Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
563 commits 1 branch 0 tags 63 MiB
Commit graph

563 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ken Chen
d0bbe71217 fix sepolicy for net devices 
bug: 222232008
Test: atest NetdSELinuxTest#CheckProperMTULabels
Change-Id: I99f70eefa3259a2da556fed6ced70f32d03ff4bb
 2022-06-10 18:20:19 +08:00
Andy Hsu
1240fdefbb Add policy to allow debug camera app (GCAEng and locally built GCANext) to access HAL to apply CPU/GPU boost on userdebug builds. 
Bug: 233998391

Test: Boost applied successfully for all flavors b/233998391#comment15. GCA.
Change-Id: If339705cf4daec0f12e81c2c8efdc1eb4a063267
 2022-06-08 02:26:26 +00:00
Adam Shih
2a7ecbdce0 update error on ROM 8666963 
Bug: 234547497
Test: boot
Change-Id: Ic5a9d39449af035a32aaea71b06d7bd33e16cf4b
 2022-06-01 08:35:23 +00:00
George Chang
851a643c9e Update nfc from hidl to aidl service 
Bug: 216290344
Test: atest NfcNciInstrumentationTests
Test: atest VtsAidlHalNfcTargetTest
Merged-In: If1f57af334033f9bd7174c052767715c9916700f
Change-Id: If1f57af334033f9bd7174c052767715c9916700f
 2022-06-01 06:19:26 +00:00
Andy Hsu
38ddaa255e Add policy to allow GoogleCameraApp access HAL to apply CPU/GPU boost. 
To fix the denial message:
avc:  denied  { find } for pid=4646 uid=10134 name=android.hardware.power.IPower/default scontext=u:r:google_camera_app:s0:c134,c256,c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0

Reference: go/sepolicy.

On P21, we have ag/14692156 to access PowerHAL in GCA. On P22, we currently don't have the permission (b/233998391#comment10). This change fixes this issue.

Bug: 233998391
Bug: 232184722
Bug: 232022128

Test: Boost is applied successfully b/233998391#comment11. GCA.

Change-Id: Id1a938fc0af0ad9280aa49e7f6cbdf45c16f8b38
 2022-05-31 23:57:19 +00:00
Ankit Goyal
5be857af43 Add SE policies for memtrack HAL 
Bug: 220360577
Test: adb shell dumpsys meminfo
Change-Id: I4dfc0c016ccf980b4f7dabd2fb70d2466b69b5cc
 2022-05-31 23:25:27 +00:00
Taeju Park
eb4d432dd8 Pixel-EM-DriverV2: sepolicy: allows Power HAL to 
modify em_profile related sysfs nodes

Bug: 170647767
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: I160741f172a5713535852e7fb0d12126ddf0395e
 2022-05-31 20:38:29 +00:00
George Lee
ee92ac374a dumpstate: Mitigation logger readout - sepolicy 
Mitigation Logger logs battery related information for 1 second when it
is triggered by under voltage or over current interrupts.  Information
collected is to help debug system brownout.  This change is to enable
bugreport reading out the mitigation log.

Bug: 228383769
Test: Boot and Test
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Ic0291e05bcf20839a66d50d159bb5ef41681c45d
 2022-05-27 11:25:02 -07:00
George Lee
bc2cf5c153 bcl: Add Mitigation Logger - sepolicy 
Mitigation Logger logs battery related information for 1 second when it
is triggered by under voltage or over current interrupts.  Information
collected is to help debug system brownout.

Bug: 228383769
Test: Boot and Test
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I9ac873d03d57d9a6db8d9233f25c8fabdfc399a5
 2022-05-26 21:39:25 -07:00
eddielan
36a6b23804 sepolicy: Add SW35 HIDL factory service into sepolicy 
Bug: 231549391
Test: Build Pass
Change-Id: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
(cherry picked from commit aeb9bd0406)
Merged-In: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
 2022-05-27 01:29:31 +00:00
Yichi Chen
8b2c6f8187 RRS: Apply the default config from persist prop 
vendor_config plays as another role to control the display config during
the boot time. To change the default configuration of the user selected
mode, we use persist config to store the value.

Bug: 232721840
Test: Boot w/ and w/o user selected configs and check the resolution
Change-Id: Ideed75f0a29368ff95916fb1fa87f21482c17613
 2022-05-24 13:06:41 +00:00
Badhri Jagan Sridharan
08ccaeb6ab Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable am: 91a1f49a8a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18553772

Change-Id: I31d103ab14fb4cf3e2eafc14d88196a9309bcb72
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-24 01:01:25 +00:00
Badhri Jagan Sridharan
91a1f49a8a Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable 
auditd  : type=1400 audit(0.0:4): avc: denied { search } for comm="HwBinder:879_1"
name="10d60000.hsi2c" dev="sysfs" ino=23606 scontext=u:r:hal_usb_gadget_impl:s0
tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0

Bug: 206635552
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ibc4ec27ad7d1b7a26c9935aa0c4aff5f03a8d59c
 2022-05-23 23:59:44 +00:00
Dinesh Yadav
6513479fe8 Add SEPolicy for gxp_metrics_logger.so logging to stats service 
In order to access the gxp metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses.
This CL adds the same_process_hal_file tag to allow this exception.

Bug: 177236353

Test: App can load the .so and creates a VLOG message after this change.
Before: No permission to access namespace.
After: GCA able to access the gxp_metrics_logger.so
Change-Id: I453b66b30eb51ebd22fda750d272cf35574301f6
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2022-05-20 17:05:23 +00:00
Jacqueline Wong
c169cd75ce be able to dump coredump 
Bug: 218358165
Test: adb root; adb remount -R; adb bugreport
Signed-off-by: Jacqueline Wong <jacqwong@google.com>
Change-Id: I42c2db7902064e1508676ad93def2e0e4f5c2b28
 2022-05-19 05:37:50 +00:00
Dinesh Yadav
e40cd2ac42 Add SEPolicy settings for android logging/tracing service for GXP 
This change also adds support for SEPolicy to access perfetto which was
missing in ag/17818623.

Bug: 217289052

Change-Id: Ic5599d0be783b65102b3b0ffef27e66f1f6904da
 2022-05-19 03:31:32 +00:00
Nishok Kumar S
43e827c01a Add label for GCA fishfood app built with debug keys - label as 
debug_camera_app.

Test: Build GCA-Next manually and install on device. Test with selinux
on.
Bug: 230773733

Change-Id: Ifc2fd29a74bf66444501327feac391ddf812c867
 2022-05-17 02:42:05 +00:00
George Lee
b6971e353f dumpstate: Add BCL mitigation info to user build 
Bug: 232793927
Test: Confirm user build bugreport has mitigation info
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I9945a0f005bee6e25580c122df4c8932607fa51a
 2022-05-17 00:42:57 +00:00
Austin Wang
53a167fcf0 Add P22 reverse wireless charging selinux policy am: e5f8377849 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18350566

Change-Id: I92b12dd3c05b50244e3c67667ba2296fcf62fd1a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 09:49:54 +00:00
Jerry Huang
dafeb57668 Allow mediacodec to access vendor_data_file am: 95845654bf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/18188091

Change-Id: I4fd8e3a631a441dfedf06300f5f619706f7b75c8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 09:49:28 +00:00
Austin Wang
e5f8377849 Add P22 reverse wireless charging selinux policy 
Allow Settings to call hal_wlc

Error:

05-13 09:28:20.508  1000  7293  7293 W ndroid.settings: type=1400 audit(0.0:29): avc: denied { call } for scontext=u:r:system_app:s0 tcontext=u:r:hal_wlc:s0 tclass=binder permissive=0

Bug: 231420451
Test: Enable battery share from settings and charge another device.
Change-Id: Ic761bee47ea41f6db8b1838fb3fc2a9f7ef7bb5c
 2022-05-13 09:28:03 +00:00
Jerry Huang
95845654bf Allow mediacodec to access vendor_data_file 
For dumping output buffer of HDR to SDR fliter.

This patch fixes the following denial:

05-10 21:42:49.427   890   890 W HwBinder:890_4: type=1400 audit(0.0:2944): avc: denied { search } for name="data" dev="dm-41" ino=105 scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

05-10 21:42:49.499   890   890 W HwBinder:890_4: type=1400 audit(0.0:2946): avc: denied { getattr } for name="/" dev="dmabuf" ino=1 scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=0

05-10 21:46:27.735   885   885 W google.hardware: type=1400 audit(0.0:3198): avc: denied { search } for name="data" dev="dm-41" ino=105 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

05-10 21:46:27.795   885   885 W google.hardware: type=1400 audit(0.0:3200): avc: denied { getattr } for name="/" dev="dmabuf" ino=1 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=0

Bug: 229360116
Test: atest android.media.decoder.cts.DecoderTest
Change-Id: I11403b20e8608f50907db561b8232b1b64bea298
 2022-05-13 09:24:38 +00:00
Nishok Kumar S
145f7b5b93 Use google_camera_app label for GCA-Next fishfood app. 
Bug: 230773733
Test: Build selinux and test with GCA-Next on device.
Change-Id: I757e7de2293e25bd027262a5fbf4ece2a44f10d1
 2022-05-13 05:31:34 +00:00
Nishok Kumar S
4a6cfb5a9c Label GCA-Eng app 
- Add policies for GCA-Eng to access GXP device.
 - Allow GCA-Eng to access edgetpu service.

Test: Build selinux and test GCA-Eng on device with
      adb shell setprop camera.artemis_dsp TRUE

Bug: 230773733
Change-Id: I8d04f6e1aef0899b3862ddbb80174cd086156d92
 2022-05-13 05:18:09 +00:00
Kris Chen
3162407210 Allow hal_fingerprint_default to access hal_pixel_display_service 
Fix the following avc denial:
avc: denied { find } for pid=1158 uid=1000 name=com.google.hardware.pixel.display.IDisplay/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_pixel_display_service:s0 tclass=service_manager permissive=0
avc: denied { call } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder permissive=0

Bug: 229716695
Bug: 224573604
Test: build and test fingerprint on device
Change-Id: I104af7f50715090fe0c2aa6845848bf77ab3e3ae
 2022-05-05 02:03:43 +00:00
Jenny Ho
5e426a95d0 sepolicy: allow access debugfs charger register dump 
Bug: 230360103
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: Ieedff4d6475706d4d932913e6d647ca401e56966
 2022-05-03 06:54:05 +00:00
Labib
177a3796e8 Give RadioExt permission to write to sysfs node am: 4c8dbb65b8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17981512

Change-Id: Iec721cea68d7eae8715537b887911c0f848e1e6d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 05:07:36 +00:00
Labib
4c8dbb65b8 Give RadioExt permission to write to sysfs node 
Bug: 212601547
Test: Manual
Change-Id: I8c7341833aeacebfedba6e8e05d2696012043d32
 2022-04-28 16:58:34 +08:00
Wei Wang
d85f93ec30 allow udfps hal to access trusty 
Bug: 229350721
Bug: 230492593
Test: UDFPS with stress
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: Ib1abe0e0318689528a6658f3597f1c11ad9fa1c3
 2022-04-27 13:20:02 -07:00
Stephane Lee
85e5caf85e Fix permissions for ODPM permanently by adding all buses 
You don't need wildcards on genfs, just need the base path

Bug: 229895015
Test: Ensure the device boots, verify permissions with ls -AlZ
Change-Id: Ib59693f0404db4e28b9959fcdf1cc4d483c5d1b1
 2022-04-27 01:06:36 +00:00
Stephane Lee
a492311ba4 Allow hal_thermal_default to read iio/odpm sysfs nodes 
Bug: 230031671
Test: There are no errors for iio or odpm nodes
Change-Id: Ifb204fa7b535c001838c7008b30b6e41744a01d1
 2022-04-26 21:24:30 +00:00
Wei Wang
90f4106b80 Grant trusty to power hal 
Bug: 229350721
Test: UDFPS with stress
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: Ia88d6cff1d21940e22ae5122dbfcf52de27ad700
 2022-04-23 21:53:44 -07:00
Quang Luong
a36285b0de Revert "Add SEPolicy settings for android logging/tracing servic..." 
Revert submission 17817048-gxp-firmware-log-trace-metrics-service

Reason for revert: breaks CTS tests: b/230031232
Reverted Changes:
I3c9574dca:Add SEPolicy settings for android logging/tracing ...
I6bced8246:Add Firmware Log/Trace service to GXP project outp...
Icfc0ca30f:Add gxp_logging_service as an android service

Change-Id: I4ae6a63b6e2b58a094f45771de87fc3799f99e67
 2022-04-22 00:11:02 +00:00
George Chang
3135c26574 Remove st33spi tracking_denial 
Fixed by remove property access from st33spi hal
aosp/2064213

Bug: 229167195
Test: PtsSELinuxTestCases
Change-Id: Icee8bea36ad68e60a32cfa8c35a2ab9ff6ee515a
 2022-04-21 08:27:28 +00:00
Chung-Kai (Michael) Mei
26b3d89302 Revert "genfs_contexts: fix path for i2c peripheral device" am: ac45672cc5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17865266

Change-Id: I5b4670792368963bd1fe1b6015523bd9dd0f00d8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 08:02:41 +00:00
Chung-Kai (Michael) Mei
ac45672cc5 Revert "genfs_contexts: fix path for i2c peripheral device" 
This reverts commit 4db0feed32.

Reason for revert: related patch is merged, so it's duplicated

Fix: 229940065
Change-Id: I898dd52f4857983323fec9f72e797bd2f759f724
 2022-04-21 07:28:09 +00:00
chungkai
75b598a98b genfs_contexts: fix path for i2c peripheral device am: 4db0feed32 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17866185

Change-Id: Ie6c3f511a21fa3c50af2c8a138ca81c601eb26ca
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 06:49:05 +00:00
Stephane Lee
adc37c2bdf Fix boot issues with hal_thermal_default am: 9fdfcb53b5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17877853

Change-Id: Ie32473dbd4dd7f663da8a7cd687ffb548a717034
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 06:48:59 +00:00
chungkai
4db0feed32 genfs_contexts: fix path for i2c peripheral device 
add original paths since we reverted enable load
module in parallel for other issues

Test: without avc denial
Bug: 229670628
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ie7a2a78eae5d6965beedc0de640ec56acb6a7b2a
 2022-04-21 06:33:21 +00:00
Stephane Lee
9fdfcb53b5 Fix boot issues with hal_thermal_default 
Bug: 229895015
Test: Ensure the device boots, verify permissions with ls -AlZ
Change-Id: I0f95bb7eb58e6ce22a0f66a70408fdf56d94b1b3
 2022-04-21 06:30:34 +00:00
Dinesh Yadav
5f4f4de205 Add SEPolicy settings for android logging/tracing service for GXP 
Change-Id: I3c9574dca5e52356b77172c886ac8971584d3012
 2022-04-21 06:22:37 +00:00
Wayne Lin
c59744b9da gps: sync sepolicy from gs101 to allow gps access pps gpio am: 4d163d5b32 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17699358

Change-Id: Ifb5a5c0afac155bdaeccd7313f4ee16dd4dd9834
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 02:22:17 +00:00
Wayne Lin
52af682ee3 gps: refine gps sepolicy am: 5c9592e973 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17699753

Change-Id: Ic804efd9b7077145d1d12b1ec00999195a9fc5d8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 02:22:16 +00:00
Stephane Lee
f397f35b2e Add hwservicemanager to pixelstats permissions am: 3a95426f78 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17831450

Change-Id: I7765947eb081be8869b038981d2ddfc104bdcadc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 02:21:48 +00:00
Wayne Lin
4d163d5b32 gps: sync sepolicy from gs101 to allow gps access pps gpio 
Bug: 228903885
Test: build pass
Change-Id: Ic555a0640872ae0dc1a69a9d4a11027d4364464a
 2022-04-21 01:47:37 +00:00
Wayne Lin
5c9592e973 gps: refine gps sepolicy 
Bug: 228903885
Test: build pass and no avc denied in gpsd
Change-Id: Id0821b1335d316899e3a32b56a0e1c0feb4ba2b6
 2022-04-21 01:47:37 +00:00
Stephane Lee
3a95426f78 Add hwservicemanager to pixelstats permissions 
Bug: 227199213
Test: Ensure there are no more selinux errors
Change-Id: I1d961096df49f82302d7ff14fec809232e5afd28
 2022-04-21 01:42:17 +00:00
Labib
b4c3e55628 Let RadioExt talk to bt hal am: 2b189b45af 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17821687

Change-Id: Ia79174e3f47e9cd7b1c9c2bd12c91da7543e2baf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 03:58:47 +00:00
Labib
2b189b45af Let RadioExt talk to bt hal 
Bug: 227122249
Test: Manual
Change-Id: I9f41615e8e862af147d6f47e5e4c4e0dde40c233
 2022-04-20 03:20:39 +00:00
chungkai
3ab10a4ca3 sepolicy: fix avc denials am: 32bf1ffbf7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17800453

Change-Id: Iafb00b0878360210b8c55ca21f90cb814758eeab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 03:02:50 +00:00