Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2474 commits 1 branch 0 tags 63 MiB
Commit graph

140 commits

Author SHA1 Message Date
Chungjui Fan
aa55cb6f2e Add sepolicy of dumping LED file in dumpstate 
Bug: 242300919
Change-Id: I14b0af18244c4a71fd7908fdb35e2e86354e02e0
 2022-09-14 02:59:20 +00:00
Adam Shih
9c9ae24f64 remove global access to firmware mali 
Bug: 220801802
Test: device can resume
Change-Id: Idf0fd84c2efa37c94e30c3f682a09e6546f50235
 2022-09-12 12:58:29 +08:00
Adam Shih
8064010f8a use gs-common insert module script 
Bug: 243763292
Test: boot to home
Change-Id: I6f0c1a020ea2962f03df6794a6011a31d2244b1a
 2022-09-06 12:41:01 +08:00
Robb Glasser
e95cf1f141 Give permissions to save usf stats and dump them in bugreports. am: feba667c23 am: 272b649cee 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19672405

Change-Id: I00c4c33c0ac37eb5f6b7a488066a2d49ad6cc59a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-25 04:06:33 +00:00
Robb Glasser
feba667c23 Give permissions to save usf stats and dump them in bugreports. 
Creating a mechanism to save some USF stat history to device and pipe it
to bugreports. Granting permissions so that this can work.

Bug: 242320914
Test: Stats save and are visible in a bugreport.
Change-Id: Ie08fce80e79bd564ea58dab66ce8f0d9892d7020
 2022-08-25 02:47:58 +00:00
Konstantin Vyshetsky
59d1913296 convert_to_ext4.sh: add sepolicy am: 07af2808d5 am: a8e3ff791c am: d01c7c938b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19391424

Change-Id: I6c033c710a67e93fa0271a2800dc24efa3ee847d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-01 18:57:22 +00:00
Konstantin Vyshetsky
a8e3ff791c convert_to_ext4.sh: add sepolicy am: 07af2808d5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19391424

Change-Id: Id303addc42a444642f827605404dca79044efd37
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-01 18:17:27 +00:00
Konstantin Vyshetsky
07af2808d5 convert_to_ext4.sh: add sepolicy 
Add entries for convert_to_ext4.sh executable.

Bug: 239632964
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I0d89aa88dab0ae5a4cf3d7b2e4423d1761868bea
 2022-08-01 18:00:49 +00:00
Wiwit Rifa'i
d889102a8f Add SE policies for HWC logs 
Bug: 230361290
Test: adb bugreport
Test: adb shell vndservice call Exynos.HWCService 11 i32 0 i32 308 i32 1
Change-Id: I12e6c1b4527829699211dae379f1e44da069b974
 2022-07-26 08:25:42 +00:00
Kyle Tso
c2ed52536e Add logbuffer file_contexts 
Bug: 237082721
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: Ieaf04f7381db1febe5a3899a727b6a49726bf10b
 2022-07-09 07:22:55 +00:00
xiaofanj
da328e0a0f modem_svc_sit: create oem test iodev 
- Create radio_test_device for oem_test iodev.
- Grant modem_svc_sit to access radio_test_device.

Bug: 231380480

Signed-off-by: Xiaofan Jiang <xiaofanj@google.com>
Change-Id: Id06deedadf04c70b57e405a05533ed85764bdd1d
Merged-In: Id06deedadf04c70b57e405a05533ed85764bdd1d
 2022-06-28 03:16:08 +00:00
George Chang
851a643c9e Update nfc from hidl to aidl service 
Bug: 216290344
Test: atest NfcNciInstrumentationTests
Test: atest VtsAidlHalNfcTargetTest
Merged-In: If1f57af334033f9bd7174c052767715c9916700f
Change-Id: If1f57af334033f9bd7174c052767715c9916700f
 2022-06-01 06:19:26 +00:00
Ankit Goyal
5be857af43 Add SE policies for memtrack HAL 
Bug: 220360577
Test: adb shell dumpsys meminfo
Change-Id: I4dfc0c016ccf980b4f7dabd2fb70d2466b69b5cc
 2022-05-31 23:25:27 +00:00
George Lee
bc2cf5c153 bcl: Add Mitigation Logger - sepolicy 
Mitigation Logger logs battery related information for 1 second when it
is triggered by under voltage or over current interrupts.  Information
collected is to help debug system brownout.

Bug: 228383769
Test: Boot and Test
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I9ac873d03d57d9a6db8d9233f25c8fabdfc399a5
 2022-05-26 21:39:25 -07:00
eddielan
36a6b23804 sepolicy: Add SW35 HIDL factory service into sepolicy 
Bug: 231549391
Test: Build Pass
Change-Id: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
(cherry picked from commit aeb9bd0406)
Merged-In: If5c1bc5ddf6a1fa753ac65b6b4c5983775f2f704
 2022-05-27 01:29:31 +00:00
Dinesh Yadav
6513479fe8 Add SEPolicy for gxp_metrics_logger.so logging to stats service 
In order to access the gxp metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses.
This CL adds the same_process_hal_file tag to allow this exception.

Bug: 177236353

Test: App can load the .so and creates a VLOG message after this change.
Before: No permission to access namespace.
After: GCA able to access the gxp_metrics_logger.so
Change-Id: I453b66b30eb51ebd22fda750d272cf35574301f6
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2022-05-20 17:05:23 +00:00
Dinesh Yadav
e40cd2ac42 Add SEPolicy settings for android logging/tracing service for GXP 
This change also adds support for SEPolicy to access perfetto which was
missing in ag/17818623.

Bug: 217289052

Change-Id: Ic5599d0be783b65102b3b0ffef27e66f1f6904da
 2022-05-19 03:31:32 +00:00
Quang Luong
a36285b0de Revert "Add SEPolicy settings for android logging/tracing servic..." 
Revert submission 17817048-gxp-firmware-log-trace-metrics-service

Reason for revert: breaks CTS tests: b/230031232
Reverted Changes:
I3c9574dca:Add SEPolicy settings for android logging/tracing ...
I6bced8246:Add Firmware Log/Trace service to GXP project outp...
Icfc0ca30f:Add gxp_logging_service as an android service

Change-Id: I4ae6a63b6e2b58a094f45771de87fc3799f99e67
 2022-04-22 00:11:02 +00:00
Dinesh Yadav
5f4f4de205 Add SEPolicy settings for android logging/tracing service for GXP 
Change-Id: I3c9574dca5e52356b77172c886ac8971584d3012
 2022-04-21 06:22:37 +00:00
Alex Hong
09ef2e08c5 Update the SELinux context for dumpstate HAL service 
Test: atest VtsHalDumpstateTargetTest pass
Bug: 223118410
Change-Id: Ie237579f974bab8bf8d35211367457be178a262b
 2022-04-18 07:45:28 +00:00
Oleg Matcovschi
a79b98eb25 selinux: remove dpm_[ab] from custom_ab_block_device's 
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I774065f331b1f2970b0fee5a41faa097fa88caf8
 2022-04-15 19:08:17 +00:00
Stephane Lee
5ce2f99f38 ODPM: Add ODPM config file to be read by powerstats 2.0 
Test: Ensure that there are no sepolicy errors when
/data/vendor/powerstats/odpm_config exists
Bug: 228112997

Change-Id: I094c29c4d1a82bccfabde7a5511f4aa833c2cd35
 2022-04-08 02:49:40 +00:00
Ray Chi
3fdb24bdc1 Revert "add sepolicy for set_usb_irq.sh" 
This reverts commit 6733f9667d.

Bug: 225789036
Test: build pass
Change-Id: If43c8db71c737d509b1dfd098503f564a06bf046
 2022-03-29 15:45:30 +08:00
Omer Osman
e5cc5f7937 Add hidraw device and Dynamic Sensor SE Linux policy 
Test: Incoming HID data from Pixel Buds

Change-Id: I77489100e13d892fb7d3a7cee9734de044795dec
 2022-03-27 23:26:29 +00:00
Lucas Wei
ab9ec22267 Label vendor_kernel_boot with boot_block_device for OTA updating 
Label with boot_block_device to allow further operations on
vendor_kernel_boot including OTA updating.

This is required for update_engine to be able to write to
vendor_kernel_boot on builds that are enforcing sepolicy.

Bug: 214409109
Signed-off-by: Lucas Wei <lucaswei@google.com>
Change-Id: If239690ee168ecfd5c5b755451e389a4523c79b8
 2022-03-25 08:55:00 +00:00
Holmes Chou
e0b06b9cbd camera: use codename for camera modules 
use codename for camera modules
Bug: 209866857
Test: GCA, adb logcat

Change-Id: I55f6998d18a904c83ecdf328d1b0e5ca6a01427f
 2022-03-24 13:11:16 +00:00
SalmaxChang
ae6f085676 modem_svc_sit: fix avc error 
avc: denied { write } for comm="modem_svc_sit" name="modem_stat" dev="dm-46" ino=333 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 225149029
Change-Id: Id1045d9488a200b6c64abbe02cf5e65926ba0203
 2022-03-23 05:13:29 +00:00
Denny cy Lee
38c2803c54 Sepolicy: add pixelstats/HardwareInfo sepolicy 
avc denials to fix (after apply ag/17120763)
[   50.171564] type=1400 audit(1647222380.884:28): avc: denied { read } for comm="pixelstats-vend" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
[   54.519375] type=1400 audit(1647222385.228:29): avc: denied { read } for comm="id.hardwareinfo" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 app=com.google.android.hardwareinfo

Bug: 222019890
Test: manually check debug logcat
Change-Id: I0e4f3f3a66783383b0d1327cec4dcd145ae9a7af
 2022-03-15 03:09:18 +00:00
Roshan Pius
c5710ad18e gs-sepolicy(uwb): Changes for new UCI stack 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Bug: 204718220
Bug: 206045367
Test: Manual Tests
Change-Id: Ib0456617d0f5cf116d11a9412f47f36e2b8df570
 2022-03-14 16:09:02 +00:00
Devin Moore
ac44b340d3 Add the init_boot partition sepolicy 
Tagging the partition as a boot_block_device so everything that had
permission to read/write to the boot partition now also has permissions
for this new init_boot partition.

This is required for update_engine to be able to write to init_boot on
builds that are enforcing sepolicy.

Bug: 222052598
Test: adb shell setenforce 1 && update_device.py ota.zip

Merged-In: Ic991fa314c8a6fdb848199a626852a68a57d1df5
Change-Id: Ic991fa314c8a6fdb848199a626852a68a57d1df5
 2022-03-03 20:01:09 +00:00
Nishok Kumar S
e95f5edafe Allow camera HAL and GCA to access Aurora GXP device. 
The camera HAL and Google Camera App
need selinux permission to run workloads on Aurora DSP. This
change adds the selinux rules too allow these clients to
access the GXP device and load firmware onto DSP cores
in order to execute workloads on DSP.

Bug: 220086991
Test: Verified that the camera HAL service and GCA app is able to access the GXP device and load GXP firmware.
Change-Id: I1bd327cfbe5b37c88154acda54bf6c396e939289
 2022-03-03 04:02:33 +00:00
Siddharth Kapoor
2d43200489 Add libgpudataproducer as sphal 
Bug: 222042714
Test: CtsGpuProfilingDataTestCases passes on User build

Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
Change-Id: I1997f3e66327486f15b1aa742aa8e82855b07e05
 2022-03-03 01:08:52 +00:00
Badhri Jagan Sridharan
fc08341bd6 android.hardware.usb.IUsb AIDL migration 
Cherry-pick of <775523d1eb>

android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

[   37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
[   39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
...
[   42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1
[   43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[   43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1'

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
Merged-In: Ia8c24610244856490c8271433710afb57d3da157
 2022-03-01 03:32:23 +00:00
Alex Hong
4443c79bbb Remove the sepolicy for tetheroffload service 
Test: m checkvintf
      run vts -m VtsHalTetheroffloadControlV1_0TargetTest
Bug: 207076973
Bug: 214494717
Change-Id: I5ecec46512ff4e1ae6c52147cfa0179e5fc93420
Merged-In: I5ecec46512ff4e1ae6c52147cfa0179e5fc93420
 2022-02-24 04:03:32 +00:00
davidycchen
bfda745e26 Remove touch_offload_device declaration 
touch_offload_device is already declare in
hardware/google/pixel-sepolicy/input.

device/google/gs201-sepolicy/whitechapel_pro/device.te:14:ERROR
'Duplicate declaration of type' at token ';' on line 76173:
type rls_device, dev_type;
type touch_offload_device, dev_type;

Bug: 199104528
Test: build pass

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: I3cedb25473d8327eb42d3b65cf714cf5dc22712f
 2022-02-11 02:36:29 +00:00
Ankit Goyal
239885a306 Rename vulkan library to be platform agnostic 
Bug: 174232579
Test: Boots to home
Change-Id: Ib8618f4f8e1fc47753039f1143269211df0c42be
 2022-02-11 00:52:54 +00:00
Ray Chi
6733f9667d add sepolicy for set_usb_irq.sh 
Bug: 202103325
Test: build pass
(synced from commit 714075eba72067489d08c36b87bfed9656092b2c)

Change-Id: I309e24a5084ed33278d3fbe49e4ad1cc91b1255a
 2022-01-25 03:28:35 +00:00
Devika Krishnadas
35abe98124 Edit vframe-secure policy 
Bug: 215417614
Test: GL2SecureRendering.apk
Signed-off-by: Devika Krishnadas <kdevika@google.com>
Change-Id: Ief75b8581887d28916d512ec90acc575311276db
 2022-01-21 04:47:21 +00:00
linjoey
42ac322b3d Add vulkan and gralloc sepolicy. 
Bug: 206891640
Test: Test CTS testVulkanHardwareFeatures passed.
Change-Id: Ia14aa691d6dbfad40344895c9e6a63a267754864
 2022-01-17 02:21:04 +00:00
Adam Shih
0b322cac3d make GPU mali firmware accessible 
Bug: 205779849
Test: boot with no relevant log.

Change-Id: I0cc1c1f84df44b5fbed239d6771937f62861bdb2
 2022-01-17 02:11:39 +00:00
Xu Han
9633922461 Fix rlsserive selinux denials 
Bug: 213817228
Test: check "avc denied" log with camera streaming.
Change-Id: Id255ffab3ca145cb0708b701e2afccdcd76ef4ea
 2022-01-14 10:22:40 -08:00
linpeter
72dc78222f update display sepolicy 
Bug: 205073165
Bug: 205656937
Bug: 205779906
Bug: 205904436
Bug: 207062172
Bug: 208721526
Bug: 204718757
Bug: 205904380
Bug: 213133646

test: check avc denied with hal_graphics_composer_default, hbmsvmanager_app
Change-Id: I964a62fa6570fd9056b420efae7bf2fcbbe9fc9f
 2022-01-12 08:10:50 +00:00
horngchuang
ebe7b7c9a5 Remove l10 specific camera component sepolicy settings 
Move these settings to L10 specific folder

Bug: 210598444
Test: build okay
Change-Id: I517d5414f64a32098fd8e5bfa6554f2272680826
 2022-01-10 05:43:46 +00:00
Jaegeuk Kim
5134bb2094 Revert converting ext4 to f2fs 
Revert the below commits:

commit bf900e2ae5 "allow to convert /efs to f2fs"
commit 54b0addb16 "convert_to_f2fs.sh: add sepolicy"

And, tracking_denials WA.

Bug: 207031989
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Id3dd1c5b8cad962845fd7a88b9069315819e5f3d
 2022-01-06 16:44:08 +00:00
JimiChen
bec2f8f10d Add permision for new sensors and eeproms 
sensor: imx712 and imx712-uw
eeprom: m24c64x-imx712 and m24c64x-imx712-uw

Bug: 210657475
Bug: 210569509
Test: build okay
Change-Id: Ide8429ce41a34b5c27b23eea1095bae93c5b88c4
 2022-01-04 05:49:24 +00:00
horngchuang
c8f6c81670 Add imx787 sensor entry to selinux policy 
/dev/lwis-sensor-imx787 used by rear-cam sensor

Bug: 210654152
Test: local build Pass, boot to Home
Change-Id: Ia15ad131d763190d3ecbfee397f0de33987ddb65
 2022-01-04 05:40:30 +00:00
Krzysztof Kosiński
deb9d361cd Add sepolicy for camera persist files. 
Bug: 208866457
Test: Verified label for /mnt/vendor/persist/camera on P10
Change-Id: Id4af051ea2e783bed7cabfd2be80bdac994a11ab
 2021-12-10 01:39:26 +00:00
Adam Shih
4820dcfdba make libraries app-reachable 
Bug: 209703854
Test: Boot with no relevant errors
Change-Id: I5f0d6ed1b578d1684c476bc07d81baaf91005bc6
 2021-12-08 13:17:52 +08:00
Adam Shih
0546c79a47 make some libraries app reachable 
Bug: 208527969
Test: boot with no relevant error log
Change-Id: Ic21fcecd4a9ff3d293dafe1e7a9dbebd0e736852
 2021-12-01 15:33:49 +00:00
Kris Chen
8d3c4a7b4e fingerprint: Fix avc errors 
Bug: 207062260
Test: boot with no relevant error on C10
Change-Id: I6d3b74c34d2344c4e889afaf8bb99278785e5416
 2021-11-25 07:09:31 +00:00