Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2474 commits 1 branch 0 tags 63 MiB
Commit graph

1050 commits

Author SHA1 Message Date
Will McVicker
9be1081f00 Update tcpm i2c sepolicy with new device name 
The new name fixes uninformative kernel wakelock names.

Bug: 315190967
Bug: 323447554
Change-Id: I88ecec344fd1eb84c5ca12a6bd3fad38cc40295b
 2024-02-22 17:54:36 +00:00
Lei Ju
967204e373 [gs201] Use common settings for Contexthub HAL 
The change also labeled files under /data/vendor/chre/ to grant
required access.

Test: compilation
Bug: 248615564
Change-Id: Ia96b7a592523e7b5e64acb8cb7ae4f0f1fc3a78b
 2024-02-18 11:43:27 -08:00
Jacky Liu
28c042f51a Update i2c device paths 
Update i2c device paths with static bus numbers.

Bug: 323447554
Test: Boot to home
Change-Id: I3d41e1819aa7df896322a0dca44449c1e871dff8
 2024-02-06 16:16:53 +00:00
Darren Hsu
1f8b299ace sepolicy: allow hal_power_stats to read sysfs_display 
avc:  denied  { read } for  name="available_disp_stats"
dev="sysfs" ino=76162 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 317767775
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I272f69f4c4720eb4800a8a13ef62e1ab34cbaedf
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2024-01-29 05:59:52 +00:00
Jack Wu
f32bd56cb0 dontaudit on dir search for vendor_charger_debugfs 
Bug: 307863370
Change-Id: I6da7b9426cdcc6152ff05ef7cd0cf18b718ab875
Signed-off-by: Jack Wu <wjack@google.com>
 2024-01-26 20:13:23 +08:00
Ken Yang
f1c2498079 selinux: label wakeup for BMS I2C 0x36, 0x69 
Bug: 319035561
Change-Id: I45a80157d2a1d12a27a748aed31bb0ae5b08e7b5
Signed-off-by: Ken Yang <yangken@google.com>
 2024-01-10 06:12:19 +00:00
wenchangliu
997782c603 gs201: move mediacodec_samsung sepolicy to gs-common 
remove mediacodec_samsung sepolicy in legacy path since we will include it from gs-common.

Bug: 318793681
Test: build pass, camera record, youtube
Change-Id: I08a9ce89155324b0ac749bde4a9d205585a57320
Signed-off-by: wenchangliu <wenchangliu@google.com>
 2024-01-09 14:49:56 +00:00
Chi Zhang
c45f36f10e Allow GRIL to get power stats. 
SELinux : avc:  denied  { find } for pid=3147 uid=10219 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:grilservice_app:s0:c219,c256,c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1

Bug: 286187143
Test: build and boot
Change-Id: I4588708267fc0f582c767a93e5a422a6e40b6369
 2023-12-19 12:21:45 -08:00
Jenny Ho
04bc1d210a sepolicy: add read wlc sysfs permission 
12-12 18:33:17.960000  1000   906   906 I auditd  : type=1400 audit(0.0:10): avc:  denied  { read } for  comm="android.hardwar" name="type" dev="sysfs" ino=75851 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0

Bug: 306534100
Change-Id: I3381aaa1e08637c1cc8eb278bd775c81b32ed3bd
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2023-12-13 07:31:13 +00:00
Boon Jun Soh
a4fa4427bc Fix rlsservice sepolicy 
Allows bugreport generation

Bug: 315255760
Bug: 309379465
Test: abd bugreport & ensure lack of rls avc denied logs
Change-Id: Ic390d6ddd6bac78e5979c78bc6d02262f08b3468
 2023-12-11 07:30:24 +00:00
David Drysdale
eca39285c5 Add Secretkeeper HAL 
Test: VtsAidlAuthGraphSessionTest
Bug: 306364873
Change-Id: I84d4098960d6445da1eb7e58e25a015cd591d6b3
 2023-12-06 10:21:00 +00:00
Jason Chiu
e2d9795558 gs201: move sepolicy related to bootctrl hal to gs-common 
Bug: 265063384
Change-Id: I30a71900c2a305b05ae6e17d658df32d95097d14
Signed-off-by: Jason Chiu <jasoncschiu@google.com>
 2023-12-05 01:21:53 +08:00
Khoa Hong
a2847d4475 Suppress avc error log on debugfs's usb folder. 
The XHCI driver in kernel will write debugging information to DebugFS on
some USB host operations (for example: plugging in a USB headphone). We
are not using those information right now.

Bug: 305880925
Bug: 311088739
Test: No error when plugging a USB headphone in.
Change-Id: I3b53a3924a1fb3f2a37b0d8a1ae9df037cbc1dd2
 2023-11-30 14:59:09 +08:00
Randall Huang
2bd12254f4 Move sg_device related policy 
Bug: 312582937
Test: make selinux_policy
Change-Id: I18617643e66d6d2fe5ff19e440dea204206b3035
Signed-off-by: Randall Huang <huangrandall@google.com>
 2023-11-22 14:16:38 +08:00
Alex Iacobucci
8f30df1dcf aoc: add sysfs file entry 
Test: on device
Bug: 309950738
Change-Id: Ie5437a02b3a4f69d05ecb274169b4bd328315a22
Signed-off-by: Alex Iacobucci <alexiacobucci@google.com>
 2023-11-20 20:22:25 +00:00
Devika Krishnadas
3b40f18e29 Add Pixel Mapper as a sp-HAL 
Bug: 267352318

Change-Id: I460f379d8d6904f5bda3f67a7158c0ac6f2e7b5f
Signed-off-by: Devika Krishnadas <kdevika@google.com>
 2023-11-20 18:17:26 +00:00
Kyle Tso
7411947a02 dontaudit on dir search for vendor_votable_debugfs 
Bug: 305880925
Bug: 309379994
Change-Id: I7317bdb4ec80eb73a57cbb924d3132579e0b4f98
Signed-off-by: Kyle Tso <kyletso@google.com>
 2023-11-17 05:22:09 +00:00
Daniel Norman
b204558a73 Removes duplicate hidraw_device type definition. 
This type is now defined by the platform.

Bug: 303522222
Change-Id: Ia2f817ce99548c30f39a5164c8f6ec323db66155
Test: ls -z /dev/hidraw0
 2023-11-10 22:52:26 +00:00
Mike Wang
551b83f7c5 Change the MDS to platform app in selinux ap context. 
The MDS will be signed with platform key and become a platform app. To
make the selinux rules for modem_diagnostic_app work, need to set it to
platform app in app context.

Bug: 287683516

Test: Tested with both dev key or platform key signed MDS apps and the selinux rules works.
Change-Id: Ia0dacafc5e096c101e115b7356d8490391cb6bbd
 2023-11-08 05:23:35 +00:00
Rick Chen
e22b188d9d sensors: Move USF related sepolicy to gs-common. 
Bug: 305120274
Test: Compile pass. Flash the build to WHI_PRO devices and no sensor
      related avc denied log.
Change-Id: I48d959d439565e9c31ce83812bf29b6d8025c35b
Signed-off-by: Rick Chen <rickctchen@google.com>
 2023-11-07 06:49:05 +00:00
Mike Wang
ac39f865e1 Add selinux policy change to allow MDS access Samsung OemRil hal. 
Bug: 301641283

selinux log:
11-03 15:32:38.850  2643  2643 I auditd  : type=1400 audit(0.0:1616): avc:  denied  { call } for  comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.850  2643  2643 I binder:2643_3: type=1400 audit(0.0:1616): avc:  denied  { call } for  scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  2643  2643 I auditd  : type=1400 audit(0.0:1617): avc:  denied  { transfer } for  comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  2643  2643 I binder:2643_3: type=1400 audit(0.0:1617): avc:  denied  { transfer } for  scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  1095  1095 I auditd  : type=1400 audit(0.0:1618): avc:  denied  { call } for  comm="HwBinder:1095_1" scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1
11-03 15:32:38.854  1095  1095 I HwBinder:1095_1: type=1400 audit(0.0:1618): avc:  denied  { call } for  scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1

Change-Id: I62986e4bb0a4ed04616f8f3a8521f01934e63d74
 2023-11-06 02:30:52 +00:00
JimiChen
4f1d96210d Update SELinux policies for rlsservice 
1. Move rls_service context from vndservice_contexts to
   service_contexts.
2. Allow binder calls from rlsservice to servicemanager
3. Change rls_service type from vndservice_manager_type to
   service_manager_type.

Bug: 301520085
Test: GCA
Change-Id: Ief845b5691487f48d570c531de1ea99945087e42
 2023-11-03 03:33:52 +00:00
George Lee
435e0aafa8 pixelstats: Add Brownout Detection sepolicy 
Bug: 307392882
Test: Confirm lastmeal data upload
Change-Id: I9f7386c6c813c2790dcba1c79ce80531b6819b65
Signed-off-by: George Lee <geolee@google.com>
 2023-10-31 04:10:23 +00:00
Mike Wang
e0cc9659dd Grant the MDS access to the IPowerStats hal service. am: b256bc86c0 am: ea3e7e07b1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24887316

Change-Id: I41c7b162db1fab83ad1f5f549c8b9083e8443f7a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-05 17:11:46 +00:00
Mike Wang
ea3e7e07b1 Grant the MDS access to the IPowerStats hal service. am: b256bc86c0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24887316

Change-Id: I6e51e56d42bb6143a58666112de9efac8a5d0c8f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-05 16:24:15 +00:00
Mike Wang
b256bc86c0 Grant the MDS access to the IPowerStats hal service. 
ref logs:
09-06 10:07:18.006   536   536 I auditd  : avc:  denied  { find } for pid=22543 uid=10225 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1
09-06 10:07:18.010 22543 22543 I auditd  : type=1400 audit(0.0:65): avc:  denied  { call } for  comm="pool-4-thread-1" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=1 app=com.google.mds

Test: Tested with MDS app and the MDS can get IPowerStats binder and
call the interface.

Bug: 297250368
Change-Id: I54b6b93179987b9db23d5327711338553906134c
 2023-09-28 15:22:58 +00:00
Leo Liou
764e677ff0 gs201: ufs_firmware_update: add scsi directory permission am: e39998954f am: fc3bc416f2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24752203

Change-Id: I316f7ef124e388466caf94dddb161ae178ff7840
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-19 05:22:28 +00:00
Leo Liou
fc3bc416f2 gs201: ufs_firmware_update: add scsi directory permission am: e39998954f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24752203

Change-Id: Iad507da50c43cc68cf37a7733c3b4d432008d9a1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-19 04:27:42 +00:00
Leo Liou
e39998954f gs201: ufs_firmware_update: add scsi directory permission 
Bug: 273305600
Test: run ufs ffu flow
Change-Id: I36715c1b3500da64863db4cbec08c037df74d3e6
Signed-off-by: Leo Liou <leoliou@google.com>
 2023-09-15 15:12:31 +08:00
Woody Lin
98620c3b10 Add vendor_sjtag_lock_state_prop and init-check_ap_pd_auth-sh 
1. Add init-check_ap_pd_auth-sh for the vendor daemon script
   `/vendor/bin/init.check_ap_pd_auth.sh`.
2. Add policy for properties `ro.vendor.sjtag_{ap,gsa}_is_unlocked` for
   init, init-check_ap_pd_auth-sh and ssr_detector to access them.

SjtagService: type=1400 audit(0.0:1005): avc:  denied  { open } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1006): avc:  denied  { getattr } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1007): avc:  denied  { map } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1008): avc:  denied  { write } for  name="property_service" dev="tmpfs" ino=446 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
SjtagService: type=1400 audit(0.0:1009): avc:  denied  { connectto } for  path="/dev/socket/property_service" scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1

Bug: 298314432
Change-Id: Ib5dbcc50e266e33797626280504ea9e2cdc9f942
 2023-09-13 04:10:09 +00:00
Wilson Sung
212bd9a779 Move uwb to system_ext am: 5e75eaa1a5 am: a7fd020e52 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24660422

Change-Id: Ie0e020624f04ee835d414ff467ff937a6e7783bb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 21:48:16 +00:00
Wilson Sung
a7fd020e52 Move uwb to system_ext am: 5e75eaa1a5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24660422

Change-Id: Icf239b4a7ffa79cfe8b7db705e0cd0df279e0198
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 21:13:51 +00:00
Wilson Sung
5e75eaa1a5 Move uwb to system_ext 
Bug: 290766628
Test: Boot-to-home, no uwb related avc error
Change-Id: I00a1c45f05cc52a9ce93234921d0b759a3143f16
 2023-09-05 20:43:35 +00:00
Wilson Sung
7627d8a7f8 Move uwb to system_ext 
Bug: 290766628
Test: Boot-to-home, no uwb related avc error
Change-Id: I00a1c45f05cc52a9ce93234921d0b759a3143f16
 2023-09-05 20:35:02 +00:00
Renato Grottesi
1f1f647570 Cleanup unused ArmNN settings. 
Test: pre-submit
Bug: 294463729
Change-Id: If623bee7f1050f814a2a3531bfa5de414fa32104
 2023-08-18 04:31:43 +00:00
Inseob Kim
0a40b3bb98 Move coredomain policies to system_ext/product am: da30985fa5 am: 0827b82595 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24354374

Change-Id: I21a6ae897a80a8954639e15ebb16218a0e324350
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-09 07:35:43 +00:00
Inseob Kim
0827b82595 Move coredomain policies to system_ext/product am: da30985fa5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24354374

Change-Id: I527239025a4b81d9d989dcba6ba2c63d6840a683
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-09 06:50:56 +00:00
Inseob Kim
da30985fa5 Move coredomain policies to system_ext/product 
Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.

Bug: 280547417
Test: TH
Change-Id: If768b5cb9f3b4024893117d8e3bf49adb7c5b070
Merged-In: If768b5cb9f3b4024893117d8e3bf49adb7c5b070
 2023-08-08 14:37:48 +00:00
Inseob Kim
62014f1726 Move coredomain policies to system_ext/product 
Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.

Bug: 280547417
Test: TH
Change-Id: If768b5cb9f3b4024893117d8e3bf49adb7c5b070
 2023-08-08 21:33:28 +09:00
Roy Luo
36313e7bc9 Support monitoring USB sysfs attributes in USB HAL 
Grant access to USB sysfs attributes.

Bug: 285199434
Test: no audit log in logcat after command execution
Change-Id: Ida489f0f8788100795613de900fd06317087d9cc
 2023-08-04 17:25:06 +00:00
Ken Yang
e5bfccd0fd SELinux: fix sysfs_wlc avc denials 
Bug: 291541479
Change-Id: I94bed765b89ee538f77398ce432315c907ac1a9a
Signed-off-by: Ken Yang <yangken@google.com>
 2023-07-28 03:47:38 +00:00
Ken Yang
7cd663c2b3 SELinux: fix the wakeup avc denials am: 3054cb6eec am: f0c6f18d7d am: 89e7477c43 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24192194

Change-Id: I92795e0179493e849c9cdd5eae502574b117404e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 04:23:37 +00:00
Ken Yang
89e7477c43 SELinux: fix the wakeup avc denials am: 3054cb6eec am: f0c6f18d7d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24192194

Change-Id: I7888b49da09ad91b2d6b31d2c335841edd5a6514
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 03:13:07 +00:00
Ken Yang
f0c6f18d7d SELinux: fix the wakeup avc denials am: 3054cb6eec 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24192194

Change-Id: Ia49778517e9c64e4b7539fa81ec4170cef01961c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 02:30:35 +00:00
Ken Yang
3054cb6eec SELinux: fix the wakeup avc denials 
Fix the wakeup avc denials in a more common place

Bug: 292076108
Change-Id: I52627f19cb0fec3dd0851d21d0608048ebc7d45d
Signed-off-by: Ken Yang <yangken@google.com>
 2023-07-25 13:12:32 +00:00
Utku Utkan
27ce9336a3 Revert^2 "Introduce CameraServices seinfo tag for PixelCameraServices" am: 34bda7b2b8 am: 2fb35adebd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24124266

Change-Id: I5b7b0b5af1b0eac9513897494da5201f4fea6332
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 19:58:34 +00:00
Utku Utkan
2fb35adebd Revert^2 "Introduce CameraServices seinfo tag for PixelCameraServices" am: 34bda7b2b8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24124266

Change-Id: I0675ba6da1fff3561ec1ab23711526657ccc3c93
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 18:49:47 +00:00
Utku Utkan
34bda7b2b8 Revert^2 "Introduce CameraServices seinfo tag for PixelCameraServices" 
Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL

Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches

Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL

Bug: 287069860
Test: m && flashall
Change-Id: I5326b61822d367beaff0ac97a34708d306c60007
 2023-07-18 20:37:28 -07:00
Inseob Kim
1dae17837d Revert "Introduce CameraServices seinfo tag for PixelCameraServices" am: c420cef154 am: 3539653f98 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24122569

Change-Id: I15231b5d87ef4c47bf2413c28b48974fda7f10c1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 03:33:47 +00:00
Inseob Kim
3539653f98 Revert "Introduce CameraServices seinfo tag for PixelCameraServices" am: c420cef154 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24122569

Change-Id: I192d7d1ba78d7381d3dd122cacbdd7a37d16d67d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 02:50:45 +00:00