device_google_gs201

Author	SHA1	Message	Date
Mike Wang	551b83f7c5	Change the MDS to platform app in selinux ap context. The MDS will be signed with platform key and become a platform app. To make the selinux rules for modem_diagnostic_app work, need to set it to platform app in app context. Bug: 287683516 Test: Tested with both dev key or platform key signed MDS apps and the selinux rules works. Change-Id: Ia0dacafc5e096c101e115b7356d8490391cb6bbd	2023-11-08 05:23:35 +00:00
Wilson Sung	7627d8a7f8	Move uwb to system_ext Bug: 290766628 Test: Boot-to-home, no uwb related avc error Change-Id: I00a1c45f05cc52a9ce93234921d0b759a3143f16	2023-09-05 20:35:02 +00:00
Inseob Kim	62014f1726	Move coredomain policies to system_ext/product Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble violation. Bug: 280547417 Test: TH Change-Id: If768b5cb9f3b4024893117d8e3bf49adb7c5b070	2023-08-08 21:33:28 +09:00
Jin Jeong	10ef6d8619	Revert "Fix SELinux error for com.google.android.euicc" Revert submission 22899490-euicc_selinux_fix Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Bug: 279988311 Reverted changes: /q/submissionid:22899490-euicc_selinux_fix Change-Id: I50ff4f8e48389d034c3f6c716dad1a81e9b73e64	2023-05-24 01:07:09 +00:00
Jinyoung Jeong	f265749f1d	Fix SELinux error for com.google.android.euicc Bug: 279548423 Test: http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b Change-Id: Idd231c2412e8f597dea1bfa11f9d1a0fa1e17034	2023-04-30 02:51:45 +00:00
Nicolas Geoffray	1882c634c7	Also put .ShannonImsService in the vendor_ims_app domain. am: `123262b869` am: `99159a832b` am: `da3eb0b7c5` Original change: https://android-review.googlesource.com/c/device/google/gs201-sepolicy/+/2335385 Change-Id: Ie04d950cca93bd3d36af091f7c07f22474ec8dd7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-12-08 20:45:10 +00:00
Nicolas Geoffray	da3eb0b7c5	Also put .ShannonImsService in the vendor_ims_app domain. am: `123262b869` am: `99159a832b` Original change: https://android-review.googlesource.com/c/device/google/gs201-sepolicy/+/2335385 Change-Id: I76302558055df38134731cddc25a9ee84074dafd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-12-08 20:17:12 +00:00
Nicolas Geoffray	123262b869	Also put .ShannonImsService in the vendor_ims_app domain. For consistency when running com.shannon.imsservice code. Test: m Bug: 260557058 Change-Id: Idb145723d053eb93dbae2b71f7204347253c8a50	2022-12-08 14:49:22 +00:00
Steve Pfetsch	a2e6c51431	gs201-sepolicy: provide permission for TouchInspector app [DO NOT MERGE] Resolve these access violations: avc: denied { write } for name="driver_test" dev="proc" ino=4026535572 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector avc: denied { open } for path="/proc/fts/driver_test" dev="proc" ino=4026535572 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector avc: denied { getattr } for path="/proc/fts/driver_test" dev="proc" ino=4026535572 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector avc: denied { read } for name="driver_test" dev="proc" ino=4026535572 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector avc: denied { open } for path="/proc/fts_ext/driver_test" dev="proc" ino=4026535574 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector avc: denied { getattr } for path="/proc/fts_ext/driver_test" dev="proc" ino=4026535574 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector Bug: 182118395 Signed-off-by: Steve Pfetsch <spfetsch@google.com> Change-Id: Ia3bd2323b77134b8e47d858f36756780dec98c19	2022-11-22 23:48:19 +00:00
George Lee	d59612c409	gs201-sepolicy: Add BrownoutDetection app [DO NOT MERGE] This app files bugreport for user-debug build with reboot reason = ocp or uvlo. Removed the dependency on BetterBug. Bug: 237287659 Test: Ensure bugreport is generated under user-debug build with reboot reason = ocp or uvlo. Signed-off-by: George Lee <geolee@google.com> Change-Id: Ib8fceb62e66e9d561a6597687ea3cbe5ac9a832d	2022-11-16 18:20:57 +00:00
George Lee	f03c6fb1d8	betterbug: Update selinux policy for betterbug Update startup_bugreport_requested property to vendor_public for betterbug to access. Bug: 237287659 Test: Load Betterbug for accessing startup bugreport reason property Signed-off-by: George Lee <geolee@google.com> Change-Id: Idc07e3f4ce425c0167654743fbe1ad8b7ece5e15 (cherry picked from commit `d1e0b924ae`)	2022-11-02 02:47:37 +00:00
George Lee	69d0a6e78f	[conflict] betterbug: Update selinux policy for betterbug am: `d1e0b924ae` am: `0511a5b342` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20276308 Bug: 256639156 Change-Id: Id42a5dc034bfe4ce5ad3606ba30423ba9775b125 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-11-01 17:00:22 +00:00
George Lee	d1e0b924ae	betterbug: Update selinux policy for betterbug Update startup_bugreport_requested property to vendor_public for betterbug to access. Bug: 237287659 Test: Load Betterbug for accessing startup bugreport reason property Signed-off-by: George Lee <geolee@google.com> Change-Id: Idc07e3f4ce425c0167654743fbe1ad8b7ece5e15	2022-10-31 16:30:39 +00:00
George Lee	23d095da01	betterbug: Add selinux policy for betterbug am: `39ffb227b3` am: `87e5ce6250` Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20188753 Change-Id: I8b049af986af7c8ab44791a8e9c515a489ebd87e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-10-14 06:28:01 +00:00
George Lee	39ffb227b3	betterbug: Add selinux policy for betterbug Enable Betterbug to read reboot reason such that Betterbug can file bugreport when uvlo or ocp is found within reboot reason. Bug: 237287659 Test: Load Betterbug for accessing boot reason property Signed-off-by: George Lee <geolee@google.com> Change-Id: Id699be34d2e060ee7827737982403fd58f133c4a	2022-10-13 23:44:06 +00:00
Denny cy Lee	d64d7fa852	HwInfo: Move hardware info sepolicy to pixel common Bug: 215271971 Test: no sepolicy for hardware info Change-Id: Ic887e59878352fa5784a172af0453f3bb881e1f2 Signed-off-by: Denny cy Lee <dennycylee@google.com>	2022-08-03 02:57:28 +00:00
Nishok Kumar S	43e827c01a	Add label for GCA fishfood app built with debug keys - label as debug_camera_app. Test: Build GCA-Next manually and install on device. Test with selinux on. Bug: 230773733 Change-Id: Ifc2fd29a74bf66444501327feac391ddf812c867	2022-05-17 02:42:05 +00:00
Nishok Kumar S	145f7b5b93	Use google_camera_app label for GCA-Next fishfood app. Bug: 230773733 Test: Build selinux and test with GCA-Next on device. Change-Id: I757e7de2293e25bd027262a5fbf4ece2a44f10d1	2022-05-13 05:31:34 +00:00
Nishok Kumar S	4a6cfb5a9c	Label GCA-Eng app - Add policies for GCA-Eng to access GXP device. - Allow GCA-Eng to access edgetpu service. Test: Build selinux and test GCA-Eng on device with adb shell setprop camera.artemis_dsp TRUE Bug: 230773733 Change-Id: I8d04f6e1aef0899b3862ddbb80174cd086156d92	2022-05-13 05:18:09 +00:00
Harpreet Eli Sangha	1a0b0ce0c4	Add CccDkTimeSyncService for Digital Key Support Test: Build and Run Bug: 226659256 Signed-off-by: Harpreet Eli Sangha <eliptus@google.com> Change-Id: I9dd53a864d53e525282bc49c13b09157fc8d2ece	2022-04-15 00:28:13 +00:00
Roshan Pius	c5710ad18e	gs-sepolicy(uwb): Changes for new UCI stack 1. Rename uwb vendor app. 2. Rename uwb vendor HAL binary name & service name. 3. Allow vendor HAL to host the AOSP UWB HAL service. 4. Allow NFC HAL to access uwb calibration files. Bug: 186585880 Bug: 204718220 Bug: 206045367 Test: Manual Tests Change-Id: Ib0456617d0f5cf116d11a9412f47f36e2b8df570	2022-03-14 16:09:02 +00:00
Jinting Lin	94d7f6cce6	Fix avc denied for slsi engineermode app log: avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:platform_app:s0:c512,c768 pid=5111 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0 avc: denied { call } for comm="si.engineermode" scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.samsung.slsi.engineermode avc: denied { call } for comm="HwBinder:1016_1" scontext=u:r:rild:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=binder permissive=0 avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:vendor_engineermode_app:s0:c225,c256,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.samsung.slsi.engineermode Test: side load the trail build sepolicy, then check the app Bug: 221482792 Change-Id: I84768ed128a2b8c57d6a3e0a0f0aa8c4d4b91857	2022-03-03 01:01:08 +00:00
Mars Lin	549512a38e	Add sepolicy for CatEngine Bug: 187989782 Test: Run CAT adb check log Change-Id: Ib715ac2fb8efc8ad79fe190942dcfae716291d2b	2022-02-14 03:03:39 +00:00
Adam Shih	6004d58760	label camera app Bug: 209329856 Test: boot with google camera's label changed Change-Id: Iff83bf8f42f9e6f9588fc5f45852a11608dc4445	2021-12-08 13:20:20 +08:00
Adam Shih	ccabcd4a24	label telephony apps Bug: 208721636 Test: boot with error log changed from system_app to right ones Change-Id: Ia65b2c8f1759866eca8fcd12dcbed4cedaa61ea2	2021-12-06 11:27:22 +08:00
Adam Shih	316d846ac4	copy euiccpixel_app setting to gs201 12-01 13:56:53.328 7682 7682 I Thread-2: type=1400 audit(0.0:44): avc: denied { map } for path="/dev/__properties__/u:object_r:dck_prop:s0" dev="tmpfs" ino=136 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:dck_prop:s0 tclass=file permissive=1 app=com.google.euiccpixel There is only one source of code in vendor/unbundled_google/packages/EuiccSupportPixelPrebuilt/Android.mk Bug: 208527969 Test: no relevant error logs were found any more Change-Id: I06b1cdcfb9109956f9c65dede1208310d2b79c48	2021-12-01 15:33:58 +00:00
Adam Shih	e72ecd59d8	fix UWB app settings and zygote library access 11-16 14:46:01.647 446 446 E SELinux : avc: denied { add } for pid=2502 uid=1083 name=uwb_vendor scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1 11-16 14:41:41.238 440 440 E SELinux : avc: denied { find } for pid=2555 uid=1083 name=hardware.qorvo.uwb.IUwb/default scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1 Bug: 206331617 Bug: 206045471 Bug: 205904384 Test: boot with no zygote errors Change-Id: I5fe048434d430120334d172481b9cc07cff141dd	2021-11-18 02:20:49 +00:00
Adam Shih	2ef225b9c5	label oemrilservice_app and grant relevant permission 11-15 11:32:41.059 442 442 E SELinux : avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:oemrilservice_app:s0:c195,c256,c512,c768 pid=1866 scontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=1 11-15 11:32:41.060 1013 1013 I rild_exynos: type=1400 audit(0.0:5): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tclass=binder permissive=1 11-15 11:32:41.368 1013 1013 I rild_exynos: type=1400 audit(0.0:6): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tclass=binder permissive=1 11-15 11:32:41.890 441 441 E SELinux : avc: denied { find } for pid=1866 uid=10195 name=isub scontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1 Bug: 205904553 Bug: 205073117 Bug: 204718782 Bug: 205904441 Test: boot with no relevant error log Change-Id: I258aa58b4d3c95b901405e9181138c0d68c2b154	2021-11-16 02:12:53 +00:00
Adam Shih	1aaa9d5be9	review hardware_info_app Bug: 196916111 Test: boot with app correctly labeled Change-Id: I31335fff6356edeedc10ebd2e55b8ed62e39ee02	2021-10-08 11:39:38 +08:00
Adam Shih	791aeae701	review ramdump_app Bug: 196916111 Test: boot to home Change-Id: I756f9022a7c20392dd8d07d2be7c972395176629	2021-10-06 00:47:41 +00:00
Adam Shih	3f1c23ad58	rewrite hbmsv app This app has different sources for every device Bug: 196916111 Test: boot to home Change-Id: Iccbdc94eb68c03a5e7b5f1081e802b29c11cb5b0	2021-09-17 12:46:12 +08:00
Adam Shih	256795caa7	review SSR app Bug: 198532074 Test: boot with SSR app labeled Change-Id: I7fd0765ffdcc5632be1c91a28de25c6e1e531e26	2021-09-14 04:00:15 +00:00
Adam Shih	95cc78f004	review ofl_app Bug: 198532074 Test: boot with ofl app labeled correctly Change-Id: Ic00207c063e6c8771c2c6b077169ae1d25c77225	2021-09-08 12:17:23 +08:00
Adam Shih	89923acb04	review radio app Bug: 198532074 Test: boot with app correctly labeled Change-Id: Iba1f5c949052fafca8e629aba24484a7705f3f21	2021-09-08 11:27:34 +08:00
Adam Shih	948098bcd6	review hal_radioext_default Bug: 198532074 Test: boot with hal_radioext_default started Change-Id: I083fd55749f0d82cabe527e7fa611ad2633d0ecd	2021-09-08 10:54:34 +08:00
Adam Shih	aef3b66218	review con_monitor bug: 198532074 Test: boot with the app labeled Change-Id: I1d268c292603aabb25e5e626f442b39a7ad7b4e7	2021-09-06 11:31:36 +08:00
Adam Shih	2fc26d0a5e	refactor ims app Bug: 198532074 Test: boot with those apps labeled correctly Change-Id: I15c559551b7af8a9688b4e489b6daeba032da308	2021-09-06 11:24:37 +08:00
Adam Shih	e1db507a06	review cbrs app Bug: 198107733 Test: boot with app launched. Change-Id: I6e32a4ff04f84bba42060bffadf82466f1c7a749	2021-08-30 13:30:56 +08:00
Adam Shih	c2582ecc01	review dmd sepolicy Bug: 196916111 Test: boot with dmd launched successfully Change-Id: Ic962ab09dcd7697c27f9b2ab68400a0060573888	2021-08-18 09:46:29 +08:00

39 commits