd563b702fbba1bd7c73ef0
 2021-11-15 16:12:38 +00:00
Roger Wang
197e2a096b wifi: move configuration to project specific 
In this commit, I remove project specific content.
For example, I remove p2p interface property,
supplicant service definition and board configurations.

Bug: 203635329
Test: check functionality and output as follows
$ adb shell ifconfig
Output: p2p-wlan0-0 Link encap:Ethernet

$ adb shell getprop wifi.direct.interface
p2p-dev-wlan0

Log output:
wl_cfgvendor_set_hal_started, HAL version: BCMDHD vendor HAL
wpa_supplicant: Configuration file '/data/vendor/wifi/wpa/wpa_supplicant.conf' -> '/data/vendor/wifi/wpa/wpa_supplicant.conf'
wpa_supplicant: Reading configuration file '/data/vendor/wifi/wpa/wpa_supplicant.conf'
wpa_supplicant: update_config=1
wpa_supplicant: eapol_version=1
wpa_supplicant: ap_scan=1
wpa_supplicant: fast_reauth=1
wpa_supplicant: pmf=1
wpa_supplicant: p2p_add_cli_chan=1
wpa_supplicant: oce=1
wpa_supplicant: sae_pwe=2
wpa_supplicant: Reading configuration file '/vendor/etc/wifi/wpa_supplicant_overlay.conf'
wpa_supplicant: sae_pwe=2
wpa_supplicant: driver_param='use_p2p_group_interface=1p2p_device=1'
wpa_supplicant: disable_scan_offload=1
wpa_supplicant: wowlan_triggers='any'

Change-Id: If18f13e7c4c8fc13fb68e50145cc407c91d3fa60
 2021-11-15 09:20:32 +00:00