Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2474 commits 1 branch 0 tags 63 MiB
Commit graph

2474 commits

This branch
This branch
All branches
Author SHA1 Message Date
Roshan Pius
046601d414 gs-policy: Remove obsolete uwb vendor service rules 
This service no longer exists in the UCI stack.

Bug: 186585880
Test: Manual UWB tests
Change-Id: I279824be6f51470364ad61833b797aa23cbea859
 2022-03-21 09:18:28 -07:00
Sam Dubey
a494fa5a99 Temporarily don't audit init for modem_img_file am: b92095e322 am: c84e42d3c9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17268031

Change-Id: I654b3a8013673c61336f52bcc40dcfdd9eda7c70
 2022-03-21 09:01:09 +00:00
Sam Dubey
c84e42d3c9 Temporarily don't audit init for modem_img_file am: b92095e322 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17268031

Change-Id: Ib2e377cc811fb8f4a589fb184b8c0dd12bf8be2b
 2022-03-21 08:43:21 +00:00
Sam Dubey
b5d69e961f Temporarily don't audit init for modem_img_file am: b92095e322 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17268031

Change-Id: Ica96cf300d8b47387c95220e5571118c8d2789c2
 2022-03-21 08:41:15 +00:00
Mason Wang
500e7624e9 vendor_init: Fix touch avc denial of high_sensitivity. 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-21 07:32:49 +00:00
Sam Dubey
b92095e322 Temporarily don't audit init for modem_img_file 
Change-Id: I2c9c788119b20b8a37e71a971997f16a7fe6165b
Fix: 225279974
 2022-03-21 04:42:13 +00:00
yixuanjiang
22cbebd97a audio: sync aocdump setting from gs101 am: 9206ceb227 am: 5143119a16 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17248005

Change-Id: I2e1c65a30673c6327ea53b31f7d3904c16ff365f
 2022-03-21 03:01:58 +00:00
yixuanjiang
5143119a16 audio: sync aocdump setting from gs101 am: 9206ceb227 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17248005

Change-Id: Id7c3c9f2606fe13023a72744230adc6c7ebcc66b
 2022-03-21 02:26:21 +00:00
yixuanjiang
322733ed38 audio: sync aocdump setting from gs101 am: 9206ceb227 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17248005

Change-Id: I10e973862521a98a6e6c75781f1c474390eed175
 2022-03-21 02:25:56 +00:00
yixuanjiang
9206ceb227 audio: sync aocdump setting from gs101 
Bug: 225309469
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: Ia9be16c74de666c945d76ca514423b030c0f90d0
 2022-03-21 02:08:55 +00:00
Mason Wang
2af25c514e [automerger skipped] vendor_init: Fix touch avc denial of high_sensitivity.[DO NOT MERGE] am: 296823785d am: ae166c90eb -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17229066

Change-Id: I268608821e39e87d3b7a5b86a9bc5e2724f1a998
 2022-03-18 06:44:24 +00:00
Mason Wang
ae166c90eb vendor_init: Fix touch avc denial of high_sensitivity.[DO NOT MERGE] am: 296823785d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17229066

Change-Id: I5fd10c80b5a1911818334615c4c900b858a4dae7
 2022-03-18 06:22:19 +00:00
Mason Wang
4891389afe [automerger skipped] vendor_init: Fix touch avc denial of high_sensitivity.[DO NOT MERGE] am: 296823785d -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17229066

Change-Id: I00d0b00c5564091bfce7b1b05ea3d69cfb681875
 2022-03-18 06:21:38 +00:00
Mason Wang
296823785d vendor_init: Fix touch avc denial of high_sensitivity.[DO NOT MERGE] 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-17 10:01:37 +00:00
George Lee
937f5cec07 health: Add sysfs_thermal access am: 2cc598cc9b am: 6548900ffe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17164869

Change-Id: Ia5bf090927849d2949470fc51fac34c3c8c9ede8
 2022-03-17 06:31:45 +00:00
George Lee
6548900ffe health: Add sysfs_thermal access am: 2cc598cc9b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17164869

Change-Id: I92b98ee674757c4f68ea5626bff3ac9e18d9df93
 2022-03-17 05:27:52 +00:00
George Lee
c73fa1acfe health: Add sysfs_thermal access am: 2cc598cc9b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17164869

Change-Id: I2d335b082919b55a430782de9b79f7037a846af1
 2022-03-17 05:27:23 +00:00
George Lee
2cc598cc9b health: Add sysfs_thermal access 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 223928339
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I6077e841d179b6cda50d578e584dd249ce970db0
 2022-03-17 04:55:59 +00:00
Adam Shih
e0c07357d8 reject mnt_vendor_file access in user ROM am: bedd866505 am: 66f8cc7ba0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17213986

Change-Id: I9a957138941a2791e2a293942b32c0a059232bda
 2022-03-16 09:55:13 +00:00
Adam Shih
66f8cc7ba0 reject mnt_vendor_file access in user ROM am: bedd866505 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17213986

Change-Id: Id9efbf8949047e65c36ccf33a465189aa3be6302
 2022-03-16 09:29:29 +00:00
Adam Shih
22e6a7bfbf reject mnt_vendor_file access in user ROM am: bedd866505 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17213986

Change-Id: Ia7298a8cf2cb6a601fd86ff2ab640e6b69aa92b8
 2022-03-16 09:29:16 +00:00
Adam Shih
bedd866505 reject mnt_vendor_file access in user ROM 
Bug: 224429437
Test: android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I318f11866f7b9c6cc0b7ecf151f789f35ab290cd
 2022-03-16 14:08:09 +08:00
Denny cy Lee
5133ffe91f Sepolicy: add pixelstats/HardwareInfo sepolicy am: 38c2803c54 am: cf97709e3e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118585

Change-Id: I4b166d6ca643ecd09329c6f5ee193556bc998367
 2022-03-15 03:40:06 +00:00
Darren Hsu
3b308e0f73 sepolicy: reorder genfs labels for system suspend am: 6d25430600 am: ef2662e4b8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17149073

Change-Id: Id0bbcf19bf7bb4f99467e4cc708d48d0d435f30c
 2022-03-15 03:39:57 +00:00
Denny cy Lee
cf97709e3e Sepolicy: add pixelstats/HardwareInfo sepolicy am: 38c2803c54 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118585

Change-Id: I4188f44a34d19106ddfa4664d38e0950a4d9dcfc
 2022-03-15 03:16:24 +00:00
Denny cy Lee
1c087c848d Sepolicy: add pixelstats/HardwareInfo sepolicy am: 38c2803c54 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118585

Change-Id: Ida863d602f166dddecfd540eb354c38a8ebd0c09
 2022-03-15 03:16:12 +00:00
Darren Hsu
ef2662e4b8 sepolicy: reorder genfs labels for system suspend am: 6d25430600 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17149073

Change-Id: I1d560b9316d343a6354704b1602643880fd20882
 2022-03-15 03:15:39 +00:00
Darren Hsu
356fb92bb2 sepolicy: reorder genfs labels for system suspend am: 6d25430600 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17149073

Change-Id: Id01fb5bad47786a03ef5562f14d7df6dc6856448
 2022-03-15 03:15:02 +00:00
Denny cy Lee
38c2803c54 Sepolicy: add pixelstats/HardwareInfo sepolicy 
avc denials to fix (after apply ag/17120763)
[   50.171564] type=1400 audit(1647222380.884:28): avc: denied { read } for comm="pixelstats-vend" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
[   54.519375] type=1400 audit(1647222385.228:29): avc: denied { read } for comm="id.hardwareinfo" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 app=com.google.android.hardwareinfo

Bug: 222019890
Test: manually check debug logcat
Change-Id: I0e4f3f3a66783383b0d1327cec4dcd145ae9a7af
 2022-03-15 03:09:18 +00:00
Darren Hsu
6d25430600 sepolicy: reorder genfs labels for system suspend 
Bug: 223683748
Test: check bugreport without relevant avc denials
Change-Id: I295d3dfb96cc87e8faaf16f949918445cc3a0d44
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-15 02:52:48 +00:00
Roshan Pius
e1e3f59a21 gs-sepolicy(uwb): Changes for new UCI stack am: c5710ad18e am: 54840dce7d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17002833

Change-Id: I5da7f3dd9988bb379e2e4c96249ff45a3bda18ac
 2022-03-14 17:04:08 +00:00
Roshan Pius
459f4ce3aa gs-sepolicy(uwb): Allow uwb hal permission to net_admin am: 5ddc8be4f4 am: b27000aab9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17092573

Change-Id: I71ed20b827e1f8729f77795543fc7c964562b550
 2022-03-14 17:03:53 +00:00
Roshan Pius
54840dce7d gs-sepolicy(uwb): Changes for new UCI stack am: c5710ad18e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17002833

Change-Id: Ie20b0208354b16ebd1da8b5334836fad50adbe1a
 2022-03-14 16:40:52 +00:00
Roshan Pius
a0c6282ebe gs-sepolicy(uwb): Changes for new UCI stack am: c5710ad18e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17002833

Change-Id: I3c21d7203b751ca6a7bed8f231b9f19f2d7d6173
 2022-03-14 16:40:48 +00:00
Roshan Pius
b27000aab9 gs-sepolicy(uwb): Allow uwb hal permission to net_admin am: 5ddc8be4f4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17092573

Change-Id: Ie187d9ecdea4c00c4f08bd2d1dea82ce3ffd9a5e
 2022-03-14 16:40:40 +00:00
Roshan Pius
72007fbc44 gs-sepolicy(uwb): Allow uwb hal permission to net_admin am: 5ddc8be4f4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17092573

Change-Id: I283505cd2a3a50810b546fa3345aa63b7a0222da
 2022-03-14 16:40:37 +00:00
Roshan Pius
c5710ad18e gs-sepolicy(uwb): Changes for new UCI stack 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Bug: 204718220
Bug: 206045367
Test: Manual Tests
Change-Id: Ib0456617d0f5cf116d11a9412f47f36e2b8df570
 2022-03-14 16:09:02 +00:00
Roshan Pius
5ddc8be4f4 gs-sepolicy(uwb): Allow uwb hal permission to net_admin 
This was alloed under gs101-sepolicy. There is an ongoing discussion on
how to resolve this for the long term in b/190461440. But, without this
uwb functionality is broken on new devices.

Bug: 206045367
Bug: 222194886
Change-Id: I6729352f2b7bb93b01990a790e62aa69f60342fe
 2022-03-14 16:09:02 +00:00
Tim Lin
c325ec9aca ril: dump radio hal from user build. am: e42c7120dd am: a5cb956b5a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17155484

Change-Id: I64ff1017c167076c42f93be7475a21842a325953
 2022-03-14 11:51:05 +00:00
Tim Lin
a5cb956b5a ril: dump radio hal from user build. am: e42c7120dd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17155484

Change-Id: I4b32ed5c0e662d424eb562589a9cf5b38ca04a1a
 2022-03-14 11:17:19 +00:00
Tim Lin
f4de3d67e9 ril: dump radio hal from user build. am: e42c7120dd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17155484

Change-Id: I65afb8a98149d2e782edd16bbbf2ccc4eb456a67
 2022-03-14 11:17:12 +00:00
Tim Lin
e42c7120dd ril: dump radio hal from user build. 
To get radio hal debug info on user build as we do on previous Pixels.

Bug: 221391981
Test: Trigger bugreport on USERDEBUG with dumpstate.unroot set
to true and check IRadio log

Change-Id: I354d5770272b518761db4aab8da726de97e472bb
 2022-03-14 10:49:07 +00:00
Chungjui Fan
82efa59fb5 sepolicy: allow fastbootd to access gsc device node am: e02f501377 am: a0f0f1e049 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17157683

Change-Id: I8e6d53c215fa9129db2030c011895924456d8a28
 2022-03-14 05:39:42 +00:00
Chungjui Fan
b68cbdf4c8 sepolicy: allow fastbootd to access gsc device node am: e02f501377 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17157683

Change-Id: I7a81fba2eb15464614d294d7aaf5e5667b57e665
 2022-03-14 05:18:51 +00:00
Chungjui Fan
a0f0f1e049 sepolicy: allow fastbootd to access gsc device node am: e02f501377 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17157683

Change-Id: I4234b878168d327657f3114bf96da9e6f056334e
 2022-03-14 05:17:37 +00:00
Chungjui Fan
e02f501377 sepolicy: allow fastbootd to access gsc device node 
audit: type=1400 audit(1646614793.912:8): avc:  denied  { getattr }
for pid=347 comm="fastbootd" path="/dev/gsc0" dev="tmpfs" ino=469
scontext=u:r:fastbootd:s0 tcontext=u:object_r:citadel_device:s0
tclass=chr_file permissive=0

Bug: 221410358
Test: fastboot -w in fastbootd mode
Change-Id: I5680515865c2656ffa91dfe593459aab1ade81cb
Signed-off-by: Chungjui Fan <chungjuifan@google.com>
 2022-03-14 04:47:31 +00:00
Ramji Jiyani
30ce6f42f3 dumpstate: Remove do not audit for /system_dlkm am: cec1d2a769 am: 3b53f750cd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17180360

Change-Id: I5acc30ad207c7940758baba44150f7b3705e5f78
 2022-03-14 04:25:37 +00:00
Ramji Jiyani
b3d20badcf dumpstate: Remove do not audit for /system_dlkm am: cec1d2a769 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17180360

Change-Id: Ib7e5de5db8aee96742905df9ac46aacc6ed81770
 2022-03-14 04:03:56 +00:00
Ramji Jiyani
3b53f750cd dumpstate: Remove do not audit for /system_dlkm am: cec1d2a769 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17180360

Change-Id: I2e71cdc8d343e82a83cf40c5aa6d653458c16625
 2022-03-14 04:02:45 +00:00
Ramji Jiyani
cec1d2a769 dumpstate: Remove do not audit for /system_dlkm 
FixedBy: http://aosp/2022375
Bug: 223332748
Test: atest SELinuxHostTest#testNoBugreportDenials
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I46e427cccec27118fad4440dc6822196d26f4a1b
 2022-03-13 18:32:07 -07:00