Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
377 commits 1 branch 0 tags 63 MiB
Commit graph

377 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jinting Lin
e44f3c867c Fix avc denied for vendor silent logging app 
log:
avc: denied { getattr } for comm="y.silentlogging" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { search } for comm="y.silentlogging" name="com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
denied { read } for comm="y.silentlogging" name="u:object_r:vendor_slog_prop:s0" dev="tmpfs" ino=338 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_prop:s0 tclass=file permissive=0
avc: denied { search } for comm="y.silentlogging" name="slog" dev="dm-42" ino=314 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0
avc: denied { read } for comm="y.silentlogging" name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 pid=7322 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=0
avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:r:sced:s0 tclass=binder permissive=0
avc: denied { read } for comm="getenforce" name="enforce" dev="selinuxfs" ino=4 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=0
avc: denied { set } for property=persist.vendor.modem.logging.shannon_app pid=7279 uid=1000 gid=1000 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=property_service permissive=0'

avc: denied { call } for comm="HwBinder:1001_1" scontext=u:r:sced:s0 tcontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tclass=binder permissive=0

avc: denied { call } for scontext=u:r:dmd:s0 tcontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tclass=binder permissive=0

avc: denied { getattr } for comm="tlogging:remote" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_silentlogging_remote_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="slog" dev="dm-42" ino=314 scontext=u:r:vendor_silentlogging_remote_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0

Test: flash TH build then run basic test of silent logging app

Bug: 220847487
Change-Id: Ib5ac1e796e8e816d024cebc584b5699ab8ed1162
 2022-02-25 05:35:06 +00:00
SalmaxChang
7cb9cc182b Add missing vendor_logger_prop rule 
init    : Do not have permissions to set 'persist.vendor.verbose_logging_enabled' to 'true' in property file '/vendor/build.prop': SELinux permission check failed

Bug: 221173724
Bug: 221154649
Change-Id: Ic35e6f1d40f15efefead4530f8d320b72d7366e4
 2022-02-24 07:45:39 +00:00
Zachary Iqbal
4bbc6969e5 Give gralloc access to the faceauth_heap_device. 
Notes:
- This is required for face authentication.

Fixes: 221098313
Test: Built locally.
Change-Id: I6292c76c0809f091108ac73bef2d9e2db430a680
 2022-02-24 05:20:30 +00:00
Alex Hong
4443c79bbb Remove the sepolicy for tetheroffload service 
Test: m checkvintf
      run vts -m VtsHalTetheroffloadControlV1_0TargetTest
Bug: 207076973
Bug: 214494717
Change-Id: I5ecec46512ff4e1ae6c52147cfa0179e5fc93420
Merged-In: I5ecec46512ff4e1ae6c52147cfa0179e5fc93420
 2022-02-24 04:03:32 +00:00
Joseph Jang
5fb066e143 identity: Add sepolicy permission for hal_identity_citadel to find hal_remotelyprovisionedcomponent_service 
log:
SELinux : avc:  denied  { find } for pid=885 uid=9999
name=android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox
scontext=u:r:hal_identity_citadel:s0
tcontext=u:object_r:hal_remotelyprovisionedcomponent_service:s0
tclass=service_manager permissive=0

Bug: 218613398
Change-Id: I124ea5898609a3f68bee13b6db931878252d4081
 2022-02-24 02:20:37 +00:00
Jack Yu
97a25bf259 uwb: permissions for factory uwb calibration file 
Allow nfc hal accessing /data/vendor/uwb.

Bug: 220167093
Test: build pass
Merged-In: I33093231577b71c24d5bf6f980c7021cc546fa98
Change-Id: I33093231577b71c24d5bf6f980c7021cc546fa98
 2022-02-24 01:02:52 +00:00
Darren Hsu
8f90cf5408 Allow hal_power_stats to read UWB sysfs nodes 
Bug: 219369324
Test: Dump power stats and see no avc denials
Change-Id: Ib1ac15867f51069bef3f68e91bf65b842b7c0734
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-02-24 01:02:11 +00:00
Jinting Lin
e6af74a6c4 Adds mnt file and batt info permissions for modem app 
Bug: 220076340
Merged-In: Icd02d4f8757719afed020c27a90812921d5f37ec
Change-Id: Icd02d4f8757719afed020c27a90812921d5f37ec
(cherry picked from commit 2c914cd02c)
 2022-02-23 05:55:57 +00:00
Jinting Lin
7ba8b12bb8 Adds logging related properties for logger app 
Bug: 220073302
Merged-In: I3917ce13f51a5ccb3304eb2db860f4da8424438b
Change-Id: I3917ce13f51a5ccb3304eb2db860f4da8424438b
(cherry picked from commit e65363450c)
 2022-02-23 03:16:00 +00:00
Krzysztof Kosiński
3884738538 Camera: re-add TEE access. 
Face auth is being investigated for Android T, so this access
is still needed. It was initially omitted from ag/16719985 because
it did not launch in Android S.

Bug: 220886644
Test: build for P10
Change-Id: I61ecc685397fcab6f356e98abfc88e8cb34254f4
 2022-02-23 02:51:40 +00:00
Adam Shih
b158d7b088 avoid pixellogger from crashing 
Bug: 220935985
Test: pixellogger stays alive for 2 minutes
Change-Id: I9f70f1a936731332ada3abfa945e60f8aff58279
 2022-02-23 09:58:37 +08:00
Robb Glasser
727d070b13 Fix sensors_hal selinux denials. 
Bug: 214473093
Bug: 218930975
Bug: 210067282
Test: com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: Ifd865efd0544f246d1c188f3edce9f05f27313d2
 2022-02-22 19:25:50 +00:00
Krzysztof Kosiński
7997d6a8a0 Camera: add setsched capability. 
The camera HAL needs to increase the priority of some threads
to reduce frame drops.

Bug: 205072921
Test: Inspected logcat on P10
Change-Id: Ife5194c780a91f32d718f8db38e41f2f47fb929f
 2022-02-22 08:12:57 +00:00
Adam Shih
b322df9960 Let GPU reload 
02-22 12:59:47.955    15    15 I mali 28000000.mali: reloading firmware
02-22 12:59:47.955    15    15 W mali 28000000.mali: loading /vendor/firmware/mali_csffw.bin failed with error -13
02-22 12:59:47.955    15    15 W mali 28000000.mali: Direct firmware load for mali_csffw.bin failed with error -2
02-22 12:59:47.955    15    15 E mali 28000000.mali: Failed to reload firmware image 'mali_csffw.bin'
02-22 12:59:47.920    15    15 W kworker/0:1: type=1400 audit(0.0:10): avc: denied { read } for name="mali_csffw.bin" dev="dm-4" ino=5689716 scontext=u:r:kernel:s0 tcontext=u:object_r:same_process_hal_file:s0 tclass=file permissive=0

Bug: 220801802
Test: device can resume after an hour of suspend.
Change-Id: Ib252d6b1ac50ba7578a2ebf8cd8745004c385378
 2022-02-22 07:05:54 +00:00
neoyu
9d12b77b67 Fix SELinux errors for ims 
Sync different parts from P21 to P22

Bug: 220244357
Test: manual
Change-Id: Idf8e5e612b46370812be0907e75e9ae43f37ab7b
 2022-02-22 01:43:29 +00:00
neoyu
7a34798ea4 Fix SELinux errors for vendor_init 
avc: denied { set } for property=logd.logpersistd pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=logd.logpersistd.size pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.use.iccid_to_plmn pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.emergencynumber.mode pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log_mask pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log.base_dir pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log.chunk_size pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'

Bug: 220261262
Test: manual
Change-Id: Ieb6673234f913af25e275e61404098a0deccbed2
 2022-02-21 14:58:29 +08:00
neoyu
26aa7c150e Fix SELinux errors for rild 
avc: denied { set } for property=vendor.sys.modem_reset pid=990 uid=1001 gid=1001 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 220261262
Test: manual
Change-Id: I2bd616345f665c0cffd1ee73db790708f9cbca06
 2022-02-21 06:38:42 +00:00
Tai Kuo
bc3924f61d Remove hal_vibrator_default avc tracking denials 
Bug: 204718450
Bug: 207062207
Bug: 208721729
Test: pts-tradefed run pts -m PtsSELinuxTest -t
  com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: Icb3d6a48fc9fbb6e6644d1d65150436f7c0c8c3f
 2022-02-21 06:37:00 +00:00
wenchangliu
84d53775e1 Allow hal_graphics_allocator to access vscaler_heap_device 
avc: denied { read } for name="vscaler-secure" dev="tmpfs" \
ino=458 scontext=u:r:hal_graphics_allocator_default:s0 \
tcontext=u:object_r:vscaler_heap_device:s0 \
tclass=chr_file permissive=0

Bug: 199467922
Test: ExoPlayer secure playback
Change-Id: I2b3be9f4f038317eb456a20b33e555e8d5db2678
 2022-02-21 06:36:34 +00:00
wenchangliu
ad0a033f97 Allow hal_graphics_allocator to access dmabuf_system_secure_heap_device 
avc: denied { ioctl } for path="/dev/dma_heap/vframe-secure" dev="tmpfs" \
ino=801 ioctlcmd=0x4800 scontext=u:r:hal_graphics_allocator_default:s0 \
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 \
tclass=chr_file permissive=0

Bug: 199467922
Test: ExoPlayer secure playback
Change-Id: I9e6e1bba6d01c1a416a440e8ad425a5cf2ac19c5
 2022-02-21 06:36:34 +00:00
neoyu
e909ddabea Fix SELinux errors for ims 
avc: denied { write } for name="property_service" dev="tmpfs" ino=362 scontext=u:r:vendor_ims_app:s0:c208,c256,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 app=com.shannon.imsservice
avc: denied { set } for property=persist.radio.call.audio.output pid=1920 uid=10216 gid=10216 scontext=u:r:vendor_ims_app:s0:c216,c256,c512,c768 tcontext=u:object_r:radio_prop:s0 tclass=property_service permissive=0'

Bug: 219954530
Test: manual
Change-Id: I3e7f6781718c3967f7842b074b0ef91818508af2
(cherry picked from commit 0d22c86fef)
Merged-In: I3e7f6781718c3967f7842b074b0ef91818508af2
 2022-02-21 05:44:38 +00:00
Adam Shih
2b6835e404 update error on ROM 8205122 
Bug: 220636850
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I201f9e84eca676b9f7aa5d09356bce384df1fa4b
 2022-02-21 03:20:59 +00:00
wenchangliu
28817da2a3 Allow mediacodec_samsung to access gpu device 
avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" \
ino=1042 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

avc: denied { read write } for name="mali0" dev="tmpfs" \
ino=1042 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

avc: denied { open } for path="/dev/mali0" dev="tmpfs" \
ino=1042 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

avc: denied { ioctl } for path="/dev/mali0" dev="tmpfs" \
ino=1042 ioctlcmd=0x8034 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

avc: denied { map } for path="/dev/mali0" dev="tmpfs" \
ino=1042 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

Bug: 205772037
Test: demo-transformer HDR editing
Change-Id: Ib5d075bfd1247112c803f01db430d93259fd9e7f
 2022-02-18 13:50:13 +00:00
Midas Chien
c8c1f766d2 Allow composer to read panel_idle sysfs node 
Change panel_idle selinux type to sysfs_display to allow composer can
access it.

Bug: 198808492
Test: ls -Z to check selinux type
Test: make sure composer can access it
Change-Id: Ic2bd697c79b398b8093dd00598b1076e3ea3aec2
 2022-02-17 09:17:42 +00:00
Denny cy Lee
efbd9fa0b2 sepolicy: hwinfo: Add battery fuel gauge permission 
Bug: 208909060
Bug: 219660742
Bug: 219660741
Test: check dmeg and search "avc: denied { search } for
comm="id.hardwareinfo" vendor_maxfg_debugfs avc gone after apply patch

Change-Id: I3399e696b59218e62c4d1adcc2a12f5d6ee5c8cc
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2022-02-17 09:04:23 +00:00
Junkyu Kang
064c6a86e0 Add persist.vendor.gps to sepolicy 
Bug: 196002632
Test: PixelLogger can modify persist.vendor.gps.*
Change-Id: I17f16d1f147287abf86b18452743842594be7531
 2022-02-16 08:16:03 +00:00
Adam Shih
b2c284177a label sysfs_fabric to target_load 
[   11.149987] type=1400 audit(1644984050.124:9): avc: denied { open } for comm="NodeLooperThrea" path="/sys/devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load" dev="sysfs" ino=48615 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
Bug: 218500026
Test: boot with no error loop under enforcing mode

Change-Id: Ie2f78f8ee39233e0c1f83fc2ba654f4a116e12a4
 2022-02-16 13:01:30 +08:00
chungkai
2d7c980fa6 Fix avc denials for powerhal 
selinux policy is already added by other commit "9cc7041",
so remove the previous setting.

Test: boot to home screen
Bug: 218934377
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Id11ee7b4ae216a54e7051190f8ca382e97a76ade
 2022-02-16 02:21:04 +00:00
SalmaxChang
c5f0e9723f cbd: fix avc errors 
avc: denied { search } for comm="cbd" name="/" dev="sda1" ino=3 scontext=u:r:cbd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { setuid } for comm="cbd" capability=7 scontext=u:r:cbd:s0 tcontext=u:r:cbd:s0 tclass=capability permissive=1

Bug: 205779872
Bug: 205904432
Change-Id: I09f1ac5473b728d5e6f38b01dc83f4b9c4c8fbcc
 2022-02-16 01:55:39 +00:00
SalmaxChang
1420e3d5d7 rfsd: fix avc errors 
[    8.024353] type=1400 audit(1636594727.560:42): avc: denied { chown } for comm="rfsd" capability=0 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1
[    8.027666] type=1400 audit(1636594727.564:43): avc: denied { setuid } for comm="rfsd" capability=7 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1

Bug: 205904361
Change-Id: I6e30a9622b930273fbc524e6bc84f2112f79f11c
 2022-02-16 01:55:31 +00:00
Mars Lin
a320d9b575 Add required sepolicy rules for CatEngine 
Fix:
02-15 11:55:44.005   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=activity scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.082   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=game scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:game_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.087   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=netstats scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.092   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=content_capture scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1

Bug: 219632839
Test: pts-tradefed run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I1db9b29e3a3c7dae782bced3427e7c24c5dee945
 2022-02-16 01:34:11 +00:00
Adam Shih
501767b174 remove bt obsolete sepolicy 
Bug: 207062775
Bug: 208721525
Test: do bt connection under enforcing mode
Change-Id: I787bfcffdb8cfcff7276d8d183c04d985296ff1c
 2022-02-15 07:45:58 +00:00
Adam Shih
027e04ab2b update error on ROM 8184037 
Bug: 219632839
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ie3a2325f2e80aea94d7ca79257f5bf3db8578259
 2022-02-15 06:59:08 +00:00
Alex Hong
58b6e68d51 Add required sepolicy rules for Sensor function 
Bug: 210067282
Bug: 214473093
Bug: 218930975
Bug: 218499995
Test: run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#checkSensors
Change-Id: I21bbbe35b8c487e9de46b03c508a483134c0b1b8
 2022-02-14 19:31:08 +08:00
Rick Yiu
76b772519a Allow dumping vendor groups values 
Fix:
I dumpstate@1.1-s: type=1400 audit(0.0:37): avc: denied { search } for name="vendor_sched" dev="proc" ino=4026532870 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=dir permissive=1
I dumpstate@1.1-s: type=1400 audit(0.0:38): avc: denied { read } for name="dump_task" dev="proc" ino=4026532871 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=file permissive=1
I dumpstate@1.1-s: type=1400 audit(0.0:39): avc: denied { open } for path="/proc/vendor_sched/dump_task" dev="proc" ino=4026532871 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=file permissive=1

Bug: 216844247
Test: build pass
Change-Id: Icfecf373aa7b49d504d9ed4e15dcbfe2a53d47d3
 2022-02-14 06:05:03 +00:00
Adam Shih
015d77ab54 update error on ROM 8179635 
Bug: 219369324
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Iee33b4d8cefca3b91caa0fce1ed1d4a0686a05a2
 2022-02-14 05:19:24 +00:00
Mars Lin
549512a38e Add sepolicy for CatEngine 
Bug: 187989782
Test: Run CAT adb check log
Change-Id: Ib715ac2fb8efc8ad79fe190942dcfae716291d2b
 2022-02-14 03:03:39 +00:00
Adam Shih
436106d52f Let citadel talk to system_server 
Bug: 205904322
Test: no request loop caused by citadeld
Change-Id: Ia258ed2555d82eb2ea2b139a266c8f76d3b29d06
 2022-02-11 06:54:28 +00:00
Adam Shih
e01b568cfe update error on ROM 8172195 
Bug: 218934377
Bug: 218930975
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I125453803e0c827c45ad9551616366b96cc89816
 2022-02-11 05:31:05 +00:00
Alex Hong
9cc70410c5 Add required sepolicy rules for Camera function 
Bug: 218499972
Test: Switch to Enforcing mode
      Take a picture, camera recording
Change-Id: I57f3e8454ece6906624f028b7a3771ffddcaa963
 2022-02-11 03:26:56 +00:00
Alex Hong
cd4f508c92 Grant hal_dumpstate_default access 
Bug: 208721677
Bug: 208909124
Test: pts-tradefed run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanBugreport
Change-Id: Ie5463e96958a95431630941c19b7888a3eea2e3e
 2022-02-11 03:26:56 +00:00
davidycchen
7b7394be79 Remove touch_service 
Remove touch_service here because we already define in
hardware/google/pixel-sepolicy/input and add by ag/16251913.

Bug: 199104528
Test: No any related error.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: I3e5f705f6d3cde18d9495cb110e16c4152fe3d4f
 2022-02-11 02:36:29 +00:00
davidycchen
bfda745e26 Remove touch_offload_device declaration 
touch_offload_device is already declare in
hardware/google/pixel-sepolicy/input.

device/google/gs201-sepolicy/whitechapel_pro/device.te:14:ERROR
'Duplicate declaration of type' at token ';' on line 76173:
type rls_device, dev_type;
type touch_offload_device, dev_type;

Bug: 199104528
Test: build pass

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: I3cedb25473d8327eb42d3b65cf714cf5dc22712f
 2022-02-11 02:36:29 +00:00
Ankit Goyal
239885a306 Rename vulkan library to be platform agnostic 
Bug: 174232579
Test: Boots to home
Change-Id: Ib8618f4f8e1fc47753039f1143269211df0c42be
 2022-02-11 00:52:54 +00:00
Adam Shih
08db42d941 update error on ROM 8162414 
Bug: 218585004
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I9ac82ab564eb4399a88516427f1cdc735a257da2
 2022-02-09 05:17:19 +00:00
chungkai
b1177899bd Fix avc denials for powerhal 
Test: boot to home screen
Bug: 214121738
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ic5e14f7c8d321278c2c39797126db930a0dc93f3
 2022-02-09 04:10:28 +00:00
Denny cy Lee
92d0030e6a hardwareinfo: add sepolicy for SoC 
Bug: 208721710
Test: search avc in logcat

Change-Id: I3828d39981666db98e6a34aa70ae39b7f126e495
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2022-02-08 03:33:06 +00:00
Marco Nelissen
362074c629 Really allow logd to read the Trusty log 
The previous change was missing some permissions.

Bug: 190050919
Test: run
Change-Id: I09d50b663a926cb616279e4a741d34598ca80ab7
 2022-01-27 13:30:28 -08:00
Krzysztof Kosiński
b76b5e3872 Add camera HAL sepolicy based on previous chip family. 
The camera HAL code is reused from the previous chip and needs to
perform the same operations as previously, with the following
differences:
- The interrupt affinity workaround may no longer be necessary
  due to image sensor changes, so the ability to set interrupt
  affinity is removed.
- Access to some files that were only present before the APEX
  migration is removed.
- vendor_camera_tuning_file is no longer needed.
- TEE access for face auth is removed for now.

Bug: 205904406
Bug: 205657132
Bug: 205780186
Bug: 205072921
Bug: 205657133
Bug: 205780065
Bug: 204718762
Bug: 207300298
Bug: 209889068
Bug: 210067468
Test: Ensure that the policy builds; I don't have access to target
      hardware at the moment.

Change-Id: Ia70b98d4e1f3a156a5e719f0d069a90579b6a247
 2022-01-27 15:36:30 +00:00
Marco Nelissen
ef2c46c2f4 Allow logd to read the Trusty log 
Bug: 190050919
Test: run

Change-Id: I52c1bfadbbe7d2a471bd8e9be995284f8887543a
 2022-01-26 17:28:12 +00:00