Android 15.0.0 Release 20 (BP1A.250305.019)

-----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8eo8AAKCRDorT+BmrEO eLroAJ94pkmmmE74kzjaEMl/1OJ/gyAKoACeMGsnkHJ+xV6knev75ebZMPJcJjY= =NHri -----END PGP SIGNATURE----- gpgsig -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ +rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQOrAgrLIEelLUS+0luq0qoXYhNwm5T/amBdKslt/hO2dJf5L19ajXotHSgSmvhqsCZ zNwxaZo3mgPNDKtLn90ws= -----END SSH SIGNATURE----- Merge tag 'android-15.0.0_r20' into staging/lineage-22.2_merge-android-15.0.0_r20 Android 15.0.0 Release 20 (BP1A.250305.019) # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8eo8AAKCRDorT+BmrEO # eLroAJ94pkmmmE74kzjaEMl/1OJ/gyAKoACeMGsnkHJ+xV6knev75ebZMPJcJjY= # =NHri # -----END PGP SIGNATURE----- # gpg: Signature made Wed Mar 5 03:29:20 2025 EET # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate] # By Nina Chen (10) and others # Via Android Build Coastguard Worker (24) and others * tag 'android-15.0.0_r20': (23 commits) Update SELinux error modem_svc: move shared_modem_platform related sepolicy to gs-common Allow tachyon service to make binder calls to GCA Update SELinux error Update SELinux error Update SELinux error Add udc sysfs to udc_sysfs fs context Revert "modem_svc: move shared_modem_platform related sepolicy t..." modem_svc: move shared_modem_platform related sepolicy to gs-common Update SELinux error Update SELinux error Update SELinux error Revert^3 "Add udc sysfs to udc_sysfs fs context" Revert "Update SELinux error" modem_svc: use shared_modem_platform to replace all modem_svc_sit Update SELinux error Update SELinux error Allow systemui_app to set 'debug.tracing.desktop_mode_visible_tasks' system property Remove duplicate service entries Update SELinux error ... Conflicts: sepolicy/zuma-sepolicy.mk Change-Id: Ic1b521b7975aacbf44e5fe4246620f6f3e34f984
2025-03-09 11:04:28 +02:00 · 2025-03-09 11:04:28 +02:00 · 96ab4760bf
commit 96ab4760bf
parent 092c467795 d5c536a064
14 changed files with 44 additions and 11 deletions
--- a/sepolicy/legacy/whitechapel_pro/property.te
+++ b/sepolicy/legacy/whitechapel_pro/property.te
@ -1,4 +1,6 @@
+# Vendor
 vendor_internal_prop(vendor_nfc_prop)
+vendor_restricted_prop(vendor_nfc_antenna_prop)
 vendor_internal_prop(vendor_secure_element_prop)
 vendor_internal_prop(vendor_battery_profile_prop)
 vendor_internal_prop(vendor_camera_prop)
--- a/sepolicy/legacy/whitechapel_pro/property_contexts
+++ b/sepolicy/legacy/whitechapel_pro/property_contexts
@ -3,6 +3,7 @@ persist.vendor.testing_battery_profile     u:object_r:vendor_battery_profile_pro

 # NFC
 persist.vendor.nfc.                        u:object_r:vendor_nfc_prop:s0
+persist.vendor.nfc.antenna.                u:object_r:vendor_nfc_antenna_prop:s0

 # SecureElement
 persist.vendor.se.                         u:object_r:vendor_secure_element_prop:s0
--- a/sepolicy/radio/file_contexts
+++ b/sepolicy/radio/file_contexts
@ -6,7 +6,6 @@
 /vendor/bin/sced                                                            u:object_r:sced_exec:s0
 /vendor/bin/rfsd                                                            u:object_r:rfsd_exec:s0
 /vendor/bin/modem_logging_control                                           u:object_r:modem_logging_control_exec:s0
-/vendor/bin/modem_svc_sit                                                   u:object_r:modem_svc_sit_exec:s0
 /vendor/bin/modem_ml_svc_sit                                                u:object_r:modem_ml_svc_sit_exec:s0
 /vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
--- a/sepolicy/radio/modem_svc_sit.te
+++ b/sepolicy/radio/modem_svc_sit.te
@ -1,3 +1,4 @@
+# Selinux rule for modem_svc_sit daemon
 type modem_svc_sit, domain;
 type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(modem_svc_sit)
--- a/sepolicy/system_ext/private/systemui_app.te
+++ b/sepolicy/system_ext/private/systemui_app.te
@ -1,3 +1,4 @@
+# SEPolicy for System UI
 typeattribute systemui_app coredomain;
 app_domain(systemui_app)

@ -19,9 +20,11 @@ allow systemui_app statsmanager_service:service_manager find;
 get_prop(systemui_app, keyguard_config_prop)
 set_prop(systemui_app, bootanim_system_prop)
 get_prop(systemui_app, qemu_hw_prop)
+get_prop(systemui_app, radio_cdma_ecm_prop)

 # Allow writing and removing wmshell protolog in /data/misc/wmtrace.
 userdebug_or_eng(`
  allow systemui_app wm_trace_data_file:dir rw_dir_perms;
  allow systemui_app wm_trace_data_file:file create_file_perms;
 ')
+set_prop(systemui_app, debug_tracing_desktop_mode_visible_tasks_prop)
--- a/sepolicy/tracking_denials/bluetooth.te
+++ b/sepolicy/tracking_denials/bluetooth.te
@ -0,0 +1,2 @@
+# b/382362125
+dontaudit bluetooth default_android_service:service_manager { find };
--- a/sepolicy/tracking_denials/bug_map
+++ b/sepolicy/tracking_denials/bug_map
@ -1,24 +1,37 @@
+aconfigd apex_info_file file b/381326735
+bluetooth audio_config_prop file b/379245855
 dump_modem sscoredump_vendor_data_coredump_file dir b/361725982
 dump_modem sscoredump_vendor_data_logcat_file dir b/361725982
 dumpstate app_zygote process b/288049050
+edgetpu_vendor_server shell_data_file dir b/369475225
+edgetpu_vendor_server shell_data_file dir b/369475363
 hal_bluetooth_btlinux vendor_default_prop property_service b/350832030
+hal_camera_default aconfig_storage_metadata_file dir b/383013471
 hal_radioext_default radio_vendor_data_file file b/312590044
-hal_vibrator_default default_android_service service_manager b/314054292
-hal_vibrator_default default_android_service service_manager b/367943515
 incidentd debugfs_wakeup_sources file b/288049561
 incidentd incidentd anon_inode b/288049561
+init init capability b/379207041
 insmod-sh insmod-sh key b/274374722
 kernel dm_device blk_file b/319403445
 modem_svc_sit hal_radioext_default process b/364446415
 modem_svc_sit modem_ml_svc_sit file b/360060606
 modem_svc_sit modem_ml_svc_sit file b/360060992
 mtectrl unlabeled dir b/264483752
+pixelstats_vendor block_device dir b/369540673
+pixelstats_vendor block_device dir b/369540836
+platform_app radio_vendor_data_file dir b/380756119
+platform_app vendor_fw_file dir b/372121912
+platform_app vendor_rild_prop file b/372121912
+priv_app audio_config_prop file b/379246064
+radio audio_config_prop file b/379245771
+ramdump ramdump capability b/369475700
 shell sysfs_net file b/330081782
 ssr_detector_app default_prop file b/340722729
 system_server sysfs_batteryinfo file b/294967729
 system_server vendor_default_prop file b/366116488
 system_suspend sysfs_batteryinfo dir b/317316633
 system_suspend sysfs_touch_gti dir b/350832258
+untrusted_app audio_config_prop file b/379245754
 vendor_init default_prop file b/315104235
 vendor_init default_prop file b/315104803
 vendor_init default_prop file b/323087197
@ -26,3 +39,4 @@ vendor_init default_prop file b/323087490
 vendor_init default_prop property_service b/315104235
 vendor_init default_prop property_service b/359428180
 vendor_init vendor_volte_mif_off property_service b/316816642
+zygote zygote capability b/379207101
--- a/sepolicy/vendor/debug_camera_app.te
+++ b/sepolicy/vendor/debug_camera_app.te
@ -1,3 +1,4 @@
+# File containing sepolicies for GCA-Eng & GCA-Next.
 userdebug_or_eng(`
 	# Allows GCA-Eng & GCA-Next access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
@ -9,4 +10,7 @@ userdebug_or_eng(`

 	# Allows  GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12.
 	allow debug_camera_app hw_jpg_device:chr_file rw_file_perms;
+
+	# Allow tachyon_service to communicate with GCA-Eng via binder.
+	binder_call(edgetpu_tachyon_server, debug_camera_app);
 ')
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@ -256,9 +256,6 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply/pca9
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/wakeup                                     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/wakeup                           u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/wakeup/wakeup                                              u:object_r:sysfs_wakeup:s0
-is_flag_enabled(RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED, `
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state                                       u:object_r:sysfs_udc:s0
-')
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup                                                        u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup                                 u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1                                   u:object_r:sysfs_wakeup:s0
@ -349,3 +346,8 @@ genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled           u
 # CPU
 genfscon sysfs /kernel/metrics/cpuidle_histogram/cpuidle_histogram        u:object_r:sysfs_cpu:s0
 genfscon sysfs /kernel/metrics/cpuidle_histogram/cpucluster_histogram     u:object_r:sysfs_cpu:s0
+
+# USB
+starting_at_board_api(202504, `
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state   u:object_r:sysfs_udc:s0
+')
--- a/sepolicy/vendor/google_camera_app.te
+++ b/sepolicy/vendor/google_camera_app.te
@ -8,3 +8,6 @@ allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }

 # Allows GCA to access the hw_jpeg /dev/video12.
 allow google_camera_app hw_jpg_device:chr_file rw_file_perms;
+
+# Allow tachyon service to communicate with google_camera_app via binder.
+binder_call(edgetpu_tachyon_server, google_camera_app);
--- a/sepolicy/vendor/hal_nfc_default.te
+++ b/sepolicy/vendor/hal_nfc_default.te
@ -1,5 +1,9 @@
 # HAL NFC property
-get_prop(hal_nfc_default, vendor_nfc_prop)
+set_prop(hal_nfc_default, vendor_nfc_prop)
+set_prop(hal_nfc_default, vendor_nfc_antenna_prop)
+userdebug_or_eng(
+  get_prop(untrusted_app, vendor_nfc_antenna_prop)
+)

 # SecureElement property
 set_prop(hal_nfc_default, vendor_secure_element_prop)
--- a/sepolicy/vendor/hal_usb_impl.te
+++ b/sepolicy/vendor/hal_usb_impl.te
@ -20,7 +20,7 @@ hal_client_domain(hal_usb_impl, hal_thermal);
 # For monitoring usb sysfs attributes
 allow hal_usb_impl sysfs_wakeup:dir search;
 allow hal_usb_impl sysfs_wakeup:file r_file_perms;
-is_flag_enabled(RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED, `
+starting_at_board_api(202504, `
 allow hal_usb_impl sysfs_udc:file r_file_perms;
 ')

--- a/sepolicy/vendor/service_contexts
+++ b/sepolicy/vendor/service_contexts
@ -3,5 +3,3 @@ com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_
 vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0

 arm.mali.platform.ICompression/default u:object_r:arm_mali_platform_service:s0
-
-android.hardware.media.c2.IComponentStore/default1         u:object_r:hal_codec2_service:s0
--- a/sepolicy/zuma-sepolicy.mk
+++ b/sepolicy/zuma-sepolicy.mk
@ -6,7 +6,7 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/googlebattery

 # sepolicy that are shared among devices using zuma
 BOARD_SEPOLICY_DIRS += device/google/zuma/sepolicy/vendor
-BOARD_SEPOLICY_DIRS += device/google/zuma/sepolicy/radio
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/zuma/sepolicy/radio
 PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zuma/sepolicy/radio/private

 # unresolved SELinux error log with bug tracking