Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
682 commits 1 branch 0 tags 63 MiB
Commit graph

682 commits

This branch
This branch
All branches
Author SHA1 Message Date
Star Chang
407c14d952 wifi_sniffer: Add policy to allow wifi sniffer to access wifi firmware am: c466a68305 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19132092

Change-Id: Ia20b4d2e67577ccb0fa1f3ef7176f62161ad5ddc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-07 06:51:31 +00:00
Star Chang
c466a68305 wifi_sniffer: Add policy to allow wifi sniffer to access wifi firmware 
related files.

Add policy to allow wifi_sniffer daemon to access wifi firmware related
files.

To fix the denial message:
[85544.205505] type=1400 audit(1656381950.486:90): avc: denied { search
} for comm="wifi_sniffer" name="wifi" dev="sysfs" ino=97256
scontext=u:r:wifi_sniffer:s0 tcontext=u:object_r:sysfs_wifi:s0
tclass=dir permissive=1
[85544.206027] type=1400 audit(1656381950.486:91): avc: denied { write }
for comm="wifi_sniffer" name="firmware_path" dev="sysfs" ino=97268
scontext=u:r:wifi_sniffer:s0 tcontext=u:object_r:sysfs_wifi:s0
tclass=file permissive=1
[85544.206206] type=1400 audit(1656381950.486:92): avc: denied { open }
for comm="wifi_sniffer" path="/sys/wifi/firmware_path" dev="sysfs"
ino=97268 scontext=u:r:wifi_sniffer:s0 tcontext=u:object_r:sysfs_wifi:s0
tclass=file permissive=1
[85544.206349] type=1400 audit(1656381950.486:93): avc: denied { getattr
} for comm="wifi_sniffer" path="/sys/wifi/firmware_path" dev="sysfs"
ino=97268 scontext=u:r:wifi_sniffer:s0 tcontext=u:object_r:sysfs_wifi:s0
tclass=file permissive=1

Bug: 237465412
Test: wifi_sniffer is workable
Change-Id: I5500be87d2b670e29c08d026872a6b304109f7a3
 2022-07-07 06:15:48 +00:00
Adam Shih
dd8eab3bf9 Update error on ROM 8765438 am: 74ff6db973 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19174387

Change-Id: I4cacf54cd9bb9127de89ad5a77c489c26b5744bb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-06 00:37:14 +00:00
Adam Shih
74ff6db973 Update error on ROM 8765438 
Bug: 238037492
Bug: 237093466
Test: SELinuxUncheckedDenialBootTest
Change-Id: I4b067085dc0c9f79b715505a5831cab63fda6381
Merged-In: I4b067085dc0c9f79b715505a5831cab63fda6381
 2022-07-05 03:11:33 +00:00
matthuang
a1b5481877 Add acd-com.google.usf.non_wake_up file to AoC file context. 
Bug: 195077076
Test: ls -lZ dev/acd-com.google.usf.non_wake_up
Change-Id: Ib97da81a01f566c7bd600512bb01fda27f34b217
 2022-07-01 02:16:08 +00:00
SalmaxChang
3a3a53efaf ssr_detector_app: remove tracking denials am: a7127617ba 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18992387

Change-Id: Ic2d4855d462d99b380160a446e201196c74e5930
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-29 16:10:25 +00:00
SalmaxChang
a7127617ba ssr_detector_app: remove tracking denials 
Avc errors already fixed. Remove tracking denials.

Bug: 207571417
Bug: 205202542
Change-Id: I97d5f732e038dbdaf7885bdb9ca63bc518a97d51
 2022-06-29 15:52:43 +00:00
xiaofanj
da328e0a0f modem_svc_sit: create oem test iodev 
- Create radio_test_device for oem_test iodev.
- Grant modem_svc_sit to access radio_test_device.

Bug: 231380480

Signed-off-by: Xiaofan Jiang <xiaofanj@google.com>
Change-Id: Id06deedadf04c70b57e405a05533ed85764bdd1d
Merged-In: Id06deedadf04c70b57e405a05533ed85764bdd1d
 2022-06-28 03:16:08 +00:00
Sam Ou
eee2b6fe84 sepolicy: fix odpm avc denials am: 65bdbc4862 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19035052

Change-Id: I4b40035d0cfe661da8f78d81fdc500f27f2ca619
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-27 06:48:49 +00:00
Sam Ou
65bdbc4862 sepolicy: fix odpm avc denials 
add wakeup permissions for odpm driver
since we update acc_data based on alarmtimer

Bug: 236798116
Change-Id: Ib898eeebf0e26a723f260a2a8ddb5e5f64d255ed
Signed-off-by: Sam Ou <samou@google.com>
 2022-06-27 06:29:03 +00:00
sukiliu
1a1716f53e [Do not merge] Remove regmap from list am: 1f681630c4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18845251

Change-Id: I2abb680107e22c5bae8576906d011ca44599748a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-27 03:55:35 +00:00
sukiliu
1f681630c4 [Do not merge] Remove regmap from list 
Bug: 227286343
Test: PtsSELinuxTestCases
Change-Id: If32c472dcd6c0e0b83008a660ca6bbe6d79f44e3
 2022-06-27 03:33:16 +00:00
Carter Hsu
a48fe668fe audio: allow Audio HAL to write the audio vendor property 
Bug: 206065000
Test: use test build to check the property
Signed-off-by: Carter Hsu <carterhsu@google.com>
Change-Id: I0007459fcfd3a4718af9af00de9f54d125627dd2
 2022-06-23 06:29:22 +00:00
Jinting Lin
c61dbcf620 Remove obsolete sepolicy of silentlogging am: d3d4af1aac am: 6769f9e352 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18871735

Change-Id: I3bf4717214fc82e3415bfb4f55a846c3b190834f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-20 06:56:52 +00:00
Jinting Lin
6769f9e352 Remove obsolete sepolicy of silentlogging am: d3d4af1aac 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18871735

Change-Id: I7fbe60eee731c910d75113b2b7b1de9f10b227ba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-20 06:28:50 +00:00
Jinting Lin
d3d4af1aac Remove obsolete sepolicy of silentlogging 
Bug: 221384996

Test: adb bugreport
Change-Id: I35a9dae665f11196ec900346c41a3c786bfdf5fa
 2022-06-20 05:48:22 +00:00
Siarhei Vishniakou
7e6f33e969 Allow InputProcessor HAL to read display resolution am: 8b103bff07 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18962799

Change-Id: I2984c0da74ad2985be47bf4ba0fbc27397e9189b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-17 20:58:44 +00:00
Siarhei Vishniakou
8b103bff07 Allow InputProcessor HAL to read display resolution 
Currently, there's no API to read the resolution from the system domain,
so the HAL has to read this from the sysprop provided by the display
code.

Allow the HAL to do so in this CL.

Bug: 236200710
Test: adb shell dmesg | grep input_processor
Change-Id: I23285c21a82748c63fbe20988af42884b9261b66
Merged-In: I23285c21a82748c63fbe20988af42884b9261b66
 2022-06-17 20:31:42 +00:00
Lawrence Huang
a2dfbccafd Add network permissions for google camera am: 2c5af2b633 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18803934

Change-Id: I36d7f88c4eab1981bea90ced28df3c7eb7766b27
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-17 19:38:54 +00:00
Lawrence Huang
2c5af2b633 Add network permissions for google camera 
Investigation here:
https://docs.google.com/document/d/1dARYZBxeJFPTEIMr-0U80Ka68BoPY6-h9VcBDZ8Uon8/edit#

Bug: 230434151
Change-Id: I9b37906ba4c7ba2cdbb23fc7a07f1e9e2aa8d1ab
Test: no more avc errors
 2022-06-17 18:59:12 +00:00
Jack Wu
2ee67a6bf3 sepolicy: allows pixelstat to access pca file nodes 
Bug: 235050913
Test: no Permission denied while accessing the file node
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I7de0a374e1c98f4e9bbf36e39cb0131b0e9ffebc
 2022-06-17 02:52:35 +00:00
JimiChen
8af2912356 allow rlsservice read vendor camera property am: f90d992b0c am: f41b4005dd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: Ie0ca09bda13e5756cf59bb274c23bfa92f5d918b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-16 12:36:41 +00:00
JimiChen
f41b4005dd allow rlsservice read vendor camera property am: f90d992b0c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: Id9857d0edc1f34c53a1af86f7bcb16a17e69dc99
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-16 12:19:33 +00:00
JimiChen
f90d992b0c allow rlsservice read vendor camera property 
Bug: 233020488
Test: no avc denied
Change-Id: Ie7e68a6e18ba64c18e90e39cadacea5a15364eff
 2022-06-16 12:02:26 +00:00
sukiliu
346ea66421 [Do not merge]Update avc error on ROM 8732242 am: c25afee26a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18911481

Change-Id: Ib18c3ed1bb2fc93dd6054e47d4201921b6c0fc16
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-16 07:10:09 +00:00
sukiliu
c25afee26a [Do not merge]Update avc error on ROM 8732242 
Bug: 236200710
Test: PtsSELinuxTestCases
Merged-In: I9b4b487aa78a69fe981a542aef1a7dbe368a30ce
Change-Id: I9b4b487aa78a69fe981a542aef1a7dbe368a30ce
 2022-06-16 03:24:58 +00:00
Robb Glasser
1e07ca2133 Allow sensors HAL to rw the sensors registry. am: 31981dfaea 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18801904

Change-Id: I5a38540c36766b1474cf44f06a5147dc48966c69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-14 20:00:30 +00:00
Robb Glasser
31981dfaea Allow sensors HAL to rw the sensors registry. 
The sensors HAL needs full permissions to read and write the sensors
registry for things like runtime calibration.

Bug: 227695036
Test: Denial goes away.
Change-Id: I5ccec3497219acca7c172c1cb0cf1d070996b42b
 2022-06-14 19:20:32 +00:00
yixuanjiang
73f6971475 aoc: add audio property for audio CCA module 
Bug: 213545113
Test: local test
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: Ic58d944d30d0367a7c3afdf5f1bb1f696c8edda9
 2022-06-14 07:02:23 +00:00
Minchan Kim
10398a5cbb allow hal_dumpstate_default to access cma debugfs am: 4bc7128afe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18843535

Change-Id: Ia0997d18fdae581c82b9a80e84e518e1311d1887
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-13 23:04:10 +00:00
Minchan Kim
4bc7128afe allow hal_dumpstate_default to access cma debugfs 
It's useful for CMA memory debugging.

Bug: 233535442
Test: adb bugreport contains cma information in dumpstate_board.txt
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I65170d6b84f642e038a7901427c3673b40832af9
 2022-06-13 22:35:38 +00:00
Oleg Matcovschi
06c0bb9b68 sepolicy: add sscoredump mali genfs rule am: c7bcfba2cb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18839008

Change-Id: I8d31652f4fb97125b39d87270079dbfda74dfac8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-13 19:48:21 +00:00
Oleg Matcovschi
c7bcfba2cb sepolicy: add sscoredump mali genfs rule 
Bug: 235492324
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I8a5db9b4d0a6f63819820213e20165dbe920ab07
 2022-06-13 18:08:04 +00:00
Krzysztof Kosiński
c580359e1a Add dontaudit statements to camera HAL policy. am: 2d44b5d5d0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18806796

Change-Id: Ifc5b6f8e21d1c926b84a919ab39e5b3a1449ca5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 21:04:42 +00:00
Krzysztof Kosiński
2d44b5d5d0 Add dontaudit statements to camera HAL policy. 
The autogenerated dontaudit statements in tracking_denials are
actually the correct policy. Move them to the correct file and
add comments.

Bug: 218585004
Test: build & camera check
Change-Id: Ie0338f0d2a6fd0c589777a82c22a014e462bd5c2
(cherry picked from commit 26b2d2e33e)
 2022-06-10 20:19:12 +00:00
Myung-jong Kim
c071e1caa0 sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: 0d81b693cf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I0f435c75dd2722d5a5c4638abb9fc77675fca868
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 15:27:33 +00:00
Myung-jong Kim
0d81b693cf sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I9095a0759ca94fe8a55f8bc64c7f4eb8b82f1379
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 15:02:25 +00:00
Ken Chen
879752df15 fix sepolicy for net devices am: d0bbe71217 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18821530

Change-Id: I32004f9719a68a80d1eaa1a5435dfbd5c07364b0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 14:46:03 +00:00
Myung-jong Kim
e2b042c307 sepolicy: add net_domain macro for vendor_rcs_app 
[Problem] sepolicy denial during ShannonGbaService process
[Cause] Missing sepolicies
[Solution] Add net_domain(vendor_rcs_app) to give base set of
    permissions required for network access

Bug: 235011726
Signed-off-by: Myung-jong Kim <mj610.kim@samsung.com>
Change-Id: Iaac1d7b5a4303338ed2c763b62714e14aed7d728
 2022-06-10 14:39:59 +00:00
Ken Chen
d0bbe71217 fix sepolicy for net devices 
bug: 222232008
Test: atest NetdSELinuxTest#CheckProperMTULabels
Change-Id: I99f70eefa3259a2da556fed6ced70f32d03ff4bb
 2022-06-10 18:20:19 +08:00
Andy Hsu
b1fee529bc Add policy to allow debug camera app (GCAEng and locally built GCANext) to access HAL to apply CPU/GPU boost on userdebug builds. am: 1240fdefbb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18669326

Change-Id: Ibe8f4e083e90f9e6628d7bf926e9b42020ef0c2b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 03:20:12 +00:00
Andy Hsu
1240fdefbb Add policy to allow debug camera app (GCAEng and locally built GCANext) to access HAL to apply CPU/GPU boost on userdebug builds. 
Bug: 233998391

Test: Boost applied successfully for all flavors b/233998391#comment15. GCA.
Change-Id: If339705cf4daec0f12e81c2c8efdc1eb4a063267
 2022-06-08 02:26:26 +00:00
Adam Shih
a038a3604c update error on ROM 8666963 am: 2a7ecbdce0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18683654

Change-Id: I41da935bb47a11e07bf3a2503b39b59c910ac2e6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 09:08:58 +00:00
Adam Shih
2a7ecbdce0 update error on ROM 8666963 
Bug: 234547497
Test: boot
Change-Id: Ic5a9d39449af035a32aaea71b06d7bd33e16cf4b
 2022-06-01 08:35:23 +00:00
George Chang
df6bc834b3 Update nfc from hidl to aidl service am: 851a643c9e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18219341

Change-Id: I7b41a004c946dde1143226f01b8b3aed50f8bf07
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 06:40:50 +00:00
George Chang
851a643c9e Update nfc from hidl to aidl service 
Bug: 216290344
Test: atest NfcNciInstrumentationTests
Test: atest VtsAidlHalNfcTargetTest
Merged-In: If1f57af334033f9bd7174c052767715c9916700f
Change-Id: If1f57af334033f9bd7174c052767715c9916700f
 2022-06-01 06:19:26 +00:00
Andy Hsu
cb2ea8b415 Add policy to allow GoogleCameraApp access HAL to apply CPU/GPU boost. am: 38ddaa255e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18611816

Change-Id: If8b3bd00da683ee1b63302f11a3d87638ac8ce8d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 00:17:24 +00:00
Andy Hsu
38ddaa255e Add policy to allow GoogleCameraApp access HAL to apply CPU/GPU boost. 
To fix the denial message:
avc:  denied  { find } for pid=4646 uid=10134 name=android.hardware.power.IPower/default scontext=u:r:google_camera_app:s0:c134,c256,c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Reference: go/sepolicy.

On P21, we have ag/14692156 to access PowerHAL in GCA. On P22, we currently don't have the permission (b/233998391#comment10). This change fixes this issue.

Bug: 233998391
Bug: 232184722
Bug: 232022128

Test: Boost is applied successfully b/233998391#comment11. GCA.

Change-Id: Id1a938fc0af0ad9280aa49e7f6cbdf45c16f8b38
 2022-05-31 23:57:19 +00:00
Ankit Goyal
b6ff456519 Add SE policies for memtrack HAL am: 5be857af43 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18638327

Change-Id: I5b0f38beb901b5a18a72135a51f922c2354975db
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-31 23:39:38 +00:00
Ankit Goyal
5be857af43 Add SE policies for memtrack HAL 
Bug: 220360577
Test: adb shell dumpsys meminfo
Change-Id: I4dfc0c016ccf980b4f7dabd2fb70d2466b69b5cc
 2022-05-31 23:25:27 +00:00