Bug: 226887726
Test: do bugreport without avc denials
Change-Id: I0b57cfdddb81c1685f6a054944c064e02c099637
Signed-off-by: Darren Hsu <darrenhsu@google.com>
Bug: 227531769
Test: do bugreport without avc denials
Change-Id: Ie3efd407ff629b583e37c0b5af430c9a9daf8691
Signed-off-by: Darren Hsu <darrenhsu@google.com>
Bug: 223537397
Test: Ensure that there are no selinux errors for charger_vendor in
off-mode charging
Change-Id: I9074079a7ba67813da6b6ad7b110d964b9b7db6d
Test: Ensure that there are no sepolicy errors when
/data/vendor/powerstats/odpm_config exists
Bug: 228112997
Change-Id: I094c29c4d1a82bccfabde7a5511f4aa833c2cd35
dont audit since it's debugfs
Bug: 228181404
Test: forrest with boot test
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I77a385b73b5a9edafefa8e7d34a351594cd5cd06
paths are changed when we enable parallel module loading and
reorder the initializtaion of devices.
Test: without avc denial
Bug: 227541760
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Icd74392e0684ac5614a83d14b936be880148f919
Vendor IMS Service read a SystemProperty starts with
persist.vendor.ims prefix, but it does not have a permission to
access it.
This change create a permission to access the SystemProperties start
with 'persist.vendor.ims.' prefix from vendor ims service.
Bug: 204714230
Test: Test results in b/225430461#comment40 enabling the property
Signed-off-by: Taesoon Park <ts89.park@samsung.com>
Change-Id: Ied50f377a3069eac65836ea999dfe021f4e4ed5d
Modify name from sysfs_vendor_sched to proc_vendor_sched
Test: without avc denial
Bug: 216207007
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ieb829e96ac1db2a1aa28fc416182450d128cac5c
pixelstats get this sysprop hit the avc denied
persist.device_config.storage_native_boot.smart_idle_maint_enabled
pixelstats-vend: type=1400 audit(0.0:22): avc: denied { read }
for name="u:object_r:device_config_storage_native_boot_prop:s0"
dev="tmpfs" ino=171 scontext=u:r:pixelstats_vendor:s0
tcontext=u:object_r:device_config_storage_native_boot_prop:s0
tclass=file permissive=0
Bug: 215443809
Test: local build and run pixelstats
Signed-off-by: Ocean Chen <oceanchen@google.com>
Change-Id: Iedb4fa00c5e18cda6c799c3461bf8298bcf357eb
Fix the following avc denial:
avc: denied { read } for name="panel_name" dev="sysfs" ino=71133 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=0
Bug: 223687187
Test: build and test fingerprint on device.
Change-Id: Ief1ccc7e2fa6b8b4dc1ecbd6d446cc49ee3936ce
Provide necessary sepolicy for dumpreport to access page_pinner
information in /sys/kernel/debug/page_pinner/{longterm_pinner,
alloc_contig_failed}
Bug: 226956571
Test: Run "adb bugreport <zip>" and verify it contains the output
from page_pinner.
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I7b00d4930fbaa2061537cd8c84616c1053c829cf
Label with boot_block_device to allow further operations on
vendor_kernel_boot including OTA updating.
This is required for update_engine to be able to write to
vendor_kernel_boot on builds that are enforcing sepolicy.
Bug: 214409109
Signed-off-by: Lucas Wei <lucaswei@google.com>
Change-Id: If239690ee168ecfd5c5b755451e389a4523c79b8
The function is disabled.
Bug: 221384939
Test: adb bugreport
Change-Id: If8e8b8165329eb9ede86cb62f419a8cf06abb536
Signed-off-by: Ted Lin <tedlin@google.com>
Modify name from sysfs_vendor_sched to proc_vendor_sched
Test: without avc denial
Bug: 216207007
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I96dc6eb76dd533ff6fd54c27be7e4bc32bf5dbc7
Fix the following avc denial:
avc: denied { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_fingerprint_default:s0 pid=1258 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=0
Bug: 197789721
Test: build and test fingerprint on device.
Change-Id: I7494f28e69e5a1b660dc7fbaa528b1088048723b
(cherry picked from commit 9b54bf3665abce7a6f5f5df22069a8ef081ad80e)
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface for WHI-PRO-based devices, now migrated to the
tm-dev branch. The files are in the following directories:
/sys/devices/platform/sjtag_ap/interface/
/sys/devices/platform/sjtag_gsa/interface/
Bug: 207571417
Bug: 224022297
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Merged-in: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
Change-Id: I56da5763c31ab098859cbc633660897646fe7f3e
health-service has trouble accessing /dev/thermal. This change fixes
this.
Bug: 223928339
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I6077e841d179b6cda50d578e584dd249ce970db0
