From 8bfc8ce40c6a0e4facb374c7d4152ce432de89b5 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 12 May 2023 02:29:41 +0000 Subject: [PATCH 1/8] introduce a new sepolicy owner Bug: 281631102 Test: N/A Change-Id: Ia857a34560dc7709effba2ccb4d83052c46b46dc --- OWNERS | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/OWNERS b/OWNERS index 791abb4..5232bc3 100644 --- a/OWNERS +++ b/OWNERS @@ -1,3 +1,4 @@ -include platform/system/sepolicy:/OWNERS +include device/google/gs-common:/sepolicy/OWNERS + +adamshih@google.com -rurumihong@google.com From 84e2bd8231d48b97f5c8f913ca282e7a8373ea2e Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 31 May 2023 01:45:12 +0000 Subject: [PATCH 2/8] remove obsolete entry Bug: 239115418 Test: adb bugreport Change-Id: I5bc086c3cf5dd742307109f22bf7e9ee154a3d72 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index c77f421..d505993 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,3 @@ hal_camera_default boot_status_prop file b/275001805 hal_camera_default edgetpu_app_service service_manager b/275001805 -hal_dumpstate_default modem_stat_data_file dir b/239115418 shell sysfs_touch dir b/264823366 From 7d9914d66e7c22c3934488f67f51bf039e169ab4 Mon Sep 17 00:00:00 2001 From: changyan Date: Tue, 20 Jun 2023 06:44:33 +0000 Subject: [PATCH 3/8] Remove the tracking_denials entry as the issue Bug: 275001805 Test: SELinuxUncheckedDenialBootTest Change-Id: I0b15523fdbfb6d96467719a45a9e5c4f46715cc5 --- tracking_denials/bug_map | 2 -- 1 file changed, 2 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d505993..0043272 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1 @@ -hal_camera_default boot_status_prop file b/275001805 -hal_camera_default edgetpu_app_service service_manager b/275001805 shell sysfs_touch dir b/264823366 From 4320e842e1d6bb47ff041df95109a8e536a45b4a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 16 Oct 2023 12:20:36 +0800 Subject: [PATCH 4/8] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 305600863 Change-Id: I7922325ac2ae83a2974a00bdf7a62b96f9b328fd --- tracking_denials/bug_map | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 69faad8..72c60a3 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,2 +1,4 @@ -shell sysfs_touch dir b/264823366 +kernel vendor_usb_debugfs dir b/305600863 +kernel vendor_votable_debugfs dir b/305600863 platform_app system_data_file dir b/289358324 +shell sysfs_touch dir b/264823366 From f4bf916b05d4275bf949b8b5c46f5763d117fdaa Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 17 Oct 2023 04:02:26 +0000 Subject: [PATCH 5/8] Supress kernel avc log before SELinux initialized Fix: 305600863 Change-Id: I795c7cd3b1df318a9164d0e3ec15d2930ecd7e21 --- tracking_denials/bug_map | 3 +-- vendor/kernel.te | 3 +++ 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 vendor/kernel.te diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 72c60a3..7836967 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,3 @@ -kernel vendor_usb_debugfs dir b/305600863 -kernel vendor_votable_debugfs dir b/305600863 platform_app system_data_file dir b/289358324 shell sysfs_touch dir b/264823366 + diff --git a/vendor/kernel.te b/vendor/kernel.te new file mode 100644 index 0000000..ead4d43 --- /dev/null +++ b/vendor/kernel.te @@ -0,0 +1,3 @@ +dontaudit kernel vendor_usb_debugfs:dir search; +dontaudit kernel vendor_votable_debugfs:dir search; + From 4d67b2011b6a1012d57e37941d78951851289b1d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 17 Oct 2023 07:21:57 +0000 Subject: [PATCH 6/8] Move kernel.te to gs201-sepolicy Bug: 305880925 Fix: 305880925 Change-Id: Ie387dc9c424e41321e2ffce807f7245b6e189efc --- vendor/kernel.te | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 vendor/kernel.te diff --git a/vendor/kernel.te b/vendor/kernel.te deleted file mode 100644 index ead4d43..0000000 --- a/vendor/kernel.te +++ /dev/null @@ -1,3 +0,0 @@ -dontaudit kernel vendor_usb_debugfs:dir search; -dontaudit kernel vendor_votable_debugfs:dir search; - From f074293d7b8414fd80f92a699936df08014a9f8f Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 20 Nov 2023 03:15:04 +0000 Subject: [PATCH 7/8] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 312069156 Change-Id: I8c6fd9908e126e23ced56fccea3275a0bddb4311 --- tracking_denials/bug_map | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 7836967..d2a2b01 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,4 @@ + +audioserver vendor_file file b/312069156 platform_app system_data_file dir b/289358324 shell sysfs_touch dir b/264823366 - From ad3e118f4f9fa4d9c1334cd97e941041fe08fddc Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 21 Nov 2023 07:41:36 +0000 Subject: [PATCH 8/8] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 312375728 Change-Id: Ia58c0e4b3378f63aaafd2317353ca2779fab14d7 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d2a2b01..bae1538 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -2,3 +2,4 @@ audioserver vendor_file file b/312069156 platform_app system_data_file dir b/289358324 shell sysfs_touch dir b/264823366 +system_app proc_pagetypeinfo file b/312375728