Commit graph

1788 commits

Author SHA1 Message Date
Steven Moreland
f10b9bf2cd Remove vendor_service.
We want to avoid associating types with where they can be used.

Bug: 237115222
Test: build
Change-Id: I6795d960aa2a3b3832be8e0f6a11cb0fc3337982
2022-07-26 23:53:54 +00:00
Wiwit Rifa'i
d889102a8f Add SE policies for HWC logs
Bug: 230361290
Test: adb bugreport
Test: adb shell vndservice call Exynos.HWCService 11 i32 0 i32 308 i32 1
Change-Id: I12e6c1b4527829699211dae379f1e44da069b974
2022-07-26 08:25:42 +00:00
Adam Shih
00865670a4 [automerger skipped] sync bug_map with downstream am: b34d1c1ed0 am: fcb18faeb1 am: 5208624c3e -s ours
am skip reason: Merged-In If07a3611f40324d985a387c6dd7f2570c90c7c11 with SHA-1 2c3812aac3 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19349280

Change-Id: I2755d7598a37cd1b450fe4acb47e8aebd106dca7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-25 22:34:28 +00:00
Adam Shih
90d4c2039d [automerger skipped] sync bug_map with downstream am: b34d1c1ed0 am: 813e69784d am: 05991af46f -s ours
am skip reason: Merged-In If07a3611f40324d985a387c6dd7f2570c90c7c11 with SHA-1 2c3812aac3 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19349280

Change-Id: I05b16e3d8de22810861d04af77950522f5aafa1d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-25 22:33:23 +00:00
Adam Shih
5208624c3e sync bug_map with downstream am: b34d1c1ed0 am: fcb18faeb1
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19349280

Change-Id: I8e49824f8c4c68d3af28cee59da2b2aece8fa0b2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-25 21:56:10 +00:00
Adam Shih
05991af46f sync bug_map with downstream am: b34d1c1ed0 am: 813e69784d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19349280

Change-Id: I93d1b34ef647501e7c99eed163a79f9b190f0b75
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-25 21:55:38 +00:00
Adam Shih
fcb18faeb1 sync bug_map with downstream am: b34d1c1ed0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19349280

Change-Id: Id6d9092dd4f1e1b59b911a4bba12aca4f238248e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-25 21:32:08 +00:00
Adam Shih
813e69784d sync bug_map with downstream am: b34d1c1ed0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19349280

Change-Id: I11105def02ffc78d663ebfdf9548cf111429120b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-25 21:31:56 +00:00
Adam Shih
b34d1c1ed0 sync bug_map with downstream
Bug: 239403666
Test: boot
Change-Id: I7e95cc5169ce56f1bba031b4d8a83ab1d5c80b26
Merged-In: If07a3611f40324d985a387c6dd7f2570c90c7c11
2022-07-25 21:05:38 +00:00
Stephane Lee
aacf5c43fc Bug fixed in ag/19153533
Bug: 238260742
Test: N/A
Change-Id: I4f7494eb37b04f994e14b7ff418bc9e2819e25cb
2022-07-22 16:59:10 -07:00
Tri Vo
13f3fdc8ff storageproxyd: Remove setuid/setgid SELinux permissions
Bug: 205904330
Test: fingerprint enrollment/authentication
Change-Id: Ied64163f1142c1dd05274867c2863592e49042f3
2022-07-22 17:30:42 +00:00
sukiliu
eabd743991 Remove regmap from list
Bug: 227286343
Test: PtsSELinuxTestCases
Change-Id: I0df048e6944623d992f66688550e534c038714d9
2022-07-22 04:19:13 +00:00
Edmond Chung
45ae1ce63f Allow vendor_init to set camera properties am: c09b0f9873 am: ed1f75b8aa am: 087f96ccf0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19381316

Change-Id: I9bf633cebf8fc4dbd5fe1459d46f682399d2b20f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-22 02:35:32 +00:00
Edmond Chung
b9337d2ab3 Allow vendor_init to set camera properties am: c09b0f9873 am: 135261452d am: 12154623dc
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19381316

Change-Id: I6c2f9ec9433c1d2be00baebf59172f5cd6a48132
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-22 02:35:13 +00:00
Edmond Chung
087f96ccf0 Allow vendor_init to set camera properties am: c09b0f9873 am: ed1f75b8aa
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19381316

Change-Id: Ic462b751b4d3e3d2d18da39e76d5bf7dd1696a3c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-22 02:18:35 +00:00
Edmond Chung
12154623dc Allow vendor_init to set camera properties am: c09b0f9873 am: 135261452d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19381316

Change-Id: If7fccd0c50043a74ea95f49426930b87779ef0f7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-22 02:08:54 +00:00
Edmond Chung
ed1f75b8aa Allow vendor_init to set camera properties am: c09b0f9873
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19381316

Change-Id: I6dd674a0a9dfde23a38137d67a4db4437395600a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-22 01:46:05 +00:00
Edmond Chung
135261452d Allow vendor_init to set camera properties am: c09b0f9873
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19381316

Change-Id: I895cb20aa12d6611d09338c2e0dab1748a74aa68
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-22 01:45:56 +00:00
Edmond Chung
c09b0f9873 Allow vendor_init to set camera properties
Bug: 239368308
Test: Camera CTS
Change-Id: Ia34804235729d5230123431a4b315bb2967c4cc8
2022-07-22 01:44:15 +00:00
Jack Wu
49b9a9a859 Update SELinux error am: c50018a543 am: fb3b2b7988
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19379646

Change-Id: I2319322791af38d9d4e44591a18f56d1a8f6dd3b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-21 18:42:52 +00:00
Jack Wu
fb3b2b7988 Update SELinux error am: c50018a543
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19379646

Change-Id: I384a3a37914704e167ce7e4363fb319d44111b61
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-21 18:24:16 +00:00
Jack Wu
c50018a543 Update SELinux error
Bug: 238398889
Test: no avc denied in TreeHugger verified
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Ia18714461cb9f30fe110917489adddee98de194f
2022-07-21 21:44:03 +08:00
Adam Shih
ebd7170495 Update SELinux error
Test: SELinuxUncheckedDenialBootTest
Bug: 239632439
Change-Id: I42608d6fc5b3128915f7801e9000548a12ce7efa
2022-07-20 09:12:17 +08:00
matthuang
fdccd0cf8f Add security context for com.google.usf.non_wake_up/wakeup. am: 1c7154c453 am: 645ab36c29
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19320259

Change-Id: Ie4bcb4c86598a7dbbef05f22daa64b84fb54a5f2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-19 07:37:23 +00:00
matthuang
645ab36c29 Add security context for com.google.usf.non_wake_up/wakeup. am: 1c7154c453
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19320259

Change-Id: I1347e599954db1455332c5e1304705a65e790770
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-19 07:09:06 +00:00
matthuang
1c7154c453 Add security context for com.google.usf.non_wake_up/wakeup.
Bug: 195077076
Test: Confirm there is no avc denied log.
Change-Id: I86c787d59203464fc3b8b2b94b4883cbd07196b0
2022-07-19 06:53:48 +00:00
Adam Shih
2c3812aac3 Update SELinux error
Test: SELinuxUncheckedDenialBootTest
Bug: 239484651
Bug: 239484612
Change-Id: If07a3611f40324d985a387c6dd7f2570c90c7c11
2022-07-19 09:07:27 +08:00
Robin Peng
209af1944d init-insmod-sh: fix avc error am: dfc95d0774 am: 8368a0a967
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19320251

Change-Id: Ic192f137eaf63c16cb942cd13490a62bfde27c9c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-18 10:58:50 +00:00
Robin Peng
8368a0a967 init-insmod-sh: fix avc error am: dfc95d0774
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19320251

Change-Id: I4253cddfc840c0a72ebd9943a21fac8be2b2981d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-18 10:31:40 +00:00
Robin Peng
dfc95d0774 init-insmod-sh: fix avc error
avc: denied { set } for property=vendor.all.modules.ready pid=1238 uid=0 gid=0 scontext=u:r:init-insmod-sh:s0 tcontext=u:object_r:vendor_ready_prop:s0 tclass=property_service permissive=0

Bug: 238853979
Signed-off-by: Robin Peng <robinpeng@google.com>
Change-Id: Ic8d7af3c1d73f3079e126b66b38d728fe4d70ea4
2022-07-18 04:54:57 +00:00
Adam Shih
52ec99ce41 Update SELinux error
Test: SELinuxUncheckedDenialBootTest
Bug: 239364360
Change-Id: I6ea0b1a4fabd7ac29470afa48a0d84beccf0af28
2022-07-18 10:55:53 +08:00
Adam Shih
5eda61d1e0 Update SELinux error
Bug: 234547283
Change-Id: I81b2885e2b7c7f77f76bc6048c901dfc4226a4fb
2022-07-15 00:30:06 +00:00
Robb Glasser
13cdb1a7ad Remove HAL sensors dontaudits. am: 46c4571485 am: 76ff3ba367 am: 0e855aa924
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19281889

Change-Id: If5b2e6ca7aae3b9a97cf154126116acc26399b54
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-14 02:53:55 +00:00
Robb Glasser
6652430fc4 Remove HAL sensors dontaudits. am: 46c4571485 am: b93c3b981b am: 5325bbdf2f
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19281889

Change-Id: Ifed619dba499bd940ff2c7019b7c3d6ef6e5998e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-14 02:53:05 +00:00
Robb Glasser
0e855aa924 Remove HAL sensors dontaudits. am: 46c4571485 am: 76ff3ba367
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19281889

Change-Id: I0bbc8360988917f283cdd4013142f68258077bdc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-14 02:34:39 +00:00
Robb Glasser
5325bbdf2f Remove HAL sensors dontaudits. am: 46c4571485 am: b93c3b981b
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19281889

Change-Id: Ib0f872ffa8e66cee2fe4b12adb02463b450d42fd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-14 02:33:37 +00:00
Robb Glasser
76ff3ba367 Remove HAL sensors dontaudits. am: 46c4571485
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19281889

Change-Id: I003515c35a34416c0c49fe1267ba9ed54c9e2f8c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-14 02:07:43 +00:00
Robb Glasser
b93c3b981b Remove HAL sensors dontaudits. am: 46c4571485
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19281889

Change-Id: Ib1b79c1528832a2705dcee251e2b239cef63455e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-14 02:07:41 +00:00
Robb Glasser
46c4571485 Remove HAL sensors dontaudits.
Sensors HAL sepolicy is written, but the dontaudit parts were not
cleaned up at the time. Removing these as they are no longer needed.

Bug: 227695036
Test: No denials as expected.
Change-Id: Idc0ed7f380cb07bfc7695ef3019f335fd8fad0a2
2022-07-13 11:06:04 -07:00
Adam Shih
9899069adb Update SELinux error
Test: SELinuxUncheckedDenialBootTest
Bug: 238705599
Change-Id: Ia78ce7f5b2adc41f7d64b99279681acce647e8bb
2022-07-12 12:49:17 +08:00
Adam Shih
1e606d96f1 Update SELinux error
Test: SELinuxUncheckedDenialBootTest
Bug: 238571150
Change-Id: Idb8c4f3e99d23e73fe2e63beec1142d1207c0a05
2022-07-11 10:24:25 +08:00
Kyle Tso
6ddb00d0c5 Add logbuffer file_contexts am: c2ed52536e am: 6218ff00ec
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19065329

Change-Id: Iaa6476fe43b2975bfe3c38f045f93b7a57ba61e3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-09 07:57:47 +00:00
Kyle Tso
6218ff00ec Add logbuffer file_contexts am: c2ed52536e
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19065329

Change-Id: Ibd266344d154338c48672da6d949edd10cc7da40
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-09 07:40:25 +00:00
Kyle Tso
c2ed52536e Add logbuffer file_contexts
Bug: 237082721
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: Ieaf04f7381db1febe5a3899a727b6a49726bf10b
2022-07-09 07:22:55 +00:00
Daniel Angell
3adb31f004 Remove dontaudit rules related to storageproxyd's /data access.
Removing dontaudits for both tracking_denials/tee.te and
whitechapel_pro/tee.te results in no new audit log messages related to
storageproxyd, so they can both be removed.

Bug: 215649571
Test: adb logcat | grep -iE 'storageproxyd'

Change-Id: I8dc735bcaf0725c8d4eab4587f7a7fce21f4e25c
2022-07-07 18:37:23 +00:00
Star Chang
b37cb131ce wifi_sniffer: Add policy to allow wifi sniffer to access wifi firmware am: c466a68305 am: 932cf00952 am: 83eec39629
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19132092

Change-Id: Ie344b22cbf59832fe4bd73f13a78308f32f13a4f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-07 07:46:32 +00:00
Star Chang
9e803338be wifi_sniffer: Add policy to allow wifi sniffer to access wifi firmware am: c466a68305 am: 407c14d952 am: 30af05ede4
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19132092

Change-Id: Ie4a340374c5e59bdba96528b6d717c2ce0c72281
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-07 07:45:57 +00:00
Star Chang
83eec39629 wifi_sniffer: Add policy to allow wifi sniffer to access wifi firmware am: c466a68305 am: 932cf00952
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19132092

Change-Id: I12a467b4ef37fa13ff82e1adc66d504430247e74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-07 07:15:02 +00:00
Star Chang
30af05ede4 wifi_sniffer: Add policy to allow wifi sniffer to access wifi firmware am: c466a68305 am: 407c14d952
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19132092

Change-Id: If4468131df2226ac09aa0a20892147bd872e4a4d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-07 07:14:42 +00:00
Star Chang
932cf00952 wifi_sniffer: Add policy to allow wifi sniffer to access wifi firmware am: c466a68305
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19132092

Change-Id: If9f48a717ec9ae82dda176dfcd1a5b26651028ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-07 06:51:32 +00:00