Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
581 commits 1 branch 0 tags 63 MiB
Commit graph

581 commits

This branch
This branch
All branches
Author SHA1 Message Date
chungkai
4fa67857c3 sched: move sysfs to procfs 
Modify name from sysfs_vendor_sched to proc_vendor_sched

Test: without avc denial
Bug: 216207007
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I96dc6eb76dd533ff6fd54c27be7e4bc32bf5dbc7
 2022-03-24 17:44:37 +00:00
Holmes Chou
e0b06b9cbd camera: use codename for camera modules 
use codename for camera modules
Bug: 209866857
Test: GCA, adb logcat

Change-Id: I55f6998d18a904c83ecdf328d1b0e5ca6a01427f
 2022-03-24 13:11:16 +00:00
Ted Lin
0adad90ab6 hal_health_default: Fix avc denials 
12-02 11:15:45.224   756   756 I health@2.1-serv: type=1400 audit(0.0:2270): avc: denied { search } for name="thermal" dev="tmpfs" ino=1028 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=1
12-02 11:15:45.224   756   756 I health@2.1-serv: type=1400 audit(0.0:2271): avc: denied { search } for name="thermal" dev="sysfs" ino=16790 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=1
12-02 11:15:45.224   756   756 I health@2.1-serv: type=1400 audit(0.0:2273): avc: denied { open } for path="/sys/devices/virtual/thermal/thermal_zone13/mode" dev="sysfs" ino=17285 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=1
12-02 11:15:45.224   756   756 I health@2.1-serv: type=1400 audit(0.0:2272): avc: denied { write } for name="mode" dev="sysfs" ino=17285 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=1

Bug:208721638
Test: adb bugreport
Change-Id: I4d9491862ff1bcc88f89b1478497ac569e3d1df1
Signed-off-by: Ted Lin <tedlin@google.com>
(cherry picked from commit 5b6a5292c3)
 2022-03-24 05:26:09 +00:00
Adam Shih
de2696eb72 enforce debugfs constraint on userdebug build 
Bug: 225815474
Test: build pass
Change-Id: If9e32d4b67c342b56eea39701518a520a62df199
 2022-03-24 01:05:18 +00:00
Yabin Cui
02c1ef8b85 Add SOC specific ETM sysfs paths 
Bug: 225403280
Test: run profcollectd on c10
Change-Id: I10c8d250cf88b371ee573561d6678fc24f4e440c
Merged-In: I10c8d250cf88b371ee573561d6678fc24f4e440c
 2022-03-23 19:45:48 +00:00
George Lee
17981f9fc0 health: Grant sysfs_thermal access to health 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 226009696
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I8d112cb12f3aeb1c8d5433ca69415d0413f070a2
Merged-In: I4d9491862ff1bcc88f89b1478497ac569e3d1df1
 2022-03-23 05:30:33 +00:00
SalmaxChang
ae6f085676 modem_svc_sit: fix avc error 
avc: denied { write } for comm="modem_svc_sit" name="modem_stat" dev="dm-46" ino=333 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 225149029
Change-Id: Id1045d9488a200b6c64abbe02cf5e65926ba0203
 2022-03-23 05:13:29 +00:00
SalmaxChang
6dd3de7813 vendor_init: fix avc error 
avc: denied { getattr } for comm="init" name="/" dev="sda19" ino=2 scontext=u:r:vendor_init:s0 tcontext=u:object_r:modem_img_file:s0 tclass=filesystem permissive=0

Bug: 225151104
Change-Id: I508aa6b85039edc4b5a8746aaa602f1131768630
 2022-03-22 07:57:59 +00:00
Kris Chen
997b8974ef Allow hal_fingerprint_default to access fwk_sensor_hwservice 
Fix the following avc denial:
avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_fingerprint_default:s0 pid=1258 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 197789721
Test: build and test fingerprint on device.
Change-Id: I7494f28e69e5a1b660dc7fbaa528b1088048723b
(cherry picked from commit 9b54bf3665abce7a6f5f5df22069a8ef081ad80e)
 2022-03-22 03:39:35 +00:00
Peter Csaszar
466adbb2da pixel-selinux: Port PRO SJTAG policies to tm-dev 
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface for WHI-PRO-based devices, now migrated to the
tm-dev branch. The files are in the following directories:

  /sys/devices/platform/sjtag_ap/interface/
  /sys/devices/platform/sjtag_gsa/interface/

Bug: 207571417
Bug: 224022297
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Merged-in: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
Change-Id: I56da5763c31ab098859cbc633660897646fe7f3e
 2022-03-22 03:17:40 +00:00
Roshan Pius
046601d414 gs-policy: Remove obsolete uwb vendor service rules 
This service no longer exists in the UCI stack.

Bug: 186585880
Test: Manual UWB tests
Change-Id: I279824be6f51470364ad61833b797aa23cbea859
 2022-03-21 09:18:28 -07:00
Sam Dubey
b92095e322 Temporarily don't audit init for modem_img_file 
Change-Id: I2c9c788119b20b8a37e71a971997f16a7fe6165b
Fix: 225279974
 2022-03-21 04:42:13 +00:00
yixuanjiang
9206ceb227 audio: sync aocdump setting from gs101 
Bug: 225309469
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: Ia9be16c74de666c945d76ca514423b030c0f90d0
 2022-03-21 02:08:55 +00:00
Mason Wang
296823785d vendor_init: Fix touch avc denial of high_sensitivity.[DO NOT MERGE] 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-17 10:01:37 +00:00
George Lee
2cc598cc9b health: Add sysfs_thermal access 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 223928339
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I6077e841d179b6cda50d578e584dd249ce970db0
 2022-03-17 04:55:59 +00:00
Adam Shih
bedd866505 reject mnt_vendor_file access in user ROM 
Bug: 224429437
Test: android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I318f11866f7b9c6cc0b7ecf151f789f35ab290cd
 2022-03-16 14:08:09 +08:00
Denny cy Lee
38c2803c54 Sepolicy: add pixelstats/HardwareInfo sepolicy 
avc denials to fix (after apply ag/17120763)
[   50.171564] type=1400 audit(1647222380.884:28): avc: denied { read } for comm="pixelstats-vend" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
[   54.519375] type=1400 audit(1647222385.228:29): avc: denied { read } for comm="id.hardwareinfo" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 app=com.google.android.hardwareinfo

Bug: 222019890
Test: manually check debug logcat
Change-Id: I0e4f3f3a66783383b0d1327cec4dcd145ae9a7af
 2022-03-15 03:09:18 +00:00
Darren Hsu
6d25430600 sepolicy: reorder genfs labels for system suspend 
Bug: 223683748
Test: check bugreport without relevant avc denials
Change-Id: I295d3dfb96cc87e8faaf16f949918445cc3a0d44
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-15 02:52:48 +00:00
Roshan Pius
c5710ad18e gs-sepolicy(uwb): Changes for new UCI stack 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Bug: 204718220
Bug: 206045367
Test: Manual Tests
Change-Id: Ib0456617d0f5cf116d11a9412f47f36e2b8df570
 2022-03-14 16:09:02 +00:00
Roshan Pius
5ddc8be4f4 gs-sepolicy(uwb): Allow uwb hal permission to net_admin 
This was alloed under gs101-sepolicy. There is an ongoing discussion on
how to resolve this for the long term in b/190461440. But, without this
uwb functionality is broken on new devices.

Bug: 206045367
Bug: 222194886
Change-Id: I6729352f2b7bb93b01990a790e62aa69f60342fe
 2022-03-14 16:09:02 +00:00
Tim Lin
e42c7120dd ril: dump radio hal from user build. 
To get radio hal debug info on user build as we do on previous Pixels.

Bug: 221391981
Test: Trigger bugreport on USERDEBUG with dumpstate.unroot set
to true and check IRadio log

Change-Id: I354d5770272b518761db4aab8da726de97e472bb
 2022-03-14 10:49:07 +00:00
Chungjui Fan
e02f501377 sepolicy: allow fastbootd to access gsc device node 
audit: type=1400 audit(1646614793.912:8): avc:  denied  { getattr }
for pid=347 comm="fastbootd" path="/dev/gsc0" dev="tmpfs" ino=469
scontext=u:r:fastbootd:s0 tcontext=u:object_r:citadel_device:s0
tclass=chr_file permissive=0

Bug: 221410358
Test: fastboot -w in fastbootd mode
Change-Id: I5680515865c2656ffa91dfe593459aab1ade81cb
Signed-off-by: Chungjui Fan <chungjuifan@google.com>
 2022-03-14 04:47:31 +00:00
Ramji Jiyani
cec1d2a769 dumpstate: Remove do not audit for /system_dlkm 
FixedBy: http://aosp/2022375
Bug: 223332748
Test: atest SELinuxHostTest#testNoBugreportDenials
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I46e427cccec27118fad4440dc6822196d26f4a1b
 2022-03-13 18:32:07 -07:00
Taeju Park
dc99069f1e Allow accessing power_policy sysfs node for GPU 
Bug: 223440487
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: Iae2e4a0dc8d474d04200e79b4b4014010eedb147
 2022-03-10 10:03:59 +00:00
Darren Hsu
ab8e1fdc58 sepolicy: label wakeup source for usbc port 
Bug: 223475365
Test: run vts -m SuspendSepolicyTests
Change-Id: I2116c5f4fd19c5995f1612d593532cc7e065a560
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-10 11:29:15 +08:00
Adam Shih
e989d0087a Remove obsolete sepolicy 
Bug: 207300335
Test: do bugreport without relevant error log showing up
Change-Id: I38e4544c59c49543e746775ec686874ee8ae2473
 2022-03-09 08:14:24 +00:00
Darren Hsu
284b775f21 sepolicy: fix VTS failure for SuspendSepolicyTests 
Label the common parent wakeup path instead of each
individual wakeup source to avoid bloating the genfs
contexts.

Bug: 221174227
Test: run vts -m SuspendSepolicyTests
Change-Id: I38e3a349af04f83e63735ea7ca010cf634c2f1ab
 2022-03-09 05:29:09 +00:00
SalmaxChang
1f72ffdec6 incident: Fix avc errors 
avc: denied { use } for comm="incident" dev="dm-47" ino=10911 scontext=u:r:incident:s0 tcontext=u:r:logger_app:s0:c239,c256,c512,c768 tclass=fd
avc: denied { append } for dev="dm-7" ino=12639 scontext=u:r:incident:s0 tcontext=u:object_r:media_rw_data_file:s0:c30,c257,c512,c768 tclass=file

Bug: 222209243
Change-Id: I9e622e2af1a036eab818cd2b66c07b137fe9cc99
 2022-03-09 04:55:08 +00:00
sukiliu
b82a5ab98b Update avc error on ROM 8268341 
Bug: 223332748
Bug: 208721808
Test: PtsSELinuxTestCases
Change-Id: Ie3c6fdb9c8f29cac41db2750e71d3163132d4951
 2022-03-09 04:25:38 +00:00
Michael Eastwood
07bf62c387 Update SELinux policy to allow camera HAL to send Perfetto trace packets 
Example denials:

03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr
aced:s0 tclass=fd permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext
=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:
object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1

Bug: 222684359
Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto.
Change-Id: I443e84c5bcc701c1c983db19280719655ff02080
 2022-03-09 01:29:20 +00:00
SalmaxChang
db1196932e dumpstate: Grant to access media_rw_data_file 
avc: denied { append } for comm="binder:1426_9" dev="dm-43" ino=15392 scontext=u:r:dumpstate:s0 tcontext=u:object_r:media_rw_data_file:s0:c232,c256,c512,c768 tclass=file permissive=0

Bug: 222209243
Change-Id: I38efe11117c15f99ad1bce54cafbd0f3b038eff2
 2022-03-08 04:57:26 +00:00
Adam Shih
47b4ca882d init: change overlayfs_file rule to dontaudit 
Workaround for modem_img being unlabeled after disable-verity.

Bug: 193113005
Bug: 221384981
Test: remount with no avc error
Change-Id: Ie2479470c095f4ee2a9508714565b1088a8d7dce
 2022-03-07 21:39:11 +00:00
Ruofei Ma
67e8f968b2 Allow mediacodec_google to access secure dma heap 
The change is for following error:
HwBinder:867_1: type=1400 audit(0.0:9): avc: denied { read } for
name="vframe-secure" dev="tmpfs" ino=425 scontext=u:r:mediacodec_google:s0
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0
tclass=chr_file permissive=0

Bug:221500257

Change-Id: I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009
(cherry picked from commit e239561061)
Merged-In: I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009
 2022-03-07 19:13:35 +00:00
Ray Chi
455c3c1653 Allow hal_usb_gadget_impl to access proc_irq 
Bug: 220996010
Test: build pass
Change-Id: Id9a9adbdc921629b6e89d0850dd8acaf76b1a891
 2022-03-07 11:18:28 +08:00
Tommy Chiu
94995cd0d3 sepolicy: add permissions to let recovery wipe citadel 
This gives recovery the ability to remove user data from citadel in the
same manner as issuing a `fastboot -w` does.  This doesn't allow for
resetting FRP data, just user data.

audit: type=1400 audit(1646379959.016:9): avc:  denied  { getattr } for
  pid=348 comm="recovery" path="/dev/gsc0" dev="tmpfs" ino=754
  scontext=u:r:recovery:s0 tcontext=u:object_r:citadel_device:s0
  tclass=chr_file permissive=0

Bug: 222005928
Change-Id: Ia6113999aecacbbbb31d7a8659a45c0e5a0db2c9
 2022-03-07 00:24:55 +00:00
Tri Vo
9fe6aa97af Don't audit storageproxyd unlabeled access 
Test: m sepolicy
Bug: 197502330
Change-Id: Ibe7292dc659dd454d3c842f6c48d2d90bc77117d
 2022-03-04 17:45:38 +00:00
Adam Shih
9ba4c9120d remove obsolete code after SELinux is enforced 
Bug: 207720645
Bug: 208527900
Bug: 208721673
Bug: 205072922
Test: boot with no relevant errors
Change-Id: I68931cc24c55beea52c246a06f268ea2be7d1ecf
 2022-03-04 08:47:59 +00:00
Midas Chien
bef935f43d Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Change-Id: I5e6c5036a946417c782f1389f4423cce69c4df77
 2022-03-04 06:55:04 +00:00
millerliang
801b87fe71 Fix AAudio avc denied 
I auditd  : type=1400 audit(0.0:35): avc:
denied { map } for comm="binder:896_4" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=1138 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0

E SELinux : avc:  denied  { find } for pid=887 uid=1041 name=audio
scontext=u:r:audioserver:s0 tcontext=u:object_r:audio_service:s0
tclass=service_manager permissive=0

Bug: 222191260
Test: Flash TH ROM and test it by the following command
Test: test_steal_exclusive -c0

Signed-off-by: millerliang <millerliang@google.com>
Change-Id: I8ea6741f3682b568de089d040d511b68938374ab
 2022-03-04 06:14:55 +00:00
Adam Shih
1616b97465 grant bugreport access to camera debug system property 
Bug: 221384770
Test: do bugreport without seeing relevant error
Change-Id: Ie27ac5f2c6e13ec31ccec2adb11762dacab1fbdf
 2022-03-04 05:58:20 +00:00
Jack Yu
450f61d51b Allow platform_app to access Nfc service 
Fix selinux denial below.
avc:  denied  { find } for pid=11183 uid=10224 name=nfc
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:nfc_service:s0 tclass=service_manager
permissive=0

Bug: 222387662
Test: build pass
Change-Id: If97d8141acab23b4e13ea65ce28589195ef7ad9e
 2022-03-04 02:46:29 +00:00
Jinting Lin
c3612c7097 Allow modem diagnostic app to access default prop 
log:
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.google.mds

Bug: 222509956
Change-Id: I50302b38f074e3f1a078ee48896154353e0937b6
 2022-03-04 01:35:39 +00:00
Devin Moore
ac44b340d3 Add the init_boot partition sepolicy 
Tagging the partition as a boot_block_device so everything that had
permission to read/write to the boot partition now also has permissions
for this new init_boot partition.

This is required for update_engine to be able to write to init_boot on
builds that are enforcing sepolicy.

Bug: 222052598
Test: adb shell setenforce 1 && update_device.py ota.zip

Merged-In: Ic991fa314c8a6fdb848199a626852a68a57d1df5
Change-Id: Ic991fa314c8a6fdb848199a626852a68a57d1df5
 2022-03-03 20:01:09 +00:00
Robb Glasser
990294708f Add hal_graphics_composer_default to sensors sepolicy. 
Bug: 221396170
Test: No avc denial.

Change-Id: I23299524dec50d8c589c6acc9da8b3c8c3399f97
 2022-03-03 18:42:58 +00:00
Nishok Kumar S
e95f5edafe Allow camera HAL and GCA to access Aurora GXP device. 
The camera HAL and Google Camera App
need selinux permission to run workloads on Aurora DSP. This
change adds the selinux rules too allow these clients to
access the GXP device and load firmware onto DSP cores
in order to execute workloads on DSP.

Bug: 220086991
Test: Verified that the camera HAL service and GCA app is able to access the GXP device and load GXP firmware.
Change-Id: I1bd327cfbe5b37c88154acda54bf6c396e939289
 2022-03-03 04:02:33 +00:00
Robert Lee
129ef29bc8 Fix selinux error for aocd 
allow write permission to fix following error
auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm="aocd" name="aoc" dev="tmpfs" ino=497 scontext=u:r:aocd:s0 tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=0

Bug: 198490099
Test: no avc deny when enable no_ap_restart
Change-Id: I06dc99f1a5859589b33f89ce435745d15e2e5749
Signed-off-by: Robert Lee <lerobert@google.com>
 2022-03-03 02:22:53 +00:00
Siddharth Kapoor
2d43200489 Add libgpudataproducer as sphal 
Bug: 222042714
Test: CtsGpuProfilingDataTestCases passes on User build

Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
Change-Id: I1997f3e66327486f15b1aa742aa8e82855b07e05
 2022-03-03 01:08:52 +00:00
Jinting Lin
94d7f6cce6 Fix avc denied for slsi engineermode app 
log:
avc: denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:platform_app:s0:c512,c768 pid=5111 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { call } for comm="si.engineermode" scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.samsung.slsi.engineermode
avc: denied { call } for comm="HwBinder:1016_1" scontext=u:r:rild:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=binder permissive=0
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:vendor_engineermode_app:s0:c225,c256,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.samsung.slsi.engineermode

Test: side load the trail build sepolicy, then check the app

Bug: 221482792
Change-Id: I84768ed128a2b8c57d6a3e0a0f0aa8c4d4b91857
 2022-03-03 01:01:08 +00:00
sukiliu
b1c5fcff3d update error on ROM 8223177 
Bug: 221384981
Bug: 221384939
Bug: 221384996
Bug: 221384768
Bug: 221384770
Bug: 221384860
Test: PtsSELinuxTestCases
Change-Id: I50916dca7548bce0e77d90a36ad8f9ba1ca7c711
 2022-03-02 06:30:05 +00:00
Roshan Pius
a1f0d2aa9a gs-sepolicy: Fix legacy UWB stack sepolicy rules 
This rule was present on previous devices.

Denial logs:
02-24 09:22:08.214   427   427 E SELinux : avc:  denied  { find } for
pid=1479 uid=1000 name=uwb_vendor scontext=u:r:system_server:s0
tcontext=u:object_r:uwb_vendor_service:s0 tclass=service_manager permissive=0

Bug: 221292100
Test: Compiles
Change-Id: I6de4000a9cebf46a0d94032aade7b2d40b94ca16
 2022-03-01 18:25:00 +00:00