Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1232 commits 1 branch 0 tags 63 MiB
Commit graph

580 commits

Author SHA1 Message Date
Anthony Stange
ede5e0944a Add BT HAL SELinux policy 
Bug: 193474802
Test: presubmits
Change-Id: I0ce730c119b60fdfec6e31dea88f5edbf69048ed
 2022-04-04 15:55:43 +00:00
Taesoon Park
b215763c9c Add permission to access vendor.ims property to vendor ims app am: 9211922e70 am: 6409f46ba8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17465256

Change-Id: Ifb8229ab57ffdb15420d92f6f24c116a13573379
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-01 02:10:00 +00:00
Taesoon Park
9211922e70 Add permission to access vendor.ims property to vendor ims app 
Vendor IMS Service read a SystemProperty starts with
persist.vendor.ims prefix, but it does not have a permission to
access it.
This change create a permission to access the SystemProperties start
with 'persist.vendor.ims.' prefix from vendor ims service.

Bug: 204714230
Test: Test results in b/225430461#comment40 enabling the property

Signed-off-by: Taesoon Park <ts89.park@samsung.com>
Change-Id: Ied50f377a3069eac65836ea999dfe021f4e4ed5d
 2022-04-01 01:19:26 +00:00
chungkai
ec14f07ee1 sched: move sysfs to procfs am: 2dc6f70afc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17500884

Change-Id: I4910c36d52b42bd2e800890c34b19136587b4191
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-31 07:23:28 +00:00
chungkai
2dc6f70afc sched: move sysfs to procfs 
Modify name from sysfs_vendor_sched to proc_vendor_sched

Test: without avc denial
Bug: 216207007
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ieb829e96ac1db2a1aa28fc416182450d128cac5c
 2022-03-31 07:00:20 +00:00
Ocean Chen
7a2a70daeb sepolicy: add smart_idle_maint_enabled_prop for pixelstats am: b36cf348d0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17149390

Change-Id: I17c3de914774d744b3b0d0e3000c96a840c1354b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-31 03:24:47 +00:00
Ocean Chen
b36cf348d0 sepolicy: add smart_idle_maint_enabled_prop for pixelstats 
pixelstats get this sysprop hit the avc denied
persist.device_config.storage_native_boot.smart_idle_maint_enabled

pixelstats-vend: type=1400 audit(0.0:22): avc: denied { read }
for name="u:object_r:device_config_storage_native_boot_prop:s0"
dev="tmpfs" ino=171 scontext=u:r:pixelstats_vendor:s0
tcontext=u:object_r:device_config_storage_native_boot_prop:s0
tclass=file permissive=0

Bug: 215443809
Test: local build and run pixelstats

Signed-off-by: Ocean Chen <oceanchen@google.com>
Change-Id: Iedb4fa00c5e18cda6c799c3461bf8298bcf357eb
 2022-03-31 03:02:47 +00:00
SalmaxChang
85617f4e3b hal_dumpstate_default: fix avc error am: 8e9be24a81 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17500885

Change-Id: I2ace04d3dc6e7b52ab5160a98ba5ce9fd828e4aa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-31 02:31:43 +00:00
SalmaxChang
8e9be24a81 hal_dumpstate_default: fix avc error 
avc: denied { search } for comm="dumpstate@1.1-s" name="modem_stat" dev="dm-42" ino=328 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:modem_stat_data_file:s0 tclass=dir

Bug: 227424943
Change-Id: I44e2337129e814ed176ac270ae6c35e34089aa74
 2022-03-31 02:15:19 +00:00
Ray Chi
035c81b8df Revert "add sepolicy for set_usb_irq.sh" am: 3fdb24bdc1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17464004

Change-Id: I886d7f2afe80798d4166ee7a9edc7697bcf4c94e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-30 05:00:19 +00:00
Ray Chi
3fdb24bdc1 Revert "add sepolicy for set_usb_irq.sh" 
This reverts commit 6733f9667d.

Bug: 225789036
Test: build pass
Change-Id: If43c8db71c737d509b1dfd098503f564a06bf046
 2022-03-29 15:45:30 +08:00
Kris Chen
72403141aa Allow hal_fingerprint_default to access sysfs_display am: 32f2e4b0e7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17395784

Change-Id: Ib80d12143916976b7f9617773e1e2d0f95a84466
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-29 02:05:35 +00:00
Kris Chen
32f2e4b0e7 Allow hal_fingerprint_default to access sysfs_display 
Fix the following avc denial:
avc: denied { read } for name="panel_name" dev="sysfs" ino=71133 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=0

Bug: 223687187
Test: build and test fingerprint on device.
Change-Id: Ief1ccc7e2fa6b8b4dc1ecbd6d446cc49ee3936ce
 2022-03-29 01:39:32 +00:00
Minchan Kim
56fb8cb807 sepolicy: allow dump page_pinner am: 3496931400 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17410608

Change-Id: Id4385572ff9f2fc059d351c817a764f5a4f0574d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 16:53:16 +00:00
Minchan Kim
3496931400 sepolicy: allow dump page_pinner 
Provide necessary sepolicy for dumpreport to access page_pinner
information in /sys/kernel/debug/page_pinner/{longterm_pinner,
alloc_contig_failed}

Bug: 226956571
Test: Run "adb bugreport <zip>" and verify it contains the output
      from page_pinner.
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I7b00d4930fbaa2061537cd8c84616c1053c829cf
 2022-03-28 16:35:02 +00:00
Omer Osman
f79916c309 Add hidraw device and Dynamic Sensor SE Linux policy am: e5cc5f7937 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17286308

Change-Id: I05d2debd765c63b99ecf9c66d91782dbc842ca43
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 02:05:20 +00:00
Omer Osman
e5cc5f7937 Add hidraw device and Dynamic Sensor SE Linux policy 
Test: Incoming HID data from Pixel Buds

Change-Id: I77489100e13d892fb7d3a7cee9734de044795dec
 2022-03-27 23:26:29 +00:00
Lucas Wei
cb6545146a Label vendor_kernel_boot with boot_block_device for OTA updating am: ab9ec22267 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17291643

Change-Id: I866f30a7ebd0aed08b44da70a2638b6f59cf8e38
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 09:11:37 +00:00
Lucas Wei
ab9ec22267 Label vendor_kernel_boot with boot_block_device for OTA updating 
Label with boot_block_device to allow further operations on
vendor_kernel_boot including OTA updating.

This is required for update_engine to be able to write to
vendor_kernel_boot on builds that are enforcing sepolicy.

Bug: 214409109
Signed-off-by: Lucas Wei <lucaswei@google.com>
Change-Id: If239690ee168ecfd5c5b755451e389a4523c79b8
 2022-03-25 08:55:00 +00:00
Darren Hsu
cfad5ee6a1 Allow hal_power_stats to read sysfs_aoc_dumpstate am: 85710448f3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17351092

Change-Id: I7b7048296e3304eae213939e5648e20039e9acd0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 07:19:34 +00:00
Darren Hsu
85710448f3 Allow hal_power_stats to read sysfs_aoc_dumpstate 
avc: denied { read } for comm="android.hardwar" name="restart_count"
dev="sysfs" ino=72823 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs_aoc_dumpstate:s0 tclass=file permissive=0

Bug: 226173008
Test: check bugreport without avc denials
Change-Id: I35d886dd05fdad821e38810fd848c7f451893e3f
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-03-25 06:59:34 +00:00
Chris Kuiper
ffebbdcd34 Add rules to allow Sensor HAL write access to als_table am: 967571ee60 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17368888

Change-Id: Id038f0254f2c69e917c88cb2da0aa8f47b6861f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 00:20:47 +00:00
Chris Kuiper
967571ee60 Add rules to allow Sensor HAL write access to als_table 
Sensor HAL needs write access to
/sys/class/backlight/panel0-backlight/als_table.

Bug: 226435017
Test: Observing logs
Change-Id: Idb592d601b92c6814493e0d28384e1013935b72f
 2022-03-25 00:00:19 +00:00
chungkai
3eba3a1004 sched: move sysfs to procfs am: 4fa67857c3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17346963

Change-Id: I9152300c03241a0f025002c8325298b2412bbae4
 2022-03-24 18:16:44 +00:00
chungkai
4fa67857c3 sched: move sysfs to procfs 
Modify name from sysfs_vendor_sched to proc_vendor_sched

Test: without avc denial
Bug: 216207007
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I96dc6eb76dd533ff6fd54c27be7e4bc32bf5dbc7
 2022-03-24 17:44:37 +00:00
Holmes Chou
91e48d04e6 camera: use codename for camera modules am: e0b06b9cbd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17071590

Change-Id: I316371a838cb4ed83103a9be3675bae736a6e570
 2022-03-24 13:38:04 +00:00
Holmes Chou
e0b06b9cbd camera: use codename for camera modules 
use codename for camera modules
Bug: 209866857
Test: GCA, adb logcat

Change-Id: I55f6998d18a904c83ecdf328d1b0e5ca6a01427f
 2022-03-24 13:11:16 +00:00
Adam Shih
3244ceef37 enforce debugfs constraint on userdebug build am: de2696eb72 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17342326

Change-Id: I9017b4539131e88f31580127042cf26908137aed
 2022-03-24 04:10:57 +00:00
Adam Shih
de2696eb72 enforce debugfs constraint on userdebug build 
Bug: 225815474
Test: build pass
Change-Id: If9e32d4b67c342b56eea39701518a520a62df199
 2022-03-24 01:05:18 +00:00
Yabin Cui
02c1ef8b85 Add SOC specific ETM sysfs paths 
Bug: 225403280
Test: run profcollectd on c10
Change-Id: I10c8d250cf88b371ee573561d6678fc24f4e440c
Merged-In: I10c8d250cf88b371ee573561d6678fc24f4e440c
 2022-03-23 19:45:48 +00:00
SalmaxChang
3ae795cf8b modem_svc_sit: fix avc error am: ae6f085676 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17314904

Change-Id: I0962f68685aaabc68f74fd001c2b5edcc92ac10e
 2022-03-23 05:33:00 +00:00
SalmaxChang
cf09620f3c vendor_init: fix avc error am: 6dd3de7813 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17291644

Change-Id: Ic7d9db340241626de5f9852e4ddc01bbf6c8b84b
 2022-03-23 05:32:52 +00:00
George Lee
17981f9fc0 health: Grant sysfs_thermal access to health 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 226009696
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I8d112cb12f3aeb1c8d5433ca69415d0413f070a2
Merged-In: I4d9491862ff1bcc88f89b1478497ac569e3d1df1
 2022-03-23 05:30:33 +00:00
SalmaxChang
ae6f085676 modem_svc_sit: fix avc error 
avc: denied { write } for comm="modem_svc_sit" name="modem_stat" dev="dm-46" ino=333 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 225149029
Change-Id: Id1045d9488a200b6c64abbe02cf5e65926ba0203
 2022-03-23 05:13:29 +00:00
Yabin Cui
278d110fba Add SOC specific ETM sysfs paths 
Bug: 225403280
Test: run profcollectd on c10
Change-Id: I10c8d250cf88b371ee573561d6678fc24f4e440c
 2022-03-22 16:53:23 +00:00
SalmaxChang
6dd3de7813 vendor_init: fix avc error 
avc: denied { getattr } for comm="init" name="/" dev="sda19" ino=2 scontext=u:r:vendor_init:s0 tcontext=u:object_r:modem_img_file:s0 tclass=filesystem permissive=0

Bug: 225151104
Change-Id: I508aa6b85039edc4b5a8746aaa602f1131768630
 2022-03-22 07:57:59 +00:00
Kris Chen
a312c79491 Allow hal_fingerprint_default to access fwk_sensor_hwservice am: 997b8974ef 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17288686

Change-Id: I68502cce84067dd230bec8e4b02491b5f6bb79fd
 2022-03-22 03:59:50 +00:00
Kris Chen
997b8974ef Allow hal_fingerprint_default to access fwk_sensor_hwservice 
Fix the following avc denial:
avc:  denied  { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_fingerprint_default:s0 pid=1258 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 197789721
Test: build and test fingerprint on device.
Change-Id: I7494f28e69e5a1b660dc7fbaa528b1088048723b
(cherry picked from commit 9b54bf3665abce7a6f5f5df22069a8ef081ad80e)
 2022-03-22 03:39:35 +00:00
Roshan Pius
8eae925778 gs-policy: Remove obsolete uwb vendor service rules am: 046601d414 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17294749

Change-Id: I5562c289af945a110b2be5280170e0a5b948f6b4
 2022-03-22 03:29:57 +00:00
Peter Csaszar
466adbb2da pixel-selinux: Port PRO SJTAG policies to tm-dev 
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface for WHI-PRO-based devices, now migrated to the
tm-dev branch. The files are in the following directories:

  /sys/devices/platform/sjtag_ap/interface/
  /sys/devices/platform/sjtag_gsa/interface/

Bug: 207571417
Bug: 224022297
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Merged-in: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
Change-Id: I56da5763c31ab098859cbc633660897646fe7f3e
 2022-03-22 03:17:40 +00:00
Roshan Pius
046601d414 gs-policy: Remove obsolete uwb vendor service rules 
This service no longer exists in the UCI stack.

Bug: 186585880
Test: Manual UWB tests
Change-Id: I279824be6f51470364ad61833b797aa23cbea859
 2022-03-21 09:18:28 -07:00
Mason Wang
500e7624e9 vendor_init: Fix touch avc denial of high_sensitivity. 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-21 07:32:49 +00:00
Mason Wang
296823785d vendor_init: Fix touch avc denial of high_sensitivity.[DO NOT MERGE] 
Fixed following avc denial:
avc: denied { write } for name="high_sensitivity" dev="proc" ino=4026534550 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
//The file node is proc/focaltech_touch/high_sensitivity


Bug: 199105136
Test: Verify pass by checking device log are w/o above errors while
switching setting/display/increase touch sensitivity.

Change-Id: I8dbe4190056767407413082580320593292725fe
 2022-03-17 10:01:37 +00:00
George Lee
c73fa1acfe health: Add sysfs_thermal access am: 2cc598cc9b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17164869

Change-Id: I2d335b082919b55a430782de9b79f7037a846af1
 2022-03-17 05:27:23 +00:00
George Lee
2cc598cc9b health: Add sysfs_thermal access 
health-service has trouble accessing /dev/thermal.  This change fixes
this.

Bug: 223928339
Test: dev/thermal/tz-by-name/soc/mode error:Permission denied no longer
exist
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I6077e841d179b6cda50d578e584dd249ce970db0
 2022-03-17 04:55:59 +00:00
Adam Shih
22e6a7bfbf reject mnt_vendor_file access in user ROM am: bedd866505 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17213986

Change-Id: Ia7298a8cf2cb6a601fd86ff2ab640e6b69aa92b8
 2022-03-16 09:29:16 +00:00
Adam Shih
bedd866505 reject mnt_vendor_file access in user ROM 
Bug: 224429437
Test: android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I318f11866f7b9c6cc0b7ecf151f789f35ab290cd
 2022-03-16 14:08:09 +08:00
Denny cy Lee
1c087c848d Sepolicy: add pixelstats/HardwareInfo sepolicy am: 38c2803c54 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17118585

Change-Id: Ida863d602f166dddecfd540eb354c38a8ebd0c09
 2022-03-15 03:16:12 +00:00
Darren Hsu
356fb92bb2 sepolicy: reorder genfs labels for system suspend am: 6d25430600 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17149073

Change-Id: Id01fb5bad47786a03ef5562f14d7df6dc6856448
 2022-03-15 03:15:02 +00:00
Denny cy Lee
38c2803c54 Sepolicy: add pixelstats/HardwareInfo sepolicy 
avc denials to fix (after apply ag/17120763)
[   50.171564] type=1400 audit(1647222380.884:28): avc: denied { read } for comm="pixelstats-vend" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
[   54.519375] type=1400 audit(1647222385.228:29): avc: denied { read } for comm="id.hardwareinfo" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 app=com.google.android.hardwareinfo

Bug: 222019890
Test: manually check debug logcat
Change-Id: I0e4f3f3a66783383b0d1327cec4dcd145ae9a7af
 2022-03-15 03:09:18 +00:00