Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1906 commits 1 branch 0 tags 63 MiB
Commit graph

1906 commits

This branch
This branch
All branches
Author SHA1 Message Date
chungkai
7fe7e43582 Fix avc denials for powerhal 
Test: build pass
Bug: 208909174
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I565df75c22d66199e6966dfac4af2e19b88606a0
 2022-01-03 03:32:01 +00:00
neoyu
8b48664bdc Fix SELinux errors for rild 
avc: denied { read } for comm="rild_exynos" name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1

Bug: 205073023
Test: manual
Change-Id: I2687c443b2830cf08210726f5b2e266c55793d41
 2021-12-30 05:44:38 +00:00
Ted Lin
66f8039b5d HardwareInfo: Add sepolicy for battery 
12-03 09:57:39.480  7907  7907 I id.hardwareinfo: type=1400 audit(0.0:11): avc: denied { getattr } for path="/sys/devices/platform/google,battery/power_supply/battery/serial_number" dev="sysfs" ino=66176 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
12-03 09:57:39.480  7907  7907 I id.hardwareinfo: type=1400 audit(0.0:10): avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/serial_number" dev="sysfs" ino=66176 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
12-03 09:57:39.480  7907  7907 I id.hardwareinfo: type=1400 audit(0.0:9): avc: denied { read } for name="serial_number" dev="sysfs" ino=66176 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1

Bug:208909060
Test: adb bugreport
Change-Id: Ide376401ada800718acf35db11ce79a5e63fe75d
Signed-off-by: Ted Lin <tedlin@google.com>
 2021-12-30 05:21:23 +00:00
neoyu
ad89088b6e Fix SELinux errors for rild 
avc: denied { call } for comm="rild_exynos" scontext=u:r:rild:s0 tcontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tclass=binder permissive=1
avc: denied { call } for comm="rild_exynos" scontext=u:r:rild:s0 tcontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tclass=binder permissive=1

Bug: 205904441
Test: manual
Change-Id: I02339f8d7ef7004091244c9c8708a759da05d751
 2021-12-28 14:32:42 +08:00
neoyu
186040a5e9 Fix SELinux errors for vendor_ims_app 
avc:  denied  { find } for pid=1813 uid=10213 name=isub scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1
avc: denied { call } for scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { transfer } for comm="nnon.imsservice" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { transfer } for scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { call } for comm="nnon.imsservice" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { call } for comm="ImsConnectivity" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice

Bug: 205780067
Bug: 205904439
Test: manual
Change-Id: I50b0861994f19801068a2559ac35521095a18339
 2021-12-27 11:58:43 +08:00
neoyu
02775432c2 Fix SELinux errors for vendor_rcs_app 
avc: denied { call } for comm="nnon.rcsservice" scontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.rcsservice
nnon.rcsservice: type=1400 audit(0.0:116): avc: denied { call } for scontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.rcsservice
avc: denied { transfer } for scontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.rcsservice
avc: denied { transfer } for comm="nnon.rcsservice" scontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.rcsservice

Bug: 205904435
Test: manual
Change-Id: Ia988e89ac3ccb543cefabfc289e446db09e01c2b
 2021-12-27 11:53:53 +08:00
Joel Galenson
7fd619a67c Include core policy OWNERS 
Test: None
Change-Id: Ic8704a9152985ed5046abc5abbd0890808b7fe95
 2021-12-21 07:37:30 -08:00
gwenlin
361962851f Add permission for binding rild and grilservice 
Bug: 208371668
Test: build
Change-Id: Ib5310032194fc4a13326db5002060a204d5f5b27
 2021-12-15 01:42:46 +00:00
Adam Shih
8edf4a3e83 update error on ROM 7993545 
Bug: 210363983
Bug: 210363938
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I41b6acd2513bc031efe128be8154b1e1aacfcd8b
 2021-12-13 11:45:44 +08:00
Adam Shih
233cdab535 update error on ROM 7987555 
Bug: 210067468
Bug: 210067282
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I921568297189f2c90951448a2f15f7fb8e597dfc
 2021-12-10 04:48:15 +00:00
chungkai
0d52e28b50 Fix avc denials for permissioncontroller_app 
avc: denied { search } for name="vendor_sched" dev="sysfs" ino=46151 scontext=u:r:permissioncontroller_app:s0:c240,c256,c512,c768
tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=dir permissive=1 app=com.google.android.permissioncontroller

Test: boot to home
Bug: 208909174
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I4fb27d02318459546eded3cf15da380d26477ef2
 2021-12-10 03:46:34 +00:00
Krzysztof Kosiński
deb9d361cd Add sepolicy for camera persist files. 
Bug: 208866457
Test: Verified label for /mnt/vendor/persist/camera on P10
Change-Id: Id4af051ea2e783bed7cabfd2be80bdac994a11ab
 2021-12-10 01:39:26 +00:00
Shiyong Li
8bae253501 allow android.hardware.power.stats-service.pixel to access display sysfs 
Fix the follwoing violations:
avc: denied { read } for name="state" dev="sysfs" ino=68654
scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_sensors:s0
tclass=file
...
avc: denied { open } for path=
"/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/state"
dev="sysfs" ino=68654 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs_sensors:s0 tclass=file

Bug: 209704948
Change-Id: Iad586164811457d09f6c0e81c67c0f217b77ccc2
Signed-off-by: Shiyong Li <shiyongli@google.com>
 2021-12-09 20:10:44 +00:00
Midas Chien
a4f16bf147 allow hwc to access sysfs_display 
Bug: 207615889
Test: check avc denials while hwc access early wakeup node
Change-Id: I453e50de739c31b1075f81fb4c1195a5dffd4d75
 2021-12-09 12:49:06 +00:00
Adam Shih
60633eef54 update error on ROM 7982728 
Bug: 209889068
Bug: 209890345
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I6177759eeaf641c0515db9f070a20c343ee740ac
 2021-12-09 11:02:26 +08:00
Adam Shih
6004d58760 label camera app 
Bug: 209329856
Test: boot with google camera's label changed
Change-Id: Iff83bf8f42f9e6f9588fc5f45852a11608dc4445
 2021-12-08 13:20:20 +08:00
Adam Shih
4820dcfdba make libraries app-reachable 
Bug: 209703854
Test: Boot with no relevant errors
Change-Id: I5f0d6ed1b578d1684c476bc07d81baaf91005bc6
 2021-12-08 13:17:52 +08:00
Adam Shih
1fb766e7a3 update system_suspend wakeup files 
Bug: 209705335
Test: boot with no relevant errors
Change-Id: I8d9d9b72449319184167790859c655e0695c4c98
 2021-12-08 13:16:07 +08:00
Adam Shih
82e4faa61a update error on ROM 7978521 
Bug: 209705194
Bug: 209704948
Bug: 209703854
Bug: 209705394
Bug: 209705335
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Id30e22a1d210f1aabdf8014cef5c5e009e00199c
 2021-12-08 11:08:02 +08:00
Robb Glasser
3dad021ae8 Fix sensors hal selinux denials on C10. 
Bug: 205657063
Bug: 205780093
Bug: 204718449
Bug: 205904379
Bug: 207721033
Bug: 207062541
Bug: 208909175
Test: SELinuxTest#scanAvcDeniedLogRightAfterReboot on C10
Change-Id: I678ac355fc09da56bc7718c4d70fb40d4cd79de0
 2021-12-08 00:53:52 +00:00
Adam Shih
ccabcd4a24 label telephony apps 
Bug: 208721636
Test: boot with error log changed from system_app to right ones
Change-Id: Ia65b2c8f1759866eca8fcd12dcbed4cedaa61ea2
 2021-12-06 11:27:22 +08:00
Adam Shih
d69e2703f5 dump hal_graphics_composer 
Bug: 208909191
Test: do bugreport with no relevant error logs
Change-Id: I5d89e6a1a40c856d8717d07040362aec5a88fa59
 2021-12-06 10:36:11 +08:00
Adam Shih
474da130f9 remove redundant bug 
incidentd always access all system property during permissive mode
Bug: 208721673
Test: do bugreport with no relevant logs

Change-Id: I0b5395ad5639980c0793744399d27b7eb4651afb
 2021-12-06 10:24:35 +08:00
Adam Shih
d3d316704e update error on ROM 7971030 
Bug: 209329856
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I2e0c33b1fae3fcaad2ead33406d656a8a538d90d
 2021-12-06 09:33:01 +08:00
Adam Shih
b466b688e0 update error on ROM 7964913 
Bug: 208909191
Bug: 208909124
Bug: 208909174
Bug: 208909175
Bug: 208909060
Bug: 208909270
Bug: 208909232
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I7e3edb49e5a191a2fc9e34f7232d754ecd2fed00
 2021-12-03 10:08:39 +08:00
Randall Huang
abc92ffabe fix vold selinux error 
Bug: 208721768
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I22060550896722e9c8eab4acdaf39dbeb12026ce
 2021-12-02 06:29:49 +00:00
George Chang
b2d162fda7 Fix SELinux error coming from hal_secure_element_uicc 
12-02 09:45:55.564   796   796 I secure_element@: type=1400 audit(0.0:3): avc: denied { call } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   11.030503] type=1400 audit(1638409555.564:3): avc: denied { call } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1

Bug: 208715886
Test: check avc
Change-Id: I701b36fbb58f1c071f1dbc394048dad467ac6c4c
 2021-12-02 06:17:22 +00:00
Roger Fang
ad3e880a3f sepolicy: Add suez audio sepolicy 
pixelstats-vend: type=1400 audit(0.0:30): avc: denied { read } for name="codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:31): avc: denied { open } for path="/sys/devices/platform/audiometrics/codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:32): avc: denied { getattr } for path="/sys/devices/platform/audiometrics/codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1

Bug: 206007421
Test: build passed and no avc deniel logs

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: Ib5f5dd248e276f470e213cc053728cbf70c20dbf
 2021-12-02 04:51:37 +00:00
Roger Fang
e25c4dca39 sepolicy: add permission for the hardware info putDsp function 
Bug: 202814070
Test: Manually test passed

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: I15b8fa09fddc89dcbe7893ef73fea72ac6ae63e4
 2021-12-02 04:51:17 +00:00
Adam Shih
cfbef530da update error on ROM 7961148 
Bug: 208721809
Bug: 208721525
Bug: 208721677
Bug: 208721526
Bug: 208721638
Bug: 208721505
Bug: 208721729
Bug: 208721710
Bug: 208721673
Bug: 208721679
Bug: 208721707
Bug: 208721808
Bug: 208721636
Bug: 208721768
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ida37756678645dea41d343ede41868ce717fe9da
 2021-12-02 11:24:28 +08:00
Adam Shih
390b8cfa91 update error on ROM 7961148 
Bug: 208715886
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I898382e65a8f321a07984c67cca642b9710d1612
 2021-12-02 09:52:57 +08:00
Adam Shih
316d846ac4 copy euiccpixel_app setting to gs201 
12-01 13:56:53.328  7682  7682 I Thread-2: type=1400 audit(0.0:44): avc: denied { map } for path="/dev/__properties__/u:object_r:dck_prop:s0" dev="tmpfs" ino=136 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:dck_prop:s0 tclass=file permissive=1 app=com.google.euiccpixel
There is only one source of code in
vendor/unbundled_google/packages/EuiccSupportPixelPrebuilt/Android.mk

Bug: 208527969
Test: no relevant error logs were found any more
Change-Id: I06b1cdcfb9109956f9c65dede1208310d2b79c48
 2021-12-01 15:33:58 +00:00
Adam Shih
0546c79a47 make some libraries app reachable 
Bug: 208527969
Test: boot with no relevant error log
Change-Id: Ic21fcecd4a9ff3d293dafe1e7a9dbebd0e736852
 2021-12-01 15:33:49 +00:00
George Chang
097157613a Fix SELinux error coming from hal_secure_element_uicc 
11-11 09:38:59.168   794   794 I secure_element@: type=1400 audit(0.0:102): avc: denied { call } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.632309] type=1400 audit(1636594739.168:103): avc: denied { transfer } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.631474] type=1400 audit(1636594739.168:102): avc: denied { call } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
11-11 09:38:59.168   794   794 I secure_element@: type=1400 audit(0.0:103): avc: denied { transfer } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.633481] type=1400 audit(1636594739.172:104): avc: denied { call } for comm="rild_exynos" scontext=u:r:rild:s0 tcontext=u:r:hal_secure_element_uicc:s0 tclass=binder permissive=1
11-11 09:38:59.172   971   971 I rild_exynos: type=1400 audit(0.0:104): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:hal_secure_element_uicc:s0 tclass=binder permissive=1

Bug: 205904403
Test: check avc
Change-Id: I9186714d81e21ba8920aaa900a92f542e98ceddb
 2021-12-01 06:57:57 +00:00
Adam Shih
f8d59b9305 update error on ROM 7957241 
Bug: 208527900
Bug: 208527968
Bug: 208527969
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ic6de1f2232c1c0efd210bfe19ebac11207f72198
 2021-12-01 11:04:38 +08:00
davidycchen
262709f2ba allow hal_dumpstate_default to access touch sysfs node 
avc: denied { open } for comm="sh"
path="/sys/devices/platform/10d10000.spi/spi_master/spi0/spi0.0/
synaptics_tcm.0/sysfs/force_active" dev="sysfs" ino=89691
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1

Bug: 199104466
Test: trigger bugreport and check log.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: If35d651b2c8ca375f7f9cc36403eb02911912ebb
 2021-12-01 01:52:46 +00:00
yawensu
24eafb45c8 Fix SELinux error in vendor_qualifiednetworks_app. 
SELinux : avc:  denied  { find } for pid=1763 uid=10201 name=isub scontext=u:r:vendor_qualifiednetworks_app:s0:c201,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1

Bug: 204718865
Test: The error is gone after applying the patch.
Change-Id: I77d5f550614e1d63ab1547fc8d0ad1b70f72bed8
 2021-11-30 01:55:08 +00:00
Midas Chien
8cd52d9d33 Allowed PowerHAL service access Display node 
Bug: 207615889
Test: PowerHAL can access early_wakeup node in enforcing mode
Change-Id: I190e49f07c0c23c576a9fb8444ffb7c68eedf3ac
 2021-11-29 17:34:48 +00:00
chungkai
9721a3076e Fix avc denials for sysfs_vendor_sched 
Bug: 207300315
Bug: 207062875
Bug: 207062781
Test: build pass
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I17212c840c725f66d91f337c57af8e72e5e08b8c
 2021-11-29 03:42:14 +00:00
chungkai
7bbd1fb38a Allow vendor_init to modify proc_sched 
Bug: 207062206
Test: Boot to home
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I5d51e322c1522046623046051e8090fc64bedee5
 2021-11-28 15:47:11 +00:00
Ted Lin
115e8e0990 sepolicy: Remove tracking denials files and fix avc problems 
11-25 14:00:09.300  1000   764   764 I android.hardwar: type=1400 audit(0.0:3): avc: denied { getattr } for path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply/wireless/capacity" dev="sysfs" ino=68496 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-25 14:00:09.300  1000   764   764 I android.hardwar: type=1400 audit(0.0:5): avc: denied { open } for path="/sys/devices/platform/10d60000.hsi2c/i2c-5/5-0069/power_supply/dc/type" dev="sysfs" ino=67693 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-25 14:00:09.348  1000   764   764 I health@2.1-serv: type=1400 audit(0.0:7): avc: denied { open } for path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply/wireless/online" dev="sysfs" ino=68490 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-25 14:00:09.348  1000   764   764 I health@2.1-serv: type=1400 audit(0.0:8): avc: denied { getattr } for path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply/wireless/online" dev="sysfs" ino=68490 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
...
11-25 14:28:35.996  1000   768   768 I android.hardwar: type=1400 audit(0.0:3): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=58948 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
11-25 14:28:36.020  1000   768   768 I health@2.1-serv: type=1400 audit(0.0:4): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=58948 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
...

11-26 11:11:36.172  1000   751   751 I android.hardwar: type=1400 audit(0.0:3): avc: denied { read } for name="type" dev="sysfs" ino=68359 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-26 11:11:36.172  1000   751   751 I android.hardwar: type=1400 audit(0.0:4): avc: denied { open } for path="/sys/devices/platform/google,cpm/power_supply/gcpm_pps/type" dev="sysfs" ino=68359 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
11-26 11:11:36.172  1000   751   751 I android.hardwar: type=1400 audit(0.0:5): avc: denied { getattr } for path="/sys/devices/platform/google,cpm/power_supply/gcpm_pps/type" dev="sysfs" ino=68359 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Bug:207062562
Bug:207062231
Test: adb bugreport and check avc problem
Change-Id: I253f1cbe00650fdb96aced69edc8eaafa06ff6f9
Signed-off-by: Ted Lin <tedlin@google.com>
 2021-11-26 09:11:19 +00:00
Kris Chen
8d3c4a7b4e fingerprint: Fix avc errors 
Bug: 207062260
Test: boot with no relevant error on C10
Change-Id: I6d3b74c34d2344c4e889afaf8bb99278785e5416
 2021-11-25 07:09:31 +00:00
yixuanjiang
2720d2ac38 aoc: add audio property for audio aocdump feature 
Bug: 204080552
Test: local
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
Change-Id: Ie638676d86a20eafbc6975df03ebbbcf5ec193ac
 2021-11-25 07:05:24 +00:00
Adam Shih
1bb2fac3f6 update error on ROM 7945168 
Bug: 207720645
Bug: 207720720
Bug: 207721033
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Iba41496590f1b82a51897c62e1cb74a224e484a5
 2021-11-25 03:00:28 +00:00
wenchangliu
81fb5ecc31 Allow mediacodec_samsung to access mfc sysfs file 
avc: denied { read } for name="name" dev="sysfs" \
ino=61284 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

avc: denied { open } for \
path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=61284 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

avc: denied { getattr } for \
path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=61284 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Bug: 204718809
Test: video playback / camera recording
Change-Id: I95c937375aa7ae19aef61af6b0f1aef73bd8957d
 2021-11-25 02:29:04 +00:00
Oleg Matcovschi
48d1b71ab1 sepolicy: Remove sscoredump tracking denials file 
Bug: 205073166
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I67d2500a5323203577c7fb90741c8dfec1cffd83
 2021-11-24 18:50:15 +00:00
Kyle Lin
f80cb8ae4e Add policy for memlat governor needs create/delete perf events 
[46756.223414] type=1400 audit(1637720953.624:1227238): avc: denied { cpu } for comm="cpuhp/3" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[46791.079905] type=1400 audit(1637720988.480:1228172): avc: denied { cpu } for comm="cpuhp/5" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[46831.825465] type=1400 audit(1637721029.228:1230804): avc: denied { cpu } for comm="cpuhp/4" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[47068.752724] type=1400 audit(1637721266.152:1237844): avc: denied { cpu } for comm="cpuhp/3" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1
[47227.488992] type=1400 audit(1637721424.888:1241154): avc: denied { cpu } for comm="cpuhp/7" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=1

Bug: 207047575
Test: build, boot and check warning message
Change-Id: I735d5cfa5eb5614114d83a7892123d37c980d531
 2021-11-24 17:13:10 +00:00
wenchangliu
4bb1061c2d Add SELinux policy for mediacodec_samsung 
mediacodec_samsung is separated from mediacodec for
mfc encoder/decoder. Add assumption from mediacodec.te
as well.

Bug: 204718809
Test: boot to home
Change-Id: I67ce385903cf5abd2ba9dc62b7229320b3f7daa9
 2021-11-24 07:46:27 +00:00
wenchangliu
ecdcc0f739 Allow mediacodec_samsung to fallback crash dump 
avc: denied { write } for name="tombstoned_crash" \
dev="tmpfs" ino=948 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:tombstoned_crash_socket:s0 \
tclass=sock_file permissive=1

avc: denied { connectto } for path="/dev/socket/tombstoned_crash" \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:tombstoned:s0 \
tclass=unix_stream_socket permissive=1

avc: denied { write } for path="pipe:[63031]" dev="pipefs" ino=63031 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:system_server:s0 \
tclass=fifo_file permissive=1

avc: denied { append } for path="pipe:[63031]" dev="pipefs" ino=63031 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:system_server:s0 \
tclass=fifo_file permissive=

Bug: 204718809
Test: boot to home
Change-Id: Iad67f936ac9d6d11e5f5646918074153372b8b00
 2021-11-24 07:46:27 +00:00
wenchangliu
fae7e19893 Allow mediacodec_samsung to access graphics allocator 
avc:  denied  { find } for interface=android.hardware.graphics.mapper::IMapper \
sid=u:r:mediacodec_samsung:s0 pid=792 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:hal_graphics_mapper_hwservice:s0 tclass=hwservice_manager permissive=1

avc: denied { use } for path="/dmabuf:" dev="dmabuf" ino=94523 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:r:hal_graphics_allocator_default:s0 \
tclass=fd permissive=1

Bug: 205657093
Test: video playback / screen recording
Change-Id: I6c64b4d2483b146358ef678c56aec68dd86eb878
 2021-11-24 07:46:27 +00:00