Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
512 commits 1 branch 0 tags 63 MiB
Commit graph

512 commits

This branch
This branch
All branches
Author SHA1 Message Date
sukiliu
d0afc4ccf5 update error on ROM 8223177 am: b1c5fcff3d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005595

Change-Id: I43a4d7d92ba5bb868d0e9167afbb5af5dac852c9
 2022-03-02 06:49:10 +00:00
sukiliu
b1c5fcff3d update error on ROM 8223177 
Bug: 221384981
Bug: 221384939
Bug: 221384996
Bug: 221384768
Bug: 221384770
Bug: 221384860
Test: PtsSELinuxTestCases
Change-Id: I50916dca7548bce0e77d90a36ad8f9ba1ca7c711
 2022-03-02 06:30:05 +00:00
Roshan Pius
a492dff7cc gs-sepolicy: Fix legacy UWB stack sepolicy rules am: a1f0d2aa9a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17045928

Change-Id: I4e5377239bc0ebddb388ae4de486e2e87ccea0d1
 2022-03-01 18:52:42 +00:00
Roshan Pius
a1f0d2aa9a gs-sepolicy: Fix legacy UWB stack sepolicy rules 
This rule was present on previous devices.

Denial logs:
02-24 09:22:08.214   427   427 E SELinux : avc:  denied  { find } for
pid=1479 uid=1000 name=uwb_vendor scontext=u:r:system_server:s0
tcontext=u:object_r:uwb_vendor_service:s0 tclass=service_manager permissive=0

Bug: 221292100
Test: Compiles
Change-Id: I6de4000a9cebf46a0d94032aade7b2d40b94ca16
 2022-03-01 18:25:00 +00:00
Tommy Chiu
c94ef875af RKP: Add IRemotelyProvisionedComponent service am: b7790aa7a8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17034406

Change-Id: I19740f1d8d82c0ff1227709aa639bd8c2b0938db
 2022-03-01 06:39:43 +00:00
Tommy Chiu
b7790aa7a8 RKP: Add IRemotelyProvisionedComponent service 
Bug: 212643050
Bug: 221503025
Change-Id: I7932ba96d0d7dd603d360cd7319997a7c108500a
 2022-03-01 06:10:23 +00:00
Badhri Jagan Sridharan
b68d5b153c android.hardware.usb.IUsb AIDL migration am: fc08341bd6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17009127

Change-Id: Ib469d2785c355195621edc4a509f3db07d11ea54
 2022-03-01 03:55:10 +00:00
Badhri Jagan Sridharan
fc08341bd6 android.hardware.usb.IUsb AIDL migration 
Cherry-pick of <775523d1eb>

android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

[   37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
[   39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
...
[   42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1
[   43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[   43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1'

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
Merged-In: Ia8c24610244856490c8271433710afb57d3da157
 2022-03-01 03:32:23 +00:00
YiHo Cheng
3a13f5708b thermal: Label tmu register dump sysfs am: be92764669 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005600

Change-Id: I3b54fe773cedef0087cd9f3733b23b0dcdeb1da9
 2022-03-01 01:50:45 +00:00
YiHo Cheng
be92764669 thermal: Label tmu register dump sysfs 
Allow dumpstate to access tmu register dump sysfs

[  174.114566] type=1400 audit(1645790696.920:13): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_state" dev="sysfs"
ino=65178
 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
 tclass=file permissive=0
 [  174.115092] type=1400 audit(1645790696.920:14): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_reg_dump_current_temp" dev="sysfs"
 in
 o=65179 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115208] type=1400 audit(1645790696.920:15): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_rise_thres"
 dev="sysfs"
 ino=65180 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115398] type=1400 audit(1645790696.920:16): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_fall_thres"
 dev="sysfs"
 ino=65182 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115498] type=1400 audit(1645790696.920:17): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_rise_thres"
 dev="sysfs"
 ino=65181 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 215040856
Test: check tmu register dump sysfs output in dumpstate
Change-Id: Ica48e37344a69264d4b4367af7856ec20b566a9e
 2022-03-01 01:24:00 +00:00
Yu-Chi Cheng
e398726310 Allowed GCA to access EdgeTPU for P22 devices. am: 172271fdbc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17016803

Change-Id: I75df18545ece29becfff7c4eb1624c07c12eefd7
 2022-02-26 00:01:27 +00:00
Yu-Chi Cheng
172271fdbc Allowed GCA to access EdgeTPU for P22 devices. 
This change includes the google_camera_app domain
into the EdgeTPU selinux rules. With it the GCA
is now able to access EdgeTPU.

Bug: 221020793
Test: verified GCA to work on P22.
Change-Id: I69010e2a8cca1429df402ae587b939d38e20a287
 2022-02-25 23:36:01 +00:00
Jinting Lin
45fcc5f934 Fix avc denied for vendor silent logging app am: e44f3c867c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986448

Change-Id: I4a4019c4c847dbfabf4bcc985b7dba56591dc6e9
 2022-02-25 06:05:41 +00:00
Jinting Lin
e44f3c867c Fix avc denied for vendor silent logging app 
log:
avc: denied { getattr } for comm="y.silentlogging" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { search } for comm="y.silentlogging" name="com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
denied { read } for comm="y.silentlogging" name="u:object_r:vendor_slog_prop:s0" dev="tmpfs" ino=338 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_prop:s0 tclass=file permissive=0
avc: denied { search } for comm="y.silentlogging" name="slog" dev="dm-42" ino=314 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0
avc: denied { read } for comm="y.silentlogging" name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 pid=7322 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=0
avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:r:sced:s0 tclass=binder permissive=0
avc: denied { read } for comm="getenforce" name="enforce" dev="selinuxfs" ino=4 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=0
avc: denied { set } for property=persist.vendor.modem.logging.shannon_app pid=7279 uid=1000 gid=1000 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=property_service permissive=0'

avc: denied { call } for comm="HwBinder:1001_1" scontext=u:r:sced:s0 tcontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tclass=binder permissive=0

avc: denied { call } for scontext=u:r:dmd:s0 tcontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tclass=binder permissive=0

avc: denied { getattr } for comm="tlogging:remote" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_silentlogging_remote_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="slog" dev="dm-42" ino=314 scontext=u:r:vendor_silentlogging_remote_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0

Test: flash TH build then run basic test of silent logging app

Bug: 220847487
Change-Id: Ib5ac1e796e8e816d024cebc584b5699ab8ed1162
 2022-02-25 05:35:06 +00:00
SalmaxChang
711eb4d39e Add missing vendor_logger_prop rule am: 7cb9cc182b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16996081

Change-Id: If4364de5ee9fd24dcdbbd881550596456907f4eb
 2022-02-24 13:06:15 +00:00
SalmaxChang
7cb9cc182b Add missing vendor_logger_prop rule 
init    : Do not have permissions to set 'persist.vendor.verbose_logging_enabled' to 'true' in property file '/vendor/build.prop': SELinux permission check failed

Bug: 221173724
Bug: 221154649
Change-Id: Ic35e6f1d40f15efefead4530f8d320b72d7366e4
 2022-02-24 07:45:39 +00:00
Zachary Iqbal
0dca35958b Give gralloc access to the faceauth_heap_device. am: 4bbc6969e5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16995763

Change-Id: I68667c239af8739e332082286f6004bacc0f328d
 2022-02-24 05:45:18 +00:00
Zachary Iqbal
4bbc6969e5 Give gralloc access to the faceauth_heap_device. 
Notes:
- This is required for face authentication.

Fixes: 221098313
Test: Built locally.
Change-Id: I6292c76c0809f091108ac73bef2d9e2db430a680
 2022-02-24 05:20:30 +00:00
Alex Hong
1ca456915b Remove the sepolicy for tetheroffload service am: 4443c79bbb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16972946

Change-Id: I8ef64c6cfeb59e985cdff44fc31bd8d7f20a62d7
 2022-02-24 04:13:56 +00:00
Alex Hong
4443c79bbb Remove the sepolicy for tetheroffload service 
Test: m checkvintf
      run vts -m VtsHalTetheroffloadControlV1_0TargetTest
Bug: 207076973
Bug: 214494717
Change-Id: I5ecec46512ff4e1ae6c52147cfa0179e5fc93420
Merged-In: I5ecec46512ff4e1ae6c52147cfa0179e5fc93420
 2022-02-24 04:03:32 +00:00
Joseph Jang
5523e01f2c identity: Add sepolicy permission for hal_identity_citadel to find hal_remotelyprovisionedcomponent_service am: 5fb066e143 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16984428

Change-Id: I7e43e5ece9d6f552a69905ceeb271a6e0d319a5e
 2022-02-24 02:52:40 +00:00
Joseph Jang
5fb066e143 identity: Add sepolicy permission for hal_identity_citadel to find hal_remotelyprovisionedcomponent_service 
log:
SELinux : avc:  denied  { find } for pid=885 uid=9999
name=android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox
scontext=u:r:hal_identity_citadel:s0
tcontext=u:object_r:hal_remotelyprovisionedcomponent_service:s0
tclass=service_manager permissive=0

Bug: 218613398
Change-Id: I124ea5898609a3f68bee13b6db931878252d4081
 2022-02-24 02:20:37 +00:00
Jack Yu
769645d0c1 uwb: permissions for factory uwb calibration file am: 97a25bf259 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986452

Change-Id: Ie1aba2e1a2bb3c9d79caa04f454df271a531a9b0
 2022-02-24 01:34:13 +00:00
Darren Hsu
7306a159f7 Allow hal_power_stats to read UWB sysfs nodes am: 8f90cf5408 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986443

Change-Id: If507662ac99de839314da9d03df7f3b7eb44bafb
 2022-02-24 01:33:49 +00:00
Jinting Lin
b9b03f61f8 Adds mnt file and batt info permissions for modem app am: e6af74a6c4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16984429

Change-Id: Ie7d2cfab67eaf4ec2477f4dbaccc056b42b9df3a
 2022-02-24 01:32:56 +00:00
Jack Yu
97a25bf259 uwb: permissions for factory uwb calibration file 
Allow nfc hal accessing /data/vendor/uwb.

Bug: 220167093
Test: build pass
Merged-In: I33093231577b71c24d5bf6f980c7021cc546fa98
Change-Id: I33093231577b71c24d5bf6f980c7021cc546fa98
 2022-02-24 01:02:52 +00:00
Darren Hsu
8f90cf5408 Allow hal_power_stats to read UWB sysfs nodes 
Bug: 219369324
Test: Dump power stats and see no avc denials
Change-Id: Ib1ac15867f51069bef3f68e91bf65b842b7c0734
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-02-24 01:02:11 +00:00
Jinting Lin
43dd982131 Adds logging related properties for logger app am: 7ba8b12bb8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16983456

Change-Id: I4de5106dddc7252b298fd12496afae00f2464ca3
 2022-02-23 17:29:05 +00:00
Krzysztof Kosiński
084defd392 Camera: re-add TEE access. am: 3884738538 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16980638

Change-Id: I6f455d8b6bb2d558ce9fbf5a1aaea66674fc43be
 2022-02-23 17:24:31 +00:00
Adam Shih
79481cc1b3 avoid pixellogger from crashing am: b158d7b088 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16983453

Change-Id: I15f04a00b6e2ac537bf565423f3b190b1869e3ab
 2022-02-23 17:18:06 +00:00
Jinting Lin
e6af74a6c4 Adds mnt file and batt info permissions for modem app 
Bug: 220076340
Merged-In: Icd02d4f8757719afed020c27a90812921d5f37ec
Change-Id: Icd02d4f8757719afed020c27a90812921d5f37ec
(cherry picked from commit 2c914cd02c)
 2022-02-23 05:55:57 +00:00
Jinting Lin
7ba8b12bb8 Adds logging related properties for logger app 
Bug: 220073302
Merged-In: I3917ce13f51a5ccb3304eb2db860f4da8424438b
Change-Id: I3917ce13f51a5ccb3304eb2db860f4da8424438b
(cherry picked from commit e65363450c)
 2022-02-23 03:16:00 +00:00
Krzysztof Kosiński
3884738538 Camera: re-add TEE access. 
Face auth is being investigated for Android T, so this access
is still needed. It was initially omitted from ag/16719985 because
it did not launch in Android S.

Bug: 220886644
Test: build for P10
Change-Id: I61ecc685397fcab6f356e98abfc88e8cb34254f4
 2022-02-23 02:51:40 +00:00
Adam Shih
b158d7b088 avoid pixellogger from crashing 
Bug: 220935985
Test: pixellogger stays alive for 2 minutes
Change-Id: I9f70f1a936731332ada3abfa945e60f8aff58279
 2022-02-23 09:58:37 +08:00
Robb Glasser
b273426e98 Fix sensors_hal selinux denials. am: 727d070b13 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16945897

Change-Id: Ic2597d188b9f5b4fd8d779d22ec8bc57ab02d16a
 2022-02-22 19:46:30 +00:00
Robb Glasser
727d070b13 Fix sensors_hal selinux denials. 
Bug: 214473093
Bug: 218930975
Bug: 210067282
Test: com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: Ifd865efd0544f246d1c188f3edce9f05f27313d2
 2022-02-22 19:25:50 +00:00
Krzysztof Kosiński
5975dd89c8 Camera: add setsched capability. am: 7997d6a8a0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16943772

Change-Id: I0dd3ce7386c49db308618ceb5b75c04e1c58c5fe
 2022-02-22 08:48:23 +00:00
Krzysztof Kosiński
7997d6a8a0 Camera: add setsched capability. 
The camera HAL needs to increase the priority of some threads
to reduce frame drops.

Bug: 205072921
Test: Inspected logcat on P10
Change-Id: Ife5194c780a91f32d718f8db38e41f2f47fb929f
 2022-02-22 08:12:57 +00:00
Adam Shih
37c001e736 Let GPU reload am: b322df9960 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16972944

Change-Id: I378151b91d62b5c0eca3f876a82a5d73886dbe18
 2022-02-22 07:43:55 +00:00
Adam Shih
b322df9960 Let GPU reload 
02-22 12:59:47.955    15    15 I mali 28000000.mali: reloading firmware
02-22 12:59:47.955    15    15 W mali 28000000.mali: loading /vendor/firmware/mali_csffw.bin failed with error -13
02-22 12:59:47.955    15    15 W mali 28000000.mali: Direct firmware load for mali_csffw.bin failed with error -2
02-22 12:59:47.955    15    15 E mali 28000000.mali: Failed to reload firmware image 'mali_csffw.bin'
02-22 12:59:47.920    15    15 W kworker/0:1: type=1400 audit(0.0:10): avc: denied { read } for name="mali_csffw.bin" dev="dm-4" ino=5689716 scontext=u:r:kernel:s0 tcontext=u:object_r:same_process_hal_file:s0 tclass=file permissive=0

Bug: 220801802
Test: device can resume after an hour of suspend.
Change-Id: Ib252d6b1ac50ba7578a2ebf8cd8745004c385378
 2022-02-22 07:05:54 +00:00
neoyu
faac353bfb Fix SELinux errors for ims am: 9d12b77b67 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962938

Change-Id: I9cc01f3a6b6ef01dbe3e6356e124c55354510559
 2022-02-22 02:27:58 +00:00
neoyu
9d12b77b67 Fix SELinux errors for ims 
Sync different parts from P21 to P22

Bug: 220244357
Test: manual
Change-Id: Idf8e5e612b46370812be0907e75e9ae43f37ab7b
 2022-02-22 01:43:29 +00:00
neoyu
d889ee6353 Fix SELinux errors for vendor_init am: 7a34798ea4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962933

Change-Id: I22d3af89dd84fab0330f1180b39a55157add6f33
 2022-02-21 10:32:55 +00:00
neoyu
05fbdcedc3 Fix SELinux errors for rild am: 26aa7c150e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962925

Change-Id: I288eca3c6e1e92558775082bbeac8c371d549379
 2022-02-21 07:01:27 +00:00
Tai Kuo
373795e6a5 Remove hal_vibrator_default avc tracking denials am: bc3924f61d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16939010

Change-Id: I6a962e36cee9d8f402e1386f3736219e9a15b8a7
 2022-02-21 07:01:17 +00:00
wenchangliu
44eba6830b Allow hal_graphics_allocator to access vscaler_heap_device am: 84d53775e1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962930

Change-Id: I6524c426deb02574346c67e66e81c8caa226d731
 2022-02-21 07:01:04 +00:00
wenchangliu
258318a4af Allow hal_graphics_allocator to access dmabuf_system_secure_heap_device am: ad0a033f97 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962929

Change-Id: Ic9b9d211039819015f0a432d6ec703d259cb5677
 2022-02-21 07:01:04 +00:00
neoyu
7a34798ea4 Fix SELinux errors for vendor_init 
avc: denied { set } for property=logd.logpersistd pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=logd.logpersistd.size pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.use.iccid_to_plmn pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.emergencynumber.mode pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log_mask pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log.base_dir pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log.chunk_size pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'

Bug: 220261262
Test: manual
Change-Id: Ieb6673234f913af25e275e61404098a0deccbed2
 2022-02-21 14:58:29 +08:00
neoyu
26aa7c150e Fix SELinux errors for rild 
avc: denied { set } for property=vendor.sys.modem_reset pid=990 uid=1001 gid=1001 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 220261262
Test: manual
Change-Id: I2bd616345f665c0cffd1ee73db790708f9cbca06
 2022-02-21 06:38:42 +00:00
Tai Kuo
bc3924f61d Remove hal_vibrator_default avc tracking denials 
Bug: 204718450
Bug: 207062207
Bug: 208721729
Test: pts-tradefed run pts -m PtsSELinuxTest -t
  com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: Icb3d6a48fc9fbb6e6644d1d65150436f7c0c8c3f
 2022-02-21 06:37:00 +00:00