Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2551 commits 1 branch 0 tags 63 MiB
Commit graph

2551 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thiébaud Weksteen
1b64d05d93 Remove duplicate service entries 
These entries are defined in the platform policy.

Flag: EXEMPT bugfix
Bug: 367832910
Test: TH
Change-Id: I9e06b0c95330afa22da324e3669121d4477baa2f
 2024-10-17 02:58:49 +00:00
Krzysztof Kosiński
6497d42557 Revert "Update SELinux error" 
This reverts commit ce5420fdf4.

Reason for revert: Caused by b/372347927, relevant CL was reverted

Change-Id: Ifa42eb30ad3baa1b9f4b94c191bdce4901f9a135
Fix: 372360090
 2024-10-16 19:51:08 +00:00
Nina Chen
5000f8a8f9 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Flag: EXEMPT NDK
Bug: 373755350
Change-Id: I3b317eb87c60d150a6cd76a5218808146de5cccd
 2024-10-16 04:00:05 +00:00
Nick Kralevich
10dbaa11ca convert-to-ext4-sh.te: use su domain instead am: 588e82af38 am: a37bde70e7 
Original change: https://android-review.googlesource.com/c/device/google/gs201-sepolicy/+/3308857

Change-Id: I37726c7b54dd6ce65828bfb8cbe18f31bd8c7dd7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-15 23:25:27 +00:00
Nick Kralevich
a37bde70e7 convert-to-ext4-sh.te: use su domain instead am: 588e82af38 
Original change: https://android-review.googlesource.com/c/device/google/gs201-sepolicy/+/3308857

Change-Id: Id2d0ae24894dee7321bbfe5f3ee232acf083a652
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-10-15 23:06:48 +00:00
Nick Kralevich
588e82af38 convert-to-ext4-sh.te: use su domain instead 
07af2808d5 (b/239632964) added
security policy support for /system_ext/bin/convert_to_ext4.sh.
This shell script converts f2fs filesystems into ext4 filesystems
on debuggable builds (userdebug or eng) only. Ever since 2022,
the security policy for this shell script has been in permissive
mode, meaning no SELinux rules were being enforced.

  # convert-to-ext4-sh.te
  permissive convert-to-ext4-sh;

In the intervening 2 years, there has been no attempt to move
this domain into enforcing mode. And by now, this script has
likely served its purpose, by converting f2fs /persist filesystems
on engineering builds to ext4, and is probably no longer needed.

This change eliminates the use of the unenforced convert-to-ext4-sh
security domain, preferring instead to use the "su" security domain.
Like convert-to-ext4-sh, the su security domain enforces no rules
on debuggable builds, and is equivalent to traditional root on
desktop Linux systems, or running /system/xbin/su. This change
eliminates unnecessary technical complexity, and unblocks other
hardening changes, such as WIP commit
https://android-review.googlesource.com/c/platform/system/sepolicy/+/3308856

Moving from one permissive domain ("convert-to-ext4-sh") to another
permissive domain ("su") should be a no-op from a security and
functionality perspective.

Test: compiles and builds, passes treehugger.
Bug: 239632964
Change-Id: Ifd628310a923926d1a57b568c7703cb857f0871b
 2024-10-15 10:30:19 -07:00
Eileen Lai
f906b69f95 modem_svc: use shared_modem_platform to replace all modem_svc_sit 
Bug: 368257019

Flag: NONE local testing only
Change-Id: Icc258ce297b5e7ea51fa60aa2ffb09ce99b7ef18
 2024-10-14 07:27:41 +00:00
Nina Chen
ce5420fdf4 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 372360090
Bug: 372359823
Bug: 372360278
Flag: EXEMPT NDK
Change-Id: I9d195d35cc58503fc7c17a8fac5fabe66026c24b
 2024-10-09 05:09:08 +00:00
samou
315cc63557 sepolicy: allow dumpstate to execute dump_power 
10-04 19:36:47.308  7141  7141 I android.hardwar: type=1400 audit(0.0:6974): avc:  denied  { execute_no_trans } for  path="/vendor/bin/dump/dump_power" dev="overlay" ino=91 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6975): avc:  denied  { read } for  name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6976): avc:  denied  { open } for  path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6977): avc:  denied  { search } for  name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6978): avc:  denied  { read } for  name="core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6979): avc:  denied  { open } for  path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6980): avc:  denied  { getattr } for  path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-04 19:36:47.336  7141  7141 I dump_power: type=1400 audit(0.0:6981): avc:  denied  { read } for  name="time_in_state" dev="sysfs" ino=50604 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:25): avc:  denied  { read } for  name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:26): avc:  denied  { read } for  name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:27): avc:  denied  { read } for  name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:28): avc:  denied  { read } for  name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:29): avc:  denied  { read } for  name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:30): avc:  denied  { read } for  name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:29): avc:  denied  { search } for  name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:30): avc:  denied  { search } for  name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:31): avc:  denied  { search } for  name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:32): avc:  denied  { search } for  name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:33): avc:  denied  { search } for  name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18792): avc:  denied  { search } for  name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18793): avc:  denied  { read } for  name="uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18794): avc:  denied  { open } for  path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18795): avc:  denied  { getattr } for  path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18796): avc:  denied  { search } for  name="8-003c" dev="sysfs" ino=55942 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18797): avc:  denied  { read } for  name="maxfg" dev="sysfs" ino=62568 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18798): avc:  denied  { read } for  name="logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18799): avc:  denied  { open } for  path="/dev/logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6191): avc:  denied  { search } for  name="mitigation" dev="dm-50" ino=3758 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=dir permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6192): avc:  denied  { read } for  name="thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6193): avc:  denied  { open } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6194): avc:  denied  { getattr } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6195): avc:  denied  { search } for  name="mitigation" dev="sysfs" ino=85222 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6196): avc:  denied  { read } for  name="last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6197): avc:  denied  { open } for  path="/sys/devices/virtual/pmic/mitigation/last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6198): avc:  denied  { read } for  name="batoilo_count" dev="sysfs" ino=85287 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=file permissive=1
10-04 23:49:14.616  6976  6976 I dump_power: type=1400 audit(0.0:875): avc:  denied  { read } for  name="thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 23:49:14.616  6976  6976 I dump_power: type=1400 audit(0.0:876): avc:  denied  { open } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 23:49:14.616  6976  6976 I dump_power: type=1400 audit(0.0:877): avc:  denied  { getattr } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-05 00:00:44.540  7085  7085 I dump_power: type=1400 audit(0.0:878): avc:  denied  { read } for  name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-05 00:00:44.540  7085  7085 I dump_power: type=1400 audit(0.0:879): avc:  denied  { open } for  path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-05 00:00:44.540  7085  7085 I dump_power: type=1400 audit(0.0:880): avc:  denied  { search } for  name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:881): avc:  denied  { read } for  name="core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:882): avc:  denied  { open } for  path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:883): avc:  denied  { getattr } for  path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:884): avc:  denied  { read } for  name="time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:885): avc:  denied  { open } for  path="/sys/devices/platform/cpupm/cpupm/time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1

Flag: EXEMPT refactor
Bug: 364989823
Change-Id: Ie4637b1295975c716f50333ad6635b9694a624b8
Signed-off-by: samou <samou@google.com>
 2024-10-04 16:07:07 +00:00
Wilson Sung
eb84e9c0a4 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 369540701
Flag: EXEMPT NDK
Change-Id: Ib5edeaac550562b6bbb5ec35bfce1d6838245c6b
 2024-09-25 12:46:16 +00:00
Nina Chen
3aeae9b99f Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 369475655
Flag: EXEMPT NDK
Change-Id: Ic8d895b33d24e998faa00b128cad4bc4fd1e14bf
 2024-09-25 06:30:59 +00:00
Tej Singh
077e59c64f Make android.framework.stats-v2-ndk app reachable 
For libedgetpu

Test: TH
Bug: 354763040
Flag: EXEMPT bugfix
Change-Id: If78bc951a9a4cfc223d01970ca6819fe2b5c6335
 2024-09-20 21:34:56 -07:00
Prochin Wang
a5eb284c4a Change vendor_fingerprint_prop to vendor_restricted_prop 
This is to allow the fingerprint HAL to access the property.

Bug: 366105474
Flag: build.RELEASE_PIXEL_BOOST_DATALAYER_PSA_ENABLED
Test: mm
Change-Id: I5b07acfd7599b099997d46b297e1f7400a9fe478
 2024-09-16 01:45:44 +00:00
Nina Chen
c841b33df0 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Flag: EXEMPT NDK
Bug: 366116786
Change-Id: I6d17ac72f8bdcc3fc54d08b7c23a0f5e0fd83d23
 2024-09-13 06:44:56 +00:00
Vic Huang
bd7fbe9a02 [BT] Define vendor_bluetooth_prop 
avc:  denied  { set } for property=persist.vendor.service.bdroid.bdaddr pid=860 uid=1002 gid=1002 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0

Bug: 359428216
Test: Forest build
Flag: EXEMPT N/A
Change-Id: I1aeb04e32620b2815db02f34ee40eae94deeed3c
 2024-09-09 05:47:01 +00:00
Xin Li
5df951e8fd [automerger skipped] Merge 24Q3 to AOSP main am: 06ca871143 -s ours am: 63111cc957 -s ours 
am skip reason: Merged-In I65790202886298f9862d68d65cf794e67db5a878 with SHA-1 9d3f39622c is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs201-sepolicy/+/3257934

Change-Id: I0cc5ce5d8db326cabb0c0a7944eea178541df2af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-07 02:37:35 +00:00
Xin Li
63111cc957 [automerger skipped] Merge 24Q3 to AOSP main am: 06ca871143 -s ours 
am skip reason: Merged-In I65790202886298f9862d68d65cf794e67db5a878 with SHA-1 9d3f39622c is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs201-sepolicy/+/3257934

Change-Id: Ib784443204b69a0e9275081636e2ce72f046d531
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-09-07 02:11:42 +00:00
Xin Li
06ca871143 Merge 24Q3 to AOSP main 
Bug: 357762254
Merged-In: I65790202886298f9862d68d65cf794e67db5a878
Change-Id: I733204cdf91a8f8355c79450373501fb34c47b54
 2024-09-05 17:02:37 -07:00
Randall Huang
b67284dc2f storage: move storage related device type to common folder 
Bug: 364225000
Test: forrest build
Change-Id: Iaed5b07a1d9823ebf3c7210921784d81bf6207a5
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-04 10:44:13 +08:00
Randall Huang
5e8b0722d0 Storage: label ufs firmware upgrade script 
Bug: 361093041
Test: local build
Change-Id: I312d071ecaaedb09b54976e6b3bfe05e7bc6cdea
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-02 22:22:44 +00:00
attis
150634f087 Label sysfs node power_mode as sysfs_display. 
Label power_mode to sysfs_panel to let it be allowed in dumpstate.

avc log:
08-26 13:07:49.660 12467 12467 W dump_display: type=1400 audit(0.0:19): avc:  denied  { read } for  name="power_mode" dev="sysfs" ino=89753 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/350831939

Test: ls -Z, adb bugreport.
Flag: EXEMPT bugfix
Bug: 358505990
Change-Id: I9feeb2a8270f89d214f7d765893364d0e73f7d39
Signed-off-by: attis <attis@google.com>
 2024-09-02 04:54:13 +00:00
samou
a8d35041b3 sepolicy: gs201: fix bm selinux 
- add odpm scale value path
- add gpu cur_freq

Flag: EXEMPT refactor
Bug: 349935208
Change-Id: Ie053ead11eae4abdd0a30f74117d9c3e00eedf53
Signed-off-by: samou <samou@google.com>
 2024-08-23 10:58:20 +00:00
samou
5e0dca971a sepolicy: remove dump_power_gs201.sh 
Flag: EXEMPT refactor
Bug: 349935208
Change-Id: I3c0f48d00d312ef19677fe5ef9f080f063408667
Signed-off-by: samou <samou@google.com>
 2024-08-23 10:58:20 +00:00
Wilson Sung
7fd99e1b1b Update SELinux error 
Test: scanBugreport
Bug: 359428317
Bug: 361726277
Test: scanAvcDeniedLogRightAfterReboot
Bug: 359428317
Flag: EXEMPT bugFix
Change-Id: I2ce66f1431a2644076ff29b2337a97b366851d17
 2024-08-23 09:48:21 +00:00
Xiaofan Jiang
e8d359e8d4 Revert "Revert "gs201: update shared_modem_platform sepolicy for..." 
Revert submission 28822848-revert-28762313-SAYUORWKVG

Reason for revert: issue identify and fix is ready

Reverted changes: /q/submissionid:28822848-revert-28762313-SAYUORWKVG

Change-Id: Iae3ca282426fca573b4c42355e1b46eaa74d3c58
 2024-08-15 19:25:28 +00:00
Priyanka Advani (xWF)
e1a2549168 Revert "gs201: update shared_modem_platform sepolicy for UMI" 
Revert submission 28762313

Reason for revert: Droidmonitor created revert due to b/360059249.

Reverted changes: /q/submissionid:28762313

Change-Id: I0fc3d7d99b999eedf7e3948afb58fd962045f1e1
 2024-08-15 18:30:25 +00:00
Wilson Sung
4f8e79e4e5 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 360057889
Test: scanBugreport
Bug: 359428317
Test: scanAvcDeniedLogRightAfterReboot
Bug: 359428317
Flag: EXEMPT bugFix
Change-Id: I3d4a7bfbaab36136fbde6bbd56239e43cc9b012d
 2024-08-15 10:45:51 +00:00
Wilson Sung
0eae05186f Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 360057889
Test: scanBugreport
Bug: 359428317
Test: scanAvcDeniedLogRightAfterReboot
Bug: 359428317
Flag: EXEMPT bugFix
Change-Id: Iaec87b719446dbef5dc3d8d8d563cf3f47a2a584
 2024-08-15 10:28:57 +00:00
Wilson Sung
84725d0c7a Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 360057889
Test: scanBugreport
Bug: 359428317
Test: scanAvcDeniedLogRightAfterReboot
Bug: 359428317
Flag: EXEMPT bugFix
Change-Id: I9d573610f24054bd6ea8bb3307d0102da077dc55
 2024-08-15 09:25:42 +00:00
Xiaofan Jiang
b958dd13ad gs201: update shared_modem_platform sepolicy for UMI 
Bug: 357139752

Flag: EXEMPT sepolicy

[   68.189198] type=1400 audit(1722986580.568:59): avc:  denied  { unlink } for  comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { create } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1

Change-Id: I0bbef83a3915e4c0e284296bc5b59e0ce6cf6f15
 2024-08-15 04:01:03 +00:00
Wilson Sung
2b177e8120 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 359428005
Test: scanBugreport
Bug: 359427666
Test: scanAvcDeniedLogRightAfterReboot
Bug: 359428317
Flag: EXEMPT bugFix
Change-Id: Ib4a909b4f6e2bbad977ae66b722ad0de055ef5b5
 2024-08-13 08:50:52 +00:00
Kevin Ying
3c082cdefd Allow camera HAL to access power_state sysfs 
08-03 01:41:34.444   791   791 W TaskPool: type=1400 audit(0.0:178): avc:  denied  { read } for  name="power_state" dev="sysfs" ino=86770 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 339690296
Test: Open camera under SELinux enforcing mode, no display avc error
Flag: EXEMPT resource update only
Change-Id: Ic0f2d149cbcd8a3da5035f6d2788b4548523bbd6
Signed-off-by: Kevin Ying <kevinying@google.com>
 2024-08-09 17:40:00 +00:00
Wilson Sung
3e1197bafb Add kernel vendor_fw_file dir read permission 
07-31 05:35:39.208 885 885 W binder:885_5: type=1400 audit(0.0:125): avc: denied { read } for name="firmware" dev="dm-7" ino=48 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_fw_file:s0 tclass=dir

Fix: 356530883
Flag: EXEMPT bugfix
Change-Id: I1bb8fcfc952c69c991fd978a617eb92558817267
 2024-08-02 09:18:50 +00:00
Daniel Chapin
e825da7d84 Revert "trusty: storageproxy: add fs_ready_rw property context" 
Revert submission 28318041-rw_storage

Reason for revert: Droidfood blocking bug b/355163562

Reverted changes: /q/submissionid:28318041-rw_storage

Change-Id: Ifa22c1551e75dd5161a19c5fb5cb372fe669921c
 2024-07-24 20:17:20 +00:00
Mike McTernan
27df5480c4 trusty: storageproxy: add fs_ready_rw property context 
Flag: EXEMPT bug fix
Bug: 350362101
Test: ABTD
Change-Id: I2d6d1ab8dbd60c21a16cadc26c5e4d5d290df42d
 2024-07-23 10:02:20 +00:00
Carl Tsai
e1d272f6c9 Add to allocate a security context for panel_pwr_vreg 
type=1400 audit(1719903781.812:18): avc:  denied  { read } for  comm="dump_display" name="panel_pwr_vreg" dev="sysfs" ino=87631 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 350831939
Test: run pts -m PtsSELinuxTestCases -t com.google.android.selinux.pts.SELinuxTest#scanBugreport to check the test is Pass
Flag: EXEMPT bugfix
Change-Id: Ib03479bece87f26f48d6998dfd9b2dd84d439204
 2024-07-16 08:02:09 +00:00
Aaron Tsai
b05833237c Add permission for setting gril property 
05-22 18:00:40.443   948   948 I auditd  : type=1400 audit(0.0:854): avc:  denied  { write } for  comm="radioext@1.0-se" name="property_service" dev="tmpfs" ino=851 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Bug: 343012301
Bug: 203824024
Test: manual test
Flag: EXEMPT bugfix
Change-Id: Ie873e186d3eda618ba832164d9c9713b410977d2
 2024-07-05 08:05:01 +00:00
Wilson Sung
e3ae25faca Update SELinux error 
Test: scanBugreport
Bug: 350831939
Bug: 350832009
Change-Id: Ib8cee5cf5cb6acc734c2334e91b49aa4b7a02863
 2024-07-03 02:04:37 +00:00
Xin Li
548222aa57 [automerger skipped] Merge 24Q3 (ab/11976889) to aosp-main-future am: 88b5690472 -s ours 
am skip reason: Merged-In I65790202886298f9862d68d65cf794e67db5a878 with SHA-1 9d3f39622c is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/27908796

Change-Id: I6b8be580827f70f07b80f05b9ca9dcea00c131ef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-20 21:09:07 +00:00
Xin Li
88b5690472 Merge 24Q3 (ab/11976889) to aosp-main-future 
Bug: 347831320
Merged-In: I65790202886298f9862d68d65cf794e67db5a878
Change-Id: I807edd294c09ad0af1d37bb6e01f8b500062fdee
 2024-06-18 14:13:23 -07:00
Xin Li
db2e61924e [automerger skipped] Merge Android 14 QPR3 to AOSP main am: 04b32a1035 -s ours am: b7616414ad -s ours 
am skip reason: Merged-In I2543b8c140628545d367aeff42010369e3359cf7 with SHA-1 958d751956 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs201-sepolicy/+/3132294

Change-Id: I816ede9a7a2c65cace5f1a23b44e394905a1289c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-18 05:55:20 +00:00
Xin Li
b7616414ad [automerger skipped] Merge Android 14 QPR3 to AOSP main am: 04b32a1035 -s ours 
am skip reason: Merged-In I2543b8c140628545d367aeff42010369e3359cf7 with SHA-1 958d751956 is already in history

Original change: https://android-review.googlesource.com/c/device/google/gs201-sepolicy/+/3132294

Change-Id: Ibe4946b0330c461d66abbf6ec4eaf44932e73690
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-17 20:41:49 +00:00
Xin Li
04b32a1035 Merge Android 14 QPR3 to AOSP main 
Bug: 346855327
Merged-In: I2543b8c140628545d367aeff42010369e3359cf7
Change-Id: I79097f05ad471c387d5d62b6d31f3ef390e43f94
 2024-06-13 10:48:23 -07:00
Xin Li
d279e5fbfd [automerger skipped] Merge Android 24Q2 Release (ab/11526283) to aosp-main-future am: 958d751956 -s ours 
am skip reason: Merged-In Ifcf73176620f44743a8aa252f8afed85c3af475c with SHA-1 1c7d8f80f2 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/27273660

Change-Id: I629080ea20475918f6c7b4efdf12b6754b4be4a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 21:59:13 +00:00
Xin Li
57a28fc4fb [automerger skipped] Merge Android 24Q2 Release (ab/11526283) to aosp-main-future am: 958d751956 -s ours 
am skip reason: Merged-In Ifcf73176620f44743a8aa252f8afed85c3af475c with SHA-1 1c7d8f80f2 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/27273660

Change-Id: Ib8ab6854fd050ae94bc197debbce33b11345f03b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 19:45:56 +00:00
Chaitanya Cheemala
9d3f39622c Revert "SELinux: fix avc denials" 
This reverts commit d1fe9f8f80.

Reason for revert: Likely culprit for b/340511525  - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.

Change-Id: I65790202886298f9862d68d65cf794e67db5a878
 2024-05-14 15:07:58 +00:00
Ken Yang
d1fe9f8f80 SELinux: fix avc denials 
Bug: 338332877
Change-Id: I5fb0a73cdc0d276ec14e55906c9bbd9c6875c786
Signed-off-by: Ken Yang <yangken@google.com>
 2024-05-14 05:14:55 +00:00
chenkris
5a1bb0df6e Allow fingerprint to access the folder /data/vendor/fingerprint 
Fix the following avc denial:
android.hardwar: type=1400 audit(0.0:20): avc:  denied  { write } for  name="fingerprint" dev="dm-56" ino=36703 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 267766859
Test: Tested fingerprint under enforcing mode
Change-Id: I11c465fe89fcbfa7d9132ccee1c7666d1cd75a24
 2024-05-08 08:46:26 +00:00
Xin Li
958d751956 Merge Android 24Q2 Release (ab/11526283) to aosp-main-future 
Bug: 337098550
Merged-In: Ifcf73176620f44743a8aa252f8afed85c3af475c
Change-Id: I2543b8c140628545d367aeff42010369e3359cf7
 2024-05-06 12:18:07 -07:00
Enzo Liao
a4536fa426 [automerger skipped] Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. am: ceab5d1740 -s ours 
am skip reason: Merged-In I57f9b8b77aa070ad2216cae1e84630a26a03618d with SHA-1 66254ad14d is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/27046444

Change-Id: Ic36d68f2a6402a9d8c16b12fb0157b7c591000e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-26 08:08:35 +00:00