Taeju Park
b51c7acf6d
Allow accessing power_policy sysfs node for GPU am: dc99069f1e
am: 127bdb6c52
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17147970
Change-Id: Idfa7938b5c99f8c5447d5d38b2892c7f41b5ea2c
2022-03-10 10:50:57 +00:00
Taeju Park
28666f9c91
Allow accessing power_policy sysfs node for GPU am: dc99069f1e
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17147970
Change-Id: I4d6d6f91d20ee796557f0341fd0553b2a880dbb4
2022-03-10 10:27:29 +00:00
Taeju Park
127bdb6c52
Allow accessing power_policy sysfs node for GPU am: dc99069f1e
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17147970
Change-Id: Ie859536806978c4e9edca66601bd1a99572c7b87
2022-03-10 10:26:57 +00:00
Taeju Park
dc99069f1e
Allow accessing power_policy sysfs node for GPU
...
Bug: 223440487
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: Iae2e4a0dc8d474d04200e79b4b4014010eedb147
2022-03-10 10:03:59 +00:00
Darren Hsu
bea4cd8551
sepolicy: label wakeup source for usbc port am: ab8e1fdc58
am: c3524aa570
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17129070
Change-Id: Iabd3c7db52dea253016624ba2ffb9d354cf33e00
2022-03-10 06:53:36 +00:00
Darren Hsu
c3524aa570
sepolicy: label wakeup source for usbc port am: ab8e1fdc58
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17129070
Change-Id: I719c86ff9275562322fa1a8741e45f038d813e7c
2022-03-10 06:32:26 +00:00
Darren Hsu
ddba63c8e1
sepolicy: label wakeup source for usbc port am: ab8e1fdc58
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17129070
Change-Id: I5d7a5c785a47406a692e76c5b5ac1f063be4f562
2022-03-10 06:31:58 +00:00
Darren Hsu
ab8e1fdc58
sepolicy: label wakeup source for usbc port
...
Bug: 223475365
Test: run vts -m SuspendSepolicyTests
Change-Id: I2116c5f4fd19c5995f1612d593532cc7e065a560
Signed-off-by: Darren Hsu <darrenhsu@google.com>
2022-03-10 11:29:15 +08:00
Adam Shih
28d56b9f45
Remove obsolete sepolicy am: e989d0087a
am: e2bfc6f47f
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17130105
Change-Id: Ic8047d68612de73e05398a268119aeff670c4a92
2022-03-09 09:24:29 +00:00
Adam Shih
52c687855b
Remove obsolete sepolicy am: e989d0087a
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17130105
Change-Id: Icc23b10b61b23b9a78cd867f6c6105cc91873594
2022-03-09 08:58:27 +00:00
Adam Shih
e2bfc6f47f
Remove obsolete sepolicy am: e989d0087a
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17130105
Change-Id: I1fd83076b7693667b95055e0feef410344720934
2022-03-09 08:57:02 +00:00
Adam Shih
e989d0087a
Remove obsolete sepolicy
...
Bug: 207300335
Test: do bugreport without relevant error log showing up
Change-Id: I38e4544c59c49543e746775ec686874ee8ae2473
2022-03-09 08:14:24 +00:00
Darren Hsu
024cc5351d
sepolicy: fix VTS failure for SuspendSepolicyTests am: 284b775f21
am: 971ad610df
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118583
Change-Id: I77728bab265ee7459f43b2c2ba00ea14ddd1ab83
2022-03-09 06:21:03 +00:00
Darren Hsu
541e5a1bec
sepolicy: fix VTS failure for SuspendSepolicyTests am: 284b775f21
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118583
Change-Id: Iadc3284119120be092462d2769bf2ce0a4e0bf2d
2022-03-09 05:57:35 +00:00
Darren Hsu
971ad610df
sepolicy: fix VTS failure for SuspendSepolicyTests am: 284b775f21
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118583
Change-Id: I2c33087c2413db910e3ad4968be605dbc10c6ccf
2022-03-09 05:56:22 +00:00
Darren Hsu
284b775f21
sepolicy: fix VTS failure for SuspendSepolicyTests
...
Label the common parent wakeup path instead of each
individual wakeup source to avoid bloating the genfs
contexts.
Bug: 221174227
Test: run vts -m SuspendSepolicyTests
Change-Id: I38e3a349af04f83e63735ea7ca010cf634c2f1ab
2022-03-09 05:29:09 +00:00
SalmaxChang
c9e43b03e3
incident: Fix avc errors am: 1f72ffdec6
am: e0e47e1d51
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17129066
Change-Id: I4d0e9bf5ce5984918e8aea22deb111ccf6de6a31
2022-03-09 05:20:03 +00:00
sukiliu
114cfa428b
Update avc error on ROM 8268341 am: b82a5ab98b
am: 82778d58cc
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118587
Change-Id: Icdb610a1595b7a1676058f5a01c75a1f6e89a11f
2022-03-09 05:19:51 +00:00
SalmaxChang
e0e47e1d51
incident: Fix avc errors am: 1f72ffdec6
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17129066
Change-Id: I70701611ef3193e945f8f3fb6fb18707ac2ddf36
2022-03-09 05:04:17 +00:00
SalmaxChang
8e6d8aca0a
incident: Fix avc errors am: 1f72ffdec6
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17129066
Change-Id: If23a5eadf674fb9dab7fb852d1509e5ff78d0c81
2022-03-09 05:03:25 +00:00
SalmaxChang
1f72ffdec6
incident: Fix avc errors
...
avc: denied { use } for comm="incident" dev="dm-47" ino=10911 scontext=u:r:incident:s0 tcontext=u:r:logger_app:s0:c239,c256,c512,c768 tclass=fd
avc: denied { append } for dev="dm-7" ino=12639 scontext=u:r:incident:s0 tcontext=u:object_r:media_rw_data_file:s0:c30,c257,c512,c768 tclass=file
Bug: 222209243
Change-Id: I9e622e2af1a036eab818cd2b66c07b137fe9cc99
2022-03-09 04:55:08 +00:00
sukiliu
ab0ae93203
Update avc error on ROM 8268341 am: b82a5ab98b
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118587
Change-Id: I3a08a7839302128d7660777a2607e6a87074a2d2
2022-03-09 04:53:32 +00:00
sukiliu
82778d58cc
Update avc error on ROM 8268341 am: b82a5ab98b
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118587
Change-Id: I9b5926633555e0cfb2af2a92db05ac2c05bdf4ad
2022-03-09 04:51:53 +00:00
sukiliu
b82a5ab98b
Update avc error on ROM 8268341
...
Bug: 223332748
Bug: 208721808
Test: PtsSELinuxTestCases
Change-Id: Ie3c6fdb9c8f29cac41db2750e71d3163132d4951
2022-03-09 04:25:38 +00:00
Michael Eastwood
6c5f5af3fb
Update SELinux policy to allow camera HAL to send Perfetto trace packets am: 07bf62c387
am: 4724d39907
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17080874
Change-Id: I08eafa3a554e983f7d66cb0f05bf4d3c1c43e804
2022-03-09 02:15:28 +00:00
SalmaxChang
14126ff3f3
dumpstate: Grant to access media_rw_data_file am: db1196932e
am: ea7d1c1e1a
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17106207
Change-Id: Ic9c598226c737a788753b79209b42c71513d04af
2022-03-09 02:15:22 +00:00
Michael Eastwood
078d751e2b
Update SELinux policy to allow camera HAL to send Perfetto trace packets am: 07bf62c387
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17080874
Change-Id: If2b35a0f557847e3bebd2dd38b870e8f75b6253f
2022-03-09 01:51:08 +00:00
SalmaxChang
84bbdaa270
dumpstate: Grant to access media_rw_data_file am: db1196932e
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17106207
Change-Id: If843f9e5abe481b4ad49e340381ecd38fe995810
2022-03-09 01:51:02 +00:00
Michael Eastwood
4724d39907
Update SELinux policy to allow camera HAL to send Perfetto trace packets am: 07bf62c387
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17080874
Change-Id: Ib655baa67317b7da8f9b8cea62d7e93c87461dc2
2022-03-09 01:49:54 +00:00
SalmaxChang
ea7d1c1e1a
dumpstate: Grant to access media_rw_data_file am: db1196932e
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17106207
Change-Id: I8b415b700c0a3253776e934a1fa073c54fb16e38
2022-03-09 01:49:49 +00:00
Michael Eastwood
07bf62c387
Update SELinux policy to allow camera HAL to send Perfetto trace packets
...
Example denials:
03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr
aced:s0 tclass=fd permissive=1
03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext
=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:
object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
Bug: 222684359
Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto.
Change-Id: I443e84c5bcc701c1c983db19280719655ff02080
2022-03-09 01:29:20 +00:00
SalmaxChang
db1196932e
dumpstate: Grant to access media_rw_data_file
...
avc: denied { append } for comm="binder:1426_9" dev="dm-43" ino=15392 scontext=u:r:dumpstate:s0 tcontext=u:object_r:media_rw_data_file:s0:c232,c256,c512,c768 tclass=file permissive=0
Bug: 222209243
Change-Id: I38efe11117c15f99ad1bce54cafbd0f3b038eff2
2022-03-08 04:57:26 +00:00
Adam Shih
23312cd72d
init: change overlayfs_file rule to dontaudit am: 47b4ca882d
am: 1797d3c16a
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17102583
Change-Id: Ibbfa21fcda34a142e6d15323672de2e97482e8f9
2022-03-07 22:32:10 +00:00
Adam Shih
2e18f20056
init: change overlayfs_file rule to dontaudit am: 47b4ca882d
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17102583
Change-Id: I5d0bbc490eb3ef4f1fc3f8fd0ceaec8c361705b3
2022-03-07 22:10:44 +00:00
Adam Shih
1797d3c16a
init: change overlayfs_file rule to dontaudit am: 47b4ca882d
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17102583
Change-Id: I57c63f5fdcd3f97e1fe8788031842b395ff63b6f
2022-03-07 22:09:48 +00:00
Adam Shih
47b4ca882d
init: change overlayfs_file rule to dontaudit
...
Workaround for modem_img being unlabeled after disable-verity.
Bug: 193113005
Bug: 221384981
Test: remount with no avc error
Change-Id: Ie2479470c095f4ee2a9508714565b1088a8d7dce
2022-03-07 21:39:11 +00:00
Ruofei Ma
3b586d3fe6
[automerger skipped] Allow mediacodec_google to access secure dma heap am: 67e8f968b2
am: a9bdff3482
-s ours
...
am skip reason: Merged-In I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009 with SHA-1 67e8f968b2
is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17084044
Change-Id: Iec8f108b5010a637b29f870a9e4811066d8570a6
2022-03-07 20:17:47 +00:00
Ruofei Ma
a9bdff3482
Allow mediacodec_google to access secure dma heap am: 67e8f968b2
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17084044
Change-Id: Ib949c42ff406ae58148154d6c7d8100293ab0050
2022-03-07 19:42:45 +00:00
Ruofei Ma
ac80df1872
[automerger skipped] Allow mediacodec_google to access secure dma heap am: 67e8f968b2
-s ours
...
am skip reason: Merged-In I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009 with SHA-1 e239561061
is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17084044
Change-Id: I24a79b8815bd128f95b4fc0c17caac324d2c6555
2022-03-07 19:40:15 +00:00
Ruofei Ma
67e8f968b2
Allow mediacodec_google to access secure dma heap
...
The change is for following error:
HwBinder:867_1: type=1400 audit(0.0:9): avc: denied { read } for
name="vframe-secure" dev="tmpfs" ino=425 scontext=u:r:mediacodec_google:s0
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0
tclass=chr_file permissive=0
Bug:221500257
Change-Id: I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009
(cherry picked from commit e239561061
)
Merged-In: I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009
2022-03-07 19:13:35 +00:00
Ray Chi
5f05099e62
Allow hal_usb_gadget_impl to access proc_irq am: 455c3c1653
am: 2fd433348f
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041067
Change-Id: If1b05627324722b6b97370beb6fd23817b9bf0f8
2022-03-07 08:29:19 +00:00
Ray Chi
ee3ddad840
Allow hal_usb_gadget_impl to access proc_irq am: 455c3c1653
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041067
Change-Id: I4b223ff4282fce938d27ee1c35e5130b387f4efb
2022-03-07 08:08:59 +00:00
Ray Chi
2fd433348f
Allow hal_usb_gadget_impl to access proc_irq am: 455c3c1653
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041067
Change-Id: I7391e7c65ce2bd2b79bb8fcbf3ffb2a4eb2041ed
2022-03-07 08:07:43 +00:00
Ray Chi
455c3c1653
Allow hal_usb_gadget_impl to access proc_irq
...
Bug: 220996010
Test: build pass
Change-Id: Id9a9adbdc921629b6e89d0850dd8acaf76b1a891
2022-03-07 11:18:28 +08:00
Tommy Chiu
df872eb420
sepolicy: add permissions to let recovery wipe citadel am: 94995cd0d3
am: ba00764692
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17071752
Change-Id: I298bbfe10202de42fc540a100ea4bcd9f63dcb4d
2022-03-07 01:12:03 +00:00
Tommy Chiu
e8ee3d3789
sepolicy: add permissions to let recovery wipe citadel am: 94995cd0d3
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17071752
Change-Id: I0e86ea1a8a5aa49cf78b6892a0e895c7b759cd57
2022-03-07 00:49:12 +00:00
Tommy Chiu
ba00764692
sepolicy: add permissions to let recovery wipe citadel am: 94995cd0d3
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17071752
Change-Id: Ibc606f4def81adfbf1182d083c9bdb034025d550
2022-03-07 00:47:59 +00:00
Tommy Chiu
94995cd0d3
sepolicy: add permissions to let recovery wipe citadel
...
This gives recovery the ability to remove user data from citadel in the
same manner as issuing a `fastboot -w` does. This doesn't allow for
resetting FRP data, just user data.
audit: type=1400 audit(1646379959.016:9): avc: denied { getattr } for
pid=348 comm="recovery" path="/dev/gsc0" dev="tmpfs" ino=754
scontext=u:r:recovery:s0 tcontext=u:object_r:citadel_device:s0
tclass=chr_file permissive=0
Bug: 222005928
Change-Id: Ia6113999aecacbbbb31d7a8659a45c0e5a0db2c9
2022-03-07 00:24:55 +00:00
Tri Vo
f24a32c5c2
Don't audit storageproxyd unlabeled access am: 9fe6aa97af
am: b2f8313c88
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072560
Change-Id: I39081f31ef8f3885227a6fc16a4c39bdd018c5d0
2022-03-04 18:28:58 +00:00
Tri Vo
b2f8313c88
Don't audit storageproxyd unlabeled access am: 9fe6aa97af
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072560
Change-Id: Ied191c3251cbfddeb9acb4c952d83d897c5c7ecd
2022-03-04 18:07:19 +00:00