Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1906 commits 1 branch 0 tags 63 MiB
Commit graph

1906 commits

This branch
This branch
All branches
Author SHA1 Message Date
wenchangliu
f2b1870b23 Allow mediacodec_samsung to access video device and system-uncached DMA-BUF heap 
This patch fixes the following denial:

avc: denied { getattr } for path="/dev/dma_heap/system-uncached" \
dev="tmpfs" ino=487 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1

avc: denied { getattr } for path="/dev/video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { read write } for name="video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { open } for path="/dev/video6" dev="tmpfs" ino=477 \
scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:video_device:s0 \
tclass=chr_file permissive=1

avc: denied { ioctl } for path="/dev/video6" dev="tmpfs" ino=477 \
ioctlcmd=0x561b scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=1

Bug: 205657093
Test: video playback / screen recording
Change-Id: Ia09bd29652b8197b4d5009f84077f6d5bb5551e2
 2021-11-24 07:46:27 +00:00
wenchangliu
0df2e47cb1 Allow mediacodec_samsung can route /dev/binder traffic to /dev/vndbinder 
This patch fixes the following denial:

avc: denied { call } for scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1

avc: denied { transfer } for scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1

Bug: 205904381
Test: boot to home
Change-Id: Ie2c0577bdf987466b4f729d9f78d1a6704cd9d24
 2021-11-24 07:46:27 +00:00
Adam Shih
5e6beee1e6 update error on ROM 7941916 
Bug: 207571335
Bug: 207571546
Bug: 207571417
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I7b75837d13b532793ccbc326379c1d95aada429b
 2021-11-24 10:41:32 +08:00
Firman Hadi Prayoga
7599ba8e55 Add /dev/lwis-eeprom-m24c64x-3j1 entry to selinux policy. 
lwis-eeprom-m24c64x-3j1 used by camera hal to access
P22 front camere EEPROM device.

Bug: 207062209
Fix: 207062209
Test: Boot, no avc denied logs for eeprom
Change-Id: Ia12da5dbed1baef6d8a8ab2bf421b2987639e826
 2021-11-24 01:01:44 +00:00
SalmaxChang
742cbc29b8 ssr_detector_app: fix avc error 
avc: denied { read } for name="u:object_r:vendor_persist_sys_default_prop:s0" dev="tmpfs" ino=320 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_persist_sys_default_prop:s0 tclass=file permissive=1

Bug: 205202542
Change-Id: I84cbdb9d85ab58219554bfe0da35a00464a955ff
 2021-11-23 12:17:51 +00:00
SalmaxChang
5e2ac8ab48 Fix modem related avc errors 
avc: denied { read } for name="u:object_r:vendor_modem_prop:s0" dev="tmpfs" ino=317 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_modem_prop:s0 tclass=file permissive=1
avc: denied { read } for comm="dmd" name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:dmd:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { read } for name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:vcd:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1

Bug: 205073232
Bug: 205073025
Bug: 206045605
Change-Id: I3f76a138b4d6eeffb488fb5e5e15985ac6ef707d
 2021-11-23 12:17:51 +00:00
George Chang
3dc2515efe Update SecureElement sysfs_st33spi Sepolicy 
Add rules for sysfs_st33spi

Bug: 205250948
Test: check avc without secure_element
Change-Id: I1ccf39ca09c6b19a597114f04803800d38fdf774
 2021-11-23 11:40:16 +00:00
Adam Shih
e5e4f9f2b7 make libOpenCL reachable 
Bug: 207300281
Test: boot with no relevant error log
Change-Id: I294d23e2b29afd62da5c2327175f0c163da98cf0
 2021-11-23 06:00:16 +00:00
Adam Shih
851a7bb16b label extcon and remove obsolete zygote error 
Bug: 205904404
Bug: 206045368
Bug: 207062229
Test: boot with no relevant error logs
Change-Id: If4c2f5591907bfcab2fd638f1222f84377270623
 2021-11-23 05:28:39 +00:00
Adam Shih
f6f699700c update error on ROM 7938763 
Bug: 207431041
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I775a28827b107d43b47d3486e70f87a36a6babcc
 2021-11-23 04:15:22 +00:00
Adam Shih
48435ccfaa let uwb app access secure element property 
Bug: 207300261
Test: boot with no relevant error log
Change-Id: I10f505d1ef3cbbc118082e5c44381c1b55389da3
 2021-11-23 03:25:46 +00:00
Randall Huang
1a57e5c346 Fix selinux for vold idle-maint 
Bug: 206741894
Bug: 207062776
Test: adb shell sm idle-maint run
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Ieb55fe439d3250b6d819381c4bc97e3e895ac23f
 2021-11-23 03:24:56 +00:00
George Chang
8a4d5bd3b5 Fix nfc avc denials for sysfs_vendor_sched 
11-19 12:38:54.416  2631  2631 I com.android.nfc: type=1400 audit(0.0:404): avc: denied { search } for comm=4173796E635461736B202331 name="vendor_sched" dev="sysfs" ino=45736 scontext=u:r:nfc:s0 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=dir permissive=1

Bug: 207062484
Test: check avc without nfc
Change-Id: I50507934c071745e257434f512d9dc835790e669
 2021-11-23 03:14:55 +00:00
Randall Huang
a2b1ca5f7e Fix selinux for adb bugreport 
Bug: 206741894
Test: adb bugreport
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: If82f30392676f414a79ddabe27d73ce751d61eee
 2021-11-23 02:58:21 +00:00
Adam Shih
ed245711ec fix sysfs_vendor_sched access 
Bug: 207062776
Bug: 207062777
Bug: 207062877
Bug: 207062211
Bug: 207062232
Bug: 207062208
Test: boot with no relevant access
Change-Id: I585653383ad0061fc6e9669c0590432c235f7e14
 2021-11-23 02:51:59 +00:00
Adam Shih
c90030d1f7 label system_suspend wakeup files 
use "adb shell ls -l sys/class/wakeup" to get all paths
Bug: 207062779
Test: boot with no relevant error log

Change-Id: Ib43090cecf3d74e5c8b07e7e13de58cf6ee7ddbe
 2021-11-23 02:51:46 +00:00
Oleg Matcovschi
a4a0b90afb sepolicy: add persist.vendor.sys.ssr property context 
Bug: 205073166
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: I81794ab8d320affcfef8f77895712aaa840f7abc
 2021-11-22 19:54:08 +00:00
Randall Huang
3ba42745f4 Allow vendor_init to modify read_ahead_kb 
Bug: 206741894
Bug: 207062206
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I6cc59722520df12aef103fc330f9acd8e800318d
 2021-11-22 06:55:58 +00:00
George Chang
d15185b2d7 Fix SELinux error coming from hal_secure_element_gto and gto_ese2 
update hal_secure_element_st54spi/st33spi form gto/gto_ese2

hal_secure_element_gto.te => hal_secure_element_st54spi.te
[   10.846098] type=1400 audit(1637296724.408:40): avc: denied { map } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:40): avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:39): avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:38): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:37): avc: denied { read } for name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846033] type=1400 audit(1637296724.408:37): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846072] type=1400 audit(1637296724.408:38): avc: denied { open } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846086] type=1400 audit(1637296724.408:39): avc: denied { getattr } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:100): avc: denied { write } for name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:101): avc: denied { connectto } for path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593472] type=1400 audit(1636594739.132:101): avc: denied { connectto } for comm="secure_element@" path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593175] type=1400 audit(1636594739.132:100): avc: denied { write } for comm="secure_element@" name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:135): avc: denied { open } for path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.142141] type=1400 audit(1636430648.620:135): avc: denied { open } for comm="secure_element@" path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.141947] type=1400 audit(1636430648.620:134): avc: denied { read write } for comm="secure_element@" name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:134): avc: denied { read write } for name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-04 13:27:24.564     1     1 I /system/bin/init: type=1107 audit(0.0:52): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.se.reset pid=772 uid=1068 gid=1068 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=property_service permissive=1'
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:49): avc: denied { read write } for name="st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:50): avc: denied { open } for path="/dev/st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1

hal_secure_element_gto_ese2 =>  hal_secure_element_st33spi.te
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:137): avc: denied { open } for path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660987] type=1400 audit(1636430649.140:137): avc: denied { open } for comm="secure_element@" path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660845] type=1400 audit(1636430649.140:136): avc: denied { read write } for comm="secure_element@" name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:136): avc: denied { read write } for name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1

Bug: 207062261
Bug: 205073164
Bug: 205656951
Bug: 205657039
Bug: 205904452
Test: check avc without secure_element
Change-Id: I312299deb6d6bfa353e7936d41a723e75d3ea06b
 2021-11-22 02:59:34 +00:00
Adam Shih
a1a5f11872 label google battery sysfs file 
Bug: 207062874
Test: boot with no relevant error log
Change-Id: Ic5477f0deb24f0bd9c46aef70459f0b629cdb5ef
 2021-11-22 10:17:50 +08:00
Adam Shih
78d0abfb73 update error on ROM 7935766 
Bug: 207300335
Bug: 207300298
Bug: 207300281
Bug: 207300315
Bug: 207300261
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia79829128db2286ec8ae9c20520be8a25c195cb0
 2021-11-22 09:59:08 +08:00
Randall Huang
a578c846fa storage: update sepolicy for storage suez 
Bug: 206741894
Bug: 188793183
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I206178e34156f0b02c4a5b743ac9467e7dafb74f
 2021-11-19 17:45:48 +08:00
Randall Huang
f317331d7a allow init to set scsi tunables 
Bug: 206741894
Bug: 207062776
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Iff52af62e6495e4390c7f961f11b3d8702b09ef9
 2021-11-19 16:12:54 +08:00
Adam Shih
6dc46556e3 update error on ROM 7930790 
Bug: 207062875
Bug: 207062775
Bug: 207062209
Bug: 207062260
Bug: 207062874
Bug: 207062172
Bug: 207062562
Bug: 207062564
Bug: 207062210
Bug: 207062261
Bug: 207062541
Bug: 207062542
Bug: 207062207
Bug: 207062231
Bug: 207062151
Bug: 207062776
Bug: 207062777
Bug: 207062780
Bug: 207062877
Bug: 207062484
Bug: 207062781
Bug: 207062833
Bug: 207062258
Bug: 207062211
Bug: 207062229
Bug: 207062779
Bug: 207062232
Bug: 207062206
Bug: 207062540
Bug: 207062208
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I23da4247c6d3d24d193a8a7ce28da9ac1ea88842
 2021-11-19 05:14:34 +00:00
Adam Shih
6459d30fb1 unleash all SELinux error 
Bug: 205212735
Test: boot with all the selinux error showing up
Change-Id: If34d16a26f788458510cf5d920e8978bc68211be
 2021-11-19 00:48:32 +00:00
Shiyong Li
11994a8ca0 allow systemui to toggle display lhbm node 
Fix the following selinux violation:
avc: denied { call } for scontext=u:r:platform_app:s0:c512,c768
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=1 app=com.android.systemui

Bug: 205640231
Test: check avc logs while using udfps
Signed-off-by: Shiyong Li <shiyongli@google.com>
Change-Id: I196ade950541d56affd3dc38568b0275f159c799
 2021-11-18 17:36:48 +00:00
George Chang
646216405f Fix SELinux error coming from vendor_init for nfc and se 
avc: denied { set } for property=persist.vendor.nfc.streset
avc: denied { set } for property=persist.vendor.se.strese

Bug: 205070818
Test: no nfc se vendor_init avc errors
Change-Id: Id5002bd93e155d81cb8d56ba0cf38cb58b9409c6
 2021-11-18 07:12:05 +00:00
chenpaul
966f3dc7a0 Remove wifi_logger related sepolicy settings 
Due to the fact that /vendor/bin/wifi_logger no longer exists
on the P21 master branch any more, we remove obsolete sepolicy.

Bug: 201599426
Test: wlan_logger in Pixel Logger is workable
Change-Id: Iaa7e4da6564a4ea2b0938db34bb7efff6ed54ee0
 2021-11-18 04:49:04 +00:00
Chungkai Mei
149dec3f70 selinux: hal_camera_default: fix avc denied logs 
avc: denied { transfer } for comm="android.hardwar" scontext=u:r:hal_power_default:s0
tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=1

Bug: 205904442
Test: local build pass
Signed-off-by: Chungkai Mei <chungkai@google.com>
Change-Id: I39e84cfa895b56d44f248015dddb5f99d099fd76
 2021-11-18 03:46:39 +00:00
Adam Shih
e72ecd59d8 fix UWB app settings and zygote library access 
11-16 14:46:01.647   446   446 E SELinux : avc:  denied  { add } for pid=2502 uid=1083 name=uwb_vendor scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1
11-16 14:41:41.238   440   440 E SELinux : avc:  denied  { find } for pid=2555 uid=1083 name=hardware.qorvo.uwb.IUwb/default scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1
Bug: 206331617
Bug: 206045471
Bug: 205904384
Test: boot with no zygote errors

Change-Id: I5fe048434d430120334d172481b9cc07cff141dd
 2021-11-18 02:20:49 +00:00
Adam Shih
4c66de3d3b allow pixelstats_vendor binder access 
Bug: 205904433
Test: boot with no relevant error logs
Change-Id: I897a5feb41e8c127834fb3ed795aaeb5d3f3fc54
 2021-11-18 02:20:49 +00:00
Randall Huang
895dfe3008 Fix zram avc denied 
Bug: 205657025
Bug: 205657090
Bug: 205779799
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Ib23d40c2f9e96680108311d23aca708a8db4b67b
 2021-11-17 06:26:34 +00:00
Ruofei Ma
fded60a79e Add SELinux policy for mediacodec_google 
mediacodec_google represents google av1 decoder
hal service.

Bug: 205657135

Signed-off-by: Ruofei Ma <ruofeim@google.com>
Change-Id: Ied61107d1991a22b24170b055bf3613165cbe050
 2021-11-17 00:57:08 +00:00
Adam Shih
bc651b87ce let citadel and camera hal use binder 
Bug: 205904207
Test: boot with no relevant error log
Change-Id: I0544f0ea645c5e594279bfda5aef4714c7929d26
 2021-11-16 11:37:38 +08:00
Adam Shih
32db046e67 suppress bootanim android watch behavior on phones 
Bug: 205780088
Test: boot with no relevant error log
Change-Id: Ic928d3212a016984ff31f358486109022d82b1ee
 2021-11-16 11:02:46 +08:00
Adam Shih
af53f729cf allow kernel to access firmware and zram 
Bug: 205780090
Test: boot with no relevant error log
Change-Id: I272d9babfb0283e46cfc2e65e0bb85323bf8b7a2
 2021-11-16 02:13:10 +00:00
Adam Shih
d66ba1bd25 allow system ui to call hal_wlc 
Bug: 205904327
Test: Boot with no relevant error log
Change-Id: Ieeb3a27266055ead7fd8e0bb5aaa85c4137bccef
 2021-11-16 02:13:04 +00:00
Adam Shih
2ef225b9c5 label oemrilservice_app and grant relevant permission 
11-15 11:32:41.059   442   442 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:oemrilservice_app:s0:c195,c256,c512,c768 pid=1866 scontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=1
11-15 11:32:41.060  1013  1013 I rild_exynos: type=1400 audit(0.0:5): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tclass=binder permissive=1
11-15 11:32:41.368  1013  1013 I rild_exynos: type=1400 audit(0.0:6): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tclass=binder permissive=1
11-15 11:32:41.890   441   441 E SELinux : avc:  denied  { find } for pid=1866 uid=10195 name=isub scontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1
Bug: 205904553
Bug: 205073117
Bug: 204718782
Bug: 205904441
Test: boot with no relevant error log

Change-Id: I258aa58b4d3c95b901405e9181138c0d68c2b154
 2021-11-16 02:12:53 +00:00
Tommy Chiu
94f78934d9 Keymint: Fix SELinux denial 
Also remove -dontaudit- configuration.

Bug: 205073229
Bug: 205655569
Bug: 205904323
Change-Id: If8de3b4e6ee01488fdd563b702fbba1bd7c73ef0
 2021-11-15 16:12:38 +00:00
Leo Liou
8423a70e12 sepolicy: hal_health_default: fix avc denied logs 
avc: denied { search } for comm="health@2.1-serv" name="/"
dev="sda1" ino=3 scontext=u:r:hal_health_default:s0
tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1

avc: denied { search } for name="/" dev="sda1" ino=3
scontext=u:r:hal_health_default:s0
tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1

avc: denied { search } for name="vendor" dev="tmpfs" ino=2
scontext=u:r:hal_health_default:s0
tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1

avc: denied { search } for comm="health@2.1-serv" name="vendor"
dev="tmpfs" ino=2 scontext=u:r:hal_health_default:s0
tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1

Bug: 205779737
Test: local build pass
Change-Id: I2be76d97e35bff4e22075641b9031872d628e980
Signed-off-by: Leo Liou <leoliou@google.com>
 2021-11-15 14:55:38 +08:00
chenpaul
1053cee419 Wifi: Add sepolicy files for hal_wifi_ext service 
avc denied log:
avc: denied { search } for comm="wifi_ext@1.0-se" name="wifi" dev="dm-43" ino=365 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:updated_wifi_firmware_data_file:s0 tclass=dir permissive=1

Bug: 205779850
Test: pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest
      #scanAvcDeniedLogRightAfterReboot
Change-Id: I0c41193b2b9c6a596f142f02c6fee4665fbf2011
 2021-11-15 05:25:50 +00:00
Adam Shih
8e6af6f9ad update error on ROM 7914295 
Bug: 206331617
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I3dcd875e127ff1d53554eb419259e8721c2ae628
 2021-11-15 03:10:20 +00:00
Jenny Ho
014051a9f7 create hal_health_default.te for Battery Defender access file node 
Bug: 205073003
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: I946b85e8b595601f56df26c567d31df76f7a5a5b
 2021-11-15 01:53:50 +00:00
Jenny Ho
d99197dd19 enable battery information dump 
Bug: 205071645
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: If811765d51add03d8d7a1f5e8276d2f56c7922a7
 2021-11-15 01:53:30 +00:00
Long Ling
5ff0c059b3 sepolicy: gs201: update label for hwc3 service 
Bug: 201321174
Change-Id: I5ecce6c513eecad22a463d52b7cfb718284f3c02
 2021-11-12 04:39:24 +00:00
Adam Shih
830fa53e9f update error on ROM 7908395 
Bug: 206045367
Bug: 206045604
Bug: 206045368
Bug: 206045605
Bug: 206045471
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I8b1a0ae9686f47d684428bb79650a7bb0dfe9904
 2021-11-12 02:21:53 +00:00
Joseph Jang
b4393a0bf3 Fix SELinux error coming from hal_identity_citadel 
Bug: 205657024
Change-Id: Ic23b631eb63cf13ba7e08215590e73386d2a3126
 2021-11-11 14:52:05 +08:00
Adam Shih
ab13d5a1f7 update error on ROM 7904131 
Bug: 205904432
Bug: 205904322
Bug: 205904438
Bug: 205904406
Bug: 205904310
Bug: 205904436
Bug: 205904402
Bug: 205904552
Bug: 205904323
Bug: 205904442
Bug: 205904367
Bug: 205904452
Bug: 205904403
Bug: 205904379
Bug: 205904328
Bug: 205904286
Bug: 205904380
Bug: 205904401
Bug: 205904381
Bug: 205904208
Bug: 205904433
Bug: 205904327
Bug: 205904553
Bug: 205904361
Bug: 205904441
Bug: 205904324
Bug: 205904207
Bug: 205904404
Bug: 205904330
Bug: 205904439
Bug: 205904435
Bug: 205904384
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I64432a24d562d5868f21a317e5bfd6f25ad24900
 2021-11-11 09:47:32 +08:00
Adam Shih
e3bb63ab1b Make display related libraries reachable 
Bug: 205780068
Bug: 205779849
Test: boot with no relevant error
Change-Id: I806ecb779690346674816b793a5da21acf1be59b
 2021-11-11 01:15:49 +00:00
Adam Shih
e73b78bdd8 unleash the rest of error log not related to sysfs 
Bug: 205212735
Test: boot with error revealed
Change-Id: I3e07ff8632e60cf93360907bccf5cacd16b8c5b9
 2021-11-10 12:15:04 +08:00