From 16e3cc0705511e39a7b23d834244f5a8ec46387c Mon Sep 17 00:00:00 2001 From: Inna Palant Date: Thu, 4 Nov 2021 16:21:28 -0700 Subject: [PATCH 01/16] Initial empty repository From 7aac69af6562827ec0b6fa4cccce781bf1cf5457 Mon Sep 17 00:00:00 2001 From: Cyan_Hsieh Date: Wed, 17 Nov 2021 17:35:53 +0800 Subject: [PATCH 02/16] Add OWNERS file before open for change Bug: 198128551 Change-Id: I19c0d01a7dda8c1153c2630b5faedc25c403d5c6 --- OWNERS | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 OWNERS diff --git a/OWNERS b/OWNERS new file mode 100644 index 0000000..e174eda --- /dev/null +++ b/OWNERS @@ -0,0 +1,2 @@ +cyanhsieh@google.com +aaronding@google.com From 6247d6dc1277166dbd96b357dfb697e7007870ac Mon Sep 17 00:00:00 2001 From: Cyan_Hsieh Date: Thu, 25 Nov 2021 16:18:00 +0800 Subject: [PATCH 03/16] Initialize device folder from: cd524bc73a1b90489bfe4206343306739ff6ff74 with updated device path Bug: 198128551 Change-Id: I9ad28786439cfef5b592e3b9614e00ec416abde0 --- OWNERS | 13 +++++++++++-- cheetah-sepolicy.mk | 3 +++ cheetah/README.txt | 2 ++ cloudripper-sepolicy.mk | 3 +++ cloudripper/README.txt | 2 ++ cloudripper/file_contexts | 3 +++ cloudripper/hal_vibrator_default.te | 7 +++++++ panther-sepolicy.mk | 2 ++ panther/README.txt | 2 ++ ravenclaw-sepolicy.mk | 2 ++ ravenclaw/README.txt | 2 ++ 11 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 cheetah-sepolicy.mk create mode 100644 cheetah/README.txt create mode 100644 cloudripper-sepolicy.mk create mode 100644 cloudripper/README.txt create mode 100644 cloudripper/file_contexts create mode 100644 cloudripper/hal_vibrator_default.te create mode 100644 panther-sepolicy.mk create mode 100644 panther/README.txt create mode 100644 ravenclaw-sepolicy.mk create mode 100644 ravenclaw/README.txt diff --git a/OWNERS b/OWNERS index e174eda..a24d5fb 100644 --- a/OWNERS +++ b/OWNERS @@ -1,2 +1,11 @@ -cyanhsieh@google.com -aaronding@google.com +adamshih@google.com +alanstokes@google.com +bowgotsai@google.com +jbires@google.com +jeffv@google.com +jgalenson@google.com +jiyong@google.com +rurumihong@google.com +sspatil@google.com +smoreland@google.com +trong@google.com diff --git a/cheetah-sepolicy.mk b/cheetah-sepolicy.mk new file mode 100644 index 0000000..650b3af --- /dev/null +++ b/cheetah-sepolicy.mk @@ -0,0 +1,3 @@ +# sepolicy that are shared among devices using whitechapel +BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/cheetah + diff --git a/cheetah/README.txt b/cheetah/README.txt new file mode 100644 index 0000000..67a320f --- /dev/null +++ b/cheetah/README.txt @@ -0,0 +1,2 @@ +This folder holds sepolicy exclusively for one device. For example, genfs_contexts +paths that are affected by device tree. diff --git a/cloudripper-sepolicy.mk b/cloudripper-sepolicy.mk new file mode 100644 index 0000000..98a403c --- /dev/null +++ b/cloudripper-sepolicy.mk @@ -0,0 +1,3 @@ +# sepolicy that are shared among devices using whitechapel +BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/cloudripper + diff --git a/cloudripper/README.txt b/cloudripper/README.txt new file mode 100644 index 0000000..67a320f --- /dev/null +++ b/cloudripper/README.txt @@ -0,0 +1,2 @@ +This folder holds sepolicy exclusively for one device. For example, genfs_contexts +paths that are affected by device tree. diff --git a/cloudripper/file_contexts b/cloudripper/file_contexts new file mode 100644 index 0000000..751c7d2 --- /dev/null +++ b/cloudripper/file_contexts @@ -0,0 +1,3 @@ +# Haptics +/dev/snd/pcmC0D24p u:object_r:vibrator_snd_device:s0 +/dev/snd/pcmC1D24p u:object_r:vibrator_snd_device:s0 diff --git a/cloudripper/hal_vibrator_default.te b/cloudripper/hal_vibrator_default.te new file mode 100644 index 0000000..b5db3f2 --- /dev/null +++ b/cloudripper/hal_vibrator_default.te @@ -0,0 +1,7 @@ +# Haptics +allow hal_vibrator_default input_device:dir r_dir_perms; +allow hal_vibrator_default vibrator_snd_device:chr_file rw_file_perms; +allow hal_vibrator_default vibrator_snd_device:dir search; +allow hal_vibrator_default audio_device:dir search; +allow hal_vibrator_default proc_asound:dir search; +allow hal_vibrator_default proc_asound:file r_file_perms; diff --git a/panther-sepolicy.mk b/panther-sepolicy.mk new file mode 100644 index 0000000..bdfe7db --- /dev/null +++ b/panther-sepolicy.mk @@ -0,0 +1,2 @@ +# sepolicy that are shared among devices using whitechapel +BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/panther diff --git a/panther/README.txt b/panther/README.txt new file mode 100644 index 0000000..67a320f --- /dev/null +++ b/panther/README.txt @@ -0,0 +1,2 @@ +This folder holds sepolicy exclusively for one device. For example, genfs_contexts +paths that are affected by device tree. diff --git a/ravenclaw-sepolicy.mk b/ravenclaw-sepolicy.mk new file mode 100644 index 0000000..d41bbae --- /dev/null +++ b/ravenclaw-sepolicy.mk @@ -0,0 +1,2 @@ +# sepolicy that are shared among devices using whitechapel +BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/ravenclaw diff --git a/ravenclaw/README.txt b/ravenclaw/README.txt new file mode 100644 index 0000000..67a320f --- /dev/null +++ b/ravenclaw/README.txt @@ -0,0 +1,2 @@ +This folder holds sepolicy exclusively for one device. For example, genfs_contexts +paths that are affected by device tree. From e155e6b2e44fb41ffd477e2041a5d89560e6989e Mon Sep 17 00:00:00 2001 From: Joel Galenson Date: Tue, 21 Dec 2021 07:37:55 -0800 Subject: [PATCH 04/16] Include core policy OWNERS Test: None Change-Id: Ia5178d47c5c5aa57141476b3ae5445ebe594a86e --- OWNERS | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/OWNERS b/OWNERS index a24d5fb..791abb4 100644 --- a/OWNERS +++ b/OWNERS @@ -1,11 +1,3 @@ -adamshih@google.com -alanstokes@google.com -bowgotsai@google.com -jbires@google.com -jeffv@google.com -jgalenson@google.com -jiyong@google.com +include platform/system/sepolicy:/OWNERS + rurumihong@google.com -sspatil@google.com -smoreland@google.com -trong@google.com From 4ff33060dbd7709768c7dee98ba8a409055418fe Mon Sep 17 00:00:00 2001 From: jonerlin Date: Wed, 12 Jan 2022 14:39:11 +0800 Subject: [PATCH 05/16] Add sepolicy for allowing accessing bluetooth uart and lpm related device nodes * set /dev/ttySAC18, /dev/logbuffer_tty18 and /dev/logbuffer_btlpm device node permission for P22 bluetooth projacts Bug: 207062775 Bug: 208721525 Test: Manually Change-Id: I17d70d7464d3381aeb166a663d0276e29951ce0b --- cheetah/file_contexts | 4 ++++ cloudripper/file_contexts | 5 +++++ panther/file_contexts | 4 ++++ ravenclaw/file_contexts | 4 ++++ 4 files changed, 17 insertions(+) create mode 100644 cheetah/file_contexts create mode 100644 panther/file_contexts create mode 100644 ravenclaw/file_contexts diff --git a/cheetah/file_contexts b/cheetah/file_contexts new file mode 100644 index 0000000..cae0049 --- /dev/null +++ b/cheetah/file_contexts @@ -0,0 +1,4 @@ +# Bluetooth +/dev/ttySAC18 u:object_r:hci_attach_dev:s0 +/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 diff --git a/cloudripper/file_contexts b/cloudripper/file_contexts index 751c7d2..d02c418 100644 --- a/cloudripper/file_contexts +++ b/cloudripper/file_contexts @@ -1,3 +1,8 @@ # Haptics /dev/snd/pcmC0D24p u:object_r:vibrator_snd_device:s0 /dev/snd/pcmC1D24p u:object_r:vibrator_snd_device:s0 + +# Bluetooth +/dev/ttySAC18 u:object_r:hci_attach_dev:s0 +/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 diff --git a/panther/file_contexts b/panther/file_contexts new file mode 100644 index 0000000..cae0049 --- /dev/null +++ b/panther/file_contexts @@ -0,0 +1,4 @@ +# Bluetooth +/dev/ttySAC18 u:object_r:hci_attach_dev:s0 +/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 diff --git a/ravenclaw/file_contexts b/ravenclaw/file_contexts new file mode 100644 index 0000000..cae0049 --- /dev/null +++ b/ravenclaw/file_contexts @@ -0,0 +1,4 @@ +# Bluetooth +/dev/ttySAC18 u:object_r:hci_attach_dev:s0 +/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 From 4914414330d82c40097f8dfe060d1b4e15be0e44 Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Wed, 16 Feb 2022 19:33:46 +0800 Subject: [PATCH 06/16] Setup sysfs_vibrator Bug: 207062207 Bug: 220068252 Test: dumpsys android.hardware.vibrator.IVibrator/default Change-Id: I8730404a61c785de3d39414b095ef9d42083130d --- cheetah/genfs_contexts | 2 ++ cloudripper/file_contexts | 4 ---- cloudripper/genfs_contexts | 3 +++ cloudripper/hal_vibrator_default.te | 7 ------- panther/genfs_contexts | 2 ++ 5 files changed, 7 insertions(+), 11 deletions(-) create mode 100644 cheetah/genfs_contexts create mode 100644 cloudripper/genfs_contexts delete mode 100644 cloudripper/hal_vibrator_default.te create mode 100644 panther/genfs_contexts diff --git a/cheetah/genfs_contexts b/cheetah/genfs_contexts new file mode 100644 index 0000000..caf2581 --- /dev/null +++ b/cheetah/genfs_contexts @@ -0,0 +1,2 @@ +# Haptics +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 diff --git a/cloudripper/file_contexts b/cloudripper/file_contexts index d02c418..cae0049 100644 --- a/cloudripper/file_contexts +++ b/cloudripper/file_contexts @@ -1,7 +1,3 @@ -# Haptics -/dev/snd/pcmC0D24p u:object_r:vibrator_snd_device:s0 -/dev/snd/pcmC1D24p u:object_r:vibrator_snd_device:s0 - # Bluetooth /dev/ttySAC18 u:object_r:hci_attach_dev:s0 /dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 diff --git a/cloudripper/genfs_contexts b/cloudripper/genfs_contexts new file mode 100644 index 0000000..11e438e --- /dev/null +++ b/cloudripper/genfs_contexts @@ -0,0 +1,3 @@ +# Haptics +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 diff --git a/cloudripper/hal_vibrator_default.te b/cloudripper/hal_vibrator_default.te deleted file mode 100644 index b5db3f2..0000000 --- a/cloudripper/hal_vibrator_default.te +++ /dev/null @@ -1,7 +0,0 @@ -# Haptics -allow hal_vibrator_default input_device:dir r_dir_perms; -allow hal_vibrator_default vibrator_snd_device:chr_file rw_file_perms; -allow hal_vibrator_default vibrator_snd_device:dir search; -allow hal_vibrator_default audio_device:dir search; -allow hal_vibrator_default proc_asound:dir search; -allow hal_vibrator_default proc_asound:file r_file_perms; diff --git a/panther/genfs_contexts b/panther/genfs_contexts new file mode 100644 index 0000000..caf2581 --- /dev/null +++ b/panther/genfs_contexts @@ -0,0 +1,2 @@ +# Haptics +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 From 045f994310644fcbeadcc787d75e4179041e25cc Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Fri, 16 Dec 2022 05:54:32 +0000 Subject: [PATCH 07/16] WLC: Add device specific sepolicy for wireless_charger Bug: 237600973 Change-Id: Icbe5ed0d69c5fd1cf1eb248388324dd5ca59d40a Signed-off-by: Ken Yang --- cheetah/platform_app.te | 2 ++ cheetah/system_app.te | 2 ++ cloudripper/platform_app.te | 2 ++ cloudripper/system_app.te | 2 ++ panther/platform_app.te | 2 ++ panther/system_app.te | 2 ++ 6 files changed, 12 insertions(+) create mode 100644 cheetah/platform_app.te create mode 100644 cheetah/system_app.te create mode 100644 cloudripper/platform_app.te create mode 100644 cloudripper/system_app.te create mode 100644 panther/platform_app.te create mode 100644 panther/system_app.te diff --git a/cheetah/platform_app.te b/cheetah/platform_app.te new file mode 100644 index 0000000..6ac0514 --- /dev/null +++ b/cheetah/platform_app.te @@ -0,0 +1,2 @@ +allow platform_app hal_wireless_charger_service:service_manager find; +binder_call(platform_app, hal_wireless_charger) diff --git a/cheetah/system_app.te b/cheetah/system_app.te new file mode 100644 index 0000000..ca56668 --- /dev/null +++ b/cheetah/system_app.te @@ -0,0 +1,2 @@ +allow system_app hal_wireless_charger_service:service_manager find; +binder_call(system_app, hal_wireless_charger) diff --git a/cloudripper/platform_app.te b/cloudripper/platform_app.te new file mode 100644 index 0000000..6ac0514 --- /dev/null +++ b/cloudripper/platform_app.te @@ -0,0 +1,2 @@ +allow platform_app hal_wireless_charger_service:service_manager find; +binder_call(platform_app, hal_wireless_charger) diff --git a/cloudripper/system_app.te b/cloudripper/system_app.te new file mode 100644 index 0000000..ca56668 --- /dev/null +++ b/cloudripper/system_app.te @@ -0,0 +1,2 @@ +allow system_app hal_wireless_charger_service:service_manager find; +binder_call(system_app, hal_wireless_charger) diff --git a/panther/platform_app.te b/panther/platform_app.te new file mode 100644 index 0000000..6ac0514 --- /dev/null +++ b/panther/platform_app.te @@ -0,0 +1,2 @@ +allow platform_app hal_wireless_charger_service:service_manager find; +binder_call(platform_app, hal_wireless_charger) diff --git a/panther/system_app.te b/panther/system_app.te new file mode 100644 index 0000000..ca56668 --- /dev/null +++ b/panther/system_app.te @@ -0,0 +1,2 @@ +allow system_app hal_wireless_charger_service:service_manager find; +binder_call(system_app, hal_wireless_charger) From fcc3c266e62889b2cd6071695f4a16f28e2825e9 Mon Sep 17 00:00:00 2001 From: Mason Wang Date: Tue, 3 Jan 2023 16:05:31 +0800 Subject: [PATCH 08/16] Suppress avc denials of sysfs [DO NOT MERGE] Bug: 263548298 Test: TreeHugger build. Signed-off-by: Mason Wang Change-Id: Ic5545995b5dc38e4b5fecd70dabf5bcd6de2368d --- cheetah-sepolicy.mk | 2 +- cloudripper-sepolicy.mk | 2 +- panther-sepolicy.mk | 1 + ravenclaw-sepolicy.mk | 1 + tracking_denials/hal_dumpstate_default.te | 2 ++ 5 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 tracking_denials/hal_dumpstate_default.te diff --git a/cheetah-sepolicy.mk b/cheetah-sepolicy.mk index 650b3af..3c342fa 100644 --- a/cheetah-sepolicy.mk +++ b/cheetah-sepolicy.mk @@ -1,3 +1,3 @@ # sepolicy that are shared among devices using whitechapel BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/cheetah - +BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/tracking_denials diff --git a/cloudripper-sepolicy.mk b/cloudripper-sepolicy.mk index 98a403c..ae2ac7f 100644 --- a/cloudripper-sepolicy.mk +++ b/cloudripper-sepolicy.mk @@ -1,3 +1,3 @@ # sepolicy that are shared among devices using whitechapel BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/cloudripper - +BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/tracking_denials diff --git a/panther-sepolicy.mk b/panther-sepolicy.mk index bdfe7db..4168459 100644 --- a/panther-sepolicy.mk +++ b/panther-sepolicy.mk @@ -1,2 +1,3 @@ # sepolicy that are shared among devices using whitechapel BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/panther +BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/tracking_denials diff --git a/ravenclaw-sepolicy.mk b/ravenclaw-sepolicy.mk index d41bbae..acc1bd3 100644 --- a/ravenclaw-sepolicy.mk +++ b/ravenclaw-sepolicy.mk @@ -1,2 +1,3 @@ # sepolicy that are shared among devices using whitechapel BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/ravenclaw +BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/tracking_denials diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te new file mode 100644 index 0000000..2a33551 --- /dev/null +++ b/tracking_denials/hal_dumpstate_default.te @@ -0,0 +1,2 @@ +# b/263548298 +dontaudit hal_dumpstate_default sysfs:dir { read }; From 55a1f53c536c3b51c6087af29ac35c064b0dd124 Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Thu, 5 Jan 2023 08:21:57 +0000 Subject: [PATCH 09/16] WLC: Add device specific policies Bug: 263830018 Change-Id: Ic227863937b759a588cd969711dc59c17ab4627c Signed-off-by: Ken Yang --- cheetah/genfs_contexts | 12 ++++++++++++ cloudripper/genfs_contexts | 12 ++++++++++++ panther/genfs_contexts | 12 ++++++++++++ 3 files changed, 36 insertions(+) diff --git a/cheetah/genfs_contexts b/cheetah/genfs_contexts index caf2581..e6617c8 100644 --- a/cheetah/genfs_contexts +++ b/cheetah/genfs_contexts @@ -1,2 +1,14 @@ # Haptics genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 + +# WLC +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9412 u:object_r:sysfs_wlc:s0 diff --git a/cloudripper/genfs_contexts b/cloudripper/genfs_contexts index 11e438e..969c4ca 100644 --- a/cloudripper/genfs_contexts +++ b/cloudripper/genfs_contexts @@ -1,3 +1,15 @@ # Haptics genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 + +# WLC +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9412 u:object_r:sysfs_wlc:s0 diff --git a/panther/genfs_contexts b/panther/genfs_contexts index caf2581..e6617c8 100644 --- a/panther/genfs_contexts +++ b/panther/genfs_contexts @@ -1,2 +1,14 @@ # Haptics genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 + +# WLC +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9412 u:object_r:sysfs_wlc:s0 From eac03bf7eead718129b6c5f32906571d6f3cb590 Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Fri, 6 Jan 2023 19:31:54 +0000 Subject: [PATCH 10/16] WLC: Cleanup the sysfs_wlc policies The sepolicy must be self-contained without including wirelss_charger to avoid build break in AOSP Bug: 263830018 Change-Id: Id8303f8d2f2fb5afaa1a3c6355a285fd0a16c304 Signed-off-by: Ken Yang --- cheetah/platform_app.te | 2 -- cheetah/system_app.te | 2 -- cloudripper/platform_app.te | 2 -- cloudripper/system_app.te | 2 -- panther/platform_app.te | 2 -- panther/system_app.te | 2 -- 6 files changed, 12 deletions(-) delete mode 100644 cheetah/platform_app.te delete mode 100644 cheetah/system_app.te delete mode 100644 cloudripper/platform_app.te delete mode 100644 cloudripper/system_app.te delete mode 100644 panther/platform_app.te delete mode 100644 panther/system_app.te diff --git a/cheetah/platform_app.te b/cheetah/platform_app.te deleted file mode 100644 index 6ac0514..0000000 --- a/cheetah/platform_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow platform_app hal_wireless_charger_service:service_manager find; -binder_call(platform_app, hal_wireless_charger) diff --git a/cheetah/system_app.te b/cheetah/system_app.te deleted file mode 100644 index ca56668..0000000 --- a/cheetah/system_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow system_app hal_wireless_charger_service:service_manager find; -binder_call(system_app, hal_wireless_charger) diff --git a/cloudripper/platform_app.te b/cloudripper/platform_app.te deleted file mode 100644 index 6ac0514..0000000 --- a/cloudripper/platform_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow platform_app hal_wireless_charger_service:service_manager find; -binder_call(platform_app, hal_wireless_charger) diff --git a/cloudripper/system_app.te b/cloudripper/system_app.te deleted file mode 100644 index ca56668..0000000 --- a/cloudripper/system_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow system_app hal_wireless_charger_service:service_manager find; -binder_call(system_app, hal_wireless_charger) diff --git a/panther/platform_app.te b/panther/platform_app.te deleted file mode 100644 index 6ac0514..0000000 --- a/panther/platform_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow platform_app hal_wireless_charger_service:service_manager find; -binder_call(platform_app, hal_wireless_charger) diff --git a/panther/system_app.te b/panther/system_app.te deleted file mode 100644 index ca56668..0000000 --- a/panther/system_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow system_app hal_wireless_charger_service:service_manager find; -binder_call(system_app, hal_wireless_charger) From a3ef1066030e4dbdb7980c48060912501ff27059 Mon Sep 17 00:00:00 2001 From: Ted Wang Date: Tue, 2 May 2023 12:58:06 +0000 Subject: [PATCH 11/16] Add sepolicy for aidl bt extension hal Bug: 274906319 Test: make sepolicy and manual test Change-Id: I56981543acbfeaefed51d27dfbb1b27734404372 --- cheetah/cccdk_timesync_app.te | 1 + 1 file changed, 1 insertion(+) create mode 100644 cheetah/cccdk_timesync_app.te diff --git a/cheetah/cccdk_timesync_app.te b/cheetah/cccdk_timesync_app.te new file mode 100644 index 0000000..1a4264d --- /dev/null +++ b/cheetah/cccdk_timesync_app.te @@ -0,0 +1 @@ +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; From d1680c9618922b821cd6685d530d58fd1df1cb4b Mon Sep 17 00:00:00 2001 From: Ted Wang Date: Tue, 2 May 2023 12:58:06 +0000 Subject: [PATCH 12/16] Add sepolicy for aidl bt extension hal Bug: 274906319 Test: make sepolicy and manual test Change-Id: I56981543acbfeaefed51d27dfbb1b27734404372 (cherry picked from commit a3ef1066030e4dbdb7980c48060912501ff27059) --- cheetah/cccdk_timesync_app.te | 1 + 1 file changed, 1 insertion(+) create mode 100644 cheetah/cccdk_timesync_app.te diff --git a/cheetah/cccdk_timesync_app.te b/cheetah/cccdk_timesync_app.te new file mode 100644 index 0000000..1a4264d --- /dev/null +++ b/cheetah/cccdk_timesync_app.te @@ -0,0 +1 @@ +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; From a421634d8dbdfb95ce4e60f10a12f3fb15f53eca Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 12 May 2023 02:09:09 +0000 Subject: [PATCH 13/16] introduce a new sepolicy owner Bug: 281631102 Test: N/A Change-Id: I46c15b9e472dc67fa9f60f489e35dee810e7a0bf --- OWNERS | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/OWNERS b/OWNERS index 791abb4..5232bc3 100644 --- a/OWNERS +++ b/OWNERS @@ -1,3 +1,4 @@ -include platform/system/sepolicy:/OWNERS +include device/google/gs-common:/sepolicy/OWNERS + +adamshih@google.com -rurumihong@google.com From 96c3e98e10411b219418e34655a9da7fb37a331d Mon Sep 17 00:00:00 2001 From: Ted Wang Date: Sat, 6 May 2023 04:21:20 +0000 Subject: [PATCH 14/16] Add sepolicy for aidl bt extension hal in grilservice app Bug: 280970790 Test: make sepolicy and manual test Change-Id: Iafe62679c7e4a725ac5ec7e8dababb0cd6579874 --- cheetah/grilservice_app.te | 1 + panther/grilservice_app.te | 1 + 2 files changed, 2 insertions(+) create mode 100644 cheetah/grilservice_app.te create mode 100644 panther/grilservice_app.te diff --git a/cheetah/grilservice_app.te b/cheetah/grilservice_app.te new file mode 100644 index 0000000..ad0a779 --- /dev/null +++ b/cheetah/grilservice_app.te @@ -0,0 +1 @@ +allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; diff --git a/panther/grilservice_app.te b/panther/grilservice_app.te new file mode 100644 index 0000000..ad0a779 --- /dev/null +++ b/panther/grilservice_app.te @@ -0,0 +1 @@ +allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; From b4fe0cfb7fe866110de2d399d2f7b3599e2edb6a Mon Sep 17 00:00:00 2001 From: Patty Huang Date: Wed, 5 Jul 2023 20:41:39 +0800 Subject: [PATCH 15/16] Allow bthal to access vendor bluetooth folder Bug: 289055382 Test: enable vendor debug log and check the vendor snoop log contain the vendor log Change-Id: Ia8980791438b653930a866f038b19fd58b3d3ffd --- cheetah/file.te | 3 +++ cheetah/file_contexts | 2 ++ cheetah/hal_bluetooth_btlinux.te | 3 +++ panther/file.te | 3 +++ panther/file_contexts | 2 ++ panther/hal_bluetooth_btlinux.te | 3 +++ 6 files changed, 16 insertions(+) create mode 100644 cheetah/file.te create mode 100644 cheetah/hal_bluetooth_btlinux.te create mode 100644 panther/file.te create mode 100644 panther/hal_bluetooth_btlinux.te diff --git a/cheetah/file.te b/cheetah/file.te new file mode 100644 index 0000000..6e3395b --- /dev/null +++ b/cheetah/file.te @@ -0,0 +1,3 @@ +# BT +type vendor_bt_data_file, file_type, data_file_type; + diff --git a/cheetah/file_contexts b/cheetah/file_contexts index cae0049..65e3bb6 100644 --- a/cheetah/file_contexts +++ b/cheetah/file_contexts @@ -2,3 +2,5 @@ /dev/ttySAC18 u:object_r:hci_attach_dev:s0 /dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 /dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 + +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 diff --git a/cheetah/hal_bluetooth_btlinux.te b/cheetah/hal_bluetooth_btlinux.te new file mode 100644 index 0000000..851dc89 --- /dev/null +++ b/cheetah/hal_bluetooth_btlinux.te @@ -0,0 +1,3 @@ +allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms; +allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms; + diff --git a/panther/file.te b/panther/file.te new file mode 100644 index 0000000..6e3395b --- /dev/null +++ b/panther/file.te @@ -0,0 +1,3 @@ +# BT +type vendor_bt_data_file, file_type, data_file_type; + diff --git a/panther/file_contexts b/panther/file_contexts index cae0049..a671f68 100644 --- a/panther/file_contexts +++ b/panther/file_contexts @@ -2,3 +2,5 @@ /dev/ttySAC18 u:object_r:hci_attach_dev:s0 /dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 /dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 + +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 \ No newline at end of file diff --git a/panther/hal_bluetooth_btlinux.te b/panther/hal_bluetooth_btlinux.te new file mode 100644 index 0000000..851dc89 --- /dev/null +++ b/panther/hal_bluetooth_btlinux.te @@ -0,0 +1,3 @@ +allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms; +allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms; + From 13e2600c51c81c9ed2f8bfac903b982dea369547 Mon Sep 17 00:00:00 2001 From: Jacky Liu Date: Mon, 5 Feb 2024 20:37:29 +0800 Subject: [PATCH 16/16] Update i2c device paths Update i2c device paths with static bus numbers. Remove entries which are already in gs201-sepolicy. Bug: 323447554 Test: Boot to home Change-Id: Ida8e0bcf3a5871c1e13a3e7f9e1eb77d4cc52c8d --- cheetah/genfs_contexts | 14 -------------- cloudripper/genfs_contexts | 15 +-------------- panther/genfs_contexts | 14 -------------- 3 files changed, 1 insertion(+), 42 deletions(-) delete mode 100644 cheetah/genfs_contexts delete mode 100644 panther/genfs_contexts diff --git a/cheetah/genfs_contexts b/cheetah/genfs_contexts deleted file mode 100644 index e6617c8..0000000 --- a/cheetah/genfs_contexts +++ /dev/null @@ -1,14 +0,0 @@ -# Haptics -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 - -# WLC -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9412 u:object_r:sysfs_wlc:s0 diff --git a/cloudripper/genfs_contexts b/cloudripper/genfs_contexts index 969c4ca..c9722ce 100644 --- a/cloudripper/genfs_contexts +++ b/cloudripper/genfs_contexts @@ -1,15 +1,2 @@ # Haptics -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 - -# WLC -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0042 u:object_r:sysfs_vibrator:s0 diff --git a/panther/genfs_contexts b/panther/genfs_contexts deleted file mode 100644 index e6617c8..0000000 --- a/panther/genfs_contexts +++ /dev/null @@ -1,14 +0,0 @@ -# Haptics -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 - -# WLC -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9412 u:object_r:sysfs_wlc:s0