Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2159 commits 1 branch 0 tags 63 MiB
Commit graph

2159 commits

This branch
This branch
All branches
Author SHA1 Message Date
Adam Shih
32040ce078 grant bugreport access to camera debug system property am: 1616b97465 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17071447

Change-Id: Ie1362e9f46201122818b21355022368d3d383799
 2022-03-04 06:18:39 +00:00
millerliang
801b87fe71 Fix AAudio avc denied 
I auditd  : type=1400 audit(0.0:35): avc:
denied { map } for comm="binder:896_4" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=1138 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0

E SELinux : avc:  denied  { find } for pid=887 uid=1041 name=audio
scontext=u:r:audioserver:s0 tcontext=u:object_r:audio_service:s0
tclass=service_manager permissive=0

Bug: 222191260
Test: Flash TH ROM and test it by the following command
Test: test_steal_exclusive -c0

Signed-off-by: millerliang <millerliang@google.com>
Change-Id: I8ea6741f3682b568de089d040d511b68938374ab
 2022-03-04 06:14:55 +00:00
Adam Shih
1616b97465 grant bugreport access to camera debug system property 
Bug: 221384770
Test: do bugreport without seeing relevant error
Change-Id: Ie27ac5f2c6e13ec31ccec2adb11762dacab1fbdf
 2022-03-04 05:58:20 +00:00
Jack Yu
bdcdaecc8f Allow platform_app to access Nfc service am: 450f61d51b am: 0a4921d8ea 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17049976

Change-Id: I00b0602f68ce7f0a979b7b0fa7efb9de9381f81e
 2022-03-04 03:46:09 +00:00
Jack Yu
0a4921d8ea Allow platform_app to access Nfc service am: 450f61d51b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17049976

Change-Id: I444b7cd68f067ad4490f975884d05bd7fab81189
 2022-03-04 03:11:59 +00:00
Jack Yu
2adfcd0067 Allow platform_app to access Nfc service am: 450f61d51b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17049976

Change-Id: I2c36dcaa473827137e3cd1c44553f93ae9c6392a
 2022-03-04 03:11:28 +00:00
Jack Yu
450f61d51b Allow platform_app to access Nfc service 
Fix selinux denial below.
avc:  denied  { find } for pid=11183 uid=10224 name=nfc
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:nfc_service:s0 tclass=service_manager
permissive=0

Bug: 222387662
Test: build pass
Change-Id: If97d8141acab23b4e13ea65ce28589195ef7ad9e
 2022-03-04 02:46:29 +00:00
Jinting Lin
f8e707d628 Allow modem diagnostic app to access default prop am: c3612c7097 am: b95ad92096 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072663

Change-Id: I524ae98f67e4f3c859e3528d6886318d8147084e
 2022-03-04 02:17:05 +00:00
Jinting Lin
b463b5aa9f Allow modem diagnostic app to access default prop am: c3612c7097 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072663

Change-Id: If23f46cc3e47c9496310bd9081d0a7461e49eee0
 2022-03-04 01:56:04 +00:00
Jinting Lin
b95ad92096 Allow modem diagnostic app to access default prop am: c3612c7097 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072663

Change-Id: Iba2f39b55334d40dc8339433b0b955dc29f1be80
 2022-03-04 01:54:47 +00:00
Jinting Lin
c3612c7097 Allow modem diagnostic app to access default prop 
log:
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.google.mds

Bug: 222509956
Change-Id: I50302b38f074e3f1a078ee48896154353e0937b6
 2022-03-04 01:35:39 +00:00
Ruofei Ma
e239561061 Allow mediacodec_google to access secure dma heap 
The change is for following error:
HwBinder:867_1: type=1400 audit(0.0:9): avc: denied { read } for
name="vframe-secure" dev="tmpfs" ino=425 scontext=u:r:mediacodec_google:s0
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0
tclass=chr_file permissive=0

Bug:221500257

Change-Id: I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009
 2022-03-04 01:21:32 +00:00
Devin Moore
7bff4ad858 [automerger skipped] Add the init_boot partition sepolicy am: ac44b340d3 am: 6ce3b8a590 -s ours 
am skip reason: Merged-In Ic991fa314c8a6fdb848199a626852a68a57d1df5 with SHA-1 ac44b340d3 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17070163

Change-Id: Ia7aed68cf3e0783b60b5879d782e621f314f3518
 2022-03-03 20:54:31 +00:00
Devin Moore
6ce3b8a590 Add the init_boot partition sepolicy am: ac44b340d3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17070163

Change-Id: If8db325971ac8ecd1d3ae318ab942df98bc847d8
 2022-03-03 20:30:36 +00:00
Devin Moore
bfb5875873 [automerger skipped] Add the init_boot partition sepolicy am: ac44b340d3 -s ours 
am skip reason: Merged-In Ic991fa314c8a6fdb848199a626852a68a57d1df5 with SHA-1 b3a10db9d6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17070163

Change-Id: If2c578b3c59cc42c44d34255cee3a252de6ca405
 2022-03-03 20:30:18 +00:00
Devin Moore
ac44b340d3 Add the init_boot partition sepolicy 
Tagging the partition as a boot_block_device so everything that had
permission to read/write to the boot partition now also has permissions
for this new init_boot partition.

This is required for update_engine to be able to write to init_boot on
builds that are enforcing sepolicy.

Bug: 222052598
Test: adb shell setenforce 1 && update_device.py ota.zip

Merged-In: Ic991fa314c8a6fdb848199a626852a68a57d1df5
Change-Id: Ic991fa314c8a6fdb848199a626852a68a57d1df5
 2022-03-03 20:01:09 +00:00
Robb Glasser
3f56033179 Add hal_graphics_composer_default to sensors sepolicy. am: 990294708f am: 3bd74d90b2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17051308

Change-Id: I629dc58eaf6f9b09cb35f0eafc7b1878ecdf63da
 2022-03-03 19:35:45 +00:00
Robb Glasser
44953b58b3 Add hal_graphics_composer_default to sensors sepolicy. am: 990294708f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17051308

Change-Id: Idf592c4d84da206ddc8cd6ed64d0f23c57d02717
 2022-03-03 19:11:54 +00:00
Robb Glasser
3bd74d90b2 Add hal_graphics_composer_default to sensors sepolicy. am: 990294708f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17051308

Change-Id: I692867ec79753dbd0c4f3909d26549d51c5e8f7d
 2022-03-03 19:11:41 +00:00
Robb Glasser
990294708f Add hal_graphics_composer_default to sensors sepolicy. 
Bug: 221396170
Test: No avc denial.

Change-Id: I23299524dec50d8c589c6acc9da8b3c8c3399f97
 2022-03-03 18:42:58 +00:00
Devin Moore
b3a10db9d6 Add the init_boot partition sepolicy 
Tagging the partition as a boot_block_device so everything that had
permission to read/write to the boot partition now also has permissions
for this new init_boot partition.

This is required for update_engine to be able to write to init_boot on
builds that are enforcing sepolicy.

Bug: 222052598
Test: adb shell setenforce 1 && update_device.py ota.zip

Change-Id: Ic991fa314c8a6fdb848199a626852a68a57d1df5
 2022-03-03 17:14:41 +00:00
Nishok Kumar S
a8c8d9f1be Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe am: dd3de4d24e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: I566cbdca0bbe6aa0aa2936983534c4b076391fe4
 2022-03-03 04:54:17 +00:00
Nishok Kumar S
dd3de4d24e Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: If5cbce0c7a2489272853813e915a58560e1cfe86
 2022-03-03 04:30:16 +00:00
Nishok Kumar S
f91a98467c Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: Ie637dc2f227d20fcd7b82ae4d9bf45708e995dfa
 2022-03-03 04:30:14 +00:00
Nishok Kumar S
e95f5edafe Allow camera HAL and GCA to access Aurora GXP device. 
The camera HAL and Google Camera App
need selinux permission to run workloads on Aurora DSP. This
change adds the selinux rules too allow these clients to
access the GXP device and load firmware onto DSP cores
in order to execute workloads on DSP.

Bug: 220086991
Test: Verified that the camera HAL service and GCA app is able to access the GXP device and load GXP firmware.
Change-Id: I1bd327cfbe5b37c88154acda54bf6c396e939289
 2022-03-03 04:02:33 +00:00
Robert Lee
fcd5a53861 Fix selinux error for aocd am: 129ef29bc8 am: fd043e784a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: Id4fbde99b2a48ecb455edd7de6d0712e41dd3b39
 2022-03-03 03:16:07 +00:00
Robert Lee
f5fb96dd9d Fix selinux error for aocd am: 129ef29bc8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: I0fa5066a5278676cb68ab2b53d7f60f03c7546c3
 2022-03-03 02:53:34 +00:00
Robert Lee
fd043e784a Fix selinux error for aocd am: 129ef29bc8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: I12907f22900800c745b69d263208dae82f0b4d4d
 2022-03-03 02:52:11 +00:00
Robert Lee
129ef29bc8 Fix selinux error for aocd 
allow write permission to fix following error
auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm="aocd" name="aoc" dev="tmpfs" ino=497 scontext=u:r:aocd:s0 tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=0

Bug: 198490099
Test: no avc deny when enable no_ap_restart
Change-Id: I06dc99f1a5859589b33f89ce435745d15e2e5749
Signed-off-by: Robert Lee <lerobert@google.com>
 2022-03-03 02:22:53 +00:00
Siddharth Kapoor
c0e662dc27 Add libgpudataproducer as sphal am: 2d43200489 am: dbefffd54b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I8b89645d0ae235a1ca48be49f98dabbef737d4df
 2022-03-03 01:59:27 +00:00
Jinting Lin
a7dc4f5973 Fix avc denied for slsi engineermode app am: 94d7f6cce6 am: b0cb6083a9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: Ia04f584defd026f8bf29b1cc8ad053b646452ee2
 2022-03-03 01:58:51 +00:00
Siddharth Kapoor
1869966388 Add libgpudataproducer as sphal am: 2d43200489 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I95227f77d2c276dc630f21ada38efdc34d58cdb2
 2022-03-03 01:26:48 +00:00
Siddharth Kapoor
dbefffd54b Add libgpudataproducer as sphal am: 2d43200489 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I92c4b3a7dee9578980ca4850e744921782ea16f8
 2022-03-03 01:24:36 +00:00
Jinting Lin
b0cb6083a9 Fix avc denied for slsi engineermode app am: 94d7f6cce6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: I300f01cc8f98c7b740f327ef655dfcd5648b13ca
 2022-03-03 01:24:31 +00:00
Jinting Lin
1714417845 Fix avc denied for slsi engineermode app am: 94d7f6cce6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: Ifa1e8c56273b69f8fbfcdb4be95fe3924e4df0aa
 2022-03-03 01:23:20 +00:00
Siddharth Kapoor
2d43200489 Add libgpudataproducer as sphal 
Bug: 222042714
Test: CtsGpuProfilingDataTestCases passes on User build

Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
Change-Id: I1997f3e66327486f15b1aa742aa8e82855b07e05
 2022-03-03 01:08:52 +00:00
Jinting Lin
94d7f6cce6 Fix avc denied for slsi engineermode app 
log:
avc: denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:platform_app:s0:c512,c768 pid=5111 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { call } for comm="si.engineermode" scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.samsung.slsi.engineermode
avc: denied { call } for comm="HwBinder:1016_1" scontext=u:r:rild:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=binder permissive=0
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:vendor_engineermode_app:s0:c225,c256,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.samsung.slsi.engineermode

Test: side load the trail build sepolicy, then check the app

Bug: 221482792
Change-Id: I84768ed128a2b8c57d6a3e0a0f0aa8c4d4b91857
 2022-03-03 01:01:08 +00:00
sukiliu
431f4747cc update error on ROM 8223177 am: b1c5fcff3d am: d0afc4ccf5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005595

Change-Id: I1796687e67345c2e3ae7d52849d36e02a511e611
 2022-03-02 07:11:09 +00:00
sukiliu
88653306ce update error on ROM 8223177 am: b1c5fcff3d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005595

Change-Id: I00cb31a95f1076bd185e71c09b85ca5cb563b367
 2022-03-02 06:50:04 +00:00
sukiliu
d0afc4ccf5 update error on ROM 8223177 am: b1c5fcff3d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005595

Change-Id: I43a4d7d92ba5bb868d0e9167afbb5af5dac852c9
 2022-03-02 06:49:10 +00:00
sukiliu
b1c5fcff3d update error on ROM 8223177 
Bug: 221384981
Bug: 221384939
Bug: 221384996
Bug: 221384768
Bug: 221384770
Bug: 221384860
Test: PtsSELinuxTestCases
Change-Id: I50916dca7548bce0e77d90a36ad8f9ba1ca7c711
 2022-03-02 06:30:05 +00:00
Roshan Pius
2fe3313727 gs-sepolicy: Fix legacy UWB stack sepolicy rules am: a1f0d2aa9a am: a492dff7cc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17045928

Change-Id: Ie9b49694ff62287867606d6e8f31f05c85501765
 2022-03-01 19:18:41 +00:00
Roshan Pius
8dd3e0b971 gs-sepolicy: Fix legacy UWB stack sepolicy rules am: a1f0d2aa9a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17045928

Change-Id: Ibf58b9ef905da9b1c8fd94beb2603f0ea7dc79b5
 2022-03-01 18:54:19 +00:00
Roshan Pius
a492dff7cc gs-sepolicy: Fix legacy UWB stack sepolicy rules am: a1f0d2aa9a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17045928

Change-Id: I4e5377239bc0ebddb388ae4de486e2e87ccea0d1
 2022-03-01 18:52:42 +00:00
Roshan Pius
a1f0d2aa9a gs-sepolicy: Fix legacy UWB stack sepolicy rules 
This rule was present on previous devices.

Denial logs:
02-24 09:22:08.214   427   427 E SELinux : avc:  denied  { find } for
pid=1479 uid=1000 name=uwb_vendor scontext=u:r:system_server:s0
tcontext=u:object_r:uwb_vendor_service:s0 tclass=service_manager permissive=0

Bug: 221292100
Test: Compiles
Change-Id: I6de4000a9cebf46a0d94032aade7b2d40b94ca16
 2022-03-01 18:25:00 +00:00
Tommy Chiu
024f58cc54 RKP: Add IRemotelyProvisionedComponent service am: b7790aa7a8 am: c94ef875af 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17034406

Change-Id: Iecf2ba97b2f4c99d2d52be40f36babe3ab773937
 2022-03-01 07:02:37 +00:00
Tommy Chiu
7845870ddd RKP: Add IRemotelyProvisionedComponent service am: b7790aa7a8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17034406

Change-Id: Ie8a7f246dbbc26d9e64a18a831326d3aee5ed1f9
 2022-03-01 06:42:23 +00:00
Tommy Chiu
c94ef875af RKP: Add IRemotelyProvisionedComponent service am: b7790aa7a8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17034406

Change-Id: I19740f1d8d82c0ff1227709aa639bd8c2b0938db
 2022-03-01 06:39:43 +00:00
Tommy Chiu
b7790aa7a8 RKP: Add IRemotelyProvisionedComponent service 
Bug: 212643050
Bug: 221503025
Change-Id: I7932ba96d0d7dd603d360cd7319997a7c108500a
 2022-03-01 06:10:23 +00:00
Badhri Jagan Sridharan
b9268781da [automerger skipped] android.hardware.usb.IUsb AIDL migration am: fc08341bd6 am: b68d5b153c -s ours 
am skip reason: Merged-In Ia8c24610244856490c8271433710afb57d3da157 with SHA-1 fc08341bd6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17009127

Change-Id: Id6b50ba2b3860238fa6adebad6dc974aa3b2352a
 2022-03-01 04:17:17 +00:00