Commit graph

1960 commits

Author SHA1 Message Date
Utku Utkan
d45ff39442 Introduce CameraServices seinfo tag for PixelCameraServices
Bug: 287069860
Test: m && flashall && check against 'avc: denied' errors
Change-Id: I41b435ae0a34fe9c797b9316887c4b56091a26a5
2023-07-13 09:11:06 -07:00
Samuel Huang
d02a8eef29 Revert "Revert "Create telephony.ril.silent_reset system_ext pro..."
Revert submission 23817868-revert-23736941-tpsr-ril-property-WQVGKEVBKX

Reason for revert: The root cause is missing property definition in gs101-sepolicy. This CL can be merged safely. Verified by abtd run: https://android-build.googleplex.com/builds/abtd/run/L48900000961646046

Reverted changes: /q/submissionid:23817868-revert-23736941-tpsr-ril-property-WQVGKEVBKX

Bug: 286476107
Change-Id: Ia80e4400ff555a637c42193cab3e3acf72bc36a2
2023-07-07 01:45:23 +00:00
Sebastian Pickl
41ed8e83ea Revert "Allow bthal to access vendor bluetooth folder"
Revert submission 23844270-P22-vendor-log-udc-qpr

Reason for revert: causes selinux tests to fail b/289989584

go/abtd: https://android-build.googleplex.com/builds/abtd/run/L37600000961782595

Bug:289989584

Reverted changes: /q/submissionid:23844270-P22-vendor-log-udc-qpr

Change-Id: I4e9ccf17050702a6405c549340e7fe97eba0eb65
2023-07-05 10:11:12 +00:00
Patty Huang
1a52c8b952 Allow bthal to access vendor bluetooth folder
Bug:289055382
Test: enable vendor debug log and check the vendor snoop log contain the
vendor log

Change-Id: I89164330998d7fbea45dab65931c2a3db22a4c92
2023-06-30 11:55:35 +08:00
Sebastian Pickl
4d0eeef36f Revert "Create telephony.ril.silent_reset system_ext property fo..."
Revert submission 23736941-tpsr-ril-property

Reason for revert: culprit for b/289014054 verified by abtd run: https://android-build.googleplex.com/builds/abtd/run/L54800000961620143

Bug: 289014054

Reverted changes: /q/submissionid:23736941-tpsr-ril-property

Change-Id: I4fa5b2803392e0db03bb622392f3d4afab6a45ea
2023-06-27 10:05:45 +00:00
Samuel Huang
513fa361c8 Create telephony.ril.silent_reset system_ext property for RILD restart
RILD listens for changes to this property. If the value changes to 1, RILD will restart itself and set this property back to 0.

The TelephonyGoogle app will set this property to 1 when it receives a request from the SCONE app. Since TelephonyGoogle runs in the com.android.phone process, we also need to give the radio domain permission to set the telephony.ril.silent_reset property.

Bug: 286476107
Test: manual
Change-Id: I689e75f4ebf3f44915bd7f795755f297935e7946
2023-06-21 06:34:45 +00:00
Jenny Ho
d1c4337008 Add permissions for maxfg_base/maxfg_secondary am: ee160b5880 am: 34ee73b7f2
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23467290

Change-Id: I016c6ca4cc81bffaf267870159f47e7c1a6674f7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-31 02:35:57 +00:00
Jenny Ho
34ee73b7f2 Add permissions for maxfg_base/maxfg_secondary am: ee160b5880
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23467290

Change-Id: Ie6144135cf653d281c7bef84fb4469daefbad095
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-31 01:54:32 +00:00
Jenny Ho
ee160b5880 Add permissions for maxfg_base/maxfg_secondary
Bug: 284878175
Change-Id: I3fe3030ecd36773405f0e70b767d4a28062d91ad
Signed-off-by: Jenny Ho <hsiufangho@google.com>
2023-05-30 12:09:30 +08:00
Donnie Pollitz
54bb70bae8 Allow vendor_init to fix permissions of TEE data file am: 955ae6825f am: a2cb6ab6eb
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23412161

Change-Id: I263b4d56605ba014b273a3089b9bcc853189e788
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-26 09:01:35 +00:00
Donnie Pollitz
a2cb6ab6eb Allow vendor_init to fix permissions of TEE data file am: 955ae6825f
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23412161

Change-Id: Ibf91aa97b122e3a5f39053c6ed01e62b3783403c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-26 07:53:44 +00:00
Donnie Pollitz
955ae6825f Allow vendor_init to fix permissions of TEE data file
Background:
* vendor_init needs to be able to possibly fix ownership of
  tee_data_file

Bug: 280325952
Test: Changed permissions and confirmed user transitions
Change-Id: I27681589c9d0b0aa88463e6476fb75119ea89e8a
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
2023-05-26 07:17:39 +00:00
sashwinbalaji
a16d3cc686 thermal: thermal_metrics: Update selinux to reset stats am: 1113c66dea am: 6bc46c8cd5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23078641

Change-Id: I5d5f795478770637739603b6638dc2b89f3df3d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-25 07:07:35 +00:00
sashwinbalaji
6bc46c8cd5 thermal: thermal_metrics: Update selinux to reset stats am: 1113c66dea
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23078641

Change-Id: I2037d2de006c26cba1b2114f776678aca7c4a808
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-25 06:22:41 +00:00
sashwinbalaji
1113c66dea thermal: thermal_metrics: Update selinux to reset stats
Bug: 193833982
Test: Local build and verify statsD logs
adb shell cmd stats print-logs && adb logcat -b all | grep -i 105045
Change-Id: I0dc1c557797d7fe97da7f0fcb2d600485526c979
2023-05-25 05:28:45 +00:00
Jin Jeong
95cfaf3d0e Revert "Fix SELinux error for com.google.android.euicc" am: 10ef6d8619 am: 5627fe6f60
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23163634

Change-Id: Ice7c118408e3c9b7bc6c1657710172ecce1bc41d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-24 02:30:02 +00:00
Jin Jeong
42ab624385 Revert "Fix LPA crash due to selinux denial" am: 980c71bea4 am: 42760593ae
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23167565

Change-Id: I9a9f251e6df7076c8b9708bf01743aef579f381c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-24 02:29:56 +00:00
Jin Jeong
5627fe6f60 Revert "Fix SELinux error for com.google.android.euicc" am: 10ef6d8619
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23163634

Change-Id: I66ec119e485273f9d1562bb272ab7c25541e98b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-24 01:47:08 +00:00
Jin Jeong
42760593ae Revert "Fix LPA crash due to selinux denial" am: 980c71bea4
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23167565

Change-Id: Ib285406b29c598ab5cec6db6ab0d2f9d57343a0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-24 01:47:01 +00:00
Jin Jeong
10ef6d8619 Revert "Fix SELinux error for com.google.android.euicc"
Revert submission 22899490-euicc_selinux_fix

Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Bug: 279988311
Reverted changes: /q/submissionid:22899490-euicc_selinux_fix

Change-Id: I50ff4f8e48389d034c3f6c716dad1a81e9b73e64
2023-05-24 01:07:09 +00:00
Jin Jeong
980c71bea4 Revert "Fix LPA crash due to selinux denial"
Revert submission 22955599-euicc_selinux_fix2

Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Bug: 279988311
Reverted changes: /q/submissionid:22955599-euicc_selinux_fix2

Change-Id: I2799c61ab5464e5551168f471740afe76edd1113
2023-05-24 01:07:09 +00:00
Anthony Zhang
b4e262f4cb [DO NOT MERGE] Allow fingerprint to access persist property am: 7f19e81d61 am: f8bcbec08a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23286924

Change-Id: I913c5ef46e1c66ce2a6d6b58f7a3e5c47047222c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-22 20:02:52 +00:00
Anthony Zhang
f8bcbec08a [DO NOT MERGE] Allow fingerprint to access persist property am: 7f19e81d61
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23286924

Change-Id: Iefb182caafd96e46b9743e39066cb00c5d6bd933
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-22 19:23:36 +00:00
Anthony Zhang
7f19e81d61 [DO NOT MERGE] Allow fingerprint to access persist property
Bug: 258901849
Test: Local test on enrollment/delete, version update

Change-Id: I96acb79b3e600e0a4dd7b7a1cf494b20a876ca63
2023-05-22 18:36:54 +00:00
Samuel Gosselin
ad4952fba4 [automerger skipped] genfs_contexts: add raw s2mpg12mfd and s2mpg13mfd node. am: 918335e2a9 -s ours
am skip reason: Merged-In I8c2633b33cef8ca2b55029190fe42bd66b17390f with SHA-1 64111ee561 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23286925

Change-Id: Ic374c831187d283aff1956eb0dbcbc2e6ff401b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-18 01:25:02 +00:00
Samuel Gosselin
918335e2a9 genfs_contexts: add raw s2mpg12mfd and s2mpg13mfd node.
This adds the appropriate raw i2c numberings to the sepolicy
for the 6.1 kernel driver which does not use the i2c vendor
hook to rename these numberings. This is required for the
thermal hal to work.

Test:
Boot to Android Home on WHI PRO with 6.1 kernel, no
Thermal HAL crashes.

Bug: 276464780
Signed-off-by: Samuel Gosselin <sgosselin@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:83712c5243166cafa3a057d5347515e04947cde8)
Merged-In: I8c2633b33cef8ca2b55029190fe42bd66b17390f
Change-Id: I8c2633b33cef8ca2b55029190fe42bd66b17390f
(cherry picked from commit 64111ee561)
2023-05-17 18:09:48 +00:00
Samuel Gosselin
64111ee561 genfs_contexts: add raw s2mpg12mfd and s2mpg13mfd node.
This adds the appropriate raw i2c numberings to the sepolicy
for the 6.1 kernel driver which does not use the i2c vendor
hook to rename these numberings. This is required for the
thermal hal to work.

Test:
Boot to Android Home on WHI PRO with 6.1 kernel, no
Thermal HAL crashes.

Bug: 276464780
Signed-off-by: Samuel Gosselin <sgosselin@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:83712c5243166cafa3a057d5347515e04947cde8)
Merged-In: I8c2633b33cef8ca2b55029190fe42bd66b17390f
Change-Id: I8c2633b33cef8ca2b55029190fe42bd66b17390f
2023-05-17 18:08:56 +00:00
Luis Delgado de Mendoza Garcia
60eb785f97 [automerger skipped] Add chre channel sepolicy entries am: 3992c42501 am: 0a15da974d -s ours
am skip reason: Merged-In I3151d25c4a1cd7a858b84e0c8989dc160d368ca5 with SHA-1 c2d912818c is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22829545

Change-Id: I08deeb46e00b459934b25e3636ee2fb8d53af044
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-17 00:18:41 +00:00
Luis Delgado de Mendoza Garcia
0a15da974d Add chre channel sepolicy entries am: 3992c42501
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22829545

Change-Id: Iada40c9422558bd1b3575e07378cb4a12e8c9ef0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-16 23:35:56 +00:00
Luis Delgado de Mendoza Garcia
3992c42501 Add chre channel sepolicy entries
Bug: 281814892
Fix: 281814892
Test: in-device verification.
Change-Id: I3151d25c4a1cd7a858b84e0c8989dc160d368ca5
Merged-In: I3151d25c4a1cd7a858b84e0c8989dc160d368ca5
2023-05-16 22:49:12 +00:00
Wilson Sung
23ca430833 Update SELinux error am: d19337894a am: 468ba9b0d6
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23163633

Change-Id: I87a6a1344b2525b112129a773642009d06cf151f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-15 08:30:53 +00:00
Wilson Sung
468ba9b0d6 Update SELinux error am: d19337894a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23163633

Change-Id: I2152c8c6960ce3b86323663b66eb9c2b7fda723a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-15 07:49:19 +00:00
Wilson Sung
d19337894a Update SELinux error
Test: SELinuxUncheckedDenialBootTest
Bug: 282096141
Change-Id: I0725e78a76436a0904205f83655755bf7c76c05f
2023-05-12 12:09:08 +08:00
Adam Shih
5d36e67f21 add missing permission for gs201 power dump am: 2a02fe5fc5 am: b6d409b1bd
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23125499

Change-Id: Ic83dbc5d4928f69293aeb55d04503d52d8bc2a66
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-11 06:23:01 +00:00
Adam Shih
b6d409b1bd add missing permission for gs201 power dump am: 2a02fe5fc5
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23125499

Change-Id: I50c8f3cf3bdfcd595266c9abbc38806e6eb53dc7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-11 05:37:52 +00:00
Luis Delgado de Mendoza Garcia
c2d912818c Add chre channel sepolicy entries
Bug: 241960170
Test: in-device verification.
Change-Id: I3151d25c4a1cd7a858b84e0c8989dc160d368ca5
2023-05-10 17:20:09 +00:00
Adam Shih
2a02fe5fc5 add missing permission for gs201 power dump
Bug: 281602658
Test: adb bugreport
Change-Id: Ibf765c9da65d2c9f6a3825c91cb22771f583457a
2023-05-10 10:56:55 +08:00
Zixuan Lan
8db0b6abef remove fixed selinux bug from bug map. am: 96789e18c7
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/23039510

Change-Id: I3cf8a3322547c7c2ba63e45ceee41dd2dab531b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-10 01:13:44 +00:00
Zixuan Lan
96789e18c7 remove fixed selinux bug from bug map.
TPU permission was fixed to avoid error in hal_camera_defaul.The corresponding bug for tracking should be removed from the bug map. Please see bug for more details.
Bug: 275001783
Test: logcat grep for selinux error

Change-Id: I7a1bf9fd994187f969b68b9fc3504a5411b0807f
2023-05-04 22:36:33 +00:00
Jinyoung Jeong
33f9e124e4 Fix LPA crash due to selinux denial am: 2d7181e3fc am: b662770e6e
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22949545

Change-Id: I0b882be3452b2b6d928a3e38f63819f56363823d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-02 14:57:59 +00:00
Hongbo Zeng
119748f522 Fix denials for radio service to access files under /data/venodr/radio am: 306bf73c79 am: 2fa90460e1
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22899484

Change-Id: I74e199f64c3dd9e1f57914db338b49e588086ae6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-02 14:57:36 +00:00
Jinyoung Jeong
b662770e6e Fix LPA crash due to selinux denial am: 2d7181e3fc
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22949545

Change-Id: I483b75a2278f74e6377757665170cb46c52866b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-02 14:57:35 +00:00
Jinyoung Jeong
2d7181e3fc Fix LPA crash due to selinux denial
Bug: 280336861
Test: No crash found during LPA basic tests: download eSIM,
enable/disalbe eSIM.

Change-Id: Ie4fd8fccce5ec98cf0b2afff9a41f27206e52626
2023-05-02 14:10:00 +00:00
Hongbo Zeng
2fa90460e1 Fix denials for radio service to access files under /data/venodr/radio am: 306bf73c79
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22899484

Change-Id: I90966fc0a068091900b8229762c7c03427b39890
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-02 12:34:24 +00:00
Hongbo Zeng
306bf73c79 Fix denials for radio service to access files under /data/venodr/radio
Bug: 270561266
Test: get PASS result with go/ril-config-service-test and the original
      denial logs in http://b/270561266#comment8 are gone

Change-Id: I17155852bb2408b4389a86d32228292885e14c46
2023-05-02 08:05:31 +00:00
martinwu
18dcc41f77 [automerger skipped] [TSV2] Remove tcpdump sepolicy from gs201 and move sepolicy to gs-common am: 5f9732a97a -s ours am: d5f7c7d958 -s ours
am skip reason: Merged-In Ic804a3a4739ec5a9604320cb8e0fdae91b8429c1 with SHA-1 ee611cfb51 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22938357

Change-Id: Ib25d58e12409bbd4642610d4924d93ccae5b289d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-02 07:59:10 +00:00
martinwu
d5f7c7d958 [automerger skipped] [TSV2] Remove tcpdump sepolicy from gs201 and move sepolicy to gs-common am: 5f9732a97a -s ours
am skip reason: Merged-In Ic804a3a4739ec5a9604320cb8e0fdae91b8429c1 with SHA-1 ee611cfb51 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22938357

Change-Id: Ia2c8274ad5f9aacc3f9cf7e309476e1713319d00
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-02 06:57:13 +00:00
martinwu
5f9732a97a [TSV2] Remove tcpdump sepolicy from gs201 and move sepolicy to gs-common
Bug: 264490014
Test: 1. Enable tcpdump_logger always-on function
      2. Dump bugreport
      3. Pull dumpstate_board.bin and chagne it to zip
      4. Unzip dumpstate_board.zip and check if tcpdump files
         are there.
Change-Id: Ic804a3a4739ec5a9604320cb8e0fdae91b8429c1
Merged-In: Ic804a3a4739ec5a9604320cb8e0fdae91b8429c1
2023-05-02 03:16:02 +00:00
Jinyoung Jeong
0e225eae79 Fix SELinux error for com.google.android.euicc am: f265749f1d am: 225f248217
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22874711

Change-Id: I1cf4cbd10f42579aca80065c475463b56dddbcf5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-04-30 04:05:29 +00:00
Jinyoung Jeong
225f248217 Fix SELinux error for com.google.android.euicc am: f265749f1d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/22874711

Change-Id: Iafdb146e4a11cb17c47509a567fe338df242b76a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-04-30 03:23:24 +00:00