Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
350 commits 1 branch 0 tags 63 MiB
Commit graph

350 commits

This branch
This branch
All branches
Author SHA1 Message Date
chungkai
2d7c980fa6 Fix avc denials for powerhal 
selinux policy is already added by other commit "9cc7041",
so remove the previous setting.

Test: boot to home screen
Bug: 218934377
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Id11ee7b4ae216a54e7051190f8ca382e97a76ade
 2022-02-16 02:21:04 +00:00
SalmaxChang
c5f0e9723f cbd: fix avc errors 
avc: denied { search } for comm="cbd" name="/" dev="sda1" ino=3 scontext=u:r:cbd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { setuid } for comm="cbd" capability=7 scontext=u:r:cbd:s0 tcontext=u:r:cbd:s0 tclass=capability permissive=1

Bug: 205779872
Bug: 205904432
Change-Id: I09f1ac5473b728d5e6f38b01dc83f4b9c4c8fbcc
 2022-02-16 01:55:39 +00:00
SalmaxChang
1420e3d5d7 rfsd: fix avc errors 
[    8.024353] type=1400 audit(1636594727.560:42): avc: denied { chown } for comm="rfsd" capability=0 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1
[    8.027666] type=1400 audit(1636594727.564:43): avc: denied { setuid } for comm="rfsd" capability=7 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1

Bug: 205904361
Change-Id: I6e30a9622b930273fbc524e6bc84f2112f79f11c
 2022-02-16 01:55:31 +00:00
Mars Lin
a320d9b575 Add required sepolicy rules for CatEngine 
Fix:
02-15 11:55:44.005   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=activity scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.082   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=game scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:game_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.087   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=netstats scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.092   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=content_capture scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1

Bug: 219632839
Test: pts-tradefed run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I1db9b29e3a3c7dae782bced3427e7c24c5dee945
 2022-02-16 01:34:11 +00:00
Adam Shih
501767b174 remove bt obsolete sepolicy 
Bug: 207062775
Bug: 208721525
Test: do bt connection under enforcing mode
Change-Id: I787bfcffdb8cfcff7276d8d183c04d985296ff1c
 2022-02-15 07:45:58 +00:00
Adam Shih
027e04ab2b update error on ROM 8184037 
Bug: 219632839
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ie3a2325f2e80aea94d7ca79257f5bf3db8578259
 2022-02-15 06:59:08 +00:00
Alex Hong
58b6e68d51 Add required sepolicy rules for Sensor function 
Bug: 210067282
Bug: 214473093
Bug: 218930975
Bug: 218499995
Test: run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#checkSensors
Change-Id: I21bbbe35b8c487e9de46b03c508a483134c0b1b8
 2022-02-14 19:31:08 +08:00
Rick Yiu
76b772519a Allow dumping vendor groups values 
Fix:
I dumpstate@1.1-s: type=1400 audit(0.0:37): avc: denied { search } for name="vendor_sched" dev="proc" ino=4026532870 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=dir permissive=1
I dumpstate@1.1-s: type=1400 audit(0.0:38): avc: denied { read } for name="dump_task" dev="proc" ino=4026532871 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=file permissive=1
I dumpstate@1.1-s: type=1400 audit(0.0:39): avc: denied { open } for path="/proc/vendor_sched/dump_task" dev="proc" ino=4026532871 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=file permissive=1

Bug: 216844247
Test: build pass
Change-Id: Icfecf373aa7b49d504d9ed4e15dcbfe2a53d47d3
 2022-02-14 06:05:03 +00:00
Adam Shih
015d77ab54 update error on ROM 8179635 
Bug: 219369324
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Iee33b4d8cefca3b91caa0fce1ed1d4a0686a05a2
 2022-02-14 05:19:24 +00:00
Mars Lin
549512a38e Add sepolicy for CatEngine 
Bug: 187989782
Test: Run CAT adb check log
Change-Id: Ib715ac2fb8efc8ad79fe190942dcfae716291d2b
 2022-02-14 03:03:39 +00:00
Adam Shih
436106d52f Let citadel talk to system_server 
Bug: 205904322
Test: no request loop caused by citadeld
Change-Id: Ia258ed2555d82eb2ea2b139a266c8f76d3b29d06
 2022-02-11 06:54:28 +00:00
Adam Shih
e01b568cfe update error on ROM 8172195 
Bug: 218934377
Bug: 218930975
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I125453803e0c827c45ad9551616366b96cc89816
 2022-02-11 05:31:05 +00:00
Alex Hong
9cc70410c5 Add required sepolicy rules for Camera function 
Bug: 218499972
Test: Switch to Enforcing mode
      Take a picture, camera recording
Change-Id: I57f3e8454ece6906624f028b7a3771ffddcaa963
 2022-02-11 03:26:56 +00:00
Alex Hong
cd4f508c92 Grant hal_dumpstate_default access 
Bug: 208721677
Bug: 208909124
Test: pts-tradefed run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanBugreport
Change-Id: Ie5463e96958a95431630941c19b7888a3eea2e3e
 2022-02-11 03:26:56 +00:00
davidycchen
7b7394be79 Remove touch_service 
Remove touch_service here because we already define in
hardware/google/pixel-sepolicy/input and add by ag/16251913.

Bug: 199104528
Test: No any related error.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: I3e5f705f6d3cde18d9495cb110e16c4152fe3d4f
 2022-02-11 02:36:29 +00:00
davidycchen
bfda745e26 Remove touch_offload_device declaration 
touch_offload_device is already declare in
hardware/google/pixel-sepolicy/input.

device/google/gs201-sepolicy/whitechapel_pro/device.te:14:ERROR
'Duplicate declaration of type' at token ';' on line 76173:
type rls_device, dev_type;
type touch_offload_device, dev_type;

Bug: 199104528
Test: build pass

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: I3cedb25473d8327eb42d3b65cf714cf5dc22712f
 2022-02-11 02:36:29 +00:00
Ankit Goyal
239885a306 Rename vulkan library to be platform agnostic 
Bug: 174232579
Test: Boots to home
Change-Id: Ib8618f4f8e1fc47753039f1143269211df0c42be
 2022-02-11 00:52:54 +00:00
Adam Shih
08db42d941 update error on ROM 8162414 
Bug: 218585004
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I9ac82ab564eb4399a88516427f1cdc735a257da2
 2022-02-09 05:17:19 +00:00
chungkai
b1177899bd Fix avc denials for powerhal 
Test: boot to home screen
Bug: 214121738
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ic5e14f7c8d321278c2c39797126db930a0dc93f3
 2022-02-09 04:10:28 +00:00
Denny cy Lee
92d0030e6a hardwareinfo: add sepolicy for SoC 
Bug: 208721710
Test: search avc in logcat

Change-Id: I3828d39981666db98e6a34aa70ae39b7f126e495
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2022-02-08 03:33:06 +00:00
Marco Nelissen
362074c629 Really allow logd to read the Trusty log 
The previous change was missing some permissions.

Bug: 190050919
Test: run
Change-Id: I09d50b663a926cb616279e4a741d34598ca80ab7
 2022-01-27 13:30:28 -08:00
Krzysztof Kosiński
b76b5e3872 Add camera HAL sepolicy based on previous chip family. 
The camera HAL code is reused from the previous chip and needs to
perform the same operations as previously, with the following
differences:
- The interrupt affinity workaround may no longer be necessary
  due to image sensor changes, so the ability to set interrupt
  affinity is removed.
- Access to some files that were only present before the APEX
  migration is removed.
- vendor_camera_tuning_file is no longer needed.
- TEE access for face auth is removed for now.

Bug: 205904406
Bug: 205657132
Bug: 205780186
Bug: 205072921
Bug: 205657133
Bug: 205780065
Bug: 204718762
Bug: 207300298
Bug: 209889068
Bug: 210067468
Test: Ensure that the policy builds; I don't have access to target
      hardware at the moment.

Change-Id: Ia70b98d4e1f3a156a5e719f0d069a90579b6a247
 2022-01-27 15:36:30 +00:00
Marco Nelissen
ef2c46c2f4 Allow logd to read the Trusty log 
Bug: 190050919
Test: run

Change-Id: I52c1bfadbbe7d2a471bd8e9be995284f8887543a
 2022-01-26 17:28:12 +00:00
Ted Lin
cdee7b6e78 fix avc denied for charge_stats 
01-13 11:05:03.196  1000  3806  3806 I pixelstats-vend: type=1400 audit(0.0:32): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=59835 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
01-13 11:05:03.196  1000  3806  3806 I pixelstats-vend: type=1400 audit(0.0:33): avc: denied { read } for name="charge_stats" dev="sysfs" ino=70092 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=1
01-13 11:05:03.196  1000  3806  3806 I pixelstats-vend: type=1400 audit(0.0:34): avc: denied { open } for path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/charge_stats" dev="sysfs" ino=70092 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=1
01-13 11:05:03.196  1000  3806  3806 I pixelstats-vend: type=1400 audit(0.0:35): avc: denied { getattr } for path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/charge_stats" dev="sysfs" ino=70092 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=1

Bug:208909060
Test: adb bugreport
Change-Id: Idf43a85d07727bbeb8c3f34475da6f697573bfed
Signed-off-by: Ted Lin <tedlin@google.com>
 2022-01-26 08:08:54 +00:00
Ted Lin
2e64171fe1 Remove the tracking for regmap read on hardwareinfo 
Bug: 208909060
Test: adb bugreport
Change-Id: Id81634ccf58a984e8b9ac54e400a1f8035b1304a
Signed-off-by: Ted Lin <tedlin@google.com>
 2022-01-26 08:08:54 +00:00
TeYuan Wang
0f6ba3f806 remove thermal_link_device tracking_denials rules 
we remove the thermal zone policy change by ag/16713094,
so we do not need this tracking_denials rules anymore

Bug: 202907037
Test: no avc denied log found
Change-Id: I5fe8b0d94c9fddac02e92fcd611b7098f0e68971
 2022-01-26 02:41:03 +00:00
TeYuan Wang
213dbe2a39 Add sepolicy for thermalHAL power link feature 
Bug: 204522993
Test: thermalHAL can read ODPM data under enforcing mode
Change-Id: I58ad63003a68421b25b65fe5c43fa2c3a50696c4
 2022-01-25 09:37:14 +00:00
Jinting Lin
6c24e3f9ba sepolicy: fix avc denied for logger app 
Bug: 205202541
Bug: 205779798
Bug: 207062780
Bug: 206045604
Bug: 207571546
Bug: 207431041
Bug: 208721679

Test: flash forrest build, no avc denied log on logger app

Change-Id: I6be694f727d619ba89eaa4d006c74ba4dc582095
 2022-01-25 08:16:48 +00:00
Ted Lin
9748ae74c2 Using dontaudit to fix the avc on boot test 
[    1.950092] audit: type=1400 audit(1641787406.988:2): avc:  denied  { search } for  pid=49 comm="kworker/7:0" name="google_battery" dev="debugfs" ino=36095 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_battery_debugfs:s0 tclass=dir permissive=1

Bug: 213817227
Test: check bugreport
Change-Id: Ia056856476a17feb40c20c21cf1515e0feddfc17
Signed-off-by: Ted Lin <tedlin@google.com>
 2022-01-25 05:18:18 +00:00
Ray Chi
6733f9667d add sepolicy for set_usb_irq.sh 
Bug: 202103325
Test: build pass
(synced from commit 714075eba72067489d08c36b87bfed9656092b2c)

Change-Id: I309e24a5084ed33278d3fbe49e4ad1cc91b1255a
 2022-01-25 03:28:35 +00:00
Stephen Crane
019c8e6fcf Allow TEE storageproxyd permissions needed for DSU handling 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Change-Id: Ief6166aaa20ccab27dc7864373722383efae0718
 2022-01-24 23:23:04 +00:00
Adam Shih
c050b66976 update error on ROM 8101782 
Bug: 215649341
Bug: 215649571
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I1469117c6b9479fe40aa16975b00bcbe23ced015
 2022-01-24 03:56:22 +00:00
Jagadeesh Pakaravoor
a846416750 camera_hal: allow changing kthread priority 
Allow changing kthread priority during insmod for camera-hal/LWIS.

Bug: 199950581
Test: boot, local camera testing
Change-Id: If59bfe101cab17854a5472ef388411bd19ef0a68
 2022-01-24 03:17:16 +00:00
Darren Hsu
89f14a9496 sepolicy: allow PowerStats HAL to access below sysfs 
aoc, acpm_stats, cpu, edgetpu, iio_devices, odpm, wifi and ufs

(All avc logs are listed in b/207598247#comment2)

Bug: 207062210
Bug: 207571335
Bug: 207720720
Bug: 207598247
Test: dump power stats with no relevant avc error
Change-Id: I9c99af2d06461a2f86ef02d76b3aa8ea669e58e9
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-01-24 02:05:11 +00:00
Darren Hsu
a7e3b39ca4 sepolicy: allow PowerStats HAL to call BT HAL 
Bug: 205904367
Test: dump power stats with no relevant avc error
Change-Id: Idc7ecbc7e3571011c8c12c421bdce0015e78135f
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-01-24 02:04:21 +00:00
Adam Shih
13bd5ff5df let vendor_init set usb property 
[    6.419785] type=1107 audit(1642741073.304:7): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.rndis.config pid=352 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=0'
Bug: 205214899
Test: unplug and plug in usb with no relevant error
Change-Id: I8104ba9f0e0cb5b8b0d5e66964d9306d39d4c296

Change-Id: Ib76f7cae9015bcbd255d79edc099072a58860028
 2022-01-21 07:03:22 +00:00
Adam Shih
cf275e10c6 fix sim card related permission 
[   21.176786] type=1107 audit(1642737478.108:25): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.radio.allowed_types_loaded0 pid=1931 uid=10205 gid=10205 scontext=u:r:oemrilservice_app:s0:c205,c256,c512,c768 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=1'
[   32.319439] type=1400 audit(1642737489.248:28): avc: denied { read } for comm="pool-4-thread-1" name="u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=321 scontext=u:r:vendor_ims_app:s0:c212,c256,c512,c768 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=1 app=com.shannon.imsservice
Bug: 205214899
Test: boot to home with sim card inserted

Change-Id: Id54441adc109d6977013abdc94c31d9b46bc203b
 2022-01-21 07:03:02 +00:00
William Tai
492f8a39f4 allow android.hardware.power.stats-service.pixel to access sysfs_leds 
01-20 15:26:18.272   760   760 I android.hardwar: type=1400 audit(0.0:8): avc: denied { search } for name="backlight" dev="sysfs" ino=69387 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
01-20 15:26:18.272   760   760 I android.hardwar: type=1400 audit(0.0:9): avc: denied { read } for name="state" dev="sysfs" ino=69419 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1
01-20 15:26:18.272   760   760 I android.hardwar: type=1400 audit(0.0:10): avc: denied { open } for path="/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/state" dev="sysfs" ino=69419 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

Bug: 214473005
Test: no avc denied error during bootup
Change-Id: I5b8a232202a8f1c5b10878c10be9bec3329fb7ad
 2022-01-21 06:14:32 +00:00
Devika Krishnadas
35abe98124 Edit vframe-secure policy 
Bug: 215417614
Test: GL2SecureRendering.apk
Signed-off-by: Devika Krishnadas <kdevika@google.com>
Change-Id: Ief75b8581887d28916d512ec90acc575311276db
 2022-01-21 04:47:21 +00:00
Adam Shih
3062ac34cd allow storageproxyd to set itself to system 
Bug: 205904330
Test: boot to home under enforcing mode
Change-Id: I48272f6507f6cdb930f734b86d3b21b0e553cac0
 2022-01-20 14:48:49 +08:00
Adam Shih
26778aff7b be able to dump camera info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: I90a4c971c50290c38f7913dc18404daf0270b907
 2022-01-20 14:17:00 +08:00
Adam Shih
f56dba1b24 be able to dump CPU info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: I14abe138b6ad4a842edb143318cc5d867d575ec3
 2022-01-20 14:11:25 +08:00
Adam Shih
36dc06e08a be able to dump debugfs info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: I4f7fc7a8f0029f1c1f398403d938bd6b7b96a43e
 2022-01-20 11:12:06 +08:00
Adam Shih
8209221242 be able to run usf dump binary 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: I83687a284c4a27e723e31ce19edd2cbceaa69ab8
 2022-01-20 11:12:06 +08:00
Adam Shih
f6dd48e07b be able to dump modem silent log 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: Iec520b21d904fa4119a4111fe4de659c28634826
 2022-01-20 11:12:06 +08:00
Adam Shih
0e96eb0865 be able to dump rfsd info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: Idbe125d76392a8c04b3fa5f475e0c3aa2f9a199c
 2022-01-20 11:12:06 +08:00
Adam Shih
43d7a148d5 be able to dump GPS 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: Ied6d86090e3ae29c0b49c4880a515669940c5706
 2022-01-20 11:12:06 +08:00
Adam Shih
bfe1d014a2 be able to dump chip id 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: Ie539ab9afac80ea58e418a6fbe503ad822299b3f
 2022-01-20 11:12:06 +08:00
Adam Shih
8518e2e1ce be able to dump wireless charging info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: Ie4e19a322a312e183e23197f600a527ee5ceed4d
 2022-01-20 11:12:06 +08:00
Adam Shih
75ad9a3fcc be able to dump exynos info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: I72ca4c8715130558d8dd3dccbf941dde6b9f064e
 2022-01-20 11:12:05 +08:00