Commit graph

1053 commits

Author SHA1 Message Date
Jack Wu
b0f67d6ab5 sepolicy: allows pixelstat to access pca file nodes am: 2ee67a6bf3
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18868952

Change-Id: I7c9f976140f3b5aa3ba325a44c876703128b2e33
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-17 20:21:28 +00:00
Lawrence Huang
d28cda0c75 Add network permissions for google camera am: 2c5af2b633 am: 8810a2f193
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18803934

Change-Id: Ia2cfe7206c29707ec6bbbaea4a9e10ee5b9b2620
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-17 20:03:59 +00:00
Lawrence Huang
a2dfbccafd Add network permissions for google camera am: 2c5af2b633
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18803934

Change-Id: I36d7f88c4eab1981bea90ced28df3c7eb7766b27
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-17 19:38:54 +00:00
Lawrence Huang
8810a2f193 Add network permissions for google camera am: 2c5af2b633
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18803934

Change-Id: I779fe88a1361b51118d95e2af6da595dff8cf2c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-17 19:38:42 +00:00
Lawrence Huang
2c5af2b633 Add network permissions for google camera
Investigation here:
https://docs.google.com/document/d/1dARYZBxeJFPTEIMr-0U80Ka68BoPY6-h9VcBDZ8Uon8/edit#

Bug: 230434151
Change-Id: I9b37906ba4c7ba2cdbb23fc7a07f1e9e2aa8d1ab
Test: no more avc errors
2022-06-17 18:59:12 +00:00
Jack Wu
2ee67a6bf3 sepolicy: allows pixelstat to access pca file nodes
Bug: 235050913
Test: no Permission denied while accessing the file node
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I7de0a374e1c98f4e9bbf36e39cb0131b0e9ffebc
2022-06-17 02:52:35 +00:00
Automerger Merge Worker
0a1d8f2f71 Merge "allow rlsservice read vendor camera property am: f90d992b0c am: f41b4005dd" into tm-d1-dev-plus-aosp am: c4a80436a0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: Ic0dc324fcd650b33c79c478427228092d12c37ec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 13:01:35 +00:00
JimiChen
53d0a39cb5 allow rlsservice read vendor camera property am: f90d992b0c am: 7e79f7639d am: e8a19311d5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: I90af773d12bd7f94294f5b51659ca351da00bdb8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 13:00:57 +00:00
JimiChen
b15579ed26 allow rlsservice read vendor camera property am: f90d992b0c am: f41b4005dd am: 8af2912356
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: I3ad30bbfae5474421775b7dd8b54c677b0a1f320
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 13:00:38 +00:00
Automerger Merge Worker
c4a80436a0 Merge "allow rlsservice read vendor camera property am: f90d992b0c am: f41b4005dd" into tm-d1-dev-plus-aosp 2022-06-16 12:36:58 +00:00
JimiChen
3ab0915765 allow rlsservice read vendor camera property am: f90d992b0c am: f41b4005dd
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: I97e1cc94ceacca9ab0da5fce8b051017cdaec65c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 12:36:44 +00:00
JimiChen
e8a19311d5 allow rlsservice read vendor camera property am: f90d992b0c am: 7e79f7639d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: Ifeac7cc60bcd91c0c8018626a1499b0fca6c4282
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 12:36:43 +00:00
JimiChen
8af2912356 allow rlsservice read vendor camera property am: f90d992b0c am: f41b4005dd
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: Ie0ca09bda13e5756cf59bb274c23bfa92f5d918b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 12:36:41 +00:00
JimiChen
f41b4005dd allow rlsservice read vendor camera property am: f90d992b0c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: Id9857d0edc1f34c53a1af86f7bcb16a17e69dc99
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 12:19:33 +00:00
JimiChen
7e79f7639d allow rlsservice read vendor camera property am: f90d992b0c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18844687

Change-Id: Ie8ff6714c0cf09bb94c462836d5329bd0c0705f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 12:18:03 +00:00
JimiChen
f90d992b0c allow rlsservice read vendor camera property
Bug: 233020488
Test: no avc denied
Change-Id: Ie7e68a6e18ba64c18e90e39cadacea5a15364eff
2022-06-16 12:02:26 +00:00
sukiliu
5d57c72cc9 [automerger skipped] [Do not merge]Update avc error on ROM 8732242 am: c25afee26a am: 4296484403 -s ours
am skip reason: Merged-In I9b4b487aa78a69fe981a542aef1a7dbe368a30ce with SHA-1 c25afee26a is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18911481

Change-Id: I1a3b60fecd19afe83ea6bab5df552de65662535b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 07:26:58 +00:00
sukiliu
f0b62f66e4 [Do not merge]Update avc error on ROM 8732242 am: c25afee26a am: 346ea66421
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18911481

Change-Id: I2c0c351b0592bf4345f8c482bf57b5a64122b3b8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 07:26:49 +00:00
sukiliu
4296484403 [Do not merge]Update avc error on ROM 8732242 am: c25afee26a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18911481

Change-Id: I7f9d305c7e08f1db8e54625da80b1205b04f3964
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 07:10:11 +00:00
sukiliu
346ea66421 [Do not merge]Update avc error on ROM 8732242 am: c25afee26a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18911481

Change-Id: Ib18c3ed1bb2fc93dd6054e47d4201921b6c0fc16
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-16 07:10:09 +00:00
sukiliu
c25afee26a [Do not merge]Update avc error on ROM 8732242
Bug: 236200710
Test: PtsSELinuxTestCases
Merged-In: I9b4b487aa78a69fe981a542aef1a7dbe368a30ce
Change-Id: I9b4b487aa78a69fe981a542aef1a7dbe368a30ce
2022-06-16 03:24:58 +00:00
Robb Glasser
8c03e80d2f Allow sensors HAL to rw the sensors registry. am: 31981dfaea am: fdab89cb53
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18801904

Change-Id: Ia13fb151acf3aac1384d5d15ca99dcab98596ce2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-14 20:26:36 +00:00
Robb Glasser
dab6ebf461 Allow sensors HAL to rw the sensors registry. am: 31981dfaea am: 1e07ca2133
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18801904

Change-Id: Ibca080c05e9ac22bd8fff5b374c796bce6d22c93
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-14 20:25:54 +00:00
Robb Glasser
1e07ca2133 Allow sensors HAL to rw the sensors registry. am: 31981dfaea
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18801904

Change-Id: I5a38540c36766b1474cf44f06a5147dc48966c69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-14 20:00:30 +00:00
Robb Glasser
fdab89cb53 Allow sensors HAL to rw the sensors registry. am: 31981dfaea
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18801904

Change-Id: Iae2c15d00f64e01312332f0cd446e2bb9692d053
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-14 20:00:17 +00:00
Robb Glasser
31981dfaea Allow sensors HAL to rw the sensors registry.
The sensors HAL needs full permissions to read and write the sensors
registry for things like runtime calibration.

Bug: 227695036
Test: Denial goes away.
Change-Id: I5ccec3497219acca7c172c1cb0cf1d070996b42b
2022-06-14 19:20:32 +00:00
yixuanjiang
7db78e5ead aoc: add audio property for audio CCA module am: 73f6971475
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18755666

Change-Id: I550dcc1f53c73dd72f42ac7042598a36c780d8c9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-14 07:25:35 +00:00
yixuanjiang
73f6971475 aoc: add audio property for audio CCA module
Bug: 213545113
Test: local test
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: Ic58d944d30d0367a7c3afdf5f1bb1f696c8edda9
2022-06-14 07:02:23 +00:00
Minchan Kim
6f7f80d426 allow hal_dumpstate_default to access cma debugfs am: 4bc7128afe am: 5f60efbda2
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18843535

Change-Id: Icec5566a457c75184e872ca5749ef649cae8f58c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 23:28:52 +00:00
Minchan Kim
62afd7445e allow hal_dumpstate_default to access cma debugfs am: 4bc7128afe am: 10398a5cbb
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18843535

Change-Id: Ib9d5e2d45a6b38a03e156a0974afe20b78297801
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 23:28:07 +00:00
Minchan Kim
5f60efbda2 allow hal_dumpstate_default to access cma debugfs am: 4bc7128afe
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18843535

Change-Id: I6537bd75541c64c27f17beef2bb2efbcc798756e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 23:04:12 +00:00
Minchan Kim
10398a5cbb allow hal_dumpstate_default to access cma debugfs am: 4bc7128afe
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18843535

Change-Id: Ia0997d18fdae581c82b9a80e84e518e1311d1887
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 23:04:10 +00:00
Minchan Kim
4bc7128afe allow hal_dumpstate_default to access cma debugfs
It's useful for CMA memory debugging.

Bug: 233535442
Test: adb bugreport contains cma information in dumpstate_board.txt
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I65170d6b84f642e038a7901427c3673b40832af9
2022-06-13 22:35:38 +00:00
Oleg Matcovschi
97c6a21f42 sepolicy: add sscoredump mali genfs rule am: c7bcfba2cb am: 910d7ed141
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18839008

Change-Id: I323b175ead00af642566bf4b534f3e37f31bc4a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 20:15:09 +00:00
Oleg Matcovschi
c622ae0997 sepolicy: add sscoredump mali genfs rule am: c7bcfba2cb am: 06c0bb9b68
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18839008

Change-Id: I91b61083e4fbb7ee3e2e95439ce41d8cfa4fb2f8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 20:14:20 +00:00
Oleg Matcovschi
910d7ed141 sepolicy: add sscoredump mali genfs rule am: c7bcfba2cb
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18839008

Change-Id: Idf09c36426159f8fe5f24e4a64faa93a364b7f7f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 19:48:24 +00:00
Oleg Matcovschi
06c0bb9b68 sepolicy: add sscoredump mali genfs rule am: c7bcfba2cb
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18839008

Change-Id: I8d31652f4fb97125b39d87270079dbfda74dfac8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 19:48:21 +00:00
Oleg Matcovschi
c7bcfba2cb sepolicy: add sscoredump mali genfs rule
Bug: 235492324
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I8a5db9b4d0a6f63819820213e20165dbe920ab07
2022-06-13 18:08:04 +00:00
Krzysztof Kosiński
de8c522976 Add dontaudit statements to camera HAL policy. am: 2d44b5d5d0 am: 4e0e696557
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18806796

Change-Id: Id5244b02b2364064a4da128dc7ee906e9224e02a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 21:39:01 +00:00
Krzysztof Kosiński
527ccb7e0c Add dontaudit statements to camera HAL policy. am: 2d44b5d5d0 am: c580359e1a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18806796

Change-Id: Iba99e34c7ec4342dc9ad90c2a2598fd467e5269e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 21:38:41 +00:00
Krzysztof Kosiński
4e0e696557 Add dontaudit statements to camera HAL policy. am: 2d44b5d5d0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18806796

Change-Id: I3edd95cc19e0a2270be25ed8624bc9baa453480b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 21:04:44 +00:00
Krzysztof Kosiński
c580359e1a Add dontaudit statements to camera HAL policy. am: 2d44b5d5d0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18806796

Change-Id: Ifc5b6f8e21d1c926b84a919ab39e5b3a1449ca5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 21:04:42 +00:00
Krzysztof Kosiński
2d44b5d5d0 Add dontaudit statements to camera HAL policy.
The autogenerated dontaudit statements in tracking_denials are
actually the correct policy. Move them to the correct file and
add comments.

Bug: 218585004
Test: build & camera check
Change-Id: Ie0338f0d2a6fd0c589777a82c22a014e462bd5c2
(cherry picked from commit 26b2d2e33e)
2022-06-10 20:19:12 +00:00
Myung-jong Kim
c7bc0c512c sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: 0d81b693cf am: c071e1caa0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I116cb4eb36870c61bf3957378a7a74b5c13b3376
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 16:01:01 +00:00
Myung-jong Kim
b325dccb09 sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: 0d81b693cf am: 01870d5731
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I39e9405043698829851fef9c9b308518694f1f90
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 15:53:17 +00:00
Myung-jong Kim
29e89b93ee sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: b022c79b96 am: a057381a7d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I720fceaf684b1c3f4050896c16d9271bd706b195
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 15:53:05 +00:00
Myung-jong Kim
01870d5731 sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: 0d81b693cf
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I0bd3765e66d9949fcb30692d5294a90f7dfe16b2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 15:27:33 +00:00
Myung-jong Kim
c071e1caa0 sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: 0d81b693cf
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I0f435c75dd2722d5a5c4638abb9fc77675fca868
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 15:27:33 +00:00
Myung-jong Kim
a057381a7d sepolicy: add net_domain macro for vendor_rcs_app am: e2b042c307 am: b022c79b96
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18799291

Change-Id: I5a38963dcaac5334603090efc5401472a0595873
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 15:20:00 +00:00
Ken Chen
bd1536a0ab fix sepolicy for net devices am: d0bbe71217 am: 31a64f7fc0
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18821530

Change-Id: I5f58c2df5ea8597030de7b18b7c76663db86ab1b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 15:09:51 +00:00