Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1232 commits 1 branch 0 tags 63 MiB
Commit graph

118 commits

Author SHA1 Message Date
chungkai
695bbd5671 genfs_contexts: fix path for i2c peripheral device am: fb466b4915 am: d2e0a2ef5e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17521224

Change-Id: I51f8bbb9f6bd068f9ec1aa51cb6b1e3902535e0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-08 03:38:00 +00:00
chungkai
cd880aa0e6 genfs_contexts: fix path for i2c peripheral device am: fb466b4915 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17521224

Change-Id: I9d6ae44e3c1d28b670796dc87e193281f9699c76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-08 02:53:20 +00:00
chungkai
fb466b4915 genfs_contexts: fix path for i2c peripheral device 
paths are changed when we enable parallel module loading and
reorder the initializtaion of devices.

Test: without avc denial
Bug: 227541760
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Icd74392e0684ac5614a83d14b936be880148f919
 2022-04-08 02:20:26 +00:00
Jeremy DeHaan
249213ddb6 Update selinux policy for display information am: 18f8d933ab am: 573cc8efc5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17599695

Change-Id: Icfc31a38101cd898fd1812fd6645a2a35d02ec88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-06 19:42:56 +00:00
Jeremy DeHaan
18f8d933ab Update selinux policy for display information 
Two new sysfs nodes were added to sysfs_display type and permission to
access sysfs_display nodes was added for the dumpstate service. This
allows display information to be captured during bug report generation.

Bug: 225376485
Test: Manual - ran 'adb bugreport'
Change-Id: Ib121b0b21aa326e791e67c5bd24b3e70979a554c
 2022-04-06 18:51:45 +00:00
Minchan Kim
56fb8cb807 sepolicy: allow dump page_pinner am: 3496931400 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17410608

Change-Id: Id4385572ff9f2fc059d351c817a764f5a4f0574d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 16:53:16 +00:00
Minchan Kim
3496931400 sepolicy: allow dump page_pinner 
Provide necessary sepolicy for dumpreport to access page_pinner
information in /sys/kernel/debug/page_pinner/{longterm_pinner,
alloc_contig_failed}

Bug: 226956571
Test: Run "adb bugreport <zip>" and verify it contains the output
      from page_pinner.
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I7b00d4930fbaa2061537cd8c84616c1053c829cf
 2022-03-28 16:35:02 +00:00
Chris Kuiper
ffebbdcd34 Add rules to allow Sensor HAL write access to als_table am: 967571ee60 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17368888

Change-Id: Id038f0254f2c69e917c88cb2da0aa8f47b6861f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 00:20:47 +00:00
Chris Kuiper
967571ee60 Add rules to allow Sensor HAL write access to als_table 
Sensor HAL needs write access to
/sys/class/backlight/panel0-backlight/als_table.

Bug: 226435017
Test: Observing logs
Change-Id: Idb592d601b92c6814493e0d28384e1013935b72f
 2022-03-25 00:00:19 +00:00
Yabin Cui
02c1ef8b85 Add SOC specific ETM sysfs paths 
Bug: 225403280
Test: run profcollectd on c10
Change-Id: I10c8d250cf88b371ee573561d6678fc24f4e440c
Merged-In: I10c8d250cf88b371ee573561d6678fc24f4e440c
 2022-03-23 19:45:48 +00:00
George Lee
17981f9fc0 health: Grant sysfs_thermal access to health 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 226009696
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I8d112cb12f3aeb1c8d5433ca69415d0413f070a2
Merged-In: I4d9491862ff1bcc88f89b1478497ac569e3d1df1
 2022-03-23 05:30:33 +00:00
Yabin Cui
278d110fba Add SOC specific ETM sysfs paths 
Bug: 225403280
Test: run profcollectd on c10
Change-Id: I10c8d250cf88b371ee573561d6678fc24f4e440c
 2022-03-22 16:53:23 +00:00
Peter Csaszar
466adbb2da pixel-selinux: Port PRO SJTAG policies to tm-dev 
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface for WHI-PRO-based devices, now migrated to the
tm-dev branch. The files are in the following directories:

  /sys/devices/platform/sjtag_ap/interface/
  /sys/devices/platform/sjtag_gsa/interface/

Bug: 207571417
Bug: 224022297
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Merged-in: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
Change-Id: I56da5763c31ab098859cbc633660897646fe7f3e
 2022-03-22 03:17:40 +00:00
Mason Wang
500e7624e9 vendor_init: Fix touch avc denial of high_sensitivity. 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-21 07:32:49 +00:00
Mason Wang
296823785d vendor_init: Fix touch avc denial of high_sensitivity.[DO NOT MERGE] 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-17 10:01:37 +00:00
George Lee
c73fa1acfe health: Add sysfs_thermal access am: 2cc598cc9b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17164869

Change-Id: I2d335b082919b55a430782de9b79f7037a846af1
 2022-03-17 05:27:23 +00:00
George Lee
2cc598cc9b health: Add sysfs_thermal access 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 223928339
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I6077e841d179b6cda50d578e584dd249ce970db0
 2022-03-17 04:55:59 +00:00
Darren Hsu
356fb92bb2 sepolicy: reorder genfs labels for system suspend am: 6d25430600 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17149073

Change-Id: Id01fb5bad47786a03ef5562f14d7df6dc6856448
 2022-03-15 03:15:02 +00:00
Darren Hsu
6d25430600 sepolicy: reorder genfs labels for system suspend 
Bug: 223683748
Test: check bugreport without relevant avc denials
Change-Id: I295d3dfb96cc87e8faaf16f949918445cc3a0d44
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-15 02:52:48 +00:00
Taeju Park
28666f9c91 Allow accessing power_policy sysfs node for GPU am: dc99069f1e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17147970

Change-Id: I4d6d6f91d20ee796557f0341fd0553b2a880dbb4
 2022-03-10 10:27:29 +00:00
Taeju Park
dc99069f1e Allow accessing power_policy sysfs node for GPU 
Bug: 223440487
Signed-off-by: Taeju Park <taeju@google.com>
Change-Id: Iae2e4a0dc8d474d04200e79b4b4014010eedb147
 2022-03-10 10:03:59 +00:00
Darren Hsu
ddba63c8e1 sepolicy: label wakeup source for usbc port am: ab8e1fdc58 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17129070

Change-Id: I5d7a5c785a47406a692e76c5b5ac1f063be4f562
 2022-03-10 06:31:58 +00:00
Darren Hsu
ab8e1fdc58 sepolicy: label wakeup source for usbc port 
Bug: 223475365
Test: run vts -m SuspendSepolicyTests
Change-Id: I2116c5f4fd19c5995f1612d593532cc7e065a560
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-10 11:29:15 +08:00
Darren Hsu
541e5a1bec sepolicy: fix VTS failure for SuspendSepolicyTests am: 284b775f21 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118583

Change-Id: Iadc3284119120be092462d2769bf2ce0a4e0bf2d
 2022-03-09 05:57:35 +00:00
Darren Hsu
284b775f21 sepolicy: fix VTS failure for SuspendSepolicyTests 
Label the common parent wakeup path instead of each
individual wakeup source to avoid bloating the genfs
contexts.

Bug: 221174227
Test: run vts -m SuspendSepolicyTests
Change-Id: I38e3a349af04f83e63735ea7ca010cf634c2f1ab
 2022-03-09 05:29:09 +00:00
Midas Chien
07be5a9e09 Allow composer to read panel_idle_handle_exit sysfs node am: bef935f43d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005599

Change-Id: Ib3a236dbb535e41050b3535c0e8e8c7e6ac3431a
 2022-03-04 07:22:59 +00:00
Midas Chien
bef935f43d Allow composer to read panel_idle_handle_exit sysfs node 
Change panel_idle_exit_handle selinux type to sysfs_display to allow
composer to access it.

Bug: 202182467
Test: ls -Z to check selinux type
Test: composer can access it in enforce mode
Change-Id: I5e6c5036a946417c782f1389f4423cce69c4df77
 2022-03-04 06:55:04 +00:00
Badhri Jagan Sridharan
fc08341bd6 android.hardware.usb.IUsb AIDL migration 
Cherry-pick of <775523d1eb>

android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

[   37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
[   39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
...
[   42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1
[   43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[   43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1'

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
Merged-In: Ia8c24610244856490c8271433710afb57d3da157
 2022-03-01 03:32:23 +00:00
YiHo Cheng
6a1e7e3340 thermal: Label tmu register dump sysfs am: be92764669 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17005600

Change-Id: I5d714128eacd3e64dc44baff1e6ad295a6bf61fe
 2022-03-01 01:51:51 +00:00
YiHo Cheng
be92764669 thermal: Label tmu register dump sysfs 
Allow dumpstate to access tmu register dump sysfs

[  174.114566] type=1400 audit(1645790696.920:13): avc: denied { read }
for comm="dumpstate@1.1-s" name="tmu_reg_dump_state" dev="sysfs"
ino=65178
 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
 tclass=file permissive=0
 [  174.115092] type=1400 audit(1645790696.920:14): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_reg_dump_current_temp" dev="sysfs"
 in
 o=65179 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115208] type=1400 audit(1645790696.920:15): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_rise_thres"
 dev="sysfs"
 ino=65180 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115398] type=1400 audit(1645790696.920:16): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_top_reg_dump_fall_thres"
 dev="sysfs"
 ino=65182 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 [  174.115498] type=1400 audit(1645790696.920:17): avc: denied { read }
 for comm="dumpstate@1.1-s" name="tmu_sub_reg_dump_rise_thres"
 dev="sysfs"
 ino=65181 scontext=u:r:hal_dumpstate_default:s0
 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 215040856
Test: check tmu register dump sysfs output in dumpstate
Change-Id: Ica48e37344a69264d4b4367af7856ec20b566a9e
 2022-03-01 01:24:00 +00:00
Badhri Jagan Sridharan
775523d1eb android.hardware.usb.IUsb AIDL migration 
android.hardware.usb.IUsb is migrated to AIDL and runs in
its own process. android.hardware.usb.gadget.IUsbGadget
is now published in its own exclusive process
(android.hardware.usb.gadget-service). Creating
file_context and moving the selinux linux rules
for IUsbGadget implementation.

[   37.177042] type=1400 audit(1645536157.528:3): avc: denied { wake_alarm } for comm="android.hardwar" capability=35 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   37.177139] type=1400 audit(1645536157.528:4): avc: denied { block_suspend } for comm="android.hardwar" capability=36 scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_usb_impl:s0 tclass=capability2 permissive=1
[   39.936357] type=1400 audit(1645536160.292:5): avc: denied { call } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
[   39.936403] type=1400 audit(1645536160.292:6): avc: denied { transfer } for comm="HwBinder:875_1" scontext=u:r:hal_usb_impl:s0 tcontext=u:r:hal_thermal_default:s0 tclass=binder permissive=1
...
[   42.845054] type=1400 audit(1645550991.268:8): avc: denied { read } for comm="HwBinder:860_1" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.877781] type=1400 audit(1645550991.268:9): avc: denied { open } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.915532] type=1400 audit(1645550991.268:10): avc: denied { getattr } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   42.962130] type=1400 audit(1645550991.268:11): avc: denied { map } for comm="HwBinder:860_1" path="/dev/__properties__/u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=351 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=1
[   43.003097] type=1400 audit(1645550991.268:12): avc: denied { watch watch_reads } for comm="HwBinder:860_1" path="/dev/usb-ffs/adb" dev="functionfs" ino=40814 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:functionfs:s0 tclass=dir permissive=1
[   43.024529] type=1400 audit(1645550991.268:13): avc: denied { write } for comm="HwBinder:860_1" name="property_service" dev="tmpfs" ino=376 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[   43.057605] type=1400 audit(1645550991.268:14): avc: denied { connectto } for comm="HwBinder:860_1" path="/dev/socket/property_service" scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   43.084549] type=1107 audit(1645550991.268:15): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.usb.dwc3_irq pid=860 uid=0 gid=0 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=property_service permissive=1'

Bug: 200993386
Change-Id: Ia8c24610244856490c8271433710afb57d3da157
 2022-02-25 00:51:26 +00:00
Darren Hsu
9b1d657510 Allow hal_power_stats to read UWB sysfs nodes am: 8f90cf5408 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986443

Change-Id: Iba1a0e7a804473c04b0ec9df05b5286dc316a68d
 2022-02-24 04:06:34 +00:00
Darren Hsu
8f90cf5408 Allow hal_power_stats to read UWB sysfs nodes 
Bug: 219369324
Test: Dump power stats and see no avc denials
Change-Id: Ib1ac15867f51069bef3f68e91bf65b842b7c0734
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-02-24 01:02:11 +00:00
Peter Csaszar
4041f814be pixel-selinux: add SJTAG policies 
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface. The files are in the following directories:

  /sys/devices/platform/sjtag_ap/interface/
  /sys/devices/platform/sjtag_gsa/interface/

Bug: 207571417
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Change-Id: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
 2022-02-17 12:31:09 -08:00
Midas Chien
c8c1f766d2 Allow composer to read panel_idle sysfs node 
Change panel_idle selinux type to sysfs_display to allow composer can
access it.

Bug: 198808492
Test: ls -Z to check selinux type
Test: make sure composer can access it
Change-Id: Ic2bd697c79b398b8093dd00598b1076e3ea3aec2
 2022-02-17 09:17:42 +00:00
Adam Shih
b2c284177a label sysfs_fabric to target_load 
[   11.149987] type=1400 audit(1644984050.124:9): avc: denied { open } for comm="NodeLooperThrea" path="/sys/devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load" dev="sysfs" ino=48615 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
Bug: 218500026
Test: boot with no error loop under enforcing mode

Change-Id: Ie2f78f8ee39233e0c1f83fc2ba654f4a116e12a4
 2022-02-16 13:01:30 +08:00
Alex Hong
9cc70410c5 Add required sepolicy rules for Camera function 
Bug: 218499972
Test: Switch to Enforcing mode
      Take a picture, camera recording
Change-Id: I57f3e8454ece6906624f028b7a3771ffddcaa963
 2022-02-11 03:26:56 +00:00
Denny cy Lee
92d0030e6a hardwareinfo: add sepolicy for SoC 
Bug: 208721710
Test: search avc in logcat

Change-Id: I3828d39981666db98e6a34aa70ae39b7f126e495
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2022-02-08 03:33:06 +00:00
Darren Hsu
89f14a9496 sepolicy: allow PowerStats HAL to access below sysfs 
aoc, acpm_stats, cpu, edgetpu, iio_devices, odpm, wifi and ufs

(All avc logs are listed in b/207598247#comment2)

Bug: 207062210
Bug: 207571335
Bug: 207720720
Bug: 207598247
Test: dump power stats with no relevant avc error
Change-Id: I9c99af2d06461a2f86ef02d76b3aa8ea669e58e9
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-01-24 02:05:11 +00:00
Adam Shih
f56dba1b24 be able to dump CPU info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: I14abe138b6ad4a842edb143318cc5d867d575ec3
 2022-01-20 14:11:25 +08:00
Adam Shih
36dc06e08a be able to dump debugfs info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: I4f7fc7a8f0029f1c1f398403d938bd6b7b96a43e
 2022-01-20 11:12:06 +08:00
joenchen
dd55e32ba1 Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 213299701
Test: Check the files label by "adb shell ls -Z"
Change-Id: I4c10582ec7dee516b54fb8aac77dafa825aaa93d
 2022-01-17 10:21:16 +00:00
linpeter
72dc78222f update display sepolicy 
Bug: 205073165
Bug: 205656937
Bug: 205779906
Bug: 205904436
Bug: 207062172
Bug: 208721526
Bug: 204718757
Bug: 205904380
Bug: 213133646

test: check avc denied with hal_graphics_composer_default, hbmsvmanager_app
Change-Id: I964a62fa6570fd9056b420efae7bf2fcbbe9fc9f
 2022-01-12 08:10:50 +00:00
TeYuan Wang
89bec046aa Label TMU as sysfs_thermal 
Bug: 202805103
Test: switch thermal tj property and check thermal threshold
Change-Id: Ie1d20912f6111cbb85c04fce5a39e2be803e530f
 2022-01-11 05:52:04 +00:00
Shiyong Li
a781d5020b consolidate display sysfs nodes into one context 
Bug: 209890345
Bug: 209705194
Test: check selinux denial info
Signed-off-by: Shiyong Li <shiyongli@google.com>
Change-Id: I208f84caf0cbcd18bb3da8004362e6f996cbaba5
 2022-01-05 01:31:58 +00:00
chungkai
7fe7e43582 Fix avc denials for powerhal 
Test: build pass
Bug: 208909174
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I565df75c22d66199e6966dfac4af2e19b88606a0
 2022-01-03 03:32:01 +00:00
Adam Shih
1fb766e7a3 update system_suspend wakeup files 
Bug: 209705335
Test: boot with no relevant errors
Change-Id: I8d9d9b72449319184167790859c655e0695c4c98
 2021-12-08 13:16:07 +08:00
Robb Glasser
3dad021ae8 Fix sensors hal selinux denials on C10. 
Bug: 205657063
Bug: 205780093
Bug: 204718449
Bug: 205904379
Bug: 207721033
Bug: 207062541
Bug: 208909175
Test: SELinuxTest#scanAvcDeniedLogRightAfterReboot on C10
Change-Id: I678ac355fc09da56bc7718c4d70fb40d4cd79de0
 2021-12-08 00:53:52 +00:00
davidycchen
262709f2ba allow hal_dumpstate_default to access touch sysfs node 
avc: denied { open } for comm="sh"
path="/sys/devices/platform/10d10000.spi/spi_master/spi0/spi0.0/
synaptics_tcm.0/sysfs/force_active" dev="sysfs" ino=89691
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1

Bug: 199104466
Test: trigger bugreport and check log.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: If35d651b2c8ca375f7f9cc36403eb02911912ebb
 2021-12-01 01:52:46 +00:00
Midas Chien
8cd52d9d33 Allowed PowerHAL service access Display node 
Bug: 207615889
Test: PowerHAL can access early_wakeup node in enforcing mode
Change-Id: I190e49f07c0c23c576a9fb8444ffb7c68eedf3ac
 2021-11-29 17:34:48 +00:00