Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2474 commits 1 branch 0 tags 63 MiB
Commit graph

2474 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tri Vo
c4e4e45c43 Don't audit storageproxyd unlabeled access am: 9fe6aa97af 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072560

Change-Id: I61b7cabc61d1e6aa286390a90c0b5b8d04f6c35a
 2022-03-04 18:07:05 +00:00
Tri Vo
9fe6aa97af Don't audit storageproxyd unlabeled access 
Test: m sepolicy
Bug: 197502330
Change-Id: Ibe7292dc659dd454d3c842f6c48d2d90bc77117d
 2022-03-04 17:45:38 +00:00
Adam Shih
afd0fe1d97 remove obsolete code after SELinux is enforced am: 9ba4c9120d am: 9817dff3d6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17076606

Change-Id: I1f331b7772f4c2696e046dda290352d41e5c62f0
 2022-03-04 09:34:59 +00:00
Adam Shih
ba54c02dae remove obsolete code after SELinux is enforced am: 9ba4c9120d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17076606

Change-Id: I11026c637a65f3c34a09a4852305ca7d1bc7bc2f
 2022-03-04 09:13:53 +00:00
Adam Shih
9817dff3d6 remove obsolete code after SELinux is enforced am: 9ba4c9120d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17076606

Change-Id: I9a3cc9a9fd9e67d4dc59d9a93040e538c63844f5
 2022-03-04 09:12:13 +00:00
Adam Shih
9ba4c9120d remove obsolete code after SELinux is enforced 
Bug: 207720645
Bug: 208527900
Bug: 208721673
Bug: 205072922
Test: boot with no relevant errors
Change-Id: I68931cc24c55beea52c246a06f268ea2be7d1ecf
 2022-03-04 08:47:59 +00:00
Midas Chien
2818690b9b Allow composer to read panel_idle_handle_exit sysfs node am: bef935f43d am: 8d4bd895eb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005599

Change-Id: Iedf4175dab78e4ca9af08b10aae1f2d98ef19e35
 2022-03-04 07:45:10 +00:00
Midas Chien
07be5a9e09 Allow composer to read panel_idle_handle_exit sysfs node am: bef935f43d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005599

Change-Id: Ib3a236dbb535e41050b3535c0e8e8c7e6ac3431a
 2022-03-04 07:22:59 +00:00
Midas Chien
8d4bd895eb Allow composer to read panel_idle_handle_exit sysfs node am: bef935f43d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005599

Change-Id: I8669fb4aee3b42dd8b1b9e62aa6220f33b627580
 2022-03-04 07:21:53 +00:00
Midas Chien
bef935f43d Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Change-Id: I5e6c5036a946417c782f1389f4423cce69c4df77
 2022-03-04 06:55:04 +00:00
millerliang
3d5df2e177 Fix AAudio avc denied am: 801b87fe71 am: 68e9f1eda3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052084

Change-Id: I8a2559c151525f2e593114dd4eb9796484d7a3db
 2022-03-04 06:40:45 +00:00
Adam Shih
003f35e2f6 grant bugreport access to camera debug system property am: 1616b97465 am: 32040ce078 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17071447

Change-Id: Ia13316d88043d7f1c3e50db548c56425358a4aa8
 2022-03-04 06:40:12 +00:00
millerliang
620c3df5ca Fix AAudio avc denied am: 801b87fe71 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052084

Change-Id: I3e1c7e2aa3e21ca17e0258598f832a392b13004a
 2022-03-04 06:20:31 +00:00
Adam Shih
2ac8aadf75 grant bugreport access to camera debug system property am: 1616b97465 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17071447

Change-Id: I1984811f41d0b7e40efd2cd166bdf57e9f212a7e
 2022-03-04 06:20:18 +00:00
millerliang
68e9f1eda3 Fix AAudio avc denied am: 801b87fe71 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052084

Change-Id: If2469a66fe436e6183912d7a43a005f4900accdf
 2022-03-04 06:19:06 +00:00
Adam Shih
32040ce078 grant bugreport access to camera debug system property am: 1616b97465 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17071447

Change-Id: Ie1362e9f46201122818b21355022368d3d383799
 2022-03-04 06:18:39 +00:00
millerliang
801b87fe71 Fix AAudio avc denied 
I auditd  : type=1400 audit(0.0:35): avc:
denied { map } for comm="binder:896_4" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=1138 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0

E SELinux : avc:  denied  { find } for pid=887 uid=1041 name=audio
scontext=u:r:audioserver:s0 tcontext=u:object_r:audio_service:s0
tclass=service_manager permissive=0

Bug: 222191260
Test: Flash TH ROM and test it by the following command
Test: test_steal_exclusive -c0

Signed-off-by: millerliang <millerliang@google.com>
Change-Id: I8ea6741f3682b568de089d040d511b68938374ab
 2022-03-04 06:14:55 +00:00
Adam Shih
1616b97465 grant bugreport access to camera debug system property 
Bug: 221384770
Test: do bugreport without seeing relevant error
Change-Id: Ie27ac5f2c6e13ec31ccec2adb11762dacab1fbdf
 2022-03-04 05:58:20 +00:00
Jack Yu
bdcdaecc8f Allow platform_app to access Nfc service am: 450f61d51b am: 0a4921d8ea 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17049976

Change-Id: I00b0602f68ce7f0a979b7b0fa7efb9de9381f81e
 2022-03-04 03:46:09 +00:00
Jack Yu
0a4921d8ea Allow platform_app to access Nfc service am: 450f61d51b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17049976

Change-Id: I444b7cd68f067ad4490f975884d05bd7fab81189
 2022-03-04 03:11:59 +00:00
Jack Yu
2adfcd0067 Allow platform_app to access Nfc service am: 450f61d51b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17049976

Change-Id: I2c36dcaa473827137e3cd1c44553f93ae9c6392a
 2022-03-04 03:11:28 +00:00
Jack Yu
450f61d51b Allow platform_app to access Nfc service 
Fix selinux denial below.
avc:  denied  { find } for pid=11183 uid=10224 name=nfc
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:nfc_service:s0 tclass=service_manager
permissive=0

Bug: 222387662
Test: build pass
Change-Id: If97d8141acab23b4e13ea65ce28589195ef7ad9e
 2022-03-04 02:46:29 +00:00
Jinting Lin
f8e707d628 Allow modem diagnostic app to access default prop am: c3612c7097 am: b95ad92096 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072663

Change-Id: I524ae98f67e4f3c859e3528d6886318d8147084e
 2022-03-04 02:17:05 +00:00
Jinting Lin
b463b5aa9f Allow modem diagnostic app to access default prop am: c3612c7097 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072663

Change-Id: If23f46cc3e47c9496310bd9081d0a7461e49eee0
 2022-03-04 01:56:04 +00:00
Jinting Lin
b95ad92096 Allow modem diagnostic app to access default prop am: c3612c7097 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17072663

Change-Id: Iba2f39b55334d40dc8339433b0b955dc29f1be80
 2022-03-04 01:54:47 +00:00
Jinting Lin
c3612c7097 Allow modem diagnostic app to access default prop 
log:
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.google.mds

Bug: 222509956
Change-Id: I50302b38f074e3f1a078ee48896154353e0937b6
 2022-03-04 01:35:39 +00:00
Ruofei Ma
e239561061 Allow mediacodec_google to access secure dma heap 
The change is for following error:
HwBinder:867_1: type=1400 audit(0.0:9): avc: denied { read } for
name="vframe-secure" dev="tmpfs" ino=425 scontext=u:r:mediacodec_google:s0
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0
tclass=chr_file permissive=0

Bug:221500257

Change-Id: I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009
 2022-03-04 01:21:32 +00:00
Devin Moore
7bff4ad858 [automerger skipped] Add the init_boot partition sepolicy am: ac44b340d3 am: 6ce3b8a590 -s ours 
am skip reason: Merged-In Ic991fa314c8a6fdb848199a626852a68a57d1df5 with SHA-1 ac44b340d3 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17070163

Change-Id: Ia7aed68cf3e0783b60b5879d782e621f314f3518
 2022-03-03 20:54:31 +00:00
Devin Moore
6ce3b8a590 Add the init_boot partition sepolicy am: ac44b340d3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17070163

Change-Id: If8db325971ac8ecd1d3ae318ab942df98bc847d8
 2022-03-03 20:30:36 +00:00
Devin Moore
bfb5875873 [automerger skipped] Add the init_boot partition sepolicy am: ac44b340d3 -s ours 
am skip reason: Merged-In Ic991fa314c8a6fdb848199a626852a68a57d1df5 with SHA-1 b3a10db9d6 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17070163

Change-Id: If2c578b3c59cc42c44d34255cee3a252de6ca405
 2022-03-03 20:30:18 +00:00
Devin Moore
ac44b340d3 Add the init_boot partition sepolicy 
Tagging the partition as a boot_block_device so everything that had
permission to read/write to the boot partition now also has permissions
for this new init_boot partition.

This is required for update_engine to be able to write to init_boot on
builds that are enforcing sepolicy.

Bug: 222052598
Test: adb shell setenforce 1 && update_device.py ota.zip

Merged-In: Ic991fa314c8a6fdb848199a626852a68a57d1df5
Change-Id: Ic991fa314c8a6fdb848199a626852a68a57d1df5
 2022-03-03 20:01:09 +00:00
Robb Glasser
3f56033179 Add hal_graphics_composer_default to sensors sepolicy. am: 990294708f am: 3bd74d90b2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17051308

Change-Id: I629dc58eaf6f9b09cb35f0eafc7b1878ecdf63da
 2022-03-03 19:35:45 +00:00
Robb Glasser
44953b58b3 Add hal_graphics_composer_default to sensors sepolicy. am: 990294708f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17051308

Change-Id: Idf592c4d84da206ddc8cd6ed64d0f23c57d02717
 2022-03-03 19:11:54 +00:00
Robb Glasser
3bd74d90b2 Add hal_graphics_composer_default to sensors sepolicy. am: 990294708f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17051308

Change-Id: I692867ec79753dbd0c4f3909d26549d51c5e8f7d
 2022-03-03 19:11:41 +00:00
Robb Glasser
990294708f Add hal_graphics_composer_default to sensors sepolicy. 
Bug: 221396170
Test: No avc denial.

Change-Id: I23299524dec50d8c589c6acc9da8b3c8c3399f97
 2022-03-03 18:42:58 +00:00
Devin Moore
b3a10db9d6 Add the init_boot partition sepolicy 
Tagging the partition as a boot_block_device so everything that had
permission to read/write to the boot partition now also has permissions
for this new init_boot partition.

This is required for update_engine to be able to write to init_boot on
builds that are enforcing sepolicy.

Bug: 222052598
Test: adb shell setenforce 1 && update_device.py ota.zip

Change-Id: Ic991fa314c8a6fdb848199a626852a68a57d1df5
 2022-03-03 17:14:41 +00:00
Nishok Kumar S
a8c8d9f1be Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe am: dd3de4d24e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: I566cbdca0bbe6aa0aa2936983534c4b076391fe4
 2022-03-03 04:54:17 +00:00
Nishok Kumar S
dd3de4d24e Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: If5cbce0c7a2489272853813e915a58560e1cfe86
 2022-03-03 04:30:16 +00:00
Nishok Kumar S
f91a98467c Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: Ie637dc2f227d20fcd7b82ae4d9bf45708e995dfa
 2022-03-03 04:30:14 +00:00
Nishok Kumar S
e95f5edafe Allow camera HAL and GCA to access Aurora GXP device. 
The camera HAL and Google Camera App
need selinux permission to run workloads on Aurora DSP. This
change adds the selinux rules too allow these clients to
access the GXP device and load firmware onto DSP cores
in order to execute workloads on DSP.

Bug: 220086991
Test: Verified that the camera HAL service and GCA app is able to access the GXP device and load GXP firmware.
Change-Id: I1bd327cfbe5b37c88154acda54bf6c396e939289
 2022-03-03 04:02:33 +00:00
Robert Lee
fcd5a53861 Fix selinux error for aocd am: 129ef29bc8 am: fd043e784a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: Id4fbde99b2a48ecb455edd7de6d0712e41dd3b39
 2022-03-03 03:16:07 +00:00
Robert Lee
f5fb96dd9d Fix selinux error for aocd am: 129ef29bc8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: I0fa5066a5278676cb68ab2b53d7f60f03c7546c3
 2022-03-03 02:53:34 +00:00
Robert Lee
fd043e784a Fix selinux error for aocd am: 129ef29bc8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17050631

Change-Id: I12907f22900800c745b69d263208dae82f0b4d4d
 2022-03-03 02:52:11 +00:00
Robert Lee
129ef29bc8 Fix selinux error for aocd 
allow write permission to fix following error
auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm="aocd" name="aoc" dev="tmpfs" ino=497 scontext=u:r:aocd:s0 tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=0

Bug: 198490099
Test: no avc deny when enable no_ap_restart
Change-Id: I06dc99f1a5859589b33f89ce435745d15e2e5749
Signed-off-by: Robert Lee <lerobert@google.com>
 2022-03-03 02:22:53 +00:00
Siddharth Kapoor
c0e662dc27 Add libgpudataproducer as sphal am: 2d43200489 am: dbefffd54b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I8b89645d0ae235a1ca48be49f98dabbef737d4df
 2022-03-03 01:59:27 +00:00
Jinting Lin
a7dc4f5973 Fix avc denied for slsi engineermode app am: 94d7f6cce6 am: b0cb6083a9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: Ia04f584defd026f8bf29b1cc8ad053b646452ee2
 2022-03-03 01:58:51 +00:00
Siddharth Kapoor
1869966388 Add libgpudataproducer as sphal am: 2d43200489 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I95227f77d2c276dc630f21ada38efdc34d58cdb2
 2022-03-03 01:26:48 +00:00
Siddharth Kapoor
dbefffd54b Add libgpudataproducer as sphal am: 2d43200489 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17052905

Change-Id: I92c4b3a7dee9578980ca4850e744921782ea16f8
 2022-03-03 01:24:36 +00:00
Jinting Lin
b0cb6083a9 Fix avc denied for slsi engineermode app am: 94d7f6cce6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: I300f01cc8f98c7b740f327ef655dfcd5648b13ca
 2022-03-03 01:24:31 +00:00
Jinting Lin
1714417845 Fix avc denied for slsi engineermode app am: 94d7f6cce6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17041066

Change-Id: Ifa1e8c56273b69f8fbfcdb4be95fe3924e4df0aa
 2022-03-03 01:23:20 +00:00