Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2474 commits 1 branch 0 tags 63 MiB
Commit graph

180 commits

Author SHA1 Message Date
TeYuan Wang
951bad233c sepolicy: label AUR as sysfs_thermal 
Bug: 171499494
Test: adb shell ls -Z /sys/devices/platform/100b0000.AUR
Change-Id: I0aa1b95c11d2af5fa2175c582068daad51360485
 2022-04-14 06:23:35 +00:00
Darren Hsu
65fabe6774 sepolicy: lable p9412 wakeup for system suspend am: cf2cc47e79 am: 5da7e0aa7c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17731166

Change-Id: I60d970421cc78253c01d6611afa427451cc7c70b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-13 11:03:58 +00:00
Darren Hsu
8af71b59c0 sepolicy: lable p9412 wakeup for system suspend am: cf2cc47e79 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17731166

Change-Id: Ic0c96ad1ef2bc91f5fce9196c4133b39c6a33a50
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-13 10:20:02 +00:00
Darren Hsu
cf2cc47e79 sepolicy: lable p9412 wakeup for system suspend 
Bug: 226887726
Bug: 228947596
Test: do bugreport without avc denials
Change-Id: Ic8eab625a20c60a4bf78403ef10465074d782821
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-04-13 13:39:02 +08:00
Albert Wang
44db109410 Add more xHCI wakeup path for suspend_control am: e914d6fcc3 am: 75ee2a71a3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17686710

Change-Id: I2119c5c796a50c1ed52cf7ee610b243a21cdbe29
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-12 10:10:24 +00:00
Albert Wang
e914d6fcc3 Add more xHCI wakeup path for suspend_control 
To addressdd the xHCI wakeup nodes permission problem, add new nodes:
/devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup
/devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2
/devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb3
/devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup
/devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2
/devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb3
/devices/platform/11210000.usb/wakeup

Bug: 228791172
Test: verified with forrest test build
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I457e64c252ec3573ab15923898c469472fc3b9b6
 2022-04-12 15:07:04 +08:00
Darren Hsu
51171f681c sepolicy: label charger wakeup for system suspend am: 68f1d4fb71 am: 8171577cf2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17686708

Change-Id: I07b76609f3c238474b29ae23e5899715b73b3198
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-12 04:20:06 +00:00
Darren Hsu
88dc029b88 sepolicy: label charger wakeup for system suspend am: 68f1d4fb71 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17686708

Change-Id: Ia0c3065b170d6be3823dff7b4c4e650396df9c97
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-12 04:05:03 +00:00
Darren Hsu
68f1d4fb71 sepolicy: label charger wakeup for system suspend 
Bug: 226887726
Test: do bugreport without avc denials
Change-Id: I0b57cfdddb81c1685f6a054944c064e02c099637
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-04-12 07:43:30 +08:00
Darren Hsu
3fcd2a33a6 Label AoC wakeup for system suspend am: c750a64e4c am: 1b64a4529a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17652444

Change-Id: Ia10de2572c08bcf067016c528a989b41e13516de
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-11 09:07:19 +00:00
Darren Hsu
7903dbb74c Label AoC wakeup for system suspend am: c750a64e4c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17652444

Change-Id: I63c19ed0fb37137c0561b62a3fc2cebe5dabc458
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-11 08:18:19 +00:00
Darren Hsu
c750a64e4c Label AoC wakeup for system suspend 
Bug: 227531769
Test: do bugreport without avc denials
Change-Id: Ie3efd407ff629b583e37c0b5af430c9a9daf8691
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-04-11 15:54:59 +08:00
chungkai
695bbd5671 genfs_contexts: fix path for i2c peripheral device am: fb466b4915 am: d2e0a2ef5e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17521224

Change-Id: I51f8bbb9f6bd068f9ec1aa51cb6b1e3902535e0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-08 03:38:00 +00:00
chungkai
cd880aa0e6 genfs_contexts: fix path for i2c peripheral device am: fb466b4915 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17521224

Change-Id: I9d6ae44e3c1d28b670796dc87e193281f9699c76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-08 02:53:20 +00:00
chungkai
fb466b4915 genfs_contexts: fix path for i2c peripheral device 
paths are changed when we enable parallel module loading and
reorder the initializtaion of devices.

Test: without avc denial
Bug: 227541760
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Icd74392e0684ac5614a83d14b936be880148f919
 2022-04-08 02:20:26 +00:00
Jeremy DeHaan
249213ddb6 Update selinux policy for display information am: 18f8d933ab am: 573cc8efc5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17599695

Change-Id: Icfc31a38101cd898fd1812fd6645a2a35d02ec88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-06 19:42:56 +00:00
Jeremy DeHaan
18f8d933ab Update selinux policy for display information 
Two new sysfs nodes were added to sysfs_display type and permission to
access sysfs_display nodes was added for the dumpstate service. This
allows display information to be captured during bug report generation.

Bug: 225376485
Test: Manual - ran 'adb bugreport'
Change-Id: Ib121b0b21aa326e791e67c5bd24b3e70979a554c
 2022-04-06 18:51:45 +00:00
Minchan Kim
56fb8cb807 sepolicy: allow dump page_pinner am: 3496931400 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17410608

Change-Id: Id4385572ff9f2fc059d351c817a764f5a4f0574d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 16:53:16 +00:00
Minchan Kim
3496931400 sepolicy: allow dump page_pinner 
Provide necessary sepolicy for dumpreport to access page_pinner
information in /sys/kernel/debug/page_pinner/{longterm_pinner,
alloc_contig_failed}

Bug: 226956571
Test: Run "adb bugreport <zip>" and verify it contains the output
      from page_pinner.
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I7b00d4930fbaa2061537cd8c84616c1053c829cf
 2022-03-28 16:35:02 +00:00
Chris Kuiper
ffebbdcd34 Add rules to allow Sensor HAL write access to als_table am: 967571ee60 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17368888

Change-Id: Id038f0254f2c69e917c88cb2da0aa8f47b6861f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 00:20:47 +00:00
Chris Kuiper
967571ee60 Add rules to allow Sensor HAL write access to als_table 
Sensor HAL needs write access to
/sys/class/backlight/panel0-backlight/als_table.

Bug: 226435017
Test: Observing logs
Change-Id: Idb592d601b92c6814493e0d28384e1013935b72f
 2022-03-25 00:00:19 +00:00
Yabin Cui
02c1ef8b85 Add SOC specific ETM sysfs paths 
Bug: 225403280
Test: run profcollectd on c10
Change-Id: I10c8d250cf88b371ee573561d6678fc24f4e440c
Merged-In: I10c8d250cf88b371ee573561d6678fc24f4e440c
 2022-03-23 19:45:48 +00:00
George Lee
17981f9fc0 health: Grant sysfs_thermal access to health 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 226009696
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I8d112cb12f3aeb1c8d5433ca69415d0413f070a2
Merged-In: I4d9491862ff1bcc88f89b1478497ac569e3d1df1
 2022-03-23 05:30:33 +00:00
Yabin Cui
278d110fba Add SOC specific ETM sysfs paths 
Bug: 225403280
Test: run profcollectd on c10
Change-Id: I10c8d250cf88b371ee573561d6678fc24f4e440c
 2022-03-22 16:53:23 +00:00
Peter Csaszar
466adbb2da pixel-selinux: Port PRO SJTAG policies to tm-dev 
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface for WHI-PRO-based devices, now migrated to the
tm-dev branch. The files are in the following directories:

  /sys/devices/platform/sjtag_ap/interface/
  /sys/devices/platform/sjtag_gsa/interface/

Bug: 207571417
Bug: 224022297
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Merged-in: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
Change-Id: I56da5763c31ab098859cbc633660897646fe7f3e
 2022-03-22 03:17:40 +00:00
Mason Wang
500e7624e9 vendor_init: Fix touch avc denial of high_sensitivity. 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-21 07:32:49 +00:00
Mason Wang
296823785d vendor_init: Fix touch avc denial of high_sensitivity.[DO NOT MERGE] 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-17 10:01:37 +00:00
George Lee
c73fa1acfe health: Add sysfs_thermal access am: 2cc598cc9b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17164869

Change-Id: I2d335b082919b55a430782de9b79f7037a846af1
 2022-03-17 05:27:23 +00:00
George Lee
2cc598cc9b health: Add sysfs_thermal access 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 223928339
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I6077e841d179b6cda50d578e584dd249ce970db0
 2022-03-17 04:55:59 +00:00
Darren Hsu
356fb92bb2 sepolicy: reorder genfs labels for system suspend am: 6d25430600 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17149073

Change-Id: Id01fb5bad47786a03ef5562f14d7df6dc6856448
 2022-03-15 03:15:02 +00:00
Darren Hsu
6d25430600 sepolicy: reorder genfs labels for system suspend 
Bug: 223683748
Test: check bugreport without relevant avc denials
Change-Id: I295d3dfb96cc87e8faaf16f949918445cc3a0d44
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-15 02:52:48 +00:00
Taeju Park
28666f9c91 Allow accessing power_policy sysfs node for GPU am: dc99069f1e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17147970

Change-Id: I4d6d6f91d20ee796557f0341fd0553b2a880dbb4
 2022-03-10 10:27:29 +00:00
Taeju Park
dc99069f1e Allow accessing power_policy sysfs node for GPU 
Bug: 223440487
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: Iae2e4a0dc8d474d04200e79b4b4014010eedb147
 2022-03-10 10:03:59 +00:00
Darren Hsu
ddba63c8e1 sepolicy: label wakeup source for usbc port am: ab8e1fdc58 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17129070

Change-Id: I5d7a5c785a47406a692e76c5b5ac1f063be4f562
 2022-03-10 06:31:58 +00:00
Darren Hsu
ab8e1fdc58 sepolicy: label wakeup source for usbc port 
Bug: 223475365
Test: run vts -m SuspendSepolicyTests
Change-Id: I2116c5f4fd19c5995f1612d593532cc7e065a560
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-10 11:29:15 +08:00
Darren Hsu
541e5a1bec sepolicy: fix VTS failure for SuspendSepolicyTests am: 284b775f21 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118583

Change-Id: Iadc3284119120be092462d2769bf2ce0a4e0bf2d
 2022-03-09 05:57:35 +00:00
Darren Hsu
284b775f21 sepolicy: fix VTS failure for SuspendSepolicyTests 
Label the common parent wakeup path instead of each
individual wakeup source to avoid bloating the genfs
contexts.

Bug: 221174227
Test: run vts -m SuspendSepolicyTests
Change-Id: I38e3a349af04f83e63735ea7ca010cf634c2f1ab
 2022-03-09 05:29:09 +00:00
Midas Chien
07be5a9e09 Allow composer to read panel_idle_handle_exit sysfs node am: bef935f43d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005599

Change-Id: Ib3a236dbb535e41050b3535c0e8e8c7e6ac3431a
 2022-03-04 07:22:59 +00:00
Midas Chien
bef935f43d Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Change-Id: I5e6c5036a946417c782f1389f4423cce69c4df77
 2022-03-04 06:55:04 +00:00
Badhri Jagan Sridharan
fc08341bd6 android.hardware.usb.IUsb AIDL migration 
Cherry-pick of <775523d1eb>

android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

[   37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
[   39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
...
[   42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1
[   43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[   43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1'

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
Merged-In: Ia8c24610244856490c8271433710afb57d3da157
 2022-03-01 03:32:23 +00:00
YiHo Cheng
6a1e7e3340 thermal: Label tmu register dump sysfs am: be92764669 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005600

Change-Id: I5d714128eacd3e64dc44baff1e6ad295a6bf61fe
 2022-03-01 01:51:51 +00:00
YiHo Cheng
be92764669 thermal: Label tmu register dump sysfs 
Allow dumpstate to access tmu register dump sysfs

[  174.114566] type=1400 audit(1645790696.920:13): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_state" dev="sysfs"
ino=65178
 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
 tclass=file permissive=0
 [  174.115092] type=1400 audit(1645790696.920:14): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_reg_dump_current_temp" dev="sysfs"
 in
 o=65179 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115208] type=1400 audit(1645790696.920:15): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_rise_thres"
 dev="sysfs"
 ino=65180 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115398] type=1400 audit(1645790696.920:16): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_fall_thres"
 dev="sysfs"
 ino=65182 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115498] type=1400 audit(1645790696.920:17): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_rise_thres"
 dev="sysfs"
 ino=65181 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 215040856
Test: check tmu register dump sysfs output in dumpstate
Change-Id: Ica48e37344a69264d4b4367af7856ec20b566a9e
 2022-03-01 01:24:00 +00:00
Badhri Jagan Sridharan
775523d1eb android.hardware.usb.IUsb AIDL migration 
android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

[   37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
[   39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
...
[   42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1
[   43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[   43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1'

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
 2022-02-25 00:51:26 +00:00
Darren Hsu
9b1d657510 Allow hal_power_stats to read UWB sysfs nodes am: 8f90cf5408 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986443

Change-Id: Iba1a0e7a804473c04b0ec9df05b5286dc316a68d
 2022-02-24 04:06:34 +00:00
Darren Hsu
8f90cf5408 Allow hal_power_stats to read UWB sysfs nodes 
Bug: 219369324
Test: Dump power stats and see no avc denials
Change-Id: Ib1ac15867f51069bef3f68e91bf65b842b7c0734
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-02-24 01:02:11 +00:00
Peter Csaszar
4041f814be pixel-selinux: add SJTAG policies 
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface. The files are in the following directories:

  /sys/devices/platform/sjtag_ap/interface/
  /sys/devices/platform/sjtag_gsa/interface/

Bug: 207571417
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Change-Id: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
 2022-02-17 12:31:09 -08:00
Midas Chien
c8c1f766d2 Allow composer to read panel_idle sysfs node 
Change panel_idle selinux type to sysfs_display to allow composer can
access it.

Bug: 198808492
Test: ls -Z to check selinux type
Test: make sure composer can access it
Change-Id: Ic2bd697c79b398b8093dd00598b1076e3ea3aec2
 2022-02-17 09:17:42 +00:00
Adam Shih
b2c284177a label sysfs_fabric to target_load 
[   11.149987] type=1400 audit(1644984050.124:9): avc: denied { open } for comm="NodeLooperThrea" path="/sys/devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load" dev="sysfs" ino=48615 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
Bug: 218500026
Test: boot with no error loop under enforcing mode

Change-Id: Ie2f78f8ee39233e0c1f83fc2ba654f4a116e12a4
 2022-02-16 13:01:30 +08:00
Alex Hong
9cc70410c5 Add required sepolicy rules for Camera function 
Bug: 218499972
Test: Switch to Enforcing mode
      Take a picture, camera recording
Change-Id: I57f3e8454ece6906624f028b7a3771ffddcaa963
 2022-02-11 03:26:56 +00:00
Denny cy Lee
92d0030e6a hardwareinfo: add sepolicy for SoC 
Bug: 208721710
Test: search avc in logcat

Change-Id: I3828d39981666db98e6a34aa70ae39b7f126e495
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2022-02-08 03:33:06 +00:00