Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
753 commits 1 branch 0 tags 63 MiB
Commit graph

753 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jenny Ho
f5a88c35a4 Add sepolicy rule to allow dump battery maxfg history 
android.hardwar: type=1400 audit(0.0:7): avc: denied { getattr } for path="/dev/maxfg_history" dev="tmpfs" ino=580 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 bug=b/240632721

Bug: 254164096
Change-Id: I64ff95ba8db62a8f831d012b4cdf4e6ec973f086
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2022-12-15 03:03:01 +00:00
Jack Wu
810a7c5988 ignore shell access on wlc am: 812312fb1c am: e5974267f8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20677740

Change-Id: Ic9e3f1e1c7d029268a6430eda9bfdd8873c30ede
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-12 07:55:16 +00:00
Jack Wu
e5974267f8 ignore shell access on wlc am: 812312fb1c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20677740

Change-Id: I12bf3f89227c1d3cab0ea2ac5863bfbcaf7eb6f9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-12 06:50:08 +00:00
Jack Wu
812312fb1c ignore shell access on wlc 
Bug: 261804136
Test: boot
Change-Id: I5f1d321df2daa2ec785e2ad1ac2e02478568b688
Merged-In: I5f1d321df2daa2ec785e2ad1ac2e02478568b688
Signed-off-by: Jack Wu <wjack@google.com>
 2022-12-08 17:58:26 +08:00
chiayupei
5df8045c3b hal_sensors_default: Add sepolicy for MagCC. 
avc: denied { search } for name="battery" dev="sysfs" ino=78703 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
avc: denied { read } for name="status" dev="sysfs" ino=78714 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/status" dev="sysfs" ino=78714 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/devices/platform/google,battery/power_supply/battery/status" dev="sysfs" ino=78714 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
avc: denied { read } for name="status" dev="sysfs" ino=78714 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
avc: denied { search } for name="i2c-p9222" dev="sysfs" ino=69679 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
Bug: 254155730
Test: Manually test no avc denied for MagCC

Change-Id: Ie5261b39187ffcdf645ae64727c54643bdbc1c47
Signed-off-by: chiayupei <chiayupei@google.com>
 2022-12-08 07:56:50 +00:00
Wasb Liu
271a845885 hal_health_default: updated sepolicy am: daeff5e18c am: 88e9fb512d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20610808

Change-Id: I4f4cc732f46d00a7c18dc1fb691436aa826e441a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-05 04:56:13 +00:00
Wasb Liu
88e9fb512d hal_health_default: updated sepolicy am: daeff5e18c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20610808

Change-Id: Idb7b4ffa9a74638247fc9bbaa4f697c9945e4c2e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-05 03:51:20 +00:00
George Lee
0237351f52 Battery Mitigation: Use Brownout Reason - sepolicy 
Brownout Reason replaces startup_bugreport_requested.  Battery
Mitigation needs to be updated.

Bug: 237287659
Test: Ensure lastmeal.txt is properly generated.
Merged-In: Ia03da290f5cb90ebbc7616d46e90064e346a402c
Change-Id: Ic123d704e37aa6d1dcd7377c291b537069ede829
Signed-off-by: George Lee <geolee@google.com>
 2022-12-02 05:13:57 +00:00
Wasb Liu
daeff5e18c hal_health_default: updated sepolicy 
allow android.hardware.health service to access persist_battery_file

11-14 13:53:39.242   872   872 W android.hardwar: type=1400 audit(0.0:17): avc: denied { search } for name="battery" dev="sda1" ino=84 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=dir permissive=0

Bug: 258535661
Bug: 260878511
Test: check for no avc denied on persist_battery_file
Change-Id: I7564b03339e17f9eea4aa5a8feda31bcfdd6100c
Signed-off-by: Wasb Liu <wasbliu@google.com>
Signed-off-by: Ken Tsou <kentsou@google.com>
(cherry picked from commit 24cfe388c5)
 2022-12-02 02:01:24 +00:00
Ziyi Cui
30e01ffb8c [ DO NOT MERGE ] gs201-sepolicy: pixelstats: enable pixelstats access to perf-metrics 
enable pixelstats access to sysfs path, define sysfs_perfmetrics

Bug: 227809911
Bug: 232541623
Test: Verified the existence of atom and correctness of resume latency, irq stats
Signed-off-by: Ziyi Cui <ziyic@google.com>
Change-Id: If1b95148b59a6816c6795921018dfae68d80550b
 2022-12-01 06:31:22 +00:00
Ziyi Cui
521334a366 gs201-sepolicy:dumpstate: allow dumpstate access sysfs_vendor_metrics 
Test: "adb bugreport" includes metrics capture.

Bug: 246799997
Signed-off-by: Ziyi Cui <ziyic@google.com>
Change-Id: I1c2f4aaf1cd875a37497ca8beacb555d39eeb51e
 2022-12-01 06:27:22 +00:00
Ziyi Cui
2d4a9c02fc [ DO NOT MERGE ] gs201-sepolicy: pixelstats: enable pixelstats access to temp-residency-metrics 
enable pixelstats access to sysfs path
Bug: 246799997
Test: Verified the existence of atom and correctness of atom stats
Signed-off-by: Ziyi Cui <ziyic@google.com>
Change-Id: I4a731d40a586e01c484cf95c57fb16a03f5e6ceb
 2022-12-01 06:27:22 +00:00
Wasb Liu
24cfe388c5 hal_health_default: updated sepolicy 
allow android.hardware.health service to access persist_battery_file

11-14 13:53:39.242   872   872 W android.hardwar: type=1400 audit(0.0:17): avc: denied { search } for name="battery" dev="sda1" ino=84 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=dir permissive=0

Bug: 258535661
Test: check for no avc denied on persist_battery_file
Change-Id: I7564b03339e17f9eea4aa5a8feda31bcfdd6100c
Signed-off-by: Wasb Liu <wasbliu@google.com>
 2022-11-30 09:44:34 +00:00
Stephen Crane
5cd114d3a0 Allow Trusty storageproxy property 
Allows the Trusty storageproxyd to set ro.vendor.trusty.storage.fs_ready
when the data filesystems are ready for use, and allows vendor init to
query and wait on this property.

Test: build, flash, test app loading
Bug: 258018785
Change-Id: I0b4f80371385bf0ddb0c44e81b1893bb80c7a63d
Merged-In: I0b4f80371385bf0ddb0c44e81b1893bb80c7a63d
 2022-11-28 19:48:56 +00:00
Steve Pfetsch
a2e6c51431 gs201-sepolicy: provide permission for TouchInspector app [DO NOT MERGE] 
Resolve these access violations:
avc: denied { write } for name="driver_test" dev="proc" ino=4026535572
scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0
tclass=file permissive=1 app=com.google.touch.touchinspector
avc: denied { open } for path="/proc/fts/driver_test" dev="proc"
ino=4026535572 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector
avc: denied { getattr } for path="/proc/fts/driver_test" dev="proc"
ino=4026535572 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector
avc: denied { read } for name="driver_test" dev="proc" ino=4026535572
scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0
tclass=file permissive=1 app=com.google.touch.touchinspector

avc: denied { open } for path="/proc/fts_ext/driver_test" dev="proc"
ino=4026535574 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector
avc: denied { getattr } for path="/proc/fts_ext/driver_test" dev="proc"
ino=4026535574 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector

Bug: 182118395
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
Change-Id: Ia3bd2323b77134b8e47d858f36756780dec98c19
 2022-11-22 23:48:19 +00:00
George Lee
d59612c409 gs201-sepolicy: Add BrownoutDetection app [DO NOT MERGE] 
This app files bugreport for user-debug build with reboot reason = ocp
or uvlo.  Removed the dependency on BetterBug.

Bug: 237287659
Test: Ensure bugreport is generated under user-debug build with reboot
reason = ocp or uvlo.
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Ib8fceb62e66e9d561a6597687ea3cbe5ac9a832d
 2022-11-16 18:20:57 +00:00
Minchan Kim
4baa8bea9c dumpstate: allow dumpstate access pixel specific trace events 
At bugreport, it's useful to debug problems with having trace events.
Allow dumpstate access pixel trace event directory and files.

Test: "adb bugreport" includes trace event capture.
Bug: 238728493
Change-Id: Ia3fe7c149bfa0d0d192070ff28513384898af917
Signed-off-by: Minchan Kim <minchan@google.com>
 2022-11-14 19:00:39 +00:00
Rick Chen
8140a50845 Allow CHRE to use EPOLLWAKEUP [DO NOT MERGE] 
avc: denied { block_suspend } for comm="UsfTransport" capability=36 scontext=u:r:chre:s0 tcontext=u:r:chre:s0 tclass=capability2 permissive=0

Bug: 238666865
Test: Check no chre avc denied.
Change-Id: Ie936055550c6221beae394c264d664c1e76f946b
Signed-off-by: Rick Chen <rickctchen@google.com>
 2022-11-09 15:06:39 +00:00
George Lee
8427e1db8d betterbug: Fixed sepolicy related to File [DO NOT MERGE] 
Added File Attachment sepolicy for betterbug

Bug: 237287659
Test: Attach files from local directory and confirm it can be attached.
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Ie2ee163794a4b955915a1b62b12d5aa625931034
 2022-11-08 15:11:18 +00:00
Roger Fang
35112bba62 [DO NOT MERGE] sepolicy: add permission for CCA rate of pixelstats-vend 
pixelstats-vend: type=1400 audit(0.0:7): avc: denied { read } for name="cca_rate_read_once" dev="sysfs" ino=100809 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 249225148
Test: Manually test passed

Change-Id: I802b79417cd9ce23386bb62eccb151610bfb8ac1
Signed-off-by: Roger Fang <rogerfang@google.com>
 2022-11-08 09:53:37 +00:00
George Lee
40be3818e1 betterbug: Fixed sepolicy related to mediaserver [DO NOT MERGE] 
Added mediaserver sepolicy for betterbug

Bug: 237287659
Test: Run same video capture on Betterbug to confirm video can be
captured.
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I5226bdbf9d4fccb991161bbe6ac4edf8fd3b15a7
 2022-11-05 18:45:08 +00:00
Star Chang
f9552297fa Add sepolicy for TWT to dumpstate 
Bug: 253348062
Test: dump bugreport ok
Signed-off-by: Star Chang <starchang@google.com>
Change-Id: I0958fef496302df3f5e6e188f15117de78988a62
 2022-11-04 01:31:19 +00:00
Puma Hsu
9877742035 Add xhci-hcd-exynos.6 wakeup path for suspend_control 
Bug: 255270480
Test: verified with forrest test build
Change-Id: I5e2eed4d5e20361d86f6d6be8c92ca337e4ee004
Signed-off-by: Puma Hsu <pumahsu@google.com>
 2022-11-02 07:39:53 +00:00
pointerkung
0810814b49 Add required sepolicy rule for Camera 
Grant access for TNR max_freq to let libperfmgr can control it via powerhint.

Bug: 243729855
Test: Build pass, GCA, Control TNR max_freq via powerhint
Change-Id: I8f8faa360d9908afe3fe0de3c322a2be356b86c8
 2022-11-01 11:33:43 +00:00
Jenny Ho
441a3ad3ef Add permission for logbuffer_bd 
Bug: 242679204
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: Ie5c9829ee1a4980689c933273a273f1f4ac612b6
 2022-11-01 05:34:18 +00:00
George Lee
d1e0b924ae betterbug: Update selinux policy for betterbug 
Update startup_bugreport_requested property to vendor_public for
betterbug to access.

Bug: 237287659
Test: Load Betterbug for accessing startup bugreport reason property
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Idc07e3f4ce425c0167654743fbe1ad8b7ece5e15
 2022-10-31 16:30:39 +00:00
eddielan
ba0eb551e9 fingerprint: Allow fingerprint to access thermal hal 
SELinux : avc:  denied  { find } for interface=android.hardware.thermal::IThermal
sid=u:r:hal_fingerprint_default:s0 pid=1064
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:hal_thermal_hwservice:s0
tclass=hwservice_manager permissive=0

Bug: 243115023
Test: make selinux_policy -j128
Test: Check avc log on device
Change-Id: Ida1b18536468df11be5bf44fb6fb79b03a35f4b9
 2022-10-28 15:14:35 +00:00
Lucas Wei
939d05cbf8 SEPolicy: Don't audit search regmap by kernel 
Bug: 247948906
Signed-off-by: Lucas Wei <lucaswei@google.com>
Change-Id: I8886b5c3790036a9fe2d1ed8f524a0555b900dbb
Merged-In: I8886b5c3790036a9fe2d1ed8f524a0555b900dbb
 2022-10-24 09:07:14 +00:00
Martin Liu
19419cbdb3 allow vendor_init to acces watermark_scale_factor 
Bug: 251881967
Test: boot
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: I0840cf19f9c3120aaacc49de751fdd0a55aebf5f
 2022-10-19 20:33:22 +00:00
George Lee
5c48a90285 pixelstats: add bcl directory permission 
Bug: 253522156
Test: Local test
$>cmd stats print-logs
$>logcat | grep <atom id>

Signed-off-by: George Lee <geolee@google.com>
Change-Id: I934f6efb043893666dac88257619556e30d82751
 2022-10-14 15:57:59 +00:00
George Lee
39ffb227b3 betterbug: Add selinux policy for betterbug 
Enable Betterbug to read reboot reason such that Betterbug can file
bugreport when *uvlo* or *ocp* is found within reboot reason.

Bug: 237287659
Test: Load Betterbug for accessing boot reason property
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Id699be34d2e060ee7827737982403fd58f133c4a
 2022-10-13 23:44:06 +00:00
George Lee
083ba62902 bcl: Remove unused brownout boot reason sepolicy 
vendor_brownout_boot_reason was added under previous change.  It should
be added as part of follow on change to enable metric collection.

Bug: 246817058
Test: Confirm brownout_boot_reason non existent
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I1fed12e851750314f53a0d6517a9eff92c44e247
 2022-10-13 12:52:20 -07:00
George Lee
b72e47e1b0 bcl: Add brownout boot reason sepolicy 
Lastmeal.txt may be generated from after device rebooted from IRQ
triggering.  By applying limit on the time when it generates,
lastmeal.txt will not be generated after device rebooted.

Bug: 246817058
Test: Confirm lastmeal.txt generation
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I02515fc452dbfa5c8a40041cbb8731664dace62e
 2022-10-12 19:59:58 -07:00
George Lee
2260099ad3 bcl: Add mitigation ready device sepolicy 
Instead of relying on vendor.thermal.link_ready property to gate write
to BCL's SYSFS node, adding mitigation ready SYSFS so that writes to
BCL's SYSFS node would not cause NULL pointer dereference.

Bug: 249130916
Test: Confirm property vendor.brownout.mitigation.ready is set
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I1b21a1c745e7e17f78e9d4c001032dd2c46673cf
 2022-10-10 19:49:34 +00:00
Vova Sharaienko
bdf3d6abcc hal_health_default: updated sepolicy 
This allows the android.hardware.health service to access
AIDL Stats service

Bug: 237639591
Bug: 249827340
Test: Build, flash, boot & and logcat | grep "avc"
Change-Id: I71013c0b17ee5e526387efa0afb823f97775e572
(cherry picked from commit 87bc6d189d)
Merged-In: I71013c0b17ee5e526387efa0afb823f97775e572
 2022-09-30 16:43:46 +00:00
Kyle Tso
c18eea71d7 Set sepolicy for shell script of disabling contaminant detection 
(ported from Ib2e3cf498851c0c9e5e74aacc9bf391549c0ad1a)

Bug: 244658328
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: Idbfa55d4c7091ce2861600ff3881fcc7217ec662
Merged-In: Idbfa55d4c7091ce2861600ff3881fcc7217ec662
 2022-09-29 13:33:28 +00:00
Sayanna Chandula
cbb62de10c thermal: enable pixelstats access to thermal metrics 
Allow pixelstats daemon to access thermal metric nodes

Bug: 228247740
Test: Build and boot on device. Check thermal stats
Change-Id: Iada717b92782bc9c085928462b2e06d2db136cab
Signed-off-by: Sayanna Chandula <sayanna@google.com>
 2022-09-23 19:48:41 +00:00
jintinglin
5acc68de3b Allows modem_svc to read the logging related properties 
avc: denied { read } for comm="modem_svc_sit" name="u:object_r:vendor_logger_prop:s0" dev="tmpfs" ino=347 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_logger_prop:s0 tclass=file permissive=0

Bug: 243039758
Change-Id: Ib3031552faf03771f86e72e7dbd81c3610c518cc
 2022-09-22 08:15:23 +00:00
Jinhee.k
37c32d672f sepolicy: allowed permissions required for network access 
: add permission to allow create, connect udp socket
Apply to add network access permissions

Bug: 242231557
Test: Verified no IMS exception and avc denied
Change-Id: I4a4bd1efb22b5538b1679aad8f543d00203e0b48
Signed-off-by: Jinhee.k <jinhee.k@samsung.com>
 2022-09-19 01:41:34 +00:00
Sherry Luo
9dd930e4c2 Add network permissions for debug camera 
Noticed that Estrella upload failing w/
   java.lang.SecurityException: Permission denied (missing INTERNET
   permission?)

Followed investigation in b/230434151. Verified that upload working once
this change is flashed.

Test: Flash build w/ local change
Test: Take a picture and upload using Estrella
Test: Verify that the upload succeeded

BUG=245995782

Change-Id: I505af355f25e9063927c946ee8af21de25758ef1
 2022-09-15 18:16:58 +00:00
Estefany Torres
6cb9f4e623 Add rules for letting logger app send the command to ril 
08-31 23:40:57.354   458   458 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:logger_app:s0:c252,c256,c512,c768 pid=2901 scontext=u:r:logger_app:s0:c252,c256,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
09-01 00:08:19.600  2881  2881 W oid.pixellogger: type=1400 audit(0.0:10): avc: denied { call } for scontext=u:r:logger_app:s0:c252,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.android.pixellogger

Bug: 241412942
Test: tested on C10 with pixel logger change
Change-Id: I845eefc609be2b7fbc22c9b37d1eb2b3195e014f
 2022-09-15 14:09:05 +00:00
Chungjui Fan
aa55cb6f2e Add sepolicy of dumping LED file in dumpstate 
Bug: 242300919
Change-Id: I14b0af18244c4a71fd7908fdb35e2e86354e02e0
 2022-09-14 02:59:20 +00:00
Jeffrey Carlyle
a658683689 dck: allow st54spi devivce to be accessed by recovery and fastbootd 
This is needed so that Digital Car Keys can be cleared from the ST54
during a user data wipe.

Bug: 203234558
Test: data wipe in Android recovery mode on raven
Test: data wipe in Android recovery mode on c10
Test: data wipe in user mode fastbootd mode on raven
Test: data wipe in user mode fastbootd mode on c10
Signed-off-by: Jeffrey Carlyle <jcarlyle@google.com>
Change-Id: Icaa3d62aa6b3b88b8db6c1c11807907a06e51019
 2022-09-08 21:58:52 +00:00
JJ Lee
4b3ae5b9bf sepolicy: add nodes for aoc memory votes stats 
Bug: 223674292
Test: build pass, not blocking bugreport
Change-Id: Iae1c5dc42b3e6213d4399025cb91dc57822fd2cc
Signed-off-by: JJ Lee <leejj@google.com>
 2022-09-08 04:45:32 +00:00
Jack Wu
c252f3ffa8 remove selinux avc error 
Bug: 238398889
Test: no avc denied in TreeHugger verified
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Icf2a89462574e2f0eea29d0601e77728d67e6e0d
 2022-09-07 11:57:09 +08:00
Robb Glasser
feba667c23 Give permissions to save usf stats and dump them in bugreports. 
Creating a mechanism to save some USF stat history to device and pipe it
to bugreports. Granting permissions so that this can work.

Bug: 242320914
Test: Stats save and are visible in a bugreport.
Change-Id: Ie08fce80e79bd564ea58dab66ce8f0d9892d7020
 2022-08-25 02:47:58 +00:00
Jinting Lin
b69195ebe9 Fix avc denied for vendor telephony debug app 
avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 pid=8533 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { search } for name="com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=344 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=0
avc: denied { write } for name="property_service" dev="tmpfs" ino=379 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Test: manual test

Bug: 241976048
Change-Id: I5aa49a8e243d212180c7da6f65da9021164fca44
 2022-08-24 01:54:34 +00:00
Roger Fang
74eb33d057 sepolicy: add permission for AMS rate of pixelstats-vend 
pixelstats-vend: type=1400 audit(0.0:618): avc: denied { read } for name="ams_rate_read_once" dev="sysfs" ino=100493 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:619): avc: denied { open } for path="/sys/devices/platform/audiometrics/ams_rate_read_once" dev="sysfs" ino=100493 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:620): avc: denied { getattr } for path="/sys/devices/platform/audiometrics/ams_rate_read_once"

Bug: 239508478
Test: Manually test passed

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: I3e171b35ebdcf11b0da559361f382f1cf01b0f2f
 2022-08-23 19:56:37 +00:00
Weizhung Ding
4e46081859 Add coredomain for hbmsvmanager 
Sync the coredomain from gs101

Bug: 239902607
Test: without denied log
Change-Id: I220ce6b2f67877637189fcfcc0f6b328c8be6eae
 2022-08-23 01:39:53 +00:00
Wei Wang
d28c59ec92 Label GPU dvfs period setting am: b5fcd3b4db 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/19564662

Change-Id: I616aa04aa91a262e00dd0d611d486edccf463a29
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-10 23:03:28 +00:00