Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
146 commits 1 branch 0 tags 63 MiB
Commit graph

146 commits

This branch
This branch
All branches
Author SHA1 Message Date
Adam Shih
c0d04c41b3 fix citadeld service access 
Bug: 204718569
Test: boot with no relevant error
Change-Id: Iba8c01f34c4453c8001e56b25089b467c4de79ea
 2021-11-01 10:45:13 +08:00
Adam Shih
8550b06ea4 update error on ROM 7870491 
Bug: 204718569
Bug: 204718762
Bug: 204718449
Bug: 204718220
Bug: 204718450
Bug: 204718757
Bug: 204718809
Bug: 204718221
Bug: 204718782
Bug: 204718864
Bug: 204718865
Bug: 204717520
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ic0b136fe876bcf67a94d7c35927c6bd0c6506005
 2021-11-01 10:39:07 +08:00
Rex Lin
d6f5c71db9 Uwb: Create a new Uwb system service 
inherit from gs101-sepolicy

Signed-off-by: Rex Lin <rexcylin@google.com>

Bug: 201232020

Test: ranging works
Change-Id: I0567e6bda78a94c12da3401444faffb36586f331
 2021-10-29 12:43:07 +08:00
Adam Shih
de48018a88 remove errors that were filed on the wrong ROM ID 
Bug: 202906903
Bug: 202906772
Bug: 202907037
Test: boot with those errors appear again
Change-Id: I5bc173c18b0d2a94ac2146e1c6e405c542e0c9ba
 2021-10-29 11:10:43 +08:00
Adam Shih
8cc3f28ac1 fix wlc_hwservice access 
10-29 10:38:01.270   440   440 E SELinux : avc:  denied  { find } for pid=1594 uid=10210 name=com.google.input.ITouchContextService/default scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:touch_service:s0 tclass=service_manager permissive=1
10-29 10:38:01.277   440   440 E SELinux : avc:  denied  { find } for pid=1594 uid=10210 name=com.google.hardware.pixel.display.IDisplay/default scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_pixel_display_service:s0 tclass=service_manager permissive=1
Bug: 202906787
Test: boot with no relevant error

Change-Id: I47ea0f1dfe6f3f7b024d4512e0ccd94bc0da93a1
 2021-10-29 10:57:39 +08:00
Adam Shih
73845f7fcd fix rlsservice service access 
Bug: 202906997
Test: boot with no relevant error
Change-Id: I964d11956b5f78c410aec230289abc1f6a045023
 2021-10-29 10:21:00 +08:00
Adam Shih
c9392bd414 fix vendor_ims_app service access 
Bug: 202906888
Test: boot with no relevant error
Change-Id: I25e967bed593b017f11b647c23cfd148738227e0
 2021-10-29 10:19:38 +08:00
Adam Shih
d73b97b740 fix vendor_rcs_app service access 
Bug: 202907058
Test: boot with no relevant error
Change-Id: Ie435cdadc54cb59b09dadba890a9d1cbdb94b458
 2021-10-29 10:17:57 +08:00
Adam Shih
ee3287231f fix hal_usb_impl service access 
Bug: 202906786
Test: boot with no relevant error
Change-Id: I99178488a97aa2d0b3d7e4775c88b00321084d63
 2021-10-29 10:12:28 +08:00
Max Kogan
68217c1ae6 sepolicy: gs201: allow dumpstate access AoC stats 
Merge changes from gs101

Bug: 203827311
Change-Id: I3028e8d2c162dde74b747cbfe6458cc37a9ad759
 2021-10-28 05:14:06 +00:00
Adam Shih
23b637e260 fix mediacodec_samsung service access 
Bug: 202906949
Test: boot with no relevant errors
Change-Id: I015c58f1b223978cb0e61377f5fc6930477c9a53
 2021-10-27 13:24:52 +08:00
Adam Shih
e171a156e2 fix mediacodec_google service access 
Bug: 202906901
Test: boot with no relevant errors
Change-Id: I8ba645de225af4a25c52cc14eb05eb60a64ea202
 2021-10-27 13:24:46 +08:00
Adam Shih
5e572d5c72 fix hal_camera_default service access 
10-25 11:52:35.916   437   437 E SELinux : avc:  denied  { find } for pid=711 uid=1000 name=android.frameworks.stats.IStats/default scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
Bug: 202906784
Test: boot with no hal_camera_default errors

Change-Id: I0e21cc11808b973c859ddc2ddebc0db81f999d9f
 2021-10-27 13:24:34 +08:00
Adam Shih
abf31d56d6 fix secure element service access 
Bug: 202902683
Test: boot with no secure element errors
Change-Id: I84ee827d356e6a99af192cce9178fb4f408de5ec
 2021-10-25 11:37:10 +08:00
Adam Shih
0ae5acc904 fix graphics_composer services denials 
10-25 11:28:32.230   438   438 E SELinux : avc:  denied  { add } for pid=500 uid=1000 name=com.google.hardware.pixel.display.IDisplay/default scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:hal_pixel_display_service:s0 tclass=service_manager permissive=1
10-25 11:28:33.787   438   438 E SELinux : avc:  denied  { find } for pid=500 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=1
Bug: 202906947
Test: boot with no graphics_composer errors

Change-Id: I4174cbcacb7149427814ca67703799ab02b992e4
 2021-10-25 11:31:39 +08:00
Adam Shih
be8aedd6ac fix hal_fingerprint_default denails 
10-25 11:19:03.649   430   430 E SELinux : avc:  denied  { find } for pid=958 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=1
10-25 11:19:04.509   430   430 E SELinux : avc:  denied  { find } for pid=958 uid=1000 name=android.frameworks.stats.IStats/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
Bug: 202906981
Test: boot with no fingerprint errors

Change-Id: I95dcda0698c7fcec1e4874b95b598bc987e83e58
 2021-10-25 11:24:26 +08:00
Adam Shih
9cb1f625ba fix hal_weaver_citadel denials 
Bug: 202907040
Test: boot with nno relevant errors
Change-Id: Ieb7a57518b433cc6cd2849afb58c8616b409db13
 2021-10-25 11:09:06 +08:00
Jasmine Cha
6dea3e0842 audio: add permission to request health/sensor data 
- Add audio hal into hal_health clients
- allow audio hal to find fwk_sensor_hwservice

SELinux : avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1
SELinux : avc:  denied  { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1
audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1
audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1


Bug: 199382564
Bug: 199801586
Test: build pass

Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I6c8d9cd73953b20905857368d740fd91e92c6928
 2021-10-20 04:12:48 +00:00
Adam Shih
fc1ec67aa4 fix init_citadel service access 
Bug: 202906904
Test: boot to home with no relevant error
Change-Id: I6729ced49cbbecbc33234e311fb81652a065fe39
 2021-10-20 10:41:56 +08:00
Adam Shih
ecc3a24449 fix identity service access 
10-20 10:32:58.701   438   438 E SELinux : avc:  denied  { find } for pid=742 uid=9999 name=android.hardware.citadel.ICitadeld scontext=u:r:hal_identity_citadel:s0 tcontext=u:object_r:citadeld_service:s0 tclass=service_manager permissive=1
Bug: 202906902
Test: boot to home with no relevant error

Change-Id: Ia6e09343843f9a5c96e06998ba5c50fb64948d7f
 2021-10-20 10:35:18 +08:00
Adam Shih
4c20c40f50 Fix hal_keymint_citadel service access 
10-20 10:24:31.155   432   432 E SELinux : avc:  denied  { find } for pid=481 uid=1064 name=android.hardware.citadel.ICitadeld scontext=u:r:hal_keymint_citadel:s0 tcontext=u:object_r:citadeld_service:s0 tclass=service_manager permissive=1
Bug: 202907039
Test: boot to home with no keymint errors

Change-Id: I7935fe52a9774f8fca67336be9c9d47fe2675756
 2021-10-20 10:26:18 +08:00
Adam Shih
e9d02e08f5 fix widevine drm access 
Bug: 202906980
Test: boot with no relevant logs

Change-Id: Idc37f7e1441d9fae1f570bc53ff67a7a48656ed3
 2021-10-20 10:06:10 +08:00
Adam Shih
56bef214d3 fix citadeld's service access 
Bug: 202906931
Test: boot with no relevant logs
Change-Id: Ic65c6f218f69a1afa14fcd1b6eb0feacf48ea54f
 2021-10-20 09:54:52 +08:00
Adam Shih
a39f2e902e remove unlabeled dontaudits 
The log shows up when we remount the phone, causing modem images going
back to default file contexts: "unlabeled"
Bug: 202906831
Test: Boot to home with no relevant log

Change-Id: I69baced268782d9b38c1a56c62b3c63ae55733e4
 2021-10-20 09:46:02 +08:00
Adam Shih
a5f61547cf remove legacy folder 
Bug: 196916111
Test: boot to home
Change-Id: I33e4cf4a339092a31c951098e982c0bd38e53852
 2021-10-20 09:33:29 +08:00
Adam Shih
862eca1510 remove redundant bluetooth sepolicy 
Bug: 202790744
Test: boot with bluetooth hal started

Change-Id: Ie78cb9caeabd6b202ff99f9896fe0ae6e57cabfe
 2021-10-18 12:02:08 +08:00
Adam Shih
e0107f4952 remove legacy sepolicy to have a clean start 
Bug: 196916111
Test: build pass and boot to home
Change-Id: Idb220db3c1f8b35a9dfac15caf6114fa2e6737fe
 2021-10-18 12:01:54 +08:00
Adam Shih
90068020c3 review property settings 
Bug: 203025336
Test: build pass
Change-Id: I48bc1b0a5ffc4631fec04750c9b58bed8f15d39d
 2021-10-18 12:01:42 +08:00
Adam Shih
503d402cb2 review the rest of file declaration 
Bug: 203025336
Test: build pass
Change-Id: I330a8dd46bdf6b731d4f7f61544e1d1f1e59876c
 2021-10-18 12:01:13 +08:00
Adam Shih
37e4973df6 review file declaration 
Bug: 203025336
Test: build pass
Change-Id: I8cfec54ac035f41ccafc58f1ec0b125613e0742b
 2021-10-18 10:31:31 +08:00
Adam Shih
11c3b49e36 review file_contexts 
Bug: 203025336
Test: check if every path exists
Change-Id: I156c4953a50d888e54249038b45992d134b4aaca
 2021-10-18 00:46:45 +00:00
Adam Shih
e5b1c96b00 review genfs_contexts besides bluetooth 
Bug: 203025336
Test: check each path's existence
Change-Id: I0b45434f544fb243bd2810ea7abdb896056aed0e
 2021-10-15 03:45:59 +00:00
Adam Shih
37a0cb7547 review sys file nodes 
Bug: 203025336
Test: check if the paths exist
Change-Id: I5141545211e19d3c18b2c3bb315c10d33d5e3774
 2021-10-15 03:45:59 +00:00
Adam Shih
cf06f9ccbf review proc, tracefs, and system_suspend nodes 
Bug: 203025336
Test: check if each file path exists
Change-Id: I980742978599c162a6c0d09fa2a3a07d97434981
 2021-10-15 03:45:59 +00:00
Bart Van Assche
c6a7058dc3 Stop using the bdev_type SELinux attribute 
The bdev_type is being removed from all SELinux policy files. Hence this
patch.

Bug: 202520796
Test: Treehugger
Change-Id: I475ff63b3f77f1bfe49519b76bb31b90c3216105
Signed-off-by: Bart Van Assche <bvanassche@google.com>
 2021-10-15 01:52:10 +00:00
Adam Shih
0b4e85afe7 review debugfs 
Bug: 203025336
Test: Boot to home with those files labeled
Change-Id: Ibe758555512417953eb9726bdba05c4ac2ff2ccf
 2021-10-14 13:57:18 +08:00
Adam Shih
0b42f3ba82 review file_contexts 
Bug: 203025336
Test: boot to home and check if the files are there
Change-Id: I2b748b18cca389d7fdd8b1b472dcb1605e0ddaaa
 2021-10-14 13:34:33 +08:00
Adam Shih
0a570d1bc1 review hw service settings 
Bug: 196916111
Test: boot to home
Change-Id: I63bc13119cee3564fd577b12aba9042f484ec18f
 2021-10-14 04:01:42 +00:00
Adam Shih
bfd5097be2 dispatch service related error 
Bug: 202906787
Test: pts-tradefed run pts -m PtsSELinuxTest

Change-Id: Ifbdf1de156994572b8fedfd18180d3821ef1594c
 2021-10-14 10:50:12 +08:00
Jaegeuk Kim
bf900e2ae5 allow to convert /efs to f2fs 
Bug: 201348703
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: If69f1443a0ee4d46a468a33524e8a51f774b2d28
 2021-10-14 02:17:56 +00:00
Konstantin Vyshetsky
54b0addb16 convert_to_f2fs.sh: add sepolicy 
Add entries for convert_to_f2fs.sh executable.

Bug: 202511062
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I76ca5e169efec06f7a856e3938f50cfee5e6a7f3
 2021-10-14 02:17:56 +00:00
Adam Shih
dfbc96da03 remove redundant exo sepolicy 
All exo sepolicy live in gs101
Bug: 196916111
Test: build pass

Change-Id: I5c9a8af806c62ee74b4f2ab23bd60cd9706b2dae
 2021-10-14 02:14:56 +00:00
Adam Shih
4d8c9e5940 review legacy contexts and keys 
Bug: 196916111
Test: build pass and boot to home
Change-Id: I1b709cf6617668418150f269359eaa28421c1d43
 2021-10-14 10:09:05 +08:00
Adam Shih
5b51181f96 review grilservice_app 
Bug: 198532074
Test: boot with gril app started
Change-Id: I9e21bee23ad2cbb7e6d0e7363780ba0fbf5adb3b
 2021-10-14 10:08:56 +08:00
Shiyong Li
cc27fae6e5 allow hwc to access displaycolor service 
Fix the following violations:
SELinux : avc:  denied  { add } for pid=487 uid=1000 name=displaycolor
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:vendor_displaycolor_service:s0 tclass=service_manager
permissive=1
SELinux : avc:  denied  { find } for pid=487 uid=1000 name=displaycolor
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:vendor_displaycolor_service:s0 tclass=service_manager
permissive=1

Bug: 199467938
Test: check avc denials while hwc loads calibration file
Signed-off-by: Shiyong Li <shiyongli@google.com>
Change-Id: I43865b0a0fc406dc1955b58a80295c556d650797
 2021-10-13 17:21:58 +00:00
Adam Shih
1aaa9d5be9 review hardware_info_app 
Bug: 196916111
Test: boot with app correctly labeled
Change-Id: I31335fff6356edeedc10ebd2e55b8ed62e39ee02
 2021-10-08 11:39:38 +08:00
Adam Shih
9e0b7599b4 review logger_app 
Bug: 196916111
Test: boot to home
Change-Id: I882d0c302a44eb6c3467ced6fefa4437469d4c44
 2021-10-08 11:33:40 +08:00
Adam Shih
37ca0bdfa4 review pixelstats_vendor 
Bug: 202462997
Test: boot with pixelstats_vendor started
Change-Id: I1cd14413ea05362f3760e61b2d0d7b1db164a31c
 2021-10-08 10:56:54 +08:00
Adam Shih
a787a30f8d review trusty domains 
Bug: 198723116
Test: boot to home with trusty domains started
Change-Id: If5c6c0a75b6ad0eb032f637fd51ab2e4cea1e389
 2021-10-08 10:48:04 +08:00
Adam Shih
34693feadc review mediacodec 
Bug: 196916111
Test: boot with google and samsung mediacodec running
Change-Id: I7aaee5def774c8b7c19699f4da9b0b51f4869be9
 2021-10-06 00:47:41 +00:00