Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
609 commits 1 branch 0 tags 63 MiB
Commit graph

609 commits

This branch
This branch
All branches
Author SHA1 Message Date
Krzysztof Kosiński
4e0e696557 Add dontaudit statements to camera HAL policy. am: 2d44b5d5d0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18806796

Change-Id: I3edd95cc19e0a2270be25ed8624bc9baa453480b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 21:04:44 +00:00
Krzysztof Kosiński
2d44b5d5d0 Add dontaudit statements to camera HAL policy. 
The autogenerated dontaudit statements in tracking_denials are
actually the correct policy. Move them to the correct file and
add comments.

Bug: 218585004
Test: build & camera check
Change-Id: Ie0338f0d2a6fd0c589777a82c22a014e462bd5c2
(cherry picked from commit 26b2d2e33e)
 2022-06-10 20:19:12 +00:00
Myung-jong Kim
01870d5731 sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: 0d81b693cf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I0bd3765e66d9949fcb30692d5294a90f7dfe16b2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 15:27:33 +00:00
Myung-jong Kim
a057381a7d sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: b022c79b96 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I5a38963dcaac5334603090efc5401472a0595873
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 15:20:00 +00:00
Myung-jong Kim
0d81b693cf sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I9095a0759ca94fe8a55f8bc64c7f4eb8b82f1379
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 15:02:25 +00:00
Myung-jong Kim
b022c79b96 sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I31f893e09882abc1cf9f35873aac5348a6a07a91
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 15:00:49 +00:00
Ken Chen
31a64f7fc0 fix sepolicy for net devices am: d0bbe71217 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18821530

Change-Id: Ieaccf37e91e30b8c623d797e5f6e7aaa62c779f2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 14:46:05 +00:00
Myung-jong Kim
e2b042c307 sepolicy: add net_domain macro for vendor_rcs_app 
[Problem] sepolicy denial during ShannonGbaService process
[Cause] Missing sepolicies
[Solution] Add net_domain(vendor_rcs_app) to give base set of
    permissions required for network access

Bug: 235011726
Signed-off-by: Myung-jong Kim <mj610.kim@samsung.com>
Change-Id: Iaac1d7b5a4303338ed2c763b62714e14aed7d728
 2022-06-10 14:39:59 +00:00
Ken Chen
d0bbe71217 fix sepolicy for net devices 
bug: 222232008
Test: atest NetdSELinuxTest#CheckProperMTULabels
Change-Id: I99f70eefa3259a2da556fed6ced70f32d03ff4bb
 2022-06-10 18:20:19 +08:00
Andy Hsu
0068933788 Add policy to allow debug camera app (GCAEng and locally built GCANext) to access HAL to apply CPU/GPU boost on userdebug builds. am: 1240fdefbb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18669326

Change-Id: Ie6508229607980d8cdc5b2d150e6d38a0d2a57bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 03:20:12 +00:00
Andy Hsu
1240fdefbb Add policy to allow debug camera app (GCAEng and locally built GCANext) to access HAL to apply CPU/GPU boost on userdebug builds. 
Bug: 233998391

Test: Boost applied successfully for all flavors b/233998391#comment15. GCA.
Change-Id: If339705cf4daec0f12e81c2c8efdc1eb4a063267
 2022-06-08 02:26:26 +00:00
Adam Shih
be15a40df3 update error on ROM 8666963 am: 2a7ecbdce0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18683654

Change-Id: Ie9e3738e4449ca0aef17276a9d6535ce7eb3f01c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 09:09:21 +00:00
Adam Shih
2a7ecbdce0 update error on ROM 8666963 
Bug: 234547497
Test: boot
Change-Id: Ic5a9d39449af035a32aaea71b06d7bd33e16cf4b
 2022-06-01 08:35:23 +00:00
George Chang
c0d30abe87 Update nfc from hidl to aidl service am: 851a643c9e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18219341

Change-Id: I40b6a95ccbf17a6be299320207a0d75a01c933a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 06:40:51 +00:00
George Chang
851a643c9e Update nfc from hidl to aidl service 
Bug: 216290344
Test: atest NfcNciInstrumentationTests
Test: atest VtsAidlHalNfcTargetTest
Merged-In: If1f57af334033f9bd7174c052767715c9916700f
Change-Id: If1f57af334033f9bd7174c052767715c9916700f
 2022-06-01 06:19:26 +00:00
Andy Hsu
df582294bd Add policy to allow GoogleCameraApp access HAL to apply CPU/GPU boost. am: 38ddaa255e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18611816

Change-Id: I1b1f04a116c81d21212d3a703e21d64cf921a737
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 00:17:35 +00:00
Andy Hsu
38ddaa255e Add policy to allow GoogleCameraApp access HAL to apply CPU/GPU boost. 
To fix the denial message:
avc:  denied  { find } for pid=4646 uid=10134 name=android.hardware.power.IPower/default scontext=u:r:google_camera_app:s0:c134,c256,c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Reference: go/sepolicy.

On P21, we have ag/14692156 to access PowerHAL in GCA. On P22, we currently don't have the permission (b/233998391#comment10). This change fixes this issue.

Bug: 233998391
Bug: 232184722
Bug: 232022128

Test: Boost is applied successfully b/233998391#comment11. GCA.

Change-Id: Id1a938fc0af0ad9280aa49e7f6cbdf45c16f8b38
 2022-05-31 23:57:19 +00:00
Ankit Goyal
f67dde58a8 Add SE policies for memtrack HAL am: 5be857af43 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18638327

Change-Id: Iad6cb2dd43fc7eb8ca22e7c26c601e0211bb2ed9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-31 23:39:54 +00:00
Ankit Goyal
5be857af43 Add SE policies for memtrack HAL 
Bug: 220360577
Test: adb shell dumpsys meminfo
Change-Id: I4dfc0c016ccf980b4f7dabd2fb70d2466b69b5cc
 2022-05-31 23:25:27 +00:00
Taeju Park
7c607ccd6f Pixel-EM-DriverV2: sepolicy: allows Power HAL to am: eb4d432dd8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18635845

Change-Id: I1228f0079fffef386a1cd4ed4fa1251dcfa41af7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-31 21:07:55 +00:00
Taeju Park
eb4d432dd8 Pixel-EM-DriverV2: sepolicy: allows Power HAL to 
modify em_profile related sysfs nodes

Bug: 170647767
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: I160741f172a5713535852e7fb0d12126ddf0395e
 2022-05-31 20:38:29 +00:00
George Lee
565777a4d4 dumpstate: Mitigation logger readout - sepolicy am: ee92ac374a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18605588

Change-Id: Ic17cca8a72d65b8379162eaf0b040089f41e66aa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-27 21:20:27 +00:00
George Lee
ee92ac374a dumpstate: Mitigation logger readout - sepolicy 
Mitigation Logger logs battery related information for 1 second when it
is triggered by under voltage or over current interrupts.  Information
collected is to help debug system brownout.  This change is to enable
bugreport reading out the mitigation log.

Bug: 228383769
Test: Boot and Test
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Ic0291e05bcf20839a66d50d159bb5ef41681c45d
 2022-05-27 11:25:02 -07:00
George Lee
f283938d32 bcl: Add Mitigation Logger - sepolicy am: bc2cf5c153 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18527859

Change-Id: I1910b2fe519ce9e6706f827a310a8bc5996840d9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-27 18:06:00 +00:00
George Lee
bc2cf5c153 bcl: Add Mitigation Logger - sepolicy 
Mitigation Logger logs battery related information for 1 second when it
is triggered by under voltage or over current interrupts.  Information
collected is to help debug system brownout.

Bug: 228383769
Test: Boot and Test
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I9ac873d03d57d9a6db8d9233f25c8fabdfc399a5
 2022-05-26 21:39:25 -07:00
eddielan
6d8175033d sepolicy: Add SW35 HIDL factory service into sepolicy am: 36a6b23804 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18626554

Change-Id: Ib754baafed214f6d794a0646661e202af9534717
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-27 04:33:14 +00:00
eddielan
36a6b23804 sepolicy: Add SW35 HIDL factory service into sepolicy 
Bug: 231549391
Test: Build Pass
Change-Id: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
(cherry picked from commit aeb9bd0406)
Merged-In: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
 2022-05-27 01:29:31 +00:00
Jaegeuk Kim
81d01513de Allow sysfs_devices_block to f2fs-tools 
The fsck.f2fs checks the sysfs entries of block devices to get disk
information. Note that, the block device entries are device-specific.

1. fsck.f2fs
avc: denied { search } for comm="fsck.f2fs" name="0:0:0:0" dev="sysfs" ino=59803 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0
avc: denied { getattr } for comm="fsck.f2fs" path="/sys/devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda7/partition" dev="sysfs" ino=60672 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0

2. mkfs.f2fs
avc: denied { search } for comm="make_f2fs" name="0:0:0:0" dev="sysfs" ino=59803 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0
avc: denied { getattr } for comm="make_f2fs" path="/sys/devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda8/partition" dev="sysfs" ino=61046 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0

Bug: 233835698
Bug: 172377740
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I409feec84565f965baa96b06a5b08bcfc1a8db02
 2022-05-25 15:32:42 +00:00
Yichi Chen
a97b993989 RRS: Apply the default config from persist prop am: 8b2c6f8187 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18401056

Change-Id: Ib8c99b725dba0f61071398c8310ed4cf3a29163b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 13:46:18 +00:00
Yichi Chen
8b2c6f8187 RRS: Apply the default config from persist prop 
vendor_config plays as another role to control the display config during
the boot time. To change the default configuration of the user selected
mode, we use persist config to store the value.

Bug: 232721840
Test: Boot w/ and w/o user selected configs and check the resolution
Change-Id: Ideed75f0a29368ff95916fb1fa87f21482c17613
 2022-05-24 13:06:41 +00:00
Badhri Jagan Sridharan
d602aeb132 Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable am: 91a1f49a8a am: 3cd3ddeefb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18553772

Change-Id: I5626582f7b17fa0e54d0805fe37e013523f44a78
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 04:09:18 +00:00
Badhri Jagan Sridharan
e2e17adce5 Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable am: 91a1f49a8a am: 08ccaeb6ab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18553772

Change-Id: I47ec625754070e8c70beb9d90e4824b23c42610d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 01:24:30 +00:00
Badhri Jagan Sridharan
08ccaeb6ab Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable am: 91a1f49a8a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18553772

Change-Id: I31d103ab14fb4cf3e2eafc14d88196a9309bcb72
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 01:01:25 +00:00
Badhri Jagan Sridharan
3cd3ddeefb Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable am: 91a1f49a8a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18553772

Change-Id: I1291a53be19b8e1e355aad50e0e4c84344a7443c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 00:56:03 +00:00
Badhri Jagan Sridharan
91a1f49a8a Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable 
auditd  : type=1400 audit(0.0:4): avc: denied { search } for comm="HwBinder:879_1"
name="10d60000.hsi2c" dev="sysfs" ino=23606 scontext=u:r:hal_usb_gadget_impl:s0
tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0

Bug: 206635552
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ibc4ec27ad7d1b7a26c9935aa0c4aff5f03a8d59c
 2022-05-23 23:59:44 +00:00
Dinesh Yadav
9e2930ae12 Add SEPolicy for gxp_metrics_logger.so logging to stats service am: 6513479fe8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18482687

Change-Id: I172bb36fa05aa7bff9baf2c864c134a6b942519e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 17:24:21 +00:00
Dinesh Yadav
6513479fe8 Add SEPolicy for gxp_metrics_logger.so logging to stats service 
In order to access the gxp metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses.
This CL adds the same_process_hal_file tag to allow this exception.

Bug: 177236353

Test: App can load the .so and creates a VLOG message after this change.
Before: No permission to access namespace.
After: GCA able to access the gxp_metrics_logger.so
Change-Id: I453b66b30eb51ebd22fda750d272cf35574301f6
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2022-05-20 17:05:23 +00:00
Jacqueline Wong
431dadf5fd be able to dump coredump am: c169cd75ce 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18485733

Change-Id: Ia515d657c4a626f0722cc4cfa991e06e2bfe5fd1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-19 23:31:57 +00:00
Dinesh Yadav
d668e27252 Add SEPolicy settings for android logging/tracing service for GXP am: e40cd2ac42 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18155927

Change-Id: I05d7ceee3b7e7c08098e9ea62531b60928a7d711
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-19 07:57:36 +00:00
Nishok Kumar S
e828f4b81f Add label for GCA fishfood app built with debug keys - label as am: 43e827c01a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18403423

Change-Id: Idaf0347c250257220eccdd80d923c322fba0e85c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-19 07:57:02 +00:00
Jacqueline Wong
c169cd75ce be able to dump coredump 
Bug: 218358165
Test: adb root; adb remount -R; adb bugreport
Signed-off-by: Jacqueline Wong <jacqwong@google.com>
Change-Id: I42c2db7902064e1508676ad93def2e0e4f5c2b28
 2022-05-19 05:37:50 +00:00
Dinesh Yadav
e40cd2ac42 Add SEPolicy settings for android logging/tracing service for GXP 
This change also adds support for SEPolicy to access perfetto which was
missing in ag/17818623.

Bug: 217289052

Change-Id: Ic5599d0be783b65102b3b0ffef27e66f1f6904da
 2022-05-19 03:31:32 +00:00
Nishok Kumar S
43e827c01a Add label for GCA fishfood app built with debug keys - label as 
debug_camera_app.

Test: Build GCA-Next manually and install on device. Test with selinux
on.
Bug: 230773733

Change-Id: Ifc2fd29a74bf66444501327feac391ddf812c867
 2022-05-17 02:42:05 +00:00
George Lee
654a7cdf85 dumpstate: Add BCL mitigation info to user build am: b6971e353f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18408238

Change-Id: Ice2833b22caf809ce7139b90b223a6ebf4bee756
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-17 01:38:02 +00:00
George Lee
b6971e353f dumpstate: Add BCL mitigation info to user build 
Bug: 232793927
Test: Confirm user build bugreport has mitigation info
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I9945a0f005bee6e25580c122df4c8932607fa51a
 2022-05-17 00:42:57 +00:00
Austin Wang
f2336f95c4 Add P22 reverse wireless charging selinux policy am: e5f8377849 am: 46d2740350 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18350566

Change-Id: Ic2fed4e290d198298ad28a7a74112df4b73e1c89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 10:40:14 +00:00
Austin Wang
eb52e384fc Add P22 reverse wireless charging selinux policy am: e5f8377849 am: 53a167fcf0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18350566

Change-Id: I950f1f224cd77942d3718d040f3dce41dfc157b9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 10:39:59 +00:00
Automerger Merge Worker
032ce42cd3 Merge "Allow mediacodec to access vendor_data_file am: 95845654bf am: 65993e19e8" into tm-d1-dev-plus-aosp 2022-05-13 10:39:55 +00:00
Jerry Huang
b9d25e06d8 Allow mediacodec to access vendor_data_file am: 95845654bf am: dafeb57668 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18188091

Change-Id: Id370dfbcc5081e085db3844edd7893ab1aa8b031
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 10:39:52 +00:00
Jerry Huang
d217f9119f Allow mediacodec to access vendor_data_file am: 95845654bf am: 65993e19e8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18188091

Change-Id: I783c7a21ff21f490367777f05db80ea23fe4228a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 10:39:51 +00:00