Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
488 commits 1 branch 0 tags 63 MiB
Commit graph

488 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nishok Kumar S
a8c8d9f1be Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe am: dd3de4d24e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: I566cbdca0bbe6aa0aa2936983534c4b076391fe4
 2022-03-03 04:54:17 +00:00
Nishok Kumar S
dd3de4d24e Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: If5cbce0c7a2489272853813e915a58560e1cfe86
 2022-03-03 04:30:16 +00:00
Nishok Kumar S
f91a98467c Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: Ie637dc2f227d20fcd7b82ae4d9bf45708e995dfa
 2022-03-03 04:30:14 +00:00
Nishok Kumar S
e95f5edafe Allow camera HAL and GCA to access Aurora GXP device. 
The camera HAL and Google Camera App
need selinux permission to run workloads on Aurora DSP. This
change adds the selinux rules too allow these clients to
access the GXP device and load firmware onto DSP cores
in order to execute workloads on DSP.

Bug: 220086991
Test: Verified that the camera HAL service and GCA app is able to access the GXP device and load GXP firmware.
Change-Id: I1bd327cfbe5b37c88154acda54bf6c396e939289
 2022-03-03 04:02:33 +00:00
Robert Lee
fcd5a53861 Fix selinux error for aocd am: 129ef29bc8 am: fd043e784a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: Id4fbde99b2a48ecb455edd7de6d0712e41dd3b39
 2022-03-03 03:16:07 +00:00
Robert Lee
f5fb96dd9d Fix selinux error for aocd am: 129ef29bc8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: I0fa5066a5278676cb68ab2b53d7f60f03c7546c3
 2022-03-03 02:53:34 +00:00
Robert Lee
fd043e784a Fix selinux error for aocd am: 129ef29bc8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: I12907f22900800c745b69d263208dae82f0b4d4d
 2022-03-03 02:52:11 +00:00
Robert Lee
129ef29bc8 Fix selinux error for aocd 
allow write permission to fix following error
auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm="aocd" name="aoc" dev="tmpfs" ino=497 scontext=u:r:aocd:s0 tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=0

Bug: 198490099
Test: no avc deny when enable no_ap_restart
Change-Id: I06dc99f1a5859589b33f89ce435745d15e2e5749
Signed-off-by: Robert Lee <lerobert@google.com>
 2022-03-03 02:22:53 +00:00
Siddharth Kapoor
c0e662dc27 Add libgpudataproducer as sphal am: 2d43200489 am: dbefffd54b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I8b89645d0ae235a1ca48be49f98dabbef737d4df
 2022-03-03 01:59:27 +00:00
Jinting Lin
a7dc4f5973 Fix avc denied for slsi engineermode app am: 94d7f6cce6 am: b0cb6083a9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: Ia04f584defd026f8bf29b1cc8ad053b646452ee2
 2022-03-03 01:58:51 +00:00
Siddharth Kapoor
1869966388 Add libgpudataproducer as sphal am: 2d43200489 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I95227f77d2c276dc630f21ada38efdc34d58cdb2
 2022-03-03 01:26:48 +00:00
Siddharth Kapoor
dbefffd54b Add libgpudataproducer as sphal am: 2d43200489 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I92c4b3a7dee9578980ca4850e744921782ea16f8
 2022-03-03 01:24:36 +00:00
Jinting Lin
b0cb6083a9 Fix avc denied for slsi engineermode app am: 94d7f6cce6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: I300f01cc8f98c7b740f327ef655dfcd5648b13ca
 2022-03-03 01:24:31 +00:00
Jinting Lin
1714417845 Fix avc denied for slsi engineermode app am: 94d7f6cce6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: Ifa1e8c56273b69f8fbfcdb4be95fe3924e4df0aa
 2022-03-03 01:23:20 +00:00
Siddharth Kapoor
2d43200489 Add libgpudataproducer as sphal 
Bug: 222042714
Test: CtsGpuProfilingDataTestCases passes on User build

Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
Change-Id: I1997f3e66327486f15b1aa742aa8e82855b07e05
 2022-03-03 01:08:52 +00:00
Jinting Lin
94d7f6cce6 Fix avc denied for slsi engineermode app 
log:
avc: denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:platform_app:s0:c512,c768 pid=5111 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { call } for comm="si.engineermode" scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.samsung.slsi.engineermode
avc: denied { call } for comm="HwBinder:1016_1" scontext=u:r:rild:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=binder permissive=0
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:vendor_engineermode_app:s0:c225,c256,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.samsung.slsi.engineermode

Test: side load the trail build sepolicy, then check the app

Bug: 221482792
Change-Id: I84768ed128a2b8c57d6a3e0a0f0aa8c4d4b91857
 2022-03-03 01:01:08 +00:00
sukiliu
431f4747cc update error on ROM 8223177 am: b1c5fcff3d am: d0afc4ccf5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005595

Change-Id: I1796687e67345c2e3ae7d52849d36e02a511e611
 2022-03-02 07:11:09 +00:00
sukiliu
88653306ce update error on ROM 8223177 am: b1c5fcff3d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005595

Change-Id: I00cb31a95f1076bd185e71c09b85ca5cb563b367
 2022-03-02 06:50:04 +00:00
sukiliu
d0afc4ccf5 update error on ROM 8223177 am: b1c5fcff3d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005595

Change-Id: I43a4d7d92ba5bb868d0e9167afbb5af5dac852c9
 2022-03-02 06:49:10 +00:00
sukiliu
b1c5fcff3d update error on ROM 8223177 
Bug: 221384981
Bug: 221384939
Bug: 221384996
Bug: 221384768
Bug: 221384770
Bug: 221384860
Test: PtsSELinuxTestCases
Change-Id: I50916dca7548bce0e77d90a36ad8f9ba1ca7c711
 2022-03-02 06:30:05 +00:00
Roshan Pius
2fe3313727 gs-sepolicy: Fix legacy UWB stack sepolicy rules am: a1f0d2aa9a am: a492dff7cc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17045928

Change-Id: Ie9b49694ff62287867606d6e8f31f05c85501765
 2022-03-01 19:18:41 +00:00
Roshan Pius
8dd3e0b971 gs-sepolicy: Fix legacy UWB stack sepolicy rules am: a1f0d2aa9a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17045928

Change-Id: Ibf58b9ef905da9b1c8fd94beb2603f0ea7dc79b5
 2022-03-01 18:54:19 +00:00
Roshan Pius
a492dff7cc gs-sepolicy: Fix legacy UWB stack sepolicy rules am: a1f0d2aa9a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17045928

Change-Id: I4e5377239bc0ebddb388ae4de486e2e87ccea0d1
 2022-03-01 18:52:42 +00:00
Roshan Pius
a1f0d2aa9a gs-sepolicy: Fix legacy UWB stack sepolicy rules 
This rule was present on previous devices.

Denial logs:
02-24 09:22:08.214   427   427 E SELinux : avc:  denied  { find } for
pid=1479 uid=1000 name=uwb_vendor scontext=u:r:system_server:s0
tcontext=u:object_r:uwb_vendor_service:s0 tclass=service_manager permissive=0

Bug: 221292100
Test: Compiles
Change-Id: I6de4000a9cebf46a0d94032aade7b2d40b94ca16
 2022-03-01 18:25:00 +00:00
Tommy Chiu
024f58cc54 RKP: Add IRemotelyProvisionedComponent service am: b7790aa7a8 am: c94ef875af 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17034406

Change-Id: Iecf2ba97b2f4c99d2d52be40f36babe3ab773937
 2022-03-01 07:02:37 +00:00
Tommy Chiu
7845870ddd RKP: Add IRemotelyProvisionedComponent service am: b7790aa7a8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17034406

Change-Id: Ie8a7f246dbbc26d9e64a18a831326d3aee5ed1f9
 2022-03-01 06:42:23 +00:00
Tommy Chiu
c94ef875af RKP: Add IRemotelyProvisionedComponent service am: b7790aa7a8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17034406

Change-Id: I19740f1d8d82c0ff1227709aa639bd8c2b0938db
 2022-03-01 06:39:43 +00:00
Tommy Chiu
b7790aa7a8 RKP: Add IRemotelyProvisionedComponent service 
Bug: 212643050
Bug: 221503025
Change-Id: I7932ba96d0d7dd603d360cd7319997a7c108500a
 2022-03-01 06:10:23 +00:00
Badhri Jagan Sridharan
b9268781da [automerger skipped] android.hardware.usb.IUsb AIDL migration am: fc08341bd6 am: b68d5b153c -s ours 
am skip reason: Merged-In Ia8c24610244856490c8271433710afb57d3da157 with SHA-1 fc08341bd6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17009127

Change-Id: Id6b50ba2b3860238fa6adebad6dc974aa3b2352a
 2022-03-01 04:17:17 +00:00
Badhri Jagan Sridharan
98d92876de [automerger skipped] android.hardware.usb.IUsb AIDL migration am: fc08341bd6 -s ours 
am skip reason: Merged-In Ia8c24610244856490c8271433710afb57d3da157 with SHA-1 775523d1eb is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17009127

Change-Id: I107a850c88f445e4b91253a46a00e4197e806bf1
 2022-03-01 03:55:58 +00:00
Badhri Jagan Sridharan
b68d5b153c android.hardware.usb.IUsb AIDL migration am: fc08341bd6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17009127

Change-Id: Ib469d2785c355195621edc4a509f3db07d11ea54
 2022-03-01 03:55:10 +00:00
Badhri Jagan Sridharan
fc08341bd6 android.hardware.usb.IUsb AIDL migration 
Cherry-pick of <775523d1eb>

android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

[   37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
[   39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
...
[   42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1
[   43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[   43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1'

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
Merged-In: Ia8c24610244856490c8271433710afb57d3da157
 2022-03-01 03:32:23 +00:00
YiHo Cheng
5b27c53dd7 thermal: Label tmu register dump sysfs am: be92764669 am: 3a13f5708b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005600

Change-Id: Iee1567b0c9563388b270f99f29dc62efdc2ae2a7
 2022-03-01 02:15:46 +00:00
YiHo Cheng
6a1e7e3340 thermal: Label tmu register dump sysfs am: be92764669 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005600

Change-Id: I5d714128eacd3e64dc44baff1e6ad295a6bf61fe
 2022-03-01 01:51:51 +00:00
YiHo Cheng
3a13f5708b thermal: Label tmu register dump sysfs am: be92764669 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005600

Change-Id: I3b54fe773cedef0087cd9f3733b23b0dcdeb1da9
 2022-03-01 01:50:45 +00:00
YiHo Cheng
be92764669 thermal: Label tmu register dump sysfs 
Allow dumpstate to access tmu register dump sysfs

[  174.114566] type=1400 audit(1645790696.920:13): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_state" dev="sysfs"
ino=65178
 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
 tclass=file permissive=0
 [  174.115092] type=1400 audit(1645790696.920:14): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_reg_dump_current_temp" dev="sysfs"
 in
 o=65179 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115208] type=1400 audit(1645790696.920:15): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_rise_thres"
 dev="sysfs"
 ino=65180 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115398] type=1400 audit(1645790696.920:16): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_fall_thres"
 dev="sysfs"
 ino=65182 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115498] type=1400 audit(1645790696.920:17): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_rise_thres"
 dev="sysfs"
 ino=65181 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 215040856
Test: check tmu register dump sysfs output in dumpstate
Change-Id: Ica48e37344a69264d4b4367af7856ec20b566a9e
 2022-03-01 01:24:00 +00:00
Yu-Chi Cheng
7a53f0050b Allowed GCA to access EdgeTPU for P22 devices. am: 172271fdbc am: e398726310 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17016803

Change-Id: I5ac3df1ecd82d58ace49d97910168e004f416555
 2022-02-26 00:24:58 +00:00
Yu-Chi Cheng
e398726310 Allowed GCA to access EdgeTPU for P22 devices. am: 172271fdbc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17016803

Change-Id: I75df18545ece29becfff7c4eb1624c07c12eefd7
 2022-02-26 00:01:27 +00:00
Yu-Chi Cheng
b6adb75029 Allowed GCA to access EdgeTPU for P22 devices. am: 172271fdbc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17016803

Change-Id: If1a466f643e9768974cc02ed555d6cd543bad153
 2022-02-26 00:01:15 +00:00
Yu-Chi Cheng
172271fdbc Allowed GCA to access EdgeTPU for P22 devices. 
This change includes the google_camera_app domain
into the EdgeTPU selinux rules. With it the GCA
is now able to access EdgeTPU.

Bug: 221020793
Test: verified GCA to work on P22.
Change-Id: I69010e2a8cca1429df402ae587b939d38e20a287
 2022-02-25 23:36:01 +00:00
Jinting Lin
ee692faed2 Fix avc denied for vendor silent logging app am: e44f3c867c am: 45fcc5f934 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986448

Change-Id: I104b71459beb590797d977e18f0a0455329aee74
 2022-02-25 16:04:55 +00:00
Jinting Lin
079719c2b0 Fix avc denied for vendor silent logging app am: e44f3c867c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986448

Change-Id: I6360f039728d972f47c761e06748d6b2443ba911
 2022-02-25 08:27:05 +00:00
Jinting Lin
45fcc5f934 Fix avc denied for vendor silent logging app am: e44f3c867c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986448

Change-Id: I4a4019c4c847dbfabf4bcc985b7dba56591dc6e9
 2022-02-25 06:05:41 +00:00
Jinting Lin
e44f3c867c Fix avc denied for vendor silent logging app 
log:
avc: denied { getattr } for comm="y.silentlogging" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { search } for comm="y.silentlogging" name="com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
denied { read } for comm="y.silentlogging" name="u:object_r:vendor_slog_prop:s0" dev="tmpfs" ino=338 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_prop:s0 tclass=file permissive=0
avc: denied { search } for comm="y.silentlogging" name="slog" dev="dm-42" ino=314 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0
avc: denied { read } for comm="y.silentlogging" name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 pid=7322 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=0
avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:r:sced:s0 tclass=binder permissive=0
avc: denied { read } for comm="getenforce" name="enforce" dev="selinuxfs" ino=4 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=0
avc: denied { set } for property=persist.vendor.modem.logging.shannon_app pid=7279 uid=1000 gid=1000 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=property_service permissive=0'

avc: denied { call } for comm="HwBinder:1001_1" scontext=u:r:sced:s0 tcontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tclass=binder permissive=0

avc: denied { call } for scontext=u:r:dmd:s0 tcontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tclass=binder permissive=0

avc: denied { getattr } for comm="tlogging:remote" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_silentlogging_remote_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="slog" dev="dm-42" ino=314 scontext=u:r:vendor_silentlogging_remote_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0

Test: flash TH build then run basic test of silent logging app

Bug: 220847487
Change-Id: Ib5ac1e796e8e816d024cebc584b5699ab8ed1162
 2022-02-25 05:35:06 +00:00
Badhri Jagan Sridharan
775523d1eb android.hardware.usb.IUsb AIDL migration 
android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

[   37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
[   39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
...
[   42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1
[   43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[   43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1'

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
 2022-02-25 00:51:26 +00:00
SalmaxChang
d355e26031 Add missing vendor_logger_prop rule am: 7cb9cc182b am: 711eb4d39e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16996081

Change-Id: I898d40f04b1d92ba70d1a473b78142882f7f1c57
 2022-02-24 14:29:19 +00:00
SalmaxChang
6e50b6c086 Add missing vendor_logger_prop rule am: 7cb9cc182b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16996081

Change-Id: I7a0bbf078bf056c35c03f4438020a165d0eb1866
 2022-02-24 13:29:32 +00:00
SalmaxChang
711eb4d39e Add missing vendor_logger_prop rule am: 7cb9cc182b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16996081

Change-Id: If4364de5ee9fd24dcdbbd881550596456907f4eb
 2022-02-24 13:06:15 +00:00
SalmaxChang
7cb9cc182b Add missing vendor_logger_prop rule 
init    : Do not have permissions to set 'persist.vendor.verbose_logging_enabled' to 'true' in property file '/vendor/build.prop': SELinux permission check failed

Bug: 221173724
Bug: 221154649
Change-Id: Ic35e6f1d40f15efefead4530f8d320b72d7366e4
 2022-02-24 07:45:39 +00:00
Zachary Iqbal
cbd2301c12 Give gralloc access to the faceauth_heap_device. am: 4bbc6969e5 am: 0dca35958b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16995763

Change-Id: I821a83023676a3bffeb0d4dc4eda84ff3bc2418a
 2022-02-24 07:16:53 +00:00