Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
233 commits 1 branch 0 tags 63 MiB
Commit graph

233 commits

This branch
This branch
All branches
Author SHA1 Message Date
Adam Shih
d3d316704e update error on ROM 7971030 
Bug: 209329856
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I2e0c33b1fae3fcaad2ead33406d656a8a538d90d
 2021-12-06 09:33:01 +08:00
Adam Shih
b466b688e0 update error on ROM 7964913 
Bug: 208909191
Bug: 208909124
Bug: 208909174
Bug: 208909175
Bug: 208909060
Bug: 208909270
Bug: 208909232
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I7e3edb49e5a191a2fc9e34f7232d754ecd2fed00
 2021-12-03 10:08:39 +08:00
Randall Huang
abc92ffabe fix vold selinux error 
Bug: 208721768
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I22060550896722e9c8eab4acdaf39dbeb12026ce
 2021-12-02 06:29:49 +00:00
George Chang
b2d162fda7 Fix SELinux error coming from hal_secure_element_uicc 
12-02 09:45:55.564   796   796 I secure_element@: type=1400 audit(0.0:3): avc: denied { call } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   11.030503] type=1400 audit(1638409555.564:3): avc: denied { call } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1

Bug: 208715886
Test: check avc
Change-Id: I701b36fbb58f1c071f1dbc394048dad467ac6c4c
 2021-12-02 06:17:22 +00:00
Roger Fang
ad3e880a3f sepolicy: Add suez audio sepolicy 
pixelstats-vend: type=1400 audit(0.0:30): avc: denied { read } for name="codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:31): avc: denied { open } for path="/sys/devices/platform/audiometrics/codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:32): avc: denied { getattr } for path="/sys/devices/platform/audiometrics/codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1

Bug: 206007421
Test: build passed and no avc deniel logs

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: Ib5f5dd248e276f470e213cc053728cbf70c20dbf
 2021-12-02 04:51:37 +00:00
Roger Fang
e25c4dca39 sepolicy: add permission for the hardware info putDsp function 
Bug: 202814070
Test: Manually test passed

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: I15b8fa09fddc89dcbe7893ef73fea72ac6ae63e4
 2021-12-02 04:51:17 +00:00
Adam Shih
cfbef530da update error on ROM 7961148 
Bug: 208721809
Bug: 208721525
Bug: 208721677
Bug: 208721526
Bug: 208721638
Bug: 208721505
Bug: 208721729
Bug: 208721710
Bug: 208721673
Bug: 208721679
Bug: 208721707
Bug: 208721808
Bug: 208721636
Bug: 208721768
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ida37756678645dea41d343ede41868ce717fe9da
 2021-12-02 11:24:28 +08:00
Adam Shih
390b8cfa91 update error on ROM 7961148 
Bug: 208715886
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I898382e65a8f321a07984c67cca642b9710d1612
 2021-12-02 09:52:57 +08:00
Adam Shih
316d846ac4 copy euiccpixel_app setting to gs201 
12-01 13:56:53.328  7682  7682 I Thread-2: type=1400 audit(0.0:44): avc: denied { map } for path="/dev/__properties__/u:object_r:dck_prop:s0" dev="tmpfs" ino=136 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:dck_prop:s0 tclass=file permissive=1 app=com.google.euiccpixel
There is only one source of code in
vendor/unbundled_google/packages/EuiccSupportPixelPrebuilt/Android.mk

Bug: 208527969
Test: no relevant error logs were found any more
Change-Id: I06b1cdcfb9109956f9c65dede1208310d2b79c48
 2021-12-01 15:33:58 +00:00
Adam Shih
0546c79a47 make some libraries app reachable 
Bug: 208527969
Test: boot with no relevant error log
Change-Id: Ic21fcecd4a9ff3d293dafe1e7a9dbebd0e736852
 2021-12-01 15:33:49 +00:00
George Chang
097157613a Fix SELinux error coming from hal_secure_element_uicc 
11-11 09:38:59.168   794   794 I secure_element@: type=1400 audit(0.0:102): avc: denied { call } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.632309] type=1400 audit(1636594739.168:103): avc: denied { transfer } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.631474] type=1400 audit(1636594739.168:102): avc: denied { call } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
11-11 09:38:59.168   794   794 I secure_element@: type=1400 audit(0.0:103): avc: denied { transfer } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.633481] type=1400 audit(1636594739.172:104): avc: denied { call } for comm="rild_exynos" scontext=u:r:rild:s0 tcontext=u:r:hal_secure_element_uicc:s0 tclass=binder permissive=1
11-11 09:38:59.172   971   971 I rild_exynos: type=1400 audit(0.0:104): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:hal_secure_element_uicc:s0 tclass=binder permissive=1

Bug: 205904403
Test: check avc
Change-Id: I9186714d81e21ba8920aaa900a92f542e98ceddb
 2021-12-01 06:57:57 +00:00
Adam Shih
f8d59b9305 update error on ROM 7957241 
Bug: 208527900
Bug: 208527968
Bug: 208527969
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ic6de1f2232c1c0efd210bfe19ebac11207f72198
 2021-12-01 11:04:38 +08:00
davidycchen
262709f2ba allow hal_dumpstate_default to access touch sysfs node 
avc: denied { open } for comm="sh"
path="/sys/devices/platform/10d10000.spi/spi_master/spi0/spi0.0/
synaptics_tcm.0/sysfs/force_active" dev="sysfs" ino=89691
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1

Bug: 199104466
Test: trigger bugreport and check log.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: If35d651b2c8ca375f7f9cc36403eb02911912ebb
 2021-12-01 01:52:46 +00:00
yawensu
24eafb45c8 Fix SELinux error in vendor_qualifiednetworks_app. 
SELinux : avc:  denied  { find } for pid=1763 uid=10201 name=isub scontext=u:r:vendor_qualifiednetworks_app:s0:c201,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1

Bug: 204718865
Test: The error is gone after applying the patch.
Change-Id: I77d5f550614e1d63ab1547fc8d0ad1b70f72bed8
 2021-11-30 01:55:08 +00:00
Midas Chien
8cd52d9d33 Allowed PowerHAL service access Display node 
Bug: 207615889
Test: PowerHAL can access early_wakeup node in enforcing mode
Change-Id: I190e49f07c0c23c576a9fb8444ffb7c68eedf3ac
 2021-11-29 17:34:48 +00:00
chungkai
9721a3076e Fix avc denials for sysfs_vendor_sched 
Bug: 207300315
Bug: 207062875
Bug: 207062781
Test: build pass
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I17212c840c725f66d91f337c57af8e72e5e08b8c
 2021-11-29 03:42:14 +00:00
chungkai
7bbd1fb38a Allow vendor_init to modify proc_sched 
Bug: 207062206
Test: Boot to home
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I5d51e322c1522046623046051e8090fc64bedee5
 2021-11-28 15:47:11 +00:00
Ted Lin
115e8e0990 sepolicy: Remove tracking denials files and fix avc problems 
11-25 14:00:09.300  1000   764   764 I android.hardwar: type=1400 audit(0.0:3): avc: denied { getattr } for path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply/wireless/capacity" dev="sysfs" ino=68496 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-25 14:00:09.300  1000   764   764 I android.hardwar: type=1400 audit(0.0:5): avc: denied { open } for path="/sys/devices/platform/10d60000.hsi2c/i2c-5/5-0069/power_supply/dc/type" dev="sysfs" ino=67693 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-25 14:00:09.348  1000   764   764 I health@2.1-serv: type=1400 audit(0.0:7): avc: denied { open } for path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply/wireless/online" dev="sysfs" ino=68490 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-25 14:00:09.348  1000   764   764 I health@2.1-serv: type=1400 audit(0.0:8): avc: denied { getattr } for path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply/wireless/online" dev="sysfs" ino=68490 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
...
11-25 14:28:35.996  1000   768   768 I android.hardwar: type=1400 audit(0.0:3): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=58948 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
11-25 14:28:36.020  1000   768   768 I health@2.1-serv: type=1400 audit(0.0:4): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=58948 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
...

11-26 11:11:36.172  1000   751   751 I android.hardwar: type=1400 audit(0.0:3): avc: denied { read } for name="type" dev="sysfs" ino=68359 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-26 11:11:36.172  1000   751   751 I android.hardwar: type=1400 audit(0.0:4): avc: denied { open } for path="/sys/devices/platform/google,cpm/power_supply/gcpm_pps/type" dev="sysfs" ino=68359 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-26 11:11:36.172  1000   751   751 I android.hardwar: type=1400 audit(0.0:5): avc: denied { getattr } for path="/sys/devices/platform/google,cpm/power_supply/gcpm_pps/type" dev="sysfs" ino=68359 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Bug:207062562
Bug:207062231
Test: adb bugreport and check avc problem
Change-Id: I253f1cbe00650fdb96aced69edc8eaafa06ff6f9
Signed-off-by: Ted Lin <tedlin@google.com>
 2021-11-26 09:11:19 +00:00
Kris Chen
8d3c4a7b4e fingerprint: Fix avc errors 
Bug: 207062260
Test: boot with no relevant error on C10
Change-Id: I6d3b74c34d2344c4e889afaf8bb99278785e5416
 2021-11-25 07:09:31 +00:00
yixuanjiang
2720d2ac38 aoc: add audio property for audio aocdump feature 
Bug: 204080552
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: Ie638676d86a20eafbc6975df03ebbbcf5ec193ac
 2021-11-25 07:05:24 +00:00
Adam Shih
1bb2fac3f6 update error on ROM 7945168 
Bug: 207720645
Bug: 207720720
Bug: 207721033
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Iba41496590f1b82a51897c62e1cb74a224e484a5
 2021-11-25 03:00:28 +00:00
wenchangliu
81fb5ecc31 Allow mediacodec_samsung to access mfc sysfs file 
avc: denied { read } for name="name" dev="sysfs" \
ino=61284 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

avc: denied { open } for \
path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=61284 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

avc: denied { getattr } for \
path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=61284 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Bug: 204718809
Test: video playback / camera recording
Change-Id: I95c937375aa7ae19aef61af6b0f1aef73bd8957d
 2021-11-25 02:29:04 +00:00
Oleg Matcovschi
48d1b71ab1 sepolicy: Remove sscoredump tracking denials file 
Bug: 205073166
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I67d2500a5323203577c7fb90741c8dfec1cffd83
 2021-11-24 18:50:15 +00:00
Kyle Lin
f80cb8ae4e Add policy for memlat governor needs create/delete perf events 
[46756.223414] type=1400 audit(1637720953.624:1227238): avc: denied { cpu } for comm="cpuhp/3" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[46791.079905] type=1400 audit(1637720988.480:1228172): avc: denied { cpu } for comm="cpuhp/5" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[46831.825465] type=1400 audit(1637721029.228:1230804): avc: denied { cpu } for comm="cpuhp/4" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[47068.752724] type=1400 audit(1637721266.152:1237844): avc: denied { cpu } for comm="cpuhp/3" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[47227.488992] type=1400 audit(1637721424.888:1241154): avc: denied { cpu } for comm="cpuhp/7" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1

Bug: 207047575
Test: build, boot and check warning message
Change-Id: I735d5cfa5eb5614114d83a7892123d37c980d531
 2021-11-24 17:13:10 +00:00
wenchangliu
4bb1061c2d Add SELinux policy for mediacodec_samsung 
mediacodec_samsung is separated from mediacodec for
mfc encoder/decoder. Add assumption from mediacodec.te
as well.

Bug: 204718809
Test: boot to home
Change-Id: I67ce385903cf5abd2ba9dc62b7229320b3f7daa9
 2021-11-24 07:46:27 +00:00
wenchangliu
ecdcc0f739 Allow mediacodec_samsung to fallback crash dump 
avc: denied { write } for name="tombstoned_crash" \
dev="tmpfs" ino=948 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:tombstoned_crash_socket:s0 \
tclass=sock_file permissive=1

avc: denied { connectto } for path="/dev/socket/tombstoned_crash" \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:tombstoned:s0 \
tclass=unix_stream_socket permissive=1

avc: denied { write } for path="pipe:[63031]" dev="pipefs" ino=63031 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:system_server:s0 \
tclass=fifo_file permissive=1

avc: denied { append } for path="pipe:[63031]" dev="pipefs" ino=63031 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:system_server:s0 \
tclass=fifo_file permissive=

Bug: 204718809
Test: boot to home
Change-Id: Iad67f936ac9d6d11e5f5646918074153372b8b00
 2021-11-24 07:46:27 +00:00
wenchangliu
fae7e19893 Allow mediacodec_samsung to access graphics allocator 
avc:  denied  { find } for interface=android.hardware.graphics.mapper::IMapper \
sid=u:r:mediacodec_samsung:s0 pid=792 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:hal_graphics_mapper_hwservice:s0 tclass=hwservice_manager permissive=1

avc: denied { use } for path="/dmabuf:" dev="dmabuf" ino=94523 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:hal_graphics_allocator_default:s0 \
tclass=fd permissive=1

Bug: 205657093
Test: video playback / screen recording
Change-Id: I6c64b4d2483b146358ef678c56aec68dd86eb878
 2021-11-24 07:46:27 +00:00
wenchangliu
f2b1870b23 Allow mediacodec_samsung to access video device and system-uncached DMA-BUF heap 
This patch fixes the following denial:

avc: denied { getattr } for path="/dev/dma_heap/system-uncached" \
dev="tmpfs" ino=487 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1

avc: denied { getattr } for path="/dev/video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { read write } for name="video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { open } for path="/dev/video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { ioctl } for path="/dev/video6" dev="tmpfs" ino=477 \
ioctlcmd=0x561b scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=1

Bug: 205657093
Test: video playback / screen recording
Change-Id: Ia09bd29652b8197b4d5009f84077f6d5bb5551e2
 2021-11-24 07:46:27 +00:00
wenchangliu
0df2e47cb1 Allow mediacodec_samsung can route /dev/binder traffic to /dev/vndbinder 
This patch fixes the following denial:

avc: denied { call } for scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1

avc: denied { transfer } for scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1

Bug: 205904381
Test: boot to home
Change-Id: Ie2c0577bdf987466b4f729d9f78d1a6704cd9d24
 2021-11-24 07:46:27 +00:00
Adam Shih
5e6beee1e6 update error on ROM 7941916 
Bug: 207571335
Bug: 207571546
Bug: 207571417
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I7b75837d13b532793ccbc326379c1d95aada429b
 2021-11-24 10:41:32 +08:00
Firman Hadi Prayoga
7599ba8e55 Add /dev/lwis-eeprom-m24c64x-3j1 entry to selinux policy. 
lwis-eeprom-m24c64x-3j1 used by camera hal to access
P22 front camere EEPROM device.

Bug: 207062209
Fix: 207062209
Test: Boot, no avc denied logs for eeprom
Change-Id: Ia12da5dbed1baef6d8a8ab2bf421b2987639e826
 2021-11-24 01:01:44 +00:00
SalmaxChang
742cbc29b8 ssr_detector_app: fix avc error 
avc: denied { read } for name="u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=320 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1

Bug: 205202542
Change-Id: I84cbdb9d85ab58219554bfe0da35a00464a955ff
 2021-11-23 12:17:51 +00:00
SalmaxChang
5e2ac8ab48 Fix modem related avc errors 
avc: denied { read } for name="u:object_r:vendor_modem_prop:s0" dev="tmpfs" ino=317 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_modem_prop:s0 tclass=file permissive=1
avc: denied { read } for comm="dmd" name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:dmd:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { read } for name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:vcd:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1

Bug: 205073232
Bug: 205073025
Bug: 206045605
Change-Id: I3f76a138b4d6eeffb488fb5e5e15985ac6ef707d
 2021-11-23 12:17:51 +00:00
George Chang
3dc2515efe Update SecureElement sysfs_st33spi Sepolicy 
Add rules for sysfs_st33spi

Bug: 205250948
Test: check avc without secure_element
Change-Id: I1ccf39ca09c6b19a597114f04803800d38fdf774
 2021-11-23 11:40:16 +00:00
Adam Shih
e5e4f9f2b7 make libOpenCL reachable 
Bug: 207300281
Test: boot with no relevant error log
Change-Id: I294d23e2b29afd62da5c2327175f0c163da98cf0
 2021-11-23 06:00:16 +00:00
Adam Shih
851a7bb16b label extcon and remove obsolete zygote error 
Bug: 205904404
Bug: 206045368
Bug: 207062229
Test: boot with no relevant error logs
Change-Id: If4c2f5591907bfcab2fd638f1222f84377270623
 2021-11-23 05:28:39 +00:00
Adam Shih
f6f699700c update error on ROM 7938763 
Bug: 207431041
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I775a28827b107d43b47d3486e70f87a36a6babcc
 2021-11-23 04:15:22 +00:00
Adam Shih
48435ccfaa let uwb app access secure element property 
Bug: 207300261
Test: boot with no relevant error log
Change-Id: I10f505d1ef3cbbc118082e5c44381c1b55389da3
 2021-11-23 03:25:46 +00:00
Randall Huang
1a57e5c346 Fix selinux for vold idle-maint 
Bug: 206741894
Bug: 207062776
Test: adb shell sm idle-maint run
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Ieb55fe439d3250b6d819381c4bc97e3e895ac23f
 2021-11-23 03:24:56 +00:00
George Chang
8a4d5bd3b5 Fix nfc avc denials for sysfs_vendor_sched 
11-19 12:38:54.416  2631  2631 I com.android.nfc: type=1400 audit(0.0:404): avc: denied { search } for comm=4173796E635461736B202331 name="vendor_sched" dev="sysfs" ino=45736 scontext=u:r:nfc:s0 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=dir permissive=1

Bug: 207062484
Test: check avc without nfc
Change-Id: I50507934c071745e257434f512d9dc835790e669
 2021-11-23 03:14:55 +00:00
Randall Huang
a2b1ca5f7e Fix selinux for adb bugreport 
Bug: 206741894
Test: adb bugreport
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: If82f30392676f414a79ddabe27d73ce751d61eee
 2021-11-23 02:58:21 +00:00
Adam Shih
ed245711ec fix sysfs_vendor_sched access 
Bug: 207062776
Bug: 207062777
Bug: 207062877
Bug: 207062211
Bug: 207062232
Bug: 207062208
Test: boot with no relevant access
Change-Id: I585653383ad0061fc6e9669c0590432c235f7e14
 2021-11-23 02:51:59 +00:00
Adam Shih
c90030d1f7 label system_suspend wakeup files 
use "adb shell ls -l sys/class/wakeup" to get all paths
Bug: 207062779
Test: boot with no relevant error log

Change-Id: Ib43090cecf3d74e5c8b07e7e13de58cf6ee7ddbe
 2021-11-23 02:51:46 +00:00
Oleg Matcovschi
a4a0b90afb sepolicy: add persist.vendor.sys.ssr property context 
Bug: 205073166
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I81794ab8d320affcfef8f77895712aaa840f7abc
 2021-11-22 19:54:08 +00:00
Randall Huang
3ba42745f4 Allow vendor_init to modify read_ahead_kb 
Bug: 206741894
Bug: 207062206
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I6cc59722520df12aef103fc330f9acd8e800318d
 2021-11-22 06:55:58 +00:00
George Chang
d15185b2d7 Fix SELinux error coming from hal_secure_element_gto and gto_ese2 
update hal_secure_element_st54spi/st33spi form gto/gto_ese2

hal_secure_element_gto.te => hal_secure_element_st54spi.te
[   10.846098] type=1400 audit(1637296724.408:40): avc: denied { map } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:40): avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:39): avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:38): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:37): avc: denied { read } for name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846033] type=1400 audit(1637296724.408:37): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846072] type=1400 audit(1637296724.408:38): avc: denied { open } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846086] type=1400 audit(1637296724.408:39): avc: denied { getattr } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:100): avc: denied { write } for name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:101): avc: denied { connectto } for path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593472] type=1400 audit(1636594739.132:101): avc: denied { connectto } for comm="secure_element@" path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593175] type=1400 audit(1636594739.132:100): avc: denied { write } for comm="secure_element@" name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:135): avc: denied { open } for path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.142141] type=1400 audit(1636430648.620:135): avc: denied { open } for comm="secure_element@" path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.141947] type=1400 audit(1636430648.620:134): avc: denied { read write } for comm="secure_element@" name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:134): avc: denied { read write } for name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-04 13:27:24.564     1     1 I /system/bin/init: type=1107 audit(0.0:52): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.se.reset pid=772 uid=1068 gid=1068 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=property_service permissive=1'
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:49): avc: denied { read write } for name="st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:50): avc: denied { open } for path="/dev/st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1

hal_secure_element_gto_ese2 =>  hal_secure_element_st33spi.te
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:137): avc: denied { open } for path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660987] type=1400 audit(1636430649.140:137): avc: denied { open } for comm="secure_element@" path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660845] type=1400 audit(1636430649.140:136): avc: denied { read write } for comm="secure_element@" name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:136): avc: denied { read write } for name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1

Bug: 207062261
Bug: 205073164
Bug: 205656951
Bug: 205657039
Bug: 205904452
Test: check avc without secure_element
Change-Id: I312299deb6d6bfa353e7936d41a723e75d3ea06b
 2021-11-22 02:59:34 +00:00
Adam Shih
a1a5f11872 label google battery sysfs file 
Bug: 207062874
Test: boot with no relevant error log
Change-Id: Ic5477f0deb24f0bd9c46aef70459f0b629cdb5ef
 2021-11-22 10:17:50 +08:00
Adam Shih
78d0abfb73 update error on ROM 7935766 
Bug: 207300335
Bug: 207300298
Bug: 207300281
Bug: 207300315
Bug: 207300261
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia79829128db2286ec8ae9c20520be8a25c195cb0
 2021-11-22 09:59:08 +08:00
Randall Huang
a578c846fa storage: update sepolicy for storage suez 
Bug: 206741894
Bug: 188793183
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I206178e34156f0b02c4a5b743ac9467e7dafb74f
 2021-11-19 17:45:48 +08:00
Randall Huang
f317331d7a allow init to set scsi tunables 
Bug: 206741894
Bug: 207062776
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Iff52af62e6495e4390c7f961f11b3d8702b09ef9
 2021-11-19 16:12:54 +08:00