Commit graph

741 commits

Author SHA1 Message Date
Android Build Coastguard Worker
b8ba2e1070 Snap for 9248884 from 9877742035 to tm-qpr2-release
Change-Id: Iaad7c79b1c875dd22902e8453d51079999477f93
2022-11-02 23:03:10 +00:00
Puma Hsu
9877742035 Add xhci-hcd-exynos.6 wakeup path for suspend_control
Bug: 255270480
Test: verified with forrest test build
Change-Id: I5e2eed4d5e20361d86f6d6be8c92ca337e4ee004
Signed-off-by: Puma Hsu <pumahsu@google.com>
2022-11-02 07:39:53 +00:00
Android Build Coastguard Worker
77ed34ebf8 Snap for 9243084 from 0810814b49 to tm-qpr2-release
Change-Id: I6e0ceb725582f6093bfe4e8ff45bb689d31f5bce
2022-11-01 23:03:06 +00:00
pointerkung
0810814b49 Add required sepolicy rule for Camera
Grant access for TNR max_freq to let libperfmgr can control it via powerhint.

Bug: 243729855
Test: Build pass, GCA, Control TNR max_freq via powerhint
Change-Id: I8f8faa360d9908afe3fe0de3c322a2be356b86c8
2022-11-01 11:33:43 +00:00
Jenny Ho
441a3ad3ef Add permission for logbuffer_bd
Bug: 242679204
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: Ie5c9829ee1a4980689c933273a273f1f4ac612b6
2022-11-01 05:34:18 +00:00
Android Build Coastguard Worker
364e6ee083 Snap for 9238644 from d1e0b924ae to tm-qpr2-release
Change-Id: I18181e54a18722277775e9f63f5a9b1ebcb7a74d
2022-10-31 23:07:02 +00:00
George Lee
d1e0b924ae betterbug: Update selinux policy for betterbug
Update startup_bugreport_requested property to vendor_public for
betterbug to access.

Bug: 237287659
Test: Load Betterbug for accessing startup bugreport reason property
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Idc07e3f4ce425c0167654743fbe1ad8b7ece5e15
2022-10-31 16:30:39 +00:00
Android Build Coastguard Worker
7f99fff69f Snap for 9232464 from ba0eb551e9 to tm-qpr2-release
Change-Id: Icd0ea86bd1742a4b0440e00d84cedbeacea7c86c
2022-10-29 01:03:07 +00:00
eddielan
ba0eb551e9 fingerprint: Allow fingerprint to access thermal hal
SELinux : avc:  denied  { find } for interface=android.hardware.thermal::IThermal
sid=u:r:hal_fingerprint_default:s0 pid=1064
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:hal_thermal_hwservice:s0
tclass=hwservice_manager permissive=0

Bug: 243115023
Test: make selinux_policy -j128
Test: Check avc log on device
Change-Id: Ida1b18536468df11be5bf44fb6fb79b03a35f4b9
2022-10-28 15:14:35 +00:00
Android Build Coastguard Worker
bd410762c6 Snap for 9211918 from 939d05cbf8 to tm-qpr2-release
Change-Id: Id8bf34bd3694009d4bee8178f497e774746cf878
2022-10-24 23:06:58 +00:00
Lucas Wei
939d05cbf8 SEPolicy: Don't audit search regmap by kernel
Bug: 247948906
Signed-off-by: Lucas Wei <lucaswei@google.com>
Change-Id: I8886b5c3790036a9fe2d1ed8f524a0555b900dbb
Merged-In: I8886b5c3790036a9fe2d1ed8f524a0555b900dbb
2022-10-24 09:07:14 +00:00
Android Build Coastguard Worker
e97d5ea281 Snap for 9200392 from 19419cbdb3 to tm-qpr2-release
Change-Id: I11eb7881fb251a81e9b54a48258ee10b1510e90a
2022-10-20 23:03:16 +00:00
Martin Liu
19419cbdb3 allow vendor_init to acces watermark_scale_factor
Bug: 251881967
Test: boot
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: I0840cf19f9c3120aaacc49de751fdd0a55aebf5f
2022-10-19 20:33:22 +00:00
Android Build Coastguard Worker
15023a4630 Snap for 9178587 from 5c48a90285 to tm-qpr2-release
Change-Id: I70b20b159a51269b65983265c961343d70600cbd
2022-10-15 01:03:25 +00:00
George Lee
5c48a90285 pixelstats: add bcl directory permission
Bug: 253522156
Test: Local test
$>cmd stats print-logs
$>logcat | grep <atom id>

Signed-off-by: George Lee <geolee@google.com>
Change-Id: I934f6efb043893666dac88257619556e30d82751
2022-10-14 15:57:59 +00:00
George Lee
39ffb227b3 betterbug: Add selinux policy for betterbug
Enable Betterbug to read reboot reason such that Betterbug can file
bugreport when *uvlo* or *ocp* is found within reboot reason.

Bug: 237287659
Test: Load Betterbug for accessing boot reason property
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Id699be34d2e060ee7827737982403fd58f133c4a
2022-10-13 23:44:06 +00:00
Android Build Coastguard Worker
f843c3f356 Snap for 9173498 from b72e47e1b0 to tm-qpr2-release
Change-Id: I0a6660e4e46c623f7073470a6608205aad608088
2022-10-13 23:03:30 +00:00
George Lee
083ba62902 bcl: Remove unused brownout boot reason sepolicy
vendor_brownout_boot_reason was added under previous change.  It should
be added as part of follow on change to enable metric collection.

Bug: 246817058
Test: Confirm brownout_boot_reason non existent
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I1fed12e851750314f53a0d6517a9eff92c44e247
2022-10-13 12:52:20 -07:00
George Lee
b72e47e1b0 bcl: Add brownout boot reason sepolicy
Lastmeal.txt may be generated from after device rebooted from IRQ
triggering.  By applying limit on the time when it generates,
lastmeal.txt will not be generated after device rebooted.

Bug: 246817058
Test: Confirm lastmeal.txt generation
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I02515fc452dbfa5c8a40041cbb8731664dace62e
2022-10-12 19:59:58 -07:00
Android Build Coastguard Worker
7b008d7600 Snap for 9158784 from 2260099ad3 to tm-qpr2-release
Change-Id: I502857d5aaad0c4e16310ec005ce0a7aebaf0062
2022-10-10 23:06:58 +00:00
George Lee
2260099ad3 bcl: Add mitigation ready device sepolicy
Instead of relying on vendor.thermal.link_ready property to gate write
to BCL's SYSFS node, adding mitigation ready SYSFS so that writes to
BCL's SYSFS node would not cause NULL pointer dereference.

Bug: 249130916
Test: Confirm property vendor.brownout.mitigation.ready is set
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I1b21a1c745e7e17f78e9d4c001032dd2c46673cf
2022-10-10 19:49:34 +00:00
Android Build Coastguard Worker
3974ce2694 Snap for 9133013 from bdf3d6abcc to tm-qpr2-release
Change-Id: I26b4cd4c1ececa5cee237123386a0c2b49a088d2
2022-10-03 23:06:42 +00:00
Vova Sharaienko
bdf3d6abcc hal_health_default: updated sepolicy
This allows the android.hardware.health service to access
AIDL Stats service

Bug: 237639591
Bug: 249827340
Test: Build, flash, boot & and logcat | grep "avc"
Change-Id: I71013c0b17ee5e526387efa0afb823f97775e572
(cherry picked from commit 87bc6d189d)
Merged-In: I71013c0b17ee5e526387efa0afb823f97775e572
2022-09-30 16:43:46 +00:00
Kyle Tso
c18eea71d7 Set sepolicy for shell script of disabling contaminant detection
(ported from Ib2e3cf498851c0c9e5e74aacc9bf391549c0ad1a)

Bug: 244658328
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: Idbfa55d4c7091ce2861600ff3881fcc7217ec662
Merged-In: Idbfa55d4c7091ce2861600ff3881fcc7217ec662
2022-09-29 13:33:28 +00:00
Sayanna Chandula
cbb62de10c thermal: enable pixelstats access to thermal metrics
Allow pixelstats daemon to access thermal metric nodes

Bug: 228247740
Test: Build and boot on device. Check thermal stats
Change-Id: Iada717b92782bc9c085928462b2e06d2db136cab
Signed-off-by: Sayanna Chandula <sayanna@google.com>
2022-09-23 19:48:41 +00:00
jintinglin
5acc68de3b Allows modem_svc to read the logging related properties
avc: denied { read } for comm="modem_svc_sit" name="u:object_r:vendor_logger_prop:s0" dev="tmpfs" ino=347 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_logger_prop:s0 tclass=file permissive=0

Bug: 243039758
Change-Id: Ib3031552faf03771f86e72e7dbd81c3610c518cc
2022-09-22 08:15:23 +00:00
Jinhee.k
37c32d672f sepolicy: allowed permissions required for network access
: add permission to allow create, connect udp socket
Apply to add network access permissions

Bug: 242231557
Test: Verified no IMS exception and avc denied
Change-Id: I4a4bd1efb22b5538b1679aad8f543d00203e0b48
Signed-off-by: Jinhee.k <jinhee.k@samsung.com>
2022-09-19 01:41:34 +00:00
Sherry Luo
9dd930e4c2 Add network permissions for debug camera
Noticed that Estrella upload failing w/
   java.lang.SecurityException: Permission denied (missing INTERNET
   permission?)

Followed investigation in b/230434151. Verified that upload working once
this change is flashed.

Test: Flash build w/ local change
Test: Take a picture and upload using Estrella
Test: Verify that the upload succeeded

BUG=245995782

Change-Id: I505af355f25e9063927c946ee8af21de25758ef1
2022-09-15 18:16:58 +00:00
Estefany Torres
6cb9f4e623 Add rules for letting logger app send the command to ril
08-31 23:40:57.354   458   458 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:logger_app:s0:c252,c256,c512,c768 pid=2901 scontext=u:r:logger_app:s0:c252,c256,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
09-01 00:08:19.600  2881  2881 W oid.pixellogger: type=1400 audit(0.0:10): avc: denied { call } for scontext=u:r:logger_app:s0:c252,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.android.pixellogger

Bug: 241412942
Test: tested on C10 with pixel logger change
Change-Id: I845eefc609be2b7fbc22c9b37d1eb2b3195e014f
2022-09-15 14:09:05 +00:00
Chungjui Fan
aa55cb6f2e Add sepolicy of dumping LED file in dumpstate
Bug: 242300919
Change-Id: I14b0af18244c4a71fd7908fdb35e2e86354e02e0
2022-09-14 02:59:20 +00:00
Jeffrey Carlyle
a658683689 dck: allow st54spi devivce to be accessed by recovery and fastbootd
This is needed so that Digital Car Keys can be cleared from the ST54
during a user data wipe.

Bug: 203234558
Test: data wipe in Android recovery mode on raven
Test: data wipe in Android recovery mode on c10
Test: data wipe in user mode fastbootd mode on raven
Test: data wipe in user mode fastbootd mode on c10
Signed-off-by: Jeffrey Carlyle <jcarlyle@google.com>
Change-Id: Icaa3d62aa6b3b88b8db6c1c11807907a06e51019
2022-09-08 21:58:52 +00:00
JJ Lee
4b3ae5b9bf sepolicy: add nodes for aoc memory votes stats
Bug: 223674292
Test: build pass, not blocking bugreport
Change-Id: Iae1c5dc42b3e6213d4399025cb91dc57822fd2cc
Signed-off-by: JJ Lee <leejj@google.com>
2022-09-08 04:45:32 +00:00
Jack Wu
c252f3ffa8 remove selinux avc error
Bug: 238398889
Test: no avc denied in TreeHugger verified
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Icf2a89462574e2f0eea29d0601e77728d67e6e0d
2022-09-07 11:57:09 +08:00
Robb Glasser
feba667c23 Give permissions to save usf stats and dump them in bugreports.
Creating a mechanism to save some USF stat history to device and pipe it
to bugreports. Granting permissions so that this can work.

Bug: 242320914
Test: Stats save and are visible in a bugreport.
Change-Id: Ie08fce80e79bd564ea58dab66ce8f0d9892d7020
2022-08-25 02:47:58 +00:00
Jinting Lin
b69195ebe9 Fix avc denied for vendor telephony debug app
avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 pid=8533 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { search } for name="com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=344 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=0
avc: denied { write } for name="property_service" dev="tmpfs" ino=379 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Test: manual test

Bug: 241976048
Change-Id: I5aa49a8e243d212180c7da6f65da9021164fca44
2022-08-24 01:54:34 +00:00
Roger Fang
74eb33d057 sepolicy: add permission for AMS rate of pixelstats-vend
pixelstats-vend: type=1400 audit(0.0:618): avc: denied { read } for name="ams_rate_read_once" dev="sysfs" ino=100493 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:619): avc: denied { open } for path="/sys/devices/platform/audiometrics/ams_rate_read_once" dev="sysfs" ino=100493 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:620): avc: denied { getattr } for path="/sys/devices/platform/audiometrics/ams_rate_read_once"

Bug: 239508478
Test: Manually test passed

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: I3e171b35ebdcf11b0da559361f382f1cf01b0f2f
2022-08-23 19:56:37 +00:00
Weizhung Ding
4e46081859 Add coredomain for hbmsvmanager
Sync the coredomain from gs101

Bug: 239902607
Test: without denied log
Change-Id: I220ce6b2f67877637189fcfcc0f6b328c8be6eae
2022-08-23 01:39:53 +00:00
Wei Wang
d28c59ec92 Label GPU dvfs period setting am: b5fcd3b4db
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19564662

Change-Id: I616aa04aa91a262e00dd0d611d486edccf463a29
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-10 23:03:28 +00:00
Wei Wang
b5fcd3b4db Label GPU dvfs period setting
Bug: 239887528
Test: Build
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I35766555f13f586e37d03843dae153d02f189976
2022-08-09 23:52:57 +00:00
Konstantin Vyshetsky
27f55d7da7 convert_to_ext4.sh: suppress test error
Add exclusion to fix issue with SELinuxUncheckedDenialBootTest

Bug: 241072524
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: Id9088f728c34d3c764e1aef66a5e1a126f6243e9
2022-08-09 05:27:21 +00:00
TeYuan Wang
5ef0888e04 sepolicy: fix odpm avc denials
Fix permissions for ODPM by adding additional bus path

Bug: 240380970
Test: Build
Change-Id: I7bf02ce016f2cdbf4b45f1a797896a00fb8aa454
2022-08-09 03:08:54 +00:00
Adam Shih
2e4daadb2e Update error on ROM 8892407
Bug: 241714943
Bug: 241714944
Bug: 240297563
Test: SELinuxUncheckedDenialBootTest
Change-Id: I0aab196ab21ec411540b7a033578a1670e83187a
Merged-In: I38e6cc9da23c72aed05e79346a3a6c8188fc8556
2022-08-08 07:08:17 +00:00
Bruce Po
d4e0af0105 Allow aocd to access acd-offload nodes
For 3-ch hotword feature, aocd daemon will access two new file nodes
(b/235648212), which will be used for transmitting audio to/from AOC.

BUG: 240744178
Change-Id: I67b6d6b539f1e436eacfd80d0e1299e1d63b4a1d
2022-08-03 00:12:15 +00:00
Konstantin Vyshetsky
906b9d1aab convert_to_ext4.sh: modify sepolicy am: c44f96b66a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19492175

Change-Id: I8c2bb52cd2c273dc224432f9e84008b0d79cdadc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-02 03:19:20 +00:00
Konstantin Vyshetsky
c44f96b66a convert_to_ext4.sh: modify sepolicy
Combine individual rules under persist into vendor_persist_type.

Bug: 239632964
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I4f90a3b30f9d0dd8b8386ef57728fa098a630081
2022-08-01 18:51:42 -07:00
Konstantin Vyshetsky
a8e3ff791c convert_to_ext4.sh: add sepolicy am: 07af2808d5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19391424

Change-Id: Id303addc42a444642f827605404dca79044efd37
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-01 18:17:27 +00:00
Konstantin Vyshetsky
07af2808d5 convert_to_ext4.sh: add sepolicy
Add entries for convert_to_ext4.sh executable.

Bug: 239632964
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I0d89aa88dab0ae5a4cf3d7b2e4423d1761868bea
2022-08-01 18:00:49 +00:00
lucaslin
2bfca77c08 Add sepolicy for dumpstate to zip tcpdump into bugreport am: 81616f3ad0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19466304

Change-Id: I8b70cb968c26cc1b5705c308e29a0c4e0bf53e0a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-01 12:46:23 +00:00
lucaslin
81616f3ad0 Add sepolicy for dumpstate to zip tcpdump into bugreport
Bug: 239634976
Test: 1. Enable tcpdump_logger always-on function
      2. Dump bugreport
      3. Pull dumpstate_board.bin and chagne it to zip
      4. Unzip dumpstate_board.zip and check if tcpdump files
         are there.
Change-Id: I01b9b25a6236bcfa1ce2b89afb3ed1bc2ef49cae
Merged-In: I01b9b25a6236bcfa1ce2b89afb3ed1bc2ef49cae
(cherry picked from commit ee1b7d6bb4)
2022-08-01 03:00:17 +00:00
Adam Shih
813e69784d sync bug_map with downstream am: b34d1c1ed0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19349280

Change-Id: I11105def02ffc78d663ebfdf9548cf111429120b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-25 21:31:56 +00:00