Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
744 commits 1 branch 0 tags 63 MiB
Commit graph

744 commits

This branch
This branch
All branches
Author SHA1 Message Date
Myung-jong Kim
e2b042c307 sepolicy: add net_domain macro for vendor_rcs_app 
[Problem] sepolicy denial during ShannonGbaService process
[Cause] Missing sepolicies
[Solution] Add net_domain(vendor_rcs_app) to give base set of
    permissions required for network access

Bug: 235011726
Signed-off-by: Myung-jong Kim <mj610.kim@samsung.com>
Change-Id: Iaac1d7b5a4303338ed2c763b62714e14aed7d728
 2022-06-10 14:39:59 +00:00
Ken Chen
d0bbe71217 fix sepolicy for net devices 
bug: 222232008
Test: atest NetdSELinuxTest#CheckProperMTULabels
Change-Id: I99f70eefa3259a2da556fed6ced70f32d03ff4bb
 2022-06-10 18:20:19 +08:00
Andy Hsu
b1fee529bc Add policy to allow debug camera app (GCAEng and locally built GCANext) to access HAL to apply CPU/GPU boost on userdebug builds. am: 1240fdefbb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18669326

Change-Id: Ibe8f4e083e90f9e6628d7bf926e9b42020ef0c2b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 03:20:12 +00:00
Andy Hsu
1240fdefbb Add policy to allow debug camera app (GCAEng and locally built GCANext) to access HAL to apply CPU/GPU boost on userdebug builds. 
Bug: 233998391

Test: Boost applied successfully for all flavors b/233998391#comment15. GCA.
Change-Id: If339705cf4daec0f12e81c2c8efdc1eb4a063267
 2022-06-08 02:26:26 +00:00
Adam Shih
a038a3604c update error on ROM 8666963 am: 2a7ecbdce0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18683654

Change-Id: I41da935bb47a11e07bf3a2503b39b59c910ac2e6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 09:08:58 +00:00
Adam Shih
2a7ecbdce0 update error on ROM 8666963 
Bug: 234547497
Test: boot
Change-Id: Ic5a9d39449af035a32aaea71b06d7bd33e16cf4b
 2022-06-01 08:35:23 +00:00
George Chang
df6bc834b3 Update nfc from hidl to aidl service am: 851a643c9e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18219341

Change-Id: I7b41a004c946dde1143226f01b8b3aed50f8bf07
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 06:40:50 +00:00
George Chang
851a643c9e Update nfc from hidl to aidl service 
Bug: 216290344
Test: atest NfcNciInstrumentationTests
Test: atest VtsAidlHalNfcTargetTest
Merged-In: If1f57af334033f9bd7174c052767715c9916700f
Change-Id: If1f57af334033f9bd7174c052767715c9916700f
 2022-06-01 06:19:26 +00:00
Andy Hsu
cb2ea8b415 Add policy to allow GoogleCameraApp access HAL to apply CPU/GPU boost. am: 38ddaa255e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18611816

Change-Id: If8b3bd00da683ee1b63302f11a3d87638ac8ce8d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 00:17:24 +00:00
Andy Hsu
38ddaa255e Add policy to allow GoogleCameraApp access HAL to apply CPU/GPU boost. 
To fix the denial message:
avc:  denied  { find } for pid=4646 uid=10134 name=android.hardware.power.IPower/default scontext=u:r:google_camera_app:s0:c134,c256,c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Reference: go/sepolicy.

On P21, we have ag/14692156 to access PowerHAL in GCA. On P22, we currently don't have the permission (b/233998391#comment10). This change fixes this issue.

Bug: 233998391
Bug: 232184722
Bug: 232022128

Test: Boost is applied successfully b/233998391#comment11. GCA.

Change-Id: Id1a938fc0af0ad9280aa49e7f6cbdf45c16f8b38
 2022-05-31 23:57:19 +00:00
Ankit Goyal
b6ff456519 Add SE policies for memtrack HAL am: 5be857af43 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18638327

Change-Id: I5b0f38beb901b5a18a72135a51f922c2354975db
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-31 23:39:38 +00:00
Ankit Goyal
5be857af43 Add SE policies for memtrack HAL 
Bug: 220360577
Test: adb shell dumpsys meminfo
Change-Id: I4dfc0c016ccf980b4f7dabd2fb70d2466b69b5cc
 2022-05-31 23:25:27 +00:00
Taeju Park
f292277bbd Pixel-EM-DriverV2: sepolicy: allows Power HAL to am: eb4d432dd8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18635845

Change-Id: I57405574dd0a776e8b5c4569b50e515fc5150f24
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-31 21:07:59 +00:00
Taeju Park
eb4d432dd8 Pixel-EM-DriverV2: sepolicy: allows Power HAL to 
modify em_profile related sysfs nodes

Bug: 170647767
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: I160741f172a5713535852e7fb0d12126ddf0395e
 2022-05-31 20:38:29 +00:00
George Lee
adafddba0a dumpstate: Mitigation logger readout - sepolicy am: ee92ac374a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18605588

Change-Id: Ib737d3365d2bb622a020c38032555a58279d6ab2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-27 21:20:25 +00:00
George Lee
ee92ac374a dumpstate: Mitigation logger readout - sepolicy 
Mitigation Logger logs battery related information for 1 second when it
is triggered by under voltage or over current interrupts.  Information
collected is to help debug system brownout.  This change is to enable
bugreport reading out the mitigation log.

Bug: 228383769
Test: Boot and Test
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Ic0291e05bcf20839a66d50d159bb5ef41681c45d
 2022-05-27 11:25:02 -07:00
George Lee
e9621aaa91 bcl: Add Mitigation Logger - sepolicy am: bc2cf5c153 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18527859

Change-Id: If44783796889a9f6bb479577b16b5705c9b2c605
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-27 18:05:57 +00:00
George Lee
bc2cf5c153 bcl: Add Mitigation Logger - sepolicy 
Mitigation Logger logs battery related information for 1 second when it
is triggered by under voltage or over current interrupts.  Information
collected is to help debug system brownout.

Bug: 228383769
Test: Boot and Test
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I9ac873d03d57d9a6db8d9233f25c8fabdfc399a5
 2022-05-26 21:39:25 -07:00
eddielan
464a71b3b6 [automerger skipped] sepolicy: Add SW35 HIDL factory service into sepolicy am: 36a6b23804 -s ours 
am skip reason: Merged-In If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704 with SHA-1 aeb9bd0406 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18626554

Change-Id: I21fac30e6097708e5fa6b7510f5bcd164cb85538
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-27 04:32:32 +00:00
eddielan
36a6b23804 sepolicy: Add SW35 HIDL factory service into sepolicy 
Bug: 231549391
Test: Build Pass
Change-Id: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
(cherry picked from commit aeb9bd0406)
Merged-In: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
 2022-05-27 01:29:31 +00:00
Yichi Chen
94a704eb03 RRS: Apply the default config from persist prop am: 8b2c6f8187 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18401056

Change-Id: Ida18620e5ca13126a75f416074a15e72a3f6d2fd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 13:46:16 +00:00
Yichi Chen
8b2c6f8187 RRS: Apply the default config from persist prop 
vendor_config plays as another role to control the display config during
the boot time. To change the default configuration of the user selected
mode, we use persist config to store the value.

Bug: 232721840
Test: Boot w/ and w/o user selected configs and check the resolution
Change-Id: Ideed75f0a29368ff95916fb1fa87f21482c17613
 2022-05-24 13:06:41 +00:00
Badhri Jagan Sridharan
d046b4b1ed Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable am: 91a1f49a8a am: 08ccaeb6ab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18553772

Change-Id: I972549a0e46239f10cdf2ab99a0f777ba70257ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 01:25:20 +00:00
Badhri Jagan Sridharan
08ccaeb6ab Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable am: 91a1f49a8a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18553772

Change-Id: I31d103ab14fb4cf3e2eafc14d88196a9309bcb72
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 01:01:25 +00:00
Badhri Jagan Sridharan
91a1f49a8a Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable 
auditd  : type=1400 audit(0.0:4): avc: denied { search } for comm="HwBinder:879_1"
name="10d60000.hsi2c" dev="sysfs" ino=23606 scontext=u:r:hal_usb_gadget_impl:s0
tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0

Bug: 206635552
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ibc4ec27ad7d1b7a26c9935aa0c4aff5f03a8d59c
 2022-05-23 23:59:44 +00:00
Dinesh Yadav
822e3afdd3 Add SEPolicy for gxp_metrics_logger.so logging to stats service am: 6513479fe8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18482687

Change-Id: I300a7aeb35771c540f6f127e4e972b92dc42d4fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 17:24:17 +00:00
Dinesh Yadav
6513479fe8 Add SEPolicy for gxp_metrics_logger.so logging to stats service 
In order to access the gxp metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses.
This CL adds the same_process_hal_file tag to allow this exception.

Bug: 177236353

Test: App can load the .so and creates a VLOG message after this change.
Before: No permission to access namespace.
After: GCA able to access the gxp_metrics_logger.so
Change-Id: I453b66b30eb51ebd22fda750d272cf35574301f6
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2022-05-20 17:05:23 +00:00
Jacqueline Wong
8efadaab80 be able to dump coredump am: c169cd75ce 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18485733

Change-Id: Iea9f96f30173d183b8ef962919b53e91674cf036
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-19 23:31:39 +00:00
Dinesh Yadav
f66e6cedf3 Add SEPolicy settings for android logging/tracing service for GXP am: e40cd2ac42 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18155927

Change-Id: I28abf12f78287639b1314dfbdfabe09405bbb0f0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-19 07:58:30 +00:00
Nishok Kumar S
0cd372af58 Add label for GCA fishfood app built with debug keys - label as am: 43e827c01a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18403423

Change-Id: I0beaa21082bb2ed8faf68710846025470b1cbe9b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-19 07:58:00 +00:00
Jacqueline Wong
c169cd75ce be able to dump coredump 
Bug: 218358165
Test: adb root; adb remount -R; adb bugreport
Signed-off-by: Jacqueline Wong <jacqwong@google.com>
Change-Id: I42c2db7902064e1508676ad93def2e0e4f5c2b28
 2022-05-19 05:37:50 +00:00
Dinesh Yadav
e40cd2ac42 Add SEPolicy settings for android logging/tracing service for GXP 
This change also adds support for SEPolicy to access perfetto which was
missing in ag/17818623.

Bug: 217289052

Change-Id: Ic5599d0be783b65102b3b0ffef27e66f1f6904da
 2022-05-19 03:31:32 +00:00
Nishok Kumar S
43e827c01a Add label for GCA fishfood app built with debug keys - label as 
debug_camera_app.

Test: Build GCA-Next manually and install on device. Test with selinux
on.
Bug: 230773733

Change-Id: Ifc2fd29a74bf66444501327feac391ddf812c867
 2022-05-17 02:42:05 +00:00
George Lee
a0126d5b0f dumpstate: Add BCL mitigation info to user build am: b6971e353f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18408238

Change-Id: Id0d1772cc33c495b6ad525946b40f02a768ddc86
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-17 01:38:06 +00:00
George Lee
b6971e353f dumpstate: Add BCL mitigation info to user build 
Bug: 232793927
Test: Confirm user build bugreport has mitigation info
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I9945a0f005bee6e25580c122df4c8932607fa51a
 2022-05-17 00:42:57 +00:00
Austin Wang
84ae81f114 Add P22 reverse wireless charging selinux policy am: e5f8377849 am: 53a167fcf0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18350566

Change-Id: I228618e35faf413867c6d4f6c6b1222ce8185aa1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 10:39:55 +00:00
Jerry Huang
29d8fcfa03 Allow mediacodec to access vendor_data_file am: 95845654bf am: dafeb57668 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18188091

Change-Id: I0b8c09ea5d2396af808728f468482c05bf2e3ffa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 10:39:49 +00:00
Austin Wang
53a167fcf0 Add P22 reverse wireless charging selinux policy am: e5f8377849 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18350566

Change-Id: I92b12dd3c05b50244e3c67667ba2296fcf62fd1a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 09:49:54 +00:00
Jerry Huang
dafeb57668 Allow mediacodec to access vendor_data_file am: 95845654bf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18188091

Change-Id: I4fd8e3a631a441dfedf06300f5f619706f7b75c8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 09:49:28 +00:00
Nishok Kumar S
b4db422486 Use google_camera_app label for GCA-Next fishfood app. am: 145f7b5b93 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18344645

Change-Id: Ifd964c84766eb6cbeccf47816c6633bdb0f28d36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 09:39:45 +00:00
Nishok Kumar S
a96da52aca Label GCA-Eng app am: 4a6cfb5a9c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18331264

Change-Id: I539f9e1904b074f5fbf22ef52874ba0da5e6e082
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 09:39:44 +00:00
Austin Wang
e5f8377849 Add P22 reverse wireless charging selinux policy 
Allow Settings to call hal_wlc

Error:

05-13 09:28:20.508  1000  7293  7293 W ndroid.settings: type=1400 audit(0.0:29): avc: denied { call } for scontext=u:r:system_app:s0 tcontext=u:r:hal_wlc:s0 tclass=binder permissive=0

Bug: 231420451
Test: Enable battery share from settings and charge another device.
Change-Id: Ic761bee47ea41f6db8b1838fb3fc2a9f7ef7bb5c
 2022-05-13 09:28:03 +00:00
Jerry Huang
95845654bf Allow mediacodec to access vendor_data_file 
For dumping output buffer of HDR to SDR fliter.

This patch fixes the following denial:

05-10 21:42:49.427   890   890 W HwBinder:890_4: type=1400 audit(0.0:2944): avc: denied { search } for name="data" dev="dm-41" ino=105 scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

05-10 21:42:49.499   890   890 W HwBinder:890_4: type=1400 audit(0.0:2946): avc: denied { getattr } for name="/" dev="dmabuf" ino=1 scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=0

05-10 21:46:27.735   885   885 W google.hardware: type=1400 audit(0.0:3198): avc: denied { search } for name="data" dev="dm-41" ino=105 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

05-10 21:46:27.795   885   885 W google.hardware: type=1400 audit(0.0:3200): avc: denied { getattr } for name="/" dev="dmabuf" ino=1 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=0

Bug: 229360116
Test: atest android.media.decoder.cts.DecoderTest
Change-Id: I11403b20e8608f50907db561b8232b1b64bea298
 2022-05-13 09:24:38 +00:00
Nishok Kumar S
145f7b5b93 Use google_camera_app label for GCA-Next fishfood app. 
Bug: 230773733
Test: Build selinux and test with GCA-Next on device.
Change-Id: I757e7de2293e25bd027262a5fbf4ece2a44f10d1
 2022-05-13 05:31:34 +00:00
Nishok Kumar S
4a6cfb5a9c Label GCA-Eng app 
- Add policies for GCA-Eng to access GXP device.
 - Allow GCA-Eng to access edgetpu service.

Test: Build selinux and test GCA-Eng on device with
      adb shell setprop camera.artemis_dsp TRUE

Bug: 230773733
Change-Id: I8d04f6e1aef0899b3862ddbb80174cd086156d92
 2022-05-13 05:18:09 +00:00
Asad Abbas Ali
7f89d68af2 Allow chre to communicate with fwk_stats_service. 
Bug: 230788686
Test: Logged atoms using CHRE + log atom extension.
Change-Id: I45a207996a28bbe61bbfd4288eaf28e2257cdf52
 2022-05-06 16:15:06 +00:00
eddielan
aeb9bd0406 sepolicy: Add SW35 HIDL factory service into sepolicy 
Bug: 231549391
Test: Build Pass
Change-Id: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
 2022-05-06 12:22:59 +08:00
Kris Chen
c789f02906 Allow hal_fingerprint_default to access hal_pixel_display_service am: 3162407210 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18013067

Change-Id: I674cb3dd987a1d94c8412d028f880bdac04c00ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 02:35:10 +00:00
Kris Chen
3162407210 Allow hal_fingerprint_default to access hal_pixel_display_service 
Fix the following avc denial:
avc: denied { find } for pid=1158 uid=1000 name=com.google.hardware.pixel.display.IDisplay/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_pixel_display_service:s0 tclass=service_manager permissive=0
avc: denied { call } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder permissive=0

Bug: 229716695
Bug: 224573604
Test: build and test fingerprint on device
Change-Id: I104af7f50715090fe0c2aa6845848bf77ab3e3ae
 2022-05-05 02:03:43 +00:00
Jenny Ho
f9e379b88a sepolicy: allow access debugfs charger register dump am: 5e426a95d0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18013064

Change-Id: Ib90d53f60f7e30ae600602e4b08038ffd978c65e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 07:17:36 +00:00