Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
431 commits 1 branch 0 tags 63 MiB
Commit graph

431 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tai Kuo
373795e6a5 Remove hal_vibrator_default avc tracking denials am: bc3924f61d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16939010

Change-Id: I6a962e36cee9d8f402e1386f3736219e9a15b8a7
 2022-02-21 07:01:17 +00:00
wenchangliu
44eba6830b Allow hal_graphics_allocator to access vscaler_heap_device am: 84d53775e1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962930

Change-Id: I6524c426deb02574346c67e66e81c8caa226d731
 2022-02-21 07:01:04 +00:00
wenchangliu
258318a4af Allow hal_graphics_allocator to access dmabuf_system_secure_heap_device am: ad0a033f97 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962929

Change-Id: Ic9b9d211039819015f0a432d6ec703d259cb5677
 2022-02-21 07:01:04 +00:00
neoyu
7a34798ea4 Fix SELinux errors for vendor_init 
avc: denied { set } for property=logd.logpersistd pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=logd.logpersistd.size pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.use.iccid_to_plmn pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.emergencynumber.mode pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log_mask pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log.base_dir pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'
avc: denied { set } for property=persist.vendor.ril.log.chunk_size pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_rild_prop:s0 tclass=property_service permissive=0'

Bug: 220261262
Test: manual
Change-Id: Ieb6673234f913af25e275e61404098a0deccbed2
 2022-02-21 14:58:29 +08:00
neoyu
dffd11e39f [automerger skipped] Fix SELinux errors for ims am: e909ddabea am: bf6cd933e7 -s ours 
am skip reason: Merged-In I3e7f6781718c3967f7842b074b0ef91818508af2 with SHA-1 e909ddabea is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962927

Change-Id: If504e329add9e6a18766a60dcbbab83cc4a1b3ce
 2022-02-21 06:50:47 +00:00
neoyu
0123c39413 Fix SELinux errors for rild am: 26aa7c150e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962925

Change-Id: Ib2262bfdebeb032a401037aa1bfad9bf8159b74a
 2022-02-21 06:42:31 +00:00
Tai Kuo
f65f586495 Remove hal_vibrator_default avc tracking denials am: bc3924f61d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16939010

Change-Id: I09aab5de63058d127791e41a7fa2dcfe08e283a0
 2022-02-21 06:42:00 +00:00
wenchangliu
29dd317644 Allow hal_graphics_allocator to access vscaler_heap_device am: 84d53775e1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962930

Change-Id: Ic1f28fb4f370715ed9bb2ad5cb169888cb296c9d
 2022-02-21 06:41:43 +00:00
wenchangliu
032d245dec Allow hal_graphics_allocator to access dmabuf_system_secure_heap_device am: ad0a033f97 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962929

Change-Id: Ia9dc74f81614ce5e7b7f9b0cc1390e79fab5d990
 2022-02-21 06:41:42 +00:00
neoyu
9ba325c541 [automerger skipped] Fix SELinux errors for ims am: e909ddabea -s ours 
am skip reason: Merged-In I3e7f6781718c3967f7842b074b0ef91818508af2 with SHA-1 0d22c86fef is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962927

Change-Id: Ic5568e403b77bc6a4983962e8188b5c8e0df9dc0
 2022-02-21 06:41:12 +00:00
neoyu
26aa7c150e Fix SELinux errors for rild 
avc: denied { set } for property=vendor.sys.modem_reset pid=990 uid=1001 gid=1001 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 220261262
Test: manual
Change-Id: I2bd616345f665c0cffd1ee73db790708f9cbca06
 2022-02-21 06:38:42 +00:00
Tai Kuo
bc3924f61d Remove hal_vibrator_default avc tracking denials 
Bug: 204718450
Bug: 207062207
Bug: 208721729
Test: pts-tradefed run pts -m PtsSELinuxTest -t
  com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: Icb3d6a48fc9fbb6e6644d1d65150436f7c0c8c3f
 2022-02-21 06:37:00 +00:00
wenchangliu
84d53775e1 Allow hal_graphics_allocator to access vscaler_heap_device 
avc: denied { read } for name="vscaler-secure" dev="tmpfs" \
ino=458 scontext=u:r:hal_graphics_allocator_default:s0 \
tcontext=u:object_r:vscaler_heap_device:s0 \
tclass=chr_file permissive=0

Bug: 199467922
Test: ExoPlayer secure playback
Change-Id: I2b3be9f4f038317eb456a20b33e555e8d5db2678
 2022-02-21 06:36:34 +00:00
wenchangliu
ad0a033f97 Allow hal_graphics_allocator to access dmabuf_system_secure_heap_device 
avc: denied { ioctl } for path="/dev/dma_heap/vframe-secure" dev="tmpfs" \
ino=801 ioctlcmd=0x4800 scontext=u:r:hal_graphics_allocator_default:s0 \
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 \
tclass=chr_file permissive=0

Bug: 199467922
Test: ExoPlayer secure playback
Change-Id: I9e6e1bba6d01c1a416a440e8ad425a5cf2ac19c5
 2022-02-21 06:36:34 +00:00
neoyu
bf6cd933e7 Fix SELinux errors for ims am: e909ddabea 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962927

Change-Id: I4c07a8c15ae99f489044c360e84a7480d2348846
 2022-02-21 06:14:24 +00:00
neoyu
e909ddabea Fix SELinux errors for ims 
avc: denied { write } for name="property_service" dev="tmpfs" ino=362 scontext=u:r:vendor_ims_app:s0:c208,c256,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 app=com.shannon.imsservice
avc: denied { set } for property=persist.radio.call.audio.output pid=1920 uid=10216 gid=10216 scontext=u:r:vendor_ims_app:s0:c216,c256,c512,c768 tcontext=u:object_r:radio_prop:s0 tclass=property_service permissive=0'

Bug: 219954530
Test: manual
Change-Id: I3e7f6781718c3967f7842b074b0ef91818508af2
(cherry picked from commit 0d22c86fef)
Merged-In: I3e7f6781718c3967f7842b074b0ef91818508af2
 2022-02-21 05:44:38 +00:00
Adam Shih
9809b69b55 update error on ROM 8205122 am: 2b6835e404 am: 9589916921 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962923

Change-Id: I9dfaff1b0924a18001d84799aa8b1921870ee8ee
 2022-02-21 04:37:51 +00:00
Adam Shih
76a7ff4af6 update error on ROM 8205122 am: 2b6835e404 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962923

Change-Id: I7c9696fb57a9521edc5a54eef871d236cae0c17a
 2022-02-21 04:20:20 +00:00
wenchangliu
9adddfcfed Allow mediacodec_samsung to access gpu device am: 28817da2a3 am: 318db1ac82 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16939013

Change-Id: I73c0b9acc2cf297e8baf2ea9ebf524c6acdb1491
 2022-02-21 04:07:39 +00:00
Adam Shih
9589916921 update error on ROM 8205122 am: 2b6835e404 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16962923

Change-Id: I69c24ef1ae29c7eba9085e0ab2f113a0039dd670
 2022-02-21 03:34:06 +00:00
wenchangliu
318db1ac82 Allow mediacodec_samsung to access gpu device am: 28817da2a3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16939013

Change-Id: I0fa6c765db711a277e356fbdadc6de1f526d5943
 2022-02-21 03:34:00 +00:00
Adam Shih
2b6835e404 update error on ROM 8205122 
Bug: 220636850
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I201f9e84eca676b9f7aa5d09356bce384df1fa4b
 2022-02-21 03:20:59 +00:00
Jinting Lin
e65363450c Adds logging related properties for logger app 
Bug: 220073302
Change-Id: I3917ce13f51a5ccb3304eb2db860f4da8424438b
 2022-02-21 01:45:27 +00:00
wenchangliu
28817da2a3 Allow mediacodec_samsung to access gpu device 
avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" \
ino=1042 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

avc: denied { read write } for name="mali0" dev="tmpfs" \
ino=1042 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

avc: denied { open } for path="/dev/mali0" dev="tmpfs" \
ino=1042 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

avc: denied { ioctl } for path="/dev/mali0" dev="tmpfs" \
ino=1042 ioctlcmd=0x8034 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

avc: denied { map } for path="/dev/mali0" dev="tmpfs" \
ino=1042 scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

Bug: 205772037
Test: demo-transformer HDR editing
Change-Id: Ib5d075bfd1247112c803f01db430d93259fd9e7f
 2022-02-18 13:50:13 +00:00
Alex Hong
453b37ebdc Remove the sepolicy for tetheroffload service 
Test: m checkvintf
      run vts -m VtsHalTetheroffloadControlV1_0TargetTest
Bug: 207076973
Bug: 214494717
Change-Id: I5ecec46512ff4e1ae6c52147cfa0179e5fc93420
 2022-02-18 07:55:02 +00:00
neoyu
0d22c86fef Fix SELinux errors for ims 
avc: denied { write } for name="property_service" dev="tmpfs" ino=362 scontext=u:r:vendor_ims_app:s0:c208,c256,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 app=com.shannon.imsservice
avc: denied { set } for property=persist.radio.call.audio.output pid=1920 uid=10216 gid=10216 scontext=u:r:vendor_ims_app:s0:c216,c256,c512,c768 tcontext=u:object_r:radio_prop:s0 tclass=property_service permissive=0'

Bug: 219954530
Test: manual
Change-Id: I3e7f6781718c3967f7842b074b0ef91818508af2
 2022-02-18 02:39:23 +00:00
Peter Csaszar
4041f814be pixel-selinux: add SJTAG policies 
These are the SELinux policies for the sysfs files of the SJTAG
kernel interface. The files are in the following directories:

  /sys/devices/platform/sjtag_ap/interface/
  /sys/devices/platform/sjtag_gsa/interface/

Bug: 207571417
Signed-off-by: Peter Csaszar <pcsaszar@google.com>
Change-Id: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
 2022-02-17 12:31:09 -08:00
Midas Chien
c8c1f766d2 Allow composer to read panel_idle sysfs node 
Change panel_idle selinux type to sysfs_display to allow composer can
access it.

Bug: 198808492
Test: ls -Z to check selinux type
Test: make sure composer can access it
Change-Id: Ic2bd697c79b398b8093dd00598b1076e3ea3aec2
 2022-02-17 09:17:42 +00:00
Denny cy Lee
efbd9fa0b2 sepolicy: hwinfo: Add battery fuel gauge permission 
Bug: 208909060
Bug: 219660742
Bug: 219660741
Test: check dmeg and search "avc: denied { search } for
comm="id.hardwareinfo" vendor_maxfg_debugfs avc gone after apply patch

Change-Id: I3399e696b59218e62c4d1adcc2a12f5d6ee5c8cc
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2022-02-17 09:04:23 +00:00
Junkyu Kang
064c6a86e0 Add persist.vendor.gps to sepolicy 
Bug: 196002632
Test: PixelLogger can modify persist.vendor.gps.*
Change-Id: I17f16d1f147287abf86b18452743842594be7531
 2022-02-16 08:16:03 +00:00
Adam Shih
b2c284177a label sysfs_fabric to target_load 
[   11.149987] type=1400 audit(1644984050.124:9): avc: denied { open } for comm="NodeLooperThrea" path="/sys/devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load" dev="sysfs" ino=48615 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
Bug: 218500026
Test: boot with no error loop under enforcing mode

Change-Id: Ie2f78f8ee39233e0c1f83fc2ba654f4a116e12a4
 2022-02-16 13:01:30 +08:00
chungkai
2d7c980fa6 Fix avc denials for powerhal 
selinux policy is already added by other commit "9cc7041",
so remove the previous setting.

Test: boot to home screen
Bug: 218934377
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Id11ee7b4ae216a54e7051190f8ca382e97a76ade
 2022-02-16 02:21:04 +00:00
SalmaxChang
c5f0e9723f cbd: fix avc errors 
avc: denied { search } for comm="cbd" name="/" dev="sda1" ino=3 scontext=u:r:cbd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { setuid } for comm="cbd" capability=7 scontext=u:r:cbd:s0 tcontext=u:r:cbd:s0 tclass=capability permissive=1

Bug: 205779872
Bug: 205904432
Change-Id: I09f1ac5473b728d5e6f38b01dc83f4b9c4c8fbcc
 2022-02-16 01:55:39 +00:00
SalmaxChang
1420e3d5d7 rfsd: fix avc errors 
[    8.024353] type=1400 audit(1636594727.560:42): avc: denied { chown } for comm="rfsd" capability=0 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1
[    8.027666] type=1400 audit(1636594727.564:43): avc: denied { setuid } for comm="rfsd" capability=7 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1

Bug: 205904361
Change-Id: I6e30a9622b930273fbc524e6bc84f2112f79f11c
 2022-02-16 01:55:31 +00:00
Mars Lin
a320d9b575 Add required sepolicy rules for CatEngine 
Fix:
02-15 11:55:44.005   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=activity scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.082   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=game scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:game_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.087   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=netstats scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.092   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=content_capture scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1

Bug: 219632839
Test: pts-tradefed run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I1db9b29e3a3c7dae782bced3427e7c24c5dee945
 2022-02-16 01:34:11 +00:00
Adam Shih
501767b174 remove bt obsolete sepolicy 
Bug: 207062775
Bug: 208721525
Test: do bt connection under enforcing mode
Change-Id: I787bfcffdb8cfcff7276d8d183c04d985296ff1c
 2022-02-15 07:45:58 +00:00
Adam Shih
027e04ab2b update error on ROM 8184037 
Bug: 219632839
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ie3a2325f2e80aea94d7ca79257f5bf3db8578259
 2022-02-15 06:59:08 +00:00
Alex Hong
58b6e68d51 Add required sepolicy rules for Sensor function 
Bug: 210067282
Bug: 214473093
Bug: 218930975
Bug: 218499995
Test: run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#checkSensors
Change-Id: I21bbbe35b8c487e9de46b03c508a483134c0b1b8
 2022-02-14 19:31:08 +08:00
Rick Yiu
76b772519a Allow dumping vendor groups values 
Fix:
I dumpstate@1.1-s: type=1400 audit(0.0:37): avc: denied { search } for name="vendor_sched" dev="proc" ino=4026532870 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=dir permissive=1
I dumpstate@1.1-s: type=1400 audit(0.0:38): avc: denied { read } for name="dump_task" dev="proc" ino=4026532871 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=file permissive=1
I dumpstate@1.1-s: type=1400 audit(0.0:39): avc: denied { open } for path="/proc/vendor_sched/dump_task" dev="proc" ino=4026532871 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_vendor_sched:s0 tclass=file permissive=1

Bug: 216844247
Test: build pass
Change-Id: Icfecf373aa7b49d504d9ed4e15dcbfe2a53d47d3
 2022-02-14 06:05:03 +00:00
Adam Shih
015d77ab54 update error on ROM 8179635 
Bug: 219369324
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Iee33b4d8cefca3b91caa0fce1ed1d4a0686a05a2
 2022-02-14 05:19:24 +00:00
Mars Lin
549512a38e Add sepolicy for CatEngine 
Bug: 187989782
Test: Run CAT adb check log
Change-Id: Ib715ac2fb8efc8ad79fe190942dcfae716291d2b
 2022-02-14 03:03:39 +00:00
Adam Shih
436106d52f Let citadel talk to system_server 
Bug: 205904322
Test: no request loop caused by citadeld
Change-Id: Ia258ed2555d82eb2ea2b139a266c8f76d3b29d06
 2022-02-11 06:54:28 +00:00
Adam Shih
e01b568cfe update error on ROM 8172195 
Bug: 218934377
Bug: 218930975
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I125453803e0c827c45ad9551616366b96cc89816
 2022-02-11 05:31:05 +00:00
Alex Hong
9cc70410c5 Add required sepolicy rules for Camera function 
Bug: 218499972
Test: Switch to Enforcing mode
      Take a picture, camera recording
Change-Id: I57f3e8454ece6906624f028b7a3771ffddcaa963
 2022-02-11 03:26:56 +00:00
Alex Hong
cd4f508c92 Grant hal_dumpstate_default access 
Bug: 208721677
Bug: 208909124
Test: pts-tradefed run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanBugreport
Change-Id: Ie5463e96958a95431630941c19b7888a3eea2e3e
 2022-02-11 03:26:56 +00:00
davidycchen
7b7394be79 Remove touch_service 
Remove touch_service here because we already define in
hardware/google/pixel-sepolicy/input and add by ag/16251913.

Bug: 199104528
Test: No any related error.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: I3e5f705f6d3cde18d9495cb110e16c4152fe3d4f
 2022-02-11 02:36:29 +00:00
davidycchen
bfda745e26 Remove touch_offload_device declaration 
touch_offload_device is already declare in
hardware/google/pixel-sepolicy/input.

device/google/gs201-sepolicy/whitechapel_pro/device.te:14:ERROR
'Duplicate declaration of type' at token ';' on line 76173:
type rls_device, dev_type;
type touch_offload_device, dev_type;

Bug: 199104528
Test: build pass

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: I3cedb25473d8327eb42d3b65cf714cf5dc22712f
 2022-02-11 02:36:29 +00:00
Ankit Goyal
239885a306 Rename vulkan library to be platform agnostic 
Bug: 174232579
Test: Boots to home
Change-Id: Ib8618f4f8e1fc47753039f1143269211df0c42be
 2022-02-11 00:52:54 +00:00
Adam Shih
08db42d941 update error on ROM 8162414 
Bug: 218585004
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I9ac82ab564eb4399a88516427f1cdc735a257da2
 2022-02-09 05:17:19 +00:00
chungkai
b1177899bd Fix avc denials for powerhal 
Test: boot to home screen
Bug: 214121738
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ic5e14f7c8d321278c2c39797126db930a0dc93f3
 2022-02-09 04:10:28 +00:00