Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
486 commits 1 branch 0 tags 63 MiB
Commit graph

486 commits

This branch
This branch
All branches
Author SHA1 Message Date
JimiChen
f90d992b0c allow rlsservice read vendor camera property 
Bug: 233020488
Test: no avc denied
Change-Id: Ie7e68a6e18ba64c18e90e39cadacea5a15364eff
 2022-06-16 12:02:26 +00:00
Myung-jong Kim
e2b042c307 sepolicy: add net_domain macro for vendor_rcs_app 
[Problem] sepolicy denial during ShannonGbaService process
[Cause] Missing sepolicies
[Solution] Add net_domain(vendor_rcs_app) to give base set of
    permissions required for network access

Bug: 235011726
Signed-off-by: Myung-jong Kim <mj610.kim@samsung.com>
Change-Id: Iaac1d7b5a4303338ed2c763b62714e14aed7d728
 2022-06-10 14:39:59 +00:00
Badhri Jagan Sridharan
91a1f49a8a Allow gadget hal to search i2c dir and write to usb_limit_accessory_enable 
auditd  : type=1400 audit(0.0:4): avc: denied { search } for comm="HwBinder:879_1"
name="10d60000.hsi2c" dev="sysfs" ino=23606 scontext=u:r:hal_usb_gadget_impl:s0
tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0

Bug: 206635552
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ibc4ec27ad7d1b7a26c9935aa0c4aff5f03a8d59c
 2022-05-23 23:59:44 +00:00
Austin Wang
e5f8377849 Add P22 reverse wireless charging selinux policy 
Allow Settings to call hal_wlc

Error:

05-13 09:28:20.508  1000  7293  7293 W ndroid.settings: type=1400 audit(0.0:29): avc: denied { call } for scontext=u:r:system_app:s0 tcontext=u:r:hal_wlc:s0 tclass=binder permissive=0

Bug: 231420451
Test: Enable battery share from settings and charge another device.
Change-Id: Ic761bee47ea41f6db8b1838fb3fc2a9f7ef7bb5c
 2022-05-13 09:28:03 +00:00
Jerry Huang
95845654bf Allow mediacodec to access vendor_data_file 
For dumping output buffer of HDR to SDR fliter.

This patch fixes the following denial:

05-10 21:42:49.427   890   890 W HwBinder:890_4: type=1400 audit(0.0:2944): avc: denied { search } for name="data" dev="dm-41" ino=105 scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

05-10 21:42:49.499   890   890 W HwBinder:890_4: type=1400 audit(0.0:2946): avc: denied { getattr } for name="/" dev="dmabuf" ino=1 scontext=u:r:mediacodec_samsung:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=0

05-10 21:46:27.735   885   885 W google.hardware: type=1400 audit(0.0:3198): avc: denied { search } for name="data" dev="dm-41" ino=105 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

05-10 21:46:27.795   885   885 W google.hardware: type=1400 audit(0.0:3200): avc: denied { getattr } for name="/" dev="dmabuf" ino=1 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=0

Bug: 229360116
Test: atest android.media.decoder.cts.DecoderTest
Change-Id: I11403b20e8608f50907db561b8232b1b64bea298
 2022-05-13 09:24:38 +00:00
Labib
4c8dbb65b8 Give RadioExt permission to write to sysfs node 
Bug: 212601547
Test: Manual
Change-Id: I8c7341833aeacebfedba6e8e05d2696012043d32
 2022-04-28 16:58:34 +08:00
Chung-Kai (Michael) Mei
ac45672cc5 Revert "genfs_contexts: fix path for i2c peripheral device" 
This reverts commit 4db0feed32.

Reason for revert: related patch is merged, so it's duplicated

Fix: 229940065
Change-Id: I898dd52f4857983323fec9f72e797bd2f759f724
 2022-04-21 07:28:09 +00:00
chungkai
4db0feed32 genfs_contexts: fix path for i2c peripheral device 
add original paths since we reverted enable load
module in parallel for other issues

Test: without avc denial
Bug: 229670628
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ie7a2a78eae5d6965beedc0de640ec56acb6a7b2a
 2022-04-21 06:33:21 +00:00
Stephane Lee
9fdfcb53b5 Fix boot issues with hal_thermal_default 
Bug: 229895015
Test: Ensure the device boots, verify permissions with ls -AlZ
Change-Id: I0f95bb7eb58e6ce22a0f66a70408fdf56d94b1b3
 2022-04-21 06:30:34 +00:00
Wayne Lin
4d163d5b32 gps: sync sepolicy from gs101 to allow gps access pps gpio 
Bug: 228903885
Test: build pass
Change-Id: Ic555a0640872ae0dc1a69a9d4a11027d4364464a
 2022-04-21 01:47:37 +00:00
Wayne Lin
5c9592e973 gps: refine gps sepolicy 
Bug: 228903885
Test: build pass and no avc denied in gpsd
Change-Id: Id0821b1335d316899e3a32b56a0e1c0feb4ba2b6
 2022-04-21 01:47:37 +00:00
Stephane Lee
3a95426f78 Add hwservicemanager to pixelstats permissions 
Bug: 227199213
Test: Ensure there are no more selinux errors
Change-Id: I1d961096df49f82302d7ff14fec809232e5afd28
 2022-04-21 01:42:17 +00:00
Labib
2b189b45af Let RadioExt talk to bt hal 
Bug: 227122249
Test: Manual
Change-Id: I9f41615e8e862af147d6f47e5e4c4e0dde40c233
 2022-04-20 03:20:39 +00:00
chungkai
32bf1ffbf7 sepolicy: fix avc denials 
add potential paths for i2c peripheral devices
sine we enable parallel module loading

Bug: 226887726
Test: do bugreport without avc denials
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I4af39bb6e620a59e02417a06c1dabd45df360fc3
 2022-04-20 02:22:31 +00:00
Jason Macnak
a77fc2a6df Remove sysfs_gpu type definition 
... as it has moved to system/sepolicy.

Bug: b/161819018
Test: presubmit
Change-Id: I107f92617bea56590b5af351341cc1c3b2844360
Merged-In: I107f92617bea56590b5af351341cc1c3b2844360
 2022-04-19 15:59:04 +00:00
Ted Lin
55f4e61c8c Sepolicy: add the system_app.te for hal_wlc 
04-11 20:28:15.435   523   523 I auditd  : avc:  denied  { find } for interface=vendor.google.wireless_charger::IWirelessCharger sid=u:r:system_app:s0 pid=3755 scontext=u:r:system_app:s0 tcontext=u:object_r:hal_wlc_hwservice:s0 tclass=hwservice_manager permissive=0

Bug:229036607
Test: adb bugreport
Change-Id: I40562204b3517b2861b2a52466f9cde04a5321c5
Signed-off-by: Ted Lin <tedlin@google.com>
 2022-04-19 06:11:19 +00:00
Jerry Huang
9bc45b2d60 Allow mediacodec_google to access gpu_device 
Bug: 228794372
Test: android.media.decoder.cts.DecoderTest#testAV1HdrToSdr

The change is for following error:
04-08 17:02:44.020  1046  7284  7284 W HwBinder:7284_3: type=1400 audit(0.0:70491): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0
04-08 17:02:44.028  1046  7284  7284 W HwBinder:7284_3: type=1400 audit(0.0:70492): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0
04-08 17:02:44.040  1046  7284  7284 W HwBinder:7284_3: type=1400 audit(0.0:70493): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0
04-08 17:02:44.048  1046  7284  7284 W HwBinder:7284_3: type=1400 audit(0.0:70494): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0

Change-Id: Ie22903807fcc12d931cbdd36678ae1d4a3776a3d
 2022-04-18 13:34:04 +08:00
Joshua McCloskey
2dc0bbd55b Allow platform apps to access FP Hal 
Bug: 227247855
Test: Verified manually that the fingerprint extension is working.
Change-Id: Id5550ca770942d02ad0796ed0d4e8584c434b680
 2022-04-15 21:39:58 +00:00
chungkai
d80900ae17 sepolicy: fix avc denials 
add potential paths for i2c peripheral devices
sine we enable parallel module loading

Bug: 228947596
Test: do bugreport without avc denials
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I2e9fa011c049e32011c5880218dd679e03316e24
 2022-04-15 02:56:55 +00:00
chungkai
d37777dd33 sepolicy: fix avc denials 
add potential paths for i2c peripheral devices
sine we enable parallel module loading

Bug: 226887726
Test: do bugreport without avc denials
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: If2ac4c137c1ea074907c363424e6018a5fd646e8
 2022-04-15 01:01:47 +00:00
Harpreet Eli Sangha
1a0b0ce0c4 Add CccDkTimeSyncService for Digital Key Support 
Test: Build and Run
Bug: 226659256
Signed-off-by: Harpreet Eli Sangha <eliptus@google.com>
Change-Id: I9dd53a864d53e525282bc49c13b09157fc8d2ece
 2022-04-15 00:28:13 +00:00
Anthony Stange
403643929d Update SELinux to allow CHRE to talk to the Wifi HAL 
Bug: 206614765
Test: Run locally
Change-Id: I2cab195d533e3e2c390094bd09b15b5e761eadf0
 2022-04-14 15:23:22 +00:00
chungkai
fbdb09a2f0 sepolicy: fix avc denials 
add potential paths for i2c peripheral devices
sine we enable parallel module loading

Bug: 226887726
Test: do bugreport without avc denials
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ifc618e315e9d28cab6f602ce2c99ac7fe35fc189
 2022-04-14 07:24:58 +00:00
TeYuan Wang
951bad233c sepolicy: label AUR as sysfs_thermal 
Bug: 171499494
Test: adb shell ls -Z /sys/devices/platform/100b0000.AUR
Change-Id: I0aa1b95c11d2af5fa2175c582068daad51360485
 2022-04-14 06:23:35 +00:00
Denny cy Lee
d8eab32b49 Sepolicy: Pixel stats orientationCollector sepolicy 
Bug: 228547969
Test: adb shell cmd stats print-logs;[do wireless charge], and below log
found
03-31 22:52:21.798   801   809 I statsd  : { uid(1000) 1648738341
240287209019 (105009)0x10000->[S] 0x20000->0[I]  }

Signed-off-by: Denny cy Lee <dennycylee@google.com>
Change-Id: I5ef5279ba7c8bf0fd3d4cf0155f5bcad79eeb6b2
 2022-04-14 02:01:13 +00:00
Darren Hsu
cf2cc47e79 sepolicy: lable p9412 wakeup for system suspend 
Bug: 226887726
Bug: 228947596
Test: do bugreport without avc denials
Change-Id: Ic8eab625a20c60a4bf78403ef10465074d782821
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-04-13 13:39:02 +08:00
Wayne Lin
aab4f72223 gps: allow system server to send sensor data callback to GPS 
avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:gpsd:s0 tclass=binder permissive=0

Bug: 224772976
Test: build pass, verify no avc denied and gpsd can receive sensor callback
Change-Id: If3b58b5527f67732ea60b3dd943ae472aebb7aed
 2022-04-13 02:54:24 +00:00
Darren Hsu
68f1d4fb71 sepolicy: label charger wakeup for system suspend 
Bug: 226887726
Test: do bugreport without avc denials
Change-Id: I0b57cfdddb81c1685f6a054944c064e02c099637
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-04-12 07:43:30 +08:00
Darren Hsu
c750a64e4c Label AoC wakeup for system suspend 
Bug: 227531769
Test: do bugreport without avc denials
Change-Id: Ie3efd407ff629b583e37c0b5af430c9a9daf8691
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-04-11 15:54:59 +08:00
Stephane Lee
73b95396fd Fix off-mode (charger) sepolicy for the health interface 
Bug: 223537397
Test: Ensure that there are no selinux errors for charger_vendor in
   off-mode charging
Change-Id: I9074079a7ba67813da6b6ad7b110d964b9b7db6d
 2022-04-08 03:13:51 +00:00
Stephane Lee
5ce2f99f38 ODPM: Add ODPM config file to be read by powerstats 2.0 
Test: Ensure that there are no sepolicy errors when
/data/vendor/powerstats/odpm_config exists
Bug: 228112997

Change-Id: I094c29c4d1a82bccfabde7a5511f4aa833c2cd35
 2022-04-08 02:49:40 +00:00
chungkai
2a3100de6e sepolicy: ignore avc denial 
dont audit since it's debugfs

Bug: 228181404
Test: forrest with boot test
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I77a385b73b5a9edafefa8e7d34a351594cd5cd06
 2022-04-08 02:20:26 +00:00
chungkai
fb466b4915 genfs_contexts: fix path for i2c peripheral device 
paths are changed when we enable parallel module loading and
reorder the initializtaion of devices.

Test: without avc denial
Bug: 227541760
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Icd74392e0684ac5614a83d14b936be880148f919
 2022-04-08 02:20:26 +00:00
Adrian Salido
a1c2f220a7 allow hwc access to persistent vendor display sysprop 
Test: check avc denials while switching resolution
Bug: 217399988
Change-Id: Ia3a3ab394ec23ea3150a8cf4638e045cd1e9cac9
 2022-04-07 15:40:54 +00:00
Adam Shih
1e88b530fa let sensor access aoc 
04-03 05:57:12.776   859   859 I auditd  : type=1400 audit(0.0:7): avc: denied { read } for comm="UsfHalWorker" name="services" dev="sysfs" ino=69355 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_aoc_dumpstate:s0 tclass=file permissive=0
04-03 05:57:12.776   859   859 I auditd  : type=1400 audit(0.0:8): avc: denied { write } for comm="UsfHalWorker" name="reset" dev="sysfs" ino=69363 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_aoc_reset:s0 tclass=file permissive=0

Bug: 228030183
Bug: 228030193
Test: boot with no relevant errors
Change-Id: I87fd1aa1dc9b9cf42b23fb0e7f5d4e5b6f845610
 2022-04-07 04:37:49 +00:00
Siddharth Kapoor
15f80f57bf Revert "Move ODPM file rule to pixel sepolicy" 
Revert "Move ODPM file rule to pixel sepolicy"

Revert "Move ODPM file rule to pixel sepolicy"

Revert submission 17215583-odpm_sepolicy_refactor-tm-dev

Reason for revert: build failure tracked in b/228261711
Reverted Changes:
Ic9a89950a:Move ODPM file rule to pixel sepolicy
I24105669b:Move ODPM file rule to pixel sepolicy
I044a285ff:Move ODPM file rule to pixel sepolicy

Change-Id: Idbf5cd106f229c8a72b2ecbc6e5ffd20d9e06805
 2022-04-07 04:06:29 +00:00
Mason Wang
882527f08b hal_dumpstate_default: Fix avc denial of focaltech_touch. 
Fixed following avc denial:
avc: denied { read } for name="focaltech_touch" dev="proc" ino=4026535419 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_touch:s0 tclass=dir permissive=0

Bug: 199105131
Test: Verify pass by checking device log are w/o above errors when
trigger bugreport.

Change-Id: Id2af1f59cd397f0332fba94f68d9940f612a8e81
 2022-04-06 10:03:14 +00:00
samou
ece8953942 Move ODPM file rule to pixel sepolicy 
Bug: 213257759
Change-Id: I24105669b076061780addf5b038607f4d1957ee5
 2022-04-06 02:09:38 +00:00
Anthony Stange
ede5e0944a Add BT HAL SELinux policy 
Bug: 193474802
Test: presubmits
Change-Id: I0ce730c119b60fdfec6e31dea88f5edbf69048ed
 2022-04-04 15:55:43 +00:00
sukiliu
97326bf38b Update avc error on ROM 8388849 
Bug: 221384939
Bug: 227694693
Bug: 227695036
Test: PtsSELinuxTestCases
Change-Id: I0768e29a0a162c6f568a5186602b01f1375a1ca5
 2022-04-01 11:55:09 +08:00
Taesoon Park
9211922e70 Add permission to access vendor.ims property to vendor ims app 
Vendor IMS Service read a SystemProperty starts with
persist.vendor.ims prefix, but it does not have a permission to
access it.
This change create a permission to access the SystemProperties start
with 'persist.vendor.ims.' prefix from vendor ims service.

Bug: 204714230
Test: Test results in b/225430461#comment40 enabling the property

Signed-off-by: Taesoon Park <ts89.park@samsung.com>
Change-Id: Ied50f377a3069eac65836ea999dfe021f4e4ed5d
 2022-04-01 01:19:26 +00:00
chungkai
2dc6f70afc sched: move sysfs to procfs 
Modify name from sysfs_vendor_sched to proc_vendor_sched

Test: without avc denial
Bug: 216207007
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: Ieb829e96ac1db2a1aa28fc416182450d128cac5c
 2022-03-31 07:00:20 +00:00
Ocean Chen
b36cf348d0 sepolicy: add smart_idle_maint_enabled_prop for pixelstats 
pixelstats get this sysprop hit the avc denied
persist.device_config.storage_native_boot.smart_idle_maint_enabled

pixelstats-vend: type=1400 audit(0.0:22): avc: denied { read }
for name="u:object_r:device_config_storage_native_boot_prop:s0"
dev="tmpfs" ino=171 scontext=u:r:pixelstats_vendor:s0
tcontext=u:object_r:device_config_storage_native_boot_prop:s0
tclass=file permissive=0

Bug: 215443809
Test: local build and run pixelstats

Signed-off-by: Ocean Chen <oceanchen@google.com>
Change-Id: Iedb4fa00c5e18cda6c799c3461bf8298bcf357eb
 2022-03-31 03:02:47 +00:00
SalmaxChang
8e9be24a81 hal_dumpstate_default: fix avc error 
avc: denied { search } for comm="dumpstate@1.1-s" name="modem_stat" dev="dm-42" ino=328 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:modem_stat_data_file:s0 tclass=dir

Bug: 227424943
Change-Id: I44e2337129e814ed176ac270ae6c35e34089aa74
 2022-03-31 02:15:19 +00:00
sukiliu
6379865b9d Update avc error on ROM 8374246 
Bug: 227286343
Test: forrest with boot test
Change-Id: I44e32ac8d141dcb14c79ea4d8e78df3f88485dab
 2022-03-31 02:14:40 +00:00
sukiliu
3d3ae38c43 Update avc error on ROM 8378382 
Bug: 226850644
Test: PtsSELinuxTestCases
Change-Id: Ie6c6d8979dc63ebda7c699f10c2abb369a048ab0
 2022-03-31 02:14:00 +00:00
Ray Chi
3fdb24bdc1 Revert "add sepolicy for set_usb_irq.sh" 
This reverts commit 6733f9667d.

Bug: 225789036
Test: build pass
Change-Id: If43c8db71c737d509b1dfd098503f564a06bf046
 2022-03-29 15:45:30 +08:00
Kris Chen
32f2e4b0e7 Allow hal_fingerprint_default to access sysfs_display 
Fix the following avc denial:
avc: denied { read } for name="panel_name" dev="sysfs" ino=71133 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=0

Bug: 223687187
Test: build and test fingerprint on device.
Change-Id: Ief1ccc7e2fa6b8b4dc1ecbd6d446cc49ee3936ce
 2022-03-29 01:39:32 +00:00
Minchan Kim
3496931400 sepolicy: allow dump page_pinner 
Provide necessary sepolicy for dumpreport to access page_pinner
information in /sys/kernel/debug/page_pinner/{longterm_pinner,
alloc_contig_failed}

Bug: 226956571
Test: Run "adb bugreport <zip>" and verify it contains the output
      from page_pinner.
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: I7b00d4930fbaa2061537cd8c84616c1053c829cf
 2022-03-28 16:35:02 +00:00
Adam Shih
5cc8837eb6 update error on ROM 8365560 
Bug: 227121550
Bug: 227122249
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Iab96c7644e6c99d700a5f7b42fba30032d3624b7
 2022-03-28 10:59:04 +08:00