From 4df0d58596a0aed961400607cec38f5ec991de03 Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Tue, 14 Feb 2023 21:14:03 +0800 Subject: [PATCH 01/93] SSRestarDetector: modify the SELinux policy to allow access files owned by system for Zuma. It needs to access a file pushed by hosts of test suites (details: http://go/pd-client-for-lab#heading=h.wtp07hbqvwgx) Bug: 234359369 Design: http://go/pd-client-for-lab Test: Manual Change-Id: Ib82aec1b6eeacbf1b1595009f68827cb9b5c22ba --- radio/ssr_detector.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te index 60ec1bb5..2caf6d77 100644 --- a/radio/ssr_detector.te +++ b/radio/ssr_detector.te @@ -4,7 +4,8 @@ app_domain(ssr_detector_app) allow ssr_detector_app app_api_service:service_manager find; allow ssr_detector_app radio_service:service_manager find; -allow ssr_detector_app system_app_data_file:dir r_dir_perms; +allow ssr_detector_app system_app_data_file:dir create_dir_perms; +allow ssr_detector_app system_app_data_file:file create_file_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; From 6834d6f59faed8ae4853853ed1fedbf4eb84069f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Wagner?= Date: Tue, 27 Dec 2022 14:28:56 +0000 Subject: [PATCH 02/93] Update Mali DDK to r40 : Additional SELinux settings Expose DDK's dynamic configuration options through the Android Sysprop interface, following recommendations from Arm's Android Integration Manual. Bug: 261718474 Change-Id: I785106b6d2d05e21bf60fcd6da3d716b32e1bc1d --- legacy/whitechapel_pro/property.te | 3 +++ legacy/whitechapel_pro/property_contexts | 3 +++ vendor/domain.te | 3 +++ vendor/vendor_init.te | 3 +++ 4 files changed, 12 insertions(+) diff --git a/legacy/whitechapel_pro/property.te b/legacy/whitechapel_pro/property.te index 35f92068..78df728b 100644 --- a/legacy/whitechapel_pro/property.te +++ b/legacy/whitechapel_pro/property.te @@ -16,3 +16,6 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # Trusty storage FS ready vendor_internal_prop(vendor_trusty_storage_prop) + +# Mali Integration +vendor_public_prop(vendor_arm_runtime_option_prop) diff --git a/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts index 103ff838..fa45110d 100644 --- a/legacy/whitechapel_pro/property_contexts +++ b/legacy/whitechapel_pro/property_contexts @@ -23,3 +23,6 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 + +# Mali GPU driver configuration and debug options +vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix diff --git a/vendor/domain.te b/vendor/domain.te index fd876e09..a8bad53f 100644 --- a/vendor/domain.te +++ b/vendor/domain.te @@ -1,2 +1,5 @@ allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms; allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms; + +# Mali +get_prop(domain, vendor_arm_runtime_option_prop) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 024387b9..9b3365cb 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -25,3 +25,6 @@ set_prop(vendor_init, vendor_secure_element_prop) # USB property set_prop(vendor_init, vendor_usb_config_prop) + +# Mali +set_prop(vendor_init, vendor_arm_runtime_option_prop) From ef1d13d86dadd9351f91c511d62a620a813aafad Mon Sep 17 00:00:00 2001 From: Nicole Lee Date: Wed, 15 Feb 2023 09:13:04 +0000 Subject: [PATCH 03/93] logger_app: don't audit default_prop and fix errors avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger Bug: 264489961 Bug: 269383459 Test: Make sure no avc denied for logger_app when using Pixel Logger Change-Id: I8999372d243286586eb53602e167fa111d39a00f --- radio/logger_app.te | 3 +++ tracking_denials/logger_app.te | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/radio/logger_app.te b/radio/logger_app.te index 045f83dc..3c5f7856 100644 --- a/radio/logger_app.te +++ b/radio/logger_app.te @@ -6,6 +6,9 @@ userdebug_or_eng(` allow logger_app radio_vendor_data_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; + r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) + r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) + set_prop(logger_app, vendor_audio_prop) set_prop(logger_app, vendor_gps_prop) set_prop(logger_app, vendor_logger_prop) diff --git a/tracking_denials/logger_app.te b/tracking_denials/logger_app.te index 9443bc55..e04a0e66 100644 --- a/tracking_denials/logger_app.te +++ b/tracking_denials/logger_app.te @@ -1,4 +1,4 @@ -# b/264489961 +# b/269383459 userdebug_or_eng(` - permissive logger_app; + dontaudit logger_app default_prop:file { read }; ') From 6545bc156ade2b1b62d3c42e03997d9b9fd1b250 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 16 Feb 2023 15:47:25 +0800 Subject: [PATCH 04/93] Remove proc_vendor_sched obsolete denials Bug: 264490054 Change-Id: I308df50eefe611a0a87afc9a21387465487cc6ea --- tracking_denials/proc_vendor_sched.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/proc_vendor_sched.te diff --git a/tracking_denials/proc_vendor_sched.te b/tracking_denials/proc_vendor_sched.te deleted file mode 100644 index 5239fa9c..00000000 --- a/tracking_denials/proc_vendor_sched.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264490054 -userdebug_or_eng(` - permissive proc_vendor_sched; -') \ No newline at end of file From 967da5da4faca654eedb8c3b974bdafbe766c736 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 16 Feb 2023 15:54:30 +0800 Subject: [PATCH 05/93] allow bootctl to read devinfo Bug: 260522436 Change-Id: I41d2763ffe40d7465a11cc86612fed9f92905eff --- tracking_denials/hal_bootctl_default.te | 3 --- vendor/hal_bootctl_default.te | 1 + 2 files changed, 1 insertion(+), 3 deletions(-) create mode 100644 vendor/hal_bootctl_default.te diff --git a/tracking_denials/hal_bootctl_default.te b/tracking_denials/hal_bootctl_default.te index 42d4ae61..e862f507 100644 --- a/tracking_denials/hal_bootctl_default.te +++ b/tracking_denials/hal_bootctl_default.te @@ -1,6 +1,3 @@ -# b/260522436 -dontaudit hal_bootctl_default devinfo_block_device:blk_file { open }; -dontaudit hal_bootctl_default devinfo_block_device:blk_file { read }; # b/264489609 userdebug_or_eng(` permissive hal_bootctl_default; diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te new file mode 100644 index 00000000..ab33b0b1 --- /dev/null +++ b/vendor/hal_bootctl_default.te @@ -0,0 +1 @@ +allow hal_bootctl_default devinfo_block_device:blk_file r_file_perms; From 77ce2241416954446e39cf3e6a9f93aa0588f777 Mon Sep 17 00:00:00 2001 From: Kah Xuan Lim Date: Wed, 8 Feb 2023 16:58:32 +0800 Subject: [PATCH 06/93] modem_svc_sit: grant modem property access Log message gotten before adding the policy: avc: denied { connectto } for comm="modem_svc_sit" path="/dev/socket/property_service" scontext=u:r:modem_svc_sit:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1 Bug: 247669574 Change-Id: Id5e66d94eb14c6979d3b93d54fd73634444cdea1 --- radio/modem_svc_sit.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te index 668e4eec..46b17dc7 100644 --- a/radio/modem_svc_sit.te +++ b/radio/modem_svc_sit.te @@ -24,6 +24,9 @@ allow modem_svc_sit modem_userdata_file:file create_file_perms; # RIL property get_prop(modem_svc_sit, vendor_rild_prop) +# Modem property +set_prop(modem_svc_sit, vendor_modem_prop) + # hwservice permission allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) From da69d2a49446288bc3e29bea619b161d26d8b659 Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Mon, 20 Feb 2023 00:40:35 +0000 Subject: [PATCH 07/93] WLC: cleanup WLC trakcing_denials Bug: 268566583 Change-Id: I2b3fda7b1b84ff4407eee4017df351f9f1d3bb51 Signed-off-by: Ken Yang --- tracking_denials/hal_wireless_charger.te | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 tracking_denials/hal_wireless_charger.te diff --git a/tracking_denials/hal_wireless_charger.te b/tracking_denials/hal_wireless_charger.te deleted file mode 100644 index be39812f..00000000 --- a/tracking_denials/hal_wireless_charger.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/268566583 -dontaudit hal_wireless_charger systemui_app:binder { call }; From 6f9844d1370bf43c9bcb4075fe68d181b0584fab Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Mon, 20 Feb 2023 00:58:13 +0000 Subject: [PATCH 08/93] WLC: cleanup the unused hal_wlc policies Bug: 264489562 Bug: 262455719 Bug: 260366297 Bug: 260363384 Change-Id: I90b9e442082b8e03e76ce63aaee56e5882933449 Signed-off-by: Ken Yang --- legacy/whitechapel_pro/hwservice.te | 2 -- legacy/whitechapel_pro/hwservice_contexts | 3 --- tracking_denials/hal_wlc.te | 21 --------------------- tracking_denials/system_app.te | 3 --- vendor/file_contexts | 1 - vendor/hal_wlc.te | 4 ---- 6 files changed, 34 deletions(-) delete mode 100644 legacy/whitechapel_pro/hwservice.te delete mode 100644 legacy/whitechapel_pro/hwservice_contexts delete mode 100644 tracking_denials/hal_wlc.te delete mode 100644 vendor/hal_wlc.te diff --git a/legacy/whitechapel_pro/hwservice.te b/legacy/whitechapel_pro/hwservice.te deleted file mode 100644 index e3493e0d..00000000 --- a/legacy/whitechapel_pro/hwservice.te +++ /dev/null @@ -1,2 +0,0 @@ -# WLC -type hal_wlc_hwservice, hwservice_manager_type; diff --git a/legacy/whitechapel_pro/hwservice_contexts b/legacy/whitechapel_pro/hwservice_contexts deleted file mode 100644 index ed13c78b..00000000 --- a/legacy/whitechapel_pro/hwservice_contexts +++ /dev/null @@ -1,3 +0,0 @@ -# Wireless charger hal -vendor.google.wireless_charger::IWirelessCharger u:object_r:hal_wlc_hwservice:s0 - diff --git a/tracking_denials/hal_wlc.te b/tracking_denials/hal_wlc.te deleted file mode 100644 index d2f8639c..00000000 --- a/tracking_denials/hal_wlc.te +++ /dev/null @@ -1,21 +0,0 @@ -# b/260366297 -dontaudit hal_wlc sysfs:file { getattr }; -dontaudit hal_wlc sysfs:file { open }; -dontaudit hal_wlc sysfs:file { read }; -dontaudit hal_wlc sysfs:file { write }; -# b/262455719 -dontaudit hal_wlc hal_wlc:netlink_kobject_uevent_socket { bind }; -dontaudit hal_wlc hal_wlc:netlink_kobject_uevent_socket { create }; -dontaudit hal_wlc hal_wlc:netlink_kobject_uevent_socket { getopt }; -dontaudit hal_wlc hal_wlc:netlink_kobject_uevent_socket { read }; -dontaudit hal_wlc hal_wlc:netlink_kobject_uevent_socket { setopt }; -dontaudit hal_wlc hwservicemanager:binder { call }; -dontaudit hal_wlc hwservicemanager:binder { transfer }; -dontaudit hal_wlc hwservicemanager_prop:file { getattr }; -dontaudit hal_wlc hwservicemanager_prop:file { map }; -dontaudit hal_wlc hwservicemanager_prop:file { open }; -dontaudit hal_wlc hwservicemanager_prop:file { read }; -# b/264489562 -userdebug_or_eng(` - permissive hal_wlc; -') \ No newline at end of file diff --git a/tracking_denials/system_app.te b/tracking_denials/system_app.te index 0857203a..a0f124d4 100644 --- a/tracking_denials/system_app.te +++ b/tracking_denials/system_app.te @@ -1,6 +1,3 @@ -# b/260363384 -dontaudit system_app hal_wlc:binder { call }; -dontaudit system_app hal_wlc_hwservice:hwservice_manager { find }; # b/260768379 dontaudit system_app default_android_service:service_manager { find }; dontaudit system_app vendor_default_prop:file { open }; diff --git a/vendor/file_contexts b/vendor/file_contexts index 35a0b54c..2e2a2629 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -13,7 +13,6 @@ /vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0 /vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service u:object_r:mediacodec_samsung_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 diff --git a/vendor/hal_wlc.te b/vendor/hal_wlc.te deleted file mode 100644 index 86becf3e..00000000 --- a/vendor/hal_wlc.te +++ /dev/null @@ -1,4 +0,0 @@ -type hal_wlc, domain; -type hal_wlc_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(hal_wlc) From 47570e0ed6c9f68468a455e52f0ebdd18b4a42bf Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 20 Feb 2023 14:58:15 +0800 Subject: [PATCH 09/93] Revert "Revert "Update error on ROM 9624328"" This reverts commit d8572861e31ad6b262fc9b2f94f93075752589df. Remove hal_googlebattery related denied Bug: 269813282 Bug: 269813059 Bug: 268566481 Bug: 269812912 Change-Id: I25b0f417af3e741719f959aed79e7e330687e117 --- tracking_denials/bug_map | 1 + tracking_denials/hal_radioext_default.te | 2 ++ tracking_denials/systemui_app.te | 6 ++++++ tracking_denials/twoshay.te | 2 ++ tracking_denials/zygote.te | 2 ++ 5 files changed, 13 insertions(+) create mode 100644 tracking_denials/hal_radioext_default.te create mode 100644 tracking_denials/twoshay.te create mode 100644 tracking_denials/zygote.te diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 36f8ab3f..69a67064 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -26,3 +26,4 @@ ssr_detector_app system_app_data_file dir b/264483352 ssr_detector_app system_app_data_file file b/264483352 system_server default_android_service service_manager b/264483754 untrusted_app default_android_service service_manager b/264599934 +vendor_init device_config_configuration_prop property_service b/268566481 diff --git a/tracking_denials/hal_radioext_default.te b/tracking_denials/hal_radioext_default.te new file mode 100644 index 00000000..ba66f822 --- /dev/null +++ b/tracking_denials/hal_radioext_default.te @@ -0,0 +1,2 @@ +# b/269813076 +dontaudit hal_radioext_default hal_bluetooth_btlinux:binder { call }; diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te index cc9ea74c..39ff3c25 100644 --- a/tracking_denials/systemui_app.te +++ b/tracking_denials/systemui_app.te @@ -22,3 +22,9 @@ dontaudit systemui_app touch_context_service:service_manager { find }; dontaudit systemui_app twoshay:binder { call }; dontaudit systemui_app vr_manager_service:service_manager { find }; dontaudit systemui_app service_manager_type:service_manager *; +# b/269813282 +dontaudit systemui_app bootanim_system_prop:property_service { set }; +dontaudit systemui_app init:unix_stream_socket { connectto }; +dontaudit systemui_app property_socket:sock_file { write }; +dontaudit systemui_app qemu_hw_prop:file { read }; +dontaudit systemui_app twoshay:binder { transfer }; diff --git a/tracking_denials/twoshay.te b/tracking_denials/twoshay.te new file mode 100644 index 00000000..aa810d9a --- /dev/null +++ b/tracking_denials/twoshay.te @@ -0,0 +1,2 @@ +# b/269813059 +dontaudit twoshay systemui_app:binder { call }; diff --git a/tracking_denials/zygote.te b/tracking_denials/zygote.te new file mode 100644 index 00000000..cdfc8aa7 --- /dev/null +++ b/tracking_denials/zygote.te @@ -0,0 +1,2 @@ +# b/269812912 +dontaudit zygote vendor_cccdktimesync_app:process { dyntransition }; From 75ec1c947070e1e016b389103718e8a7760da271 Mon Sep 17 00:00:00 2001 From: Armelle Laine Date: Mon, 13 Feb 2023 22:30:19 +0000 Subject: [PATCH 10/93] Define selinux properties for /dev/block/by-name/trusty_persist Bug: 247013568 Test: - Verify that this change is a NOP for devices with TDP already created on top of the legacy f2fs partition /mnt/vendor/persist/ss - Verify that this change creates a valid symlink on a manually migrated block device Change-Id: I226f365c6afbb5fa91ec1c9c1943f8dddac8183a --- legacy/whitechapel_pro/file_contexts | 1 - vendor/device.te | 1 + vendor/file_contexts | 2 ++ vendor/tee.te | 2 ++ 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index dfaeeb9e..572028ce 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -56,7 +56,6 @@ # Persist /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 # Raw HID device diff --git a/vendor/device.te b/vendor/device.te index 0ad7eb70..8d55496f 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,4 +1,5 @@ type persist_block_device, dev_type; +type tee_persist_block_device, dev_type; type custom_ab_block_device, dev_type; type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index da7a215c..7dc3ea08 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -40,6 +40,7 @@ /mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 /mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 # Devices /dev/bbd_pwrstat u:object_r:power_stats_device:s0 @@ -71,6 +72,7 @@ /dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 diff --git a/vendor/tee.te b/vendor/tee.te index 256fb384..67509b80 100644 --- a/vendor/tee.te +++ b/vendor/tee.te @@ -8,6 +8,8 @@ allow tee mnt_vendor_file:dir r_dir_perms; allow tee tee_data_file:dir rw_dir_perms; allow tee tee_data_file:lnk_file r_file_perms; allow tee sg_device:chr_file rw_file_perms; +allow tee tee_persist_block_device:blk_file rw_file_perms; +allow tee block_device:dir search; # Allow storageproxyd access to gsi_public_metadata_file read_fstab(tee) From 076591d107f55556908bb8bda70b95bc00531b44 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Mon, 27 Feb 2023 17:32:51 -0800 Subject: [PATCH 11/93] Add GSA logs policy This adds a label to the sysfs files for GSA logs to allow dumpstate to read them during a bugreport. Bug: 271125313 Test: adb shell dumpstate Change-Id: I8842c0bec972c4cfad15ca689f8e4ae7fa99e179 --- vendor/dump_gsa.te | 6 ++++++ vendor/file.te | 3 +++ vendor/file_contexts | 1 + vendor/genfs_contexts | 4 ++++ 4 files changed, 14 insertions(+) create mode 100644 vendor/dump_gsa.te diff --git a/vendor/dump_gsa.te b/vendor/dump_gsa.te new file mode 100644 index 00000000..8cd230b4 --- /dev/null +++ b/vendor/dump_gsa.te @@ -0,0 +1,6 @@ +pixel_bugreport(dump_gsa) + +userdebug_or_eng(` + allow dump_gsa vendor_toolbox_exec:file execute_no_trans; + allow dump_gsa sysfs_gsa_log:file r_file_perms; +') diff --git a/vendor/file.te b/vendor/file.te index 6548c4c5..0e78936f 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -33,3 +33,6 @@ userdebug_or_eng(` type sysfs_fabric, sysfs_type, fs_type; type sysfs_em_profile, sysfs_type, fs_type; + +# GSA +type sysfs_gsa_log, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 7d5f1ca9..af1b7c86 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -17,6 +17,7 @@ /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 /vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 /vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 64d843b8..cff07ec9 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -398,3 +398,7 @@ genfscon sysfs /kernel/pixel_em/active_profile u:obje # GPU genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 From a13ce6baf424f072636e9e3d8d48e4157e102378 Mon Sep 17 00:00:00 2001 From: Hiroshi Akiyama Date: Thu, 2 Mar 2023 02:30:58 +0000 Subject: [PATCH 12/93] Update sepolicy for BCL IRQ durations to dumpstate Bug: 269752322 Test: adb bugreport Change-Id: Icd524bd32ed41c3de72f0e1b13428d76e871d203 Signed-off-by: Hiroshi Akiyama --- vendor/dump_power.te | 2 ++ vendor/genfs_contexts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/vendor/dump_power.te b/vendor/dump_power.te index 8146bd13..e4252146 100644 --- a/vendor/dump_power.te +++ b/vendor/dump_power.te @@ -6,6 +6,8 @@ allow dump_power sysfs_acpm_stats:file r_file_perms; allow dump_power sysfs_cpu:file r_file_perms; allow dump_power sysfs_bcl:dir r_dir_perms; allow dump_power sysfs_bcl:file r_file_perms; +allow dump_power sysfs_odpm:dir r_dir_perms; +allow dump_power sysfs_odpm:file r_file_perms; allow dump_power logbuffer_device:chr_file r_file_perms; allow dump_power sysfs_batteryinfo:dir r_dir_perms; allow dump_power sysfs_batteryinfo:file r_file_perms; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index cff07ec9..06b24fc2 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -103,6 +103,8 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-mete genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 # Power Stats genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 From 311722d720f3846e96178b582ee25b0af63c1865 Mon Sep 17 00:00:00 2001 From: Nicolas Geoffray Date: Thu, 2 Mar 2023 14:10:36 +0000 Subject: [PATCH 13/93] Allow ssr_detector_app directory/file creation in system_app_data_file. Bug: 260557058 Bug: 264483352 Test: m Change-Id: Ia9a2b1fbf14ae018580ab0abe515dd180610bad4 --- radio/ssr_detector.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te index 60ec1bb5..2caf6d77 100644 --- a/radio/ssr_detector.te +++ b/radio/ssr_detector.te @@ -4,7 +4,8 @@ app_domain(ssr_detector_app) allow ssr_detector_app app_api_service:service_manager find; allow ssr_detector_app radio_service:service_manager find; -allow ssr_detector_app system_app_data_file:dir r_dir_perms; +allow ssr_detector_app system_app_data_file:dir create_dir_perms; +allow ssr_detector_app system_app_data_file:file create_file_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; From a6c8402aa9ad7a09119b8ccda69ceab59ebd47ae Mon Sep 17 00:00:00 2001 From: Yang Qi Date: Sat, 4 Mar 2023 02:40:52 +0000 Subject: [PATCH 14/93] Add CccDkTimeSyncService for Digital Key Support for Zuma Test: Build and Run Bug: 270511447 Change-Id: I0195bfe5f8eed70556891ddfeae81c486373ddbb --- tracking_denials/bug_map | 1 - tracking_denials/zygote.te | 2 -- vendor/cccdk_timesync_app.te | 5 +++++ vendor/hal_bluetooth_btlinux.te | 3 +++ 4 files changed, 8 insertions(+), 3 deletions(-) delete mode 100644 tracking_denials/zygote.te diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d7fec234..9cb60fb8 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -34,4 +34,3 @@ untrusted_app default_android_service service_manager b/264599934 vendor_init device_config_configuration_prop property_service b/267714573 vendor_init device_config_configuration_prop property_service b/268566481 vendor_init vendor_camera_prop property_service b/267714573 -zygote vendor_cccdktimesync_app process b/269812912 diff --git a/tracking_denials/zygote.te b/tracking_denials/zygote.te deleted file mode 100644 index cdfc8aa7..00000000 --- a/tracking_denials/zygote.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/269812912 -dontaudit zygote vendor_cccdktimesync_app:process { dyntransition }; diff --git a/vendor/cccdk_timesync_app.te b/vendor/cccdk_timesync_app.te index 2377adc8..f34c5f31 100644 --- a/vendor/cccdk_timesync_app.te +++ b/vendor/cccdk_timesync_app.te @@ -1,2 +1,7 @@ type vendor_cccdktimesync_app, domain; +app_domain(vendor_cccdktimesync_app) +allow vendor_cccdktimesync_app app_api_service:service_manager find; + +binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux) +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; diff --git a/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te index 1c447834..2167b3c2 100644 --- a/vendor/hal_bluetooth_btlinux.te +++ b/vendor/hal_bluetooth_btlinux.te @@ -1,3 +1,6 @@ # Allow access to always-on compute device node allow hal_bluetooth_btlinux aoc_device:chr_file rw_file_perms; allow hal_bluetooth_btlinux device:dir r_dir_perms; + +# allow the HAL to call cccdktimesync registered callbacks +binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app) From 726291157faba47eedafbbe253ba93dba8803991 Mon Sep 17 00:00:00 2001 From: Alice Sheng Date: Thu, 9 Mar 2023 14:34:13 -0800 Subject: [PATCH 15/93] Add sepolicy for RA9530 nodes. Bug: 270440233 Test: No selinux denials related to wireless Change-Id: I790052270a20c3324c7b9a9f674dc48a7d003c6f --- vendor/genfs_contexts | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 64d843b8..bd16e7e0 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -138,6 +138,16 @@ genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 @@ -223,6 +233,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -233,6 +245,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-c genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -243,6 +257,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-c genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -253,6 +269,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-c genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -263,6 +281,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-c genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -273,6 +293,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-c genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -283,6 +305,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-c genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -293,6 +317,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-c genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -303,6 +329,8 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-c genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 From 9844033c0a9b8a9192018abbe5ff8eada3527bf2 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 22 Mar 2023 11:25:53 +0800 Subject: [PATCH 16/93] Move pixel dumpstate to gs-common Bug: 240530709 Test: adb bugreport Change-Id: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65 --- radio/file.te | 2 -- radio/file_contexts | 1 - vendor/file_contexts | 1 - vendor/hal_dumpstate_default.te | 5 ----- 4 files changed, 9 deletions(-) delete mode 100644 vendor/hal_dumpstate_default.te diff --git a/radio/file.te b/radio/file.te index c1042132..d8d253a7 100644 --- a/radio/file.te +++ b/radio/file.te @@ -5,10 +5,8 @@ type modem_stat_data_file, file_type, data_file_type; type vendor_log_file, file_type, data_file_type; type vendor_rfsd_log_file, file_type, data_file_type; type vendor_slog_file, file_type, data_file_type; -type radio_vendor_data_file, file_type, data_file_type; userdebug_or_eng(` typeattribute vendor_gps_file mlstrustedobject; - typeattribute radio_vendor_data_file mlstrustedobject; typeattribute vendor_slog_file mlstrustedobject; ') diff --git a/radio/file_contexts b/radio/file_contexts index 74e4b3ee..82a519b6 100644 --- a/radio/file_contexts +++ b/radio/file_contexts @@ -17,7 +17,6 @@ # Data /data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 -/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0 /data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 /data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0 /data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 diff --git a/vendor/file_contexts b/vendor/file_contexts index 1c407f5f..35d7c2cc 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,6 +1,5 @@ # Binaries /vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.dumpstate-service\.zuma u:object_r:hal_dumpstate_default_exec:s0 /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zuma u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 diff --git a/vendor/hal_dumpstate_default.te b/vendor/hal_dumpstate_default.te deleted file mode 100644 index 3e4db459..00000000 --- a/vendor/hal_dumpstate_default.te +++ /dev/null @@ -1,5 +0,0 @@ -allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans; -allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms; -allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms; -allow hal_dumpstate_default shell_data_file:file getattr; - From af3702bffd661a0c415fb98e7a9f7d96dc4bdfdc Mon Sep 17 00:00:00 2001 From: Nicolas Geoffray Date: Fri, 24 Mar 2023 08:15:52 +0000 Subject: [PATCH 17/93] Remove old debug map entries. Bug: 264483352 Change-Id: Ie47107328f58dc4f1d4070e93c0cd09e88cee021 --- tracking_denials/bug_map | 2 -- 1 file changed, 2 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e38e42b7..4331310b 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -34,8 +34,6 @@ kernel vendor_fw_file dir b/272166787 mtectrl unlabeled dir b/264483752 platform_app bootanim_system_prop property_service b/264483532 servicemanager hal_fingerprint_default binder b/264483753 -ssr_detector_app system_app_data_file dir b/264483352 -ssr_detector_app system_app_data_file file b/264483352 system_server default_android_service service_manager b/264483754 systemui_app bootanim_system_prop property_service b/269964574 systemui_app cameraserver_service service_manager b/272628174 From 1b4fae5ce35e133019b292b477647a28f6903cc7 Mon Sep 17 00:00:00 2001 From: Minchan Kim Date: Tue, 11 Apr 2023 22:19:36 +0000 Subject: [PATCH 18/93] remove dump_cma We will introduce it into gs-common Bug: 276901078 Change-Id: I56a0c67fb09563baacbabf738625bf748ab80378 Signed-off-by: Minchan Kim --- vendor/dump_cma.te | 7 ------- vendor/file.te | 1 - vendor/file_contexts | 1 - vendor/genfs_contexts | 1 - 4 files changed, 10 deletions(-) delete mode 100644 vendor/dump_cma.te diff --git a/vendor/dump_cma.te b/vendor/dump_cma.te deleted file mode 100644 index bf5edf29..00000000 --- a/vendor/dump_cma.te +++ /dev/null @@ -1,7 +0,0 @@ -pixel_bugreport(dump_cma) - -userdebug_or_eng(` - allow dump_cma vendor_toolbox_exec:file execute_no_trans; - allow dump_cma vendor_cma_debugfs:dir r_dir_perms; - allow dump_cma vendor_cma_debugfs:file r_file_perms; -') diff --git a/vendor/file.te b/vendor/file.te index cf4ad9f1..65602982 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -23,7 +23,6 @@ type vendor_battery_debugfs, fs_type, debugfs_type; type vendor_pm_genpd_debugfs, fs_type, debugfs_type; type vendor_usb_debugfs, fs_type, debugfs_type; type vendor_maxfg_debugfs, fs_type, debugfs_type; -type vendor_cma_debugfs, fs_type, debugfs_type; # WLC type sysfs_wlc, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index f87c55e5..dcb0abc4 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -14,7 +14,6 @@ /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 /vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 /vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 9c77fbd6..e54cf00f 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -26,7 +26,6 @@ genfscon debugfs /google_battery u:object genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /cma u:object_r:vendor_cma_debugfs:s0 # Extcon genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 From 2c2e198e61598f3ba0be51c877d07f94a01b1516 Mon Sep 17 00:00:00 2001 From: Martin Liu Date: Thu, 13 Apr 2023 23:45:03 +0800 Subject: [PATCH 19/93] allow vendor_init to acces watermark_scale_factor Bug: 278075546 Test: boot Change-Id: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0 Signed-off-by: Martin Liu --- vendor/vendor_init.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 646aa0fe..2071850e 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -29,3 +29,6 @@ set_prop(vendor_init, vendor_usb_config_prop) # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) set_prop(vendor_init, vendor_ssrdump_prop) + +# MM +allow vendor_init proc_watermark_scale_factor:file w_file_perms; From aac79fd4d9bec6517b2932cfca1e1c84b7711cc8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 13:49:53 +0000 Subject: [PATCH 20/93] Add ArmNN config sysprops SELinux rules Bug: b/205202540 Test: manual - reboot device and check the absence of AVC denials Change-Id: I77b29468258520265e5f660452794aff068ca07d --- vendor/property.te | 3 +++ vendor/property_contexts | 3 +++ vendor/vendor_init.te | 3 +++ 3 files changed, 9 insertions(+) diff --git a/vendor/property.te b/vendor/property.te index 8ef51a8c..105574b9 100644 --- a/vendor/property.te +++ b/vendor/property.te @@ -13,3 +13,6 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # Mali Integration vendor_restricted_prop(vendor_arm_runtime_option_prop) + +# ArmNN +vendor_internal_prop(vendor_armnn_config_prop) diff --git a/vendor/property_contexts b/vendor/property_contexts index 8e439464..e837a5cb 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -20,3 +20,6 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + +# ArmNN configuration +ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 2071850e..373eeafd 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -30,5 +30,8 @@ set_prop(vendor_init, vendor_usb_config_prop) set_prop(vendor_init, vendor_arm_runtime_option_prop) set_prop(vendor_init, vendor_ssrdump_prop) +# ArmNN +set_prop(vendor_init, vendor_armnn_config_prop) + # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; From ee5198a28befb4daae41aa0cd3aaf32bbf282072 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 10:39:09 +0000 Subject: [PATCH 21/93] Remove 'hal_neuralnetworks_armnn' sysprop exceptions Bug: b/205202540 Test: manual - reboot device and check the absence of AVC denials Change-Id: I8d85820cf4534b3e7d93eae6f16c750c49929c4a --- tracking_denials/hal_neuralnetworks_armnn.te | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te index 8f3138cc..0c0fa7c5 100644 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ b/tracking_denials/hal_neuralnetworks_armnn.te @@ -1,15 +1,5 @@ # b/260366177 dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; -# b/260768359 -dontaudit hal_neuralnetworks_armnn default_prop:file { getattr }; -dontaudit hal_neuralnetworks_armnn default_prop:file { map }; -dontaudit hal_neuralnetworks_armnn default_prop:file { open }; -dontaudit hal_neuralnetworks_armnn default_prop:file { read }; -# b/260921579 -dontaudit hal_neuralnetworks_armnn default_prop:file { getattr }; -dontaudit hal_neuralnetworks_armnn default_prop:file { map }; -dontaudit hal_neuralnetworks_armnn default_prop:file { open }; -dontaudit hal_neuralnetworks_armnn default_prop:file { read }; # b/264489188 userdebug_or_eng(` permissive hal_neuralnetworks_armnn; From 8051a8759a2925c6a5f17cfe797e5ff83f2e6b54 Mon Sep 17 00:00:00 2001 From: Chungkai Mei Date: Thu, 20 Apr 2023 07:47:15 +0000 Subject: [PATCH 22/93] Remove hal_power_default bug from bug_map SELinux errors are fixed and hence removing from bug map Bug: 273638876 Test: Build and boot on device Change-Id: I4ca6180ad286970d36ce204cd4c44e75962b26e0 Signed-off-by: Chungkai Mei --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d00bfae2..517acb64 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -12,7 +12,6 @@ hal_audio_default hal_audio_default binder b/274374769 hal_bootctl_default hal_bootctl_default capability b/274727372 hal_camera_default edgetpu_app_server binder b/275001641 hal_camera_default edgetpu_app_service service_manager b/275001641 -hal_power_default sysfs file b/273638876 hal_secure_element_uicc hal_secure_element_hwservice hwservice_manager b/264483151 hal_secure_element_uicc hidl_base_hwservice hwservice_manager b/264483151 hal_uwb_default debugfs file b/273639365 From deec8fec9d5e8da1073eaa84c0734685c1cdc128 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 15:23:16 +0000 Subject: [PATCH 23/93] Remove 'hal_neuralnetworks_armnn' '/data' access exception The mali driver has been configured not to look there anymore. Bug: b/205779871 Test: manual - reboot device and check the absence of AVC denials Change-Id: I7bf68036522553a2919076fc6243a577086ffb3a --- tracking_denials/hal_neuralnetworks_armnn.te | 2 -- 1 file changed, 2 deletions(-) diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te index 0c0fa7c5..52fee0ca 100644 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ b/tracking_denials/hal_neuralnetworks_armnn.te @@ -1,5 +1,3 @@ -# b/260366177 -dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; # b/264489188 userdebug_or_eng(` permissive hal_neuralnetworks_armnn; From c1715483d1b3690011bad482d515f8d4c13ad345 Mon Sep 17 00:00:00 2001 From: Prasanna Prapancham Date: Thu, 20 Apr 2023 17:43:30 +0000 Subject: [PATCH 24/93] add 8411 to logbuffer Test: Flash local build and collect bugreport Bug: 277799048 Change-Id: I877a91999a2f17df5ea90d3d2257b93bfd67e8e6 Signed-off-by: Prasanna Prapancham --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index c25fa286..1d8ee620 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -103,6 +103,7 @@ /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 /dev/logbuffer_bd u:object_r:logbuffer_device:s0 /dev/lwis-act-jotnar u:object_r:lwis_device:s0 /dev/lwis-act-slenderman u:object_r:lwis_device:s0 From d389b4a4f6753ec0c41a2bb0271857fcaa3e5919 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Apr 2023 14:09:58 +0000 Subject: [PATCH 25/93] Remove 'hal_neuralnetworks_armnn' permissive rule Not needed after fixing the various violations that were raised in the past. Bug: b/264489188 Test: manual - reboot device and check the absence of AVC denials Change-Id: I9a5b5f916e3e188ea98646b23a43e5dec0cd8501 --- tracking_denials/hal_neuralnetworks_armnn.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/hal_neuralnetworks_armnn.te diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te deleted file mode 100644 index 52fee0ca..00000000 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264489188 -userdebug_or_eng(` - permissive hal_neuralnetworks_armnn; -') \ No newline at end of file From 1d966a0db978a7baf6461f8e6283557ebbff5dc6 Mon Sep 17 00:00:00 2001 From: Chungkai Mei Date: Mon, 24 Apr 2023 08:53:10 +0000 Subject: [PATCH 26/93] Remove dontaudit since read early_wakeup completed The display file node, early_wakeup, just for trigger the worker for display and it doesn't have meaningful read function. But PowerHAL read all nodes and try to dump their valuesi while triggering bugreport. As the read operation has been completed, so we can remove the clause. 07-02 00:53:56.888 522 522 W android.hardwar: type=1400 audit(0.0:8): avc: denied { dac_read_search } for capability=2 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 07-02 00:53:56.888 522 522 W android.hardwar: type=1400 audit(0.0:9): avc: denied { dac_override } for capability=1 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 Bug: 267261305 Test: Boot to home Change-Id: I6c058a1a85ada7e5d6eb1f8acafaac8231ae5329 Signed-off-by: Chungkai Mei (cherry picked from commit 55d41f1a3e89b1f4d2525d9925e3319ef59e2705) --- tracking_denials/hal_power_default.te | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 tracking_denials/hal_power_default.te diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te deleted file mode 100644 index 59254250..00000000 --- a/tracking_denials/hal_power_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/267261305 -dontaudit hal_power_default hal_power_default:capability { dac_override }; -dontaudit hal_power_default hal_power_default:capability { dac_read_search }; From e979543b9961c28e63b464e9815ec85da9672a51 Mon Sep 17 00:00:00 2001 From: Lawrence Huang Date: Wed, 26 Apr 2023 01:39:46 +0000 Subject: [PATCH 27/93] Add net_domain for GCA on zuma devices Bug: 277097939 Change-Id: Iadfc1be5f9e6830693aed9d9b619815c7d1f9caf --- vendor/google_camera_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index 8febc79a..6060363a 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -1,5 +1,6 @@ type google_camera_app, domain, coredomain; app_domain(google_camera_app) +net_domain(google_camera_app) # Allows camera app to access the GXP device. allow google_camera_app gxp_device:chr_file rw_file_perms; From 35f3c85c09b51bdff8c39de8e0aa7f0dd0c6d420 Mon Sep 17 00:00:00 2001 From: lukechang Date: Tue, 2 May 2023 13:30:51 +0000 Subject: [PATCH 28/93] sepolicy: label cpd cl2 & cl1 Test: build and boot to home Bug: 277390134 Change-Id: Iad525a9c556ee436afb8cbd29156b6b593329e83 Signed-off-by: lukechang --- vendor/file.te | 1 + vendor/genfs_contexts | 4 ++++ vendor/hal_power_default.te | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/vendor/file.te b/vendor/file.te index 39e63117..4f482f2d 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -46,6 +46,7 @@ userdebug_or_eng(` type sysfs_fabric, sysfs_type, fs_type; type sysfs_em_profile, sysfs_type, fs_type; type sysfs_ota, sysfs_type, fs_type; +type sysfs_ospm, sysfs_type, fs_type; # GSA type sysfs_gsa_log, sysfs_type, fs_type; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 549a2d02..21267d6b 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -14,6 +14,10 @@ genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_b genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 +# OSPM +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1 u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2 u:object_r:sysfs_ospm:s0 + # EdgeTPU genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 diff --git a/vendor/hal_power_default.te b/vendor/hal_power_default.te index bb86aad8..64521fbb 100644 --- a/vendor/hal_power_default.te +++ b/vendor/hal_power_default.te @@ -4,4 +4,5 @@ allow hal_power_default sysfs_camera:file rw_file_perms; allow hal_power_default sysfs_em_profile:file rw_file_perms; allow hal_power_default sysfs_display:file rw_file_perms; allow hal_power_default sysfs_trusty:file rw_file_perms; -set_prop(hal_power_default, vendor_camera_prop); \ No newline at end of file +allow hal_power_default sysfs_ospm:file rw_file_perms; +set_prop(hal_power_default, vendor_camera_prop); From b7db7f8eae85646d233b1a3be7801d084eafb26a Mon Sep 17 00:00:00 2001 From: leohsieh Date: Tue, 14 Mar 2023 23:12:06 +0800 Subject: [PATCH 29/93] Allow hal_fingerprint_default to access sysfs_aoc_udfps Fix the following avc denial: avc: denied { search } for name="17000000.aoc" dev="sysfs" ino=22035 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=0 avc: denied { write } for name="udfps_set_clock_source" dev="sysfs" ino=106891 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0 avc: denied { read } for name="udfps_get_disp_freq" dev="sysfs" ino=106893 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0 Bug: 267271482 Test: Verify fingerprint HAL process can read/write to the sysfs node. Change-Id: I39a2e69b1c314d52944bb16ada61e7e6761561cf --- vendor/file.te | 1 + vendor/genfs_contexts | 3 +++ vendor/hal_fingerprint_default.te | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/vendor/file.te b/vendor/file.te index 4f482f2d..06795ec1 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -9,6 +9,7 @@ type sysfs_power_dump, sysfs_type, fs_type; type sysfs_acpm_stats, sysfs_type, fs_type; type sysfs_write_leds, sysfs_type, fs_type; type sysfs_pca, sysfs_type, fs_type; +type sysfs_aoc_udfps, sysfs_type, fs_type; # Trusty type sysfs_trusty, sysfs_type, fs_type; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 21267d6b..6c4664b9 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -500,6 +500,9 @@ genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:ob genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0 # OTA genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te index 6aa57dde..b0a81160 100644 --- a/vendor/hal_fingerprint_default.te +++ b/vendor/hal_fingerprint_default.te @@ -37,3 +37,7 @@ hal_client_domain(hal_fingerprint_default, hal_thermal); # allow fingerprint to read sysfs_leds allow hal_fingerprint_default sysfs_leds:file r_file_perms; allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; + +# Allow fingerprint to access sysfs_aoc_udfps +allow hal_fingerprint_default sysfs_aoc:dir search; +allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms; From 2a06b44cdce92bc28ca80c141fa67cbbfcd71be4 Mon Sep 17 00:00:00 2001 From: Luis Delgado de Mendoza Garcia Date: Mon, 1 May 2023 14:56:31 -0700 Subject: [PATCH 30/93] Add chre channel sepolicy entries Bug: 241960170 Test: in-device verification. Change-Id: Iba27ad45a38b491ebdfa0191f5af02aafa9f90e2 --- vendor/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 21267d6b..7d4ca822 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -394,6 +394,8 @@ genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 From 062f6c0a8559aa58536263d3d6274eb815f933f4 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 12 May 2023 02:27:18 +0000 Subject: [PATCH 31/93] introduce a new sepolicy owner Bug: 281631102 Test: N/A Change-Id: I2885d990aefafacc00b12bac9c529c40e007585c --- OWNERS | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/OWNERS b/OWNERS index 791abb4a..5232bc31 100644 --- a/OWNERS +++ b/OWNERS @@ -1,3 +1,4 @@ -include platform/system/sepolicy:/OWNERS +include device/google/gs-common:/sepolicy/OWNERS + +adamshih@google.com -rurumihong@google.com From b7f556c9cb1d5b74bd9f0de8b178e545ae0e7c24 Mon Sep 17 00:00:00 2001 From: lukechang Date: Tue, 16 May 2023 09:11:25 +0000 Subject: [PATCH 32/93] sepolicy: label cpd cl2 & cl1 target_residency Test: build and boot to home Bug: 277390134 Change-Id: I127ffc74aa68976de4aaa4a750b4043def4e2759 Signed-off-by: lukechang --- vendor/genfs_contexts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 21267d6b..a0627f29 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -15,8 +15,10 @@ genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_d genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 # OSPM -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1 u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2 u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1 u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2 u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1_target_residency u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency u:object_r:sysfs_ospm:s0 # EdgeTPU genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 From 7530c4bc13037c1c78c2e564be673895b2bb5f36 Mon Sep 17 00:00:00 2001 From: Yixuan Wang Date: Fri, 26 May 2023 21:13:50 +0000 Subject: [PATCH 33/93] Add selinux policy for chre vendor data directory Bug: 278114604 Test: on device test Change-Id: I1ac96655571f811c116540aec3a1626d5cca1b16 --- vendor/chre.te | 4 ++++ vendor/file.te | 1 + vendor/file_contexts | 1 + 3 files changed, 6 insertions(+) diff --git a/vendor/chre.te b/vendor/chre.te index a1d1ca59..081da089 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -9,6 +9,10 @@ allow chre aoc_device:chr_file rw_file_perms; allow chre sysfs_aoc:dir search; allow chre sysfs_aoc_boottime:file r_file_perms; +# Allow CHRE to write to data to chre data directory +allow chre chre_data_file:dir create_dir_perms; +allow chre chre_data_file:file create_file_perms; + # Allow CHRE to create thread to watch AOC's device allow chre device:dir r_dir_perms; diff --git a/vendor/file.te b/vendor/file.te index f9b49f92..50336ed8 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -39,6 +39,7 @@ type vendor_bt_data_file, file_type, data_file_type; type sensor_reg_data_file, file_type, data_file_type; type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type uwb_data_vendor, file_type, data_file_type; +type chre_data_file, file_type, data_file_type; # Vendor sched files userdebug_or_eng(` diff --git a/vendor/file_contexts b/vendor/file_contexts index cb5e323d..1299d8f6 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -39,6 +39,7 @@ # Vendor /data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 # persist /mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 From 4f16f36a7806ede607116753a49a4d0af0926979 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan Date: Fri, 30 Jun 2023 00:31:17 +0000 Subject: [PATCH 34/93] Add USB wakeup sources sepolicy contexts Bug: 289376260 Change-Id: I72711aea571dad5be7ff36ca7a7c59240aaa2226 Signed-off-by: Badhri Jagan Sridharan --- vendor/genfs_contexts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 1cccc953..f0357905 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -404,7 +404,13 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mai genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 From 1278d8fc59402361f4e49f2d1503e7bb5dc8138a Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Mon, 10 Jul 2023 04:56:38 +0000 Subject: [PATCH 35/93] [Cleanup]: Move gxp sepolicies to gs-common for P23 These policies are moved to gs-common as part of ag/24002524 Bug: 288368306 Change-Id: Iaa15e497eafd54b1b702192a3c8f7fe0c908f8a1 Signed-off-by: Dinesh Yadav --- vendor/debug_camera_app.te | 3 ++- vendor/device.te | 1 - vendor/file_contexts | 3 --- vendor/genfs_contexts | 3 +++ vendor/google_camera_app.te | 3 ++- vendor/gxp_logging.te | 10 ---------- vendor/hal_camera_default.te | 3 --- 7 files changed, 7 insertions(+), 19 deletions(-) delete mode 100644 vendor/gxp_logging.te diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te index c55f64e3..eb7ccde5 100644 --- a/vendor/debug_camera_app.te +++ b/vendor/debug_camera_app.te @@ -11,8 +11,9 @@ userdebug_or_eng(` allow debug_camera_app mediametrics_service:service_manager find; allow debug_camera_app mediaserver_service:service_manager find; - # Allows GCA-Eng & GCA-Next access the GXP device. + # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; + get_prop(debug_camera_app, vendor_gxp_prop) # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. allow debug_camera_app edgetpu_app_service:service_manager find; diff --git a/vendor/device.te b/vendor/device.te index 50b7c59a..b9d32075 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -5,7 +5,6 @@ type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type ufs_internal_block_device, dev_type; type logbuffer_device, dev_type; -type gxp_device, dev_type, mlstrustedobject; type hw_jpg_device, dev_type; userdebug_or_eng(` typeattribute hw_jpg_device mlstrustedobject; diff --git a/vendor/file_contexts b/vendor/file_contexts index 172d4a81..d2c81a2a 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,7 +1,6 @@ # Binaries /vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zuma u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 @@ -35,8 +34,6 @@ /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 # Vendor libraries -/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/lib_jpg_encoder\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libhwjpeg\.so u:object_r:same_process_hal_file:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index f0357905..d5ae7c47 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -23,6 +23,9 @@ genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency # EdgeTPU genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 +# Gxp +genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 + # debugfs genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index cc918180..f368d393 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -9,8 +9,9 @@ allow google_camera_app mediaextractor_service:service_manager find; allow google_camera_app mediametrics_service:service_manager find; allow google_camera_app mediaserver_service:service_manager find; -# Allows GCA to acccess the GXP device. +# Allows GCA to acccess the GXP device & properties. allow google_camera_app gxp_device:chr_file rw_file_perms; +get_prop(google_camera_app, vendor_gxp_prop) # Allows GCA to access the PowerHAL. hal_client_domain(google_camera_app, hal_power) diff --git a/vendor/gxp_logging.te b/vendor/gxp_logging.te deleted file mode 100644 index 000138a6..00000000 --- a/vendor/gxp_logging.te +++ /dev/null @@ -1,10 +0,0 @@ -type gxp_logging, domain; -type gxp_logging_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(gxp_logging) - -# The logging service accesses /dev/gxp -allow gxp_logging gxp_device:chr_file rw_file_perms; - -# Allow gxp tracing service to send packets to Perfetto -userdebug_or_eng(`perfetto_producer(gxp_logging)') - diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index 92e5cd47..2ddbeb6f 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -29,9 +29,6 @@ allow hal_camera_default persist_camera_file:file create_file_perms; allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; allow hal_camera_default vendor_camera_data_file:file create_file_perms; -# Allow the camera hal to access the GXP device. -allow hal_camera_default gxp_device:chr_file rw_file_perms; - # Allow creating dump files for debugging in non-release builds userdebug_or_eng(` allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; From 8849e1a49a76b62c3382627242891915cf79fae5 Mon Sep 17 00:00:00 2001 From: Roy Luo Date: Mon, 7 Aug 2023 19:49:09 +0000 Subject: [PATCH 36/93] Support monitoring USB sysfs attributes in USB HAL Grant access to USB sysfs attributes. Bug: 285199434 Test: no audit log in logcat after command execution Change-Id: Ia5f3333318b47f4e0a05140bd6b95e939197fde5 --- vendor/hal_usb_impl.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index 27d7bdde..e4610507 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -15,3 +15,7 @@ wakelock_use(hal_usb_impl); # For interfacing with ThermalHAL hal_client_domain(hal_usb_impl, hal_thermal); + +# For monitoring usb sysfs attributes +allow hal_usb_impl sysfs_wakeup:dir search; +allow hal_usb_impl sysfs_wakeup:file r_file_perms; From 8f14aa12a1c97d5879f5a72cea3285dfd194327f Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Tue, 8 Aug 2023 20:46:03 +0900 Subject: [PATCH 37/93] Move coredomain seapp contexts to system_ext Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble violation. Bug: 280547417 Test: TH Change-Id: Ib8d191a6c07278b51eec88cd8142adf6c1a45668 --- private/debug_camera_app.te | 16 ++++++++++++++++ private/google_camera_app.te | 16 ++++++++++++++++ private/seapp_contexts | 11 +++++++++++ public/debug_camera_app.te | 1 + public/google_camera_app.te | 1 + system_ext/private/pixeldisplayservice_app.te | 11 +++++++++++ system_ext/private/seapp_contexts | 3 +++ system_ext/public/pixeldisplayservice_app.te | 1 + vendor/debug_camera_app.te | 15 --------------- vendor/google_camera_app.te | 17 ----------------- vendor/pixeldisplayservice_app.te | 12 ------------ vendor/seapp_contexts | 16 ---------------- zuma-sepolicy.mk | 1 + 13 files changed, 61 insertions(+), 60 deletions(-) create mode 100644 private/debug_camera_app.te create mode 100644 private/google_camera_app.te create mode 100644 private/seapp_contexts create mode 100644 public/debug_camera_app.te create mode 100644 public/google_camera_app.te create mode 100644 system_ext/private/pixeldisplayservice_app.te create mode 100644 system_ext/public/pixeldisplayservice_app.te diff --git a/private/debug_camera_app.te b/private/debug_camera_app.te new file mode 100644 index 00000000..8250e42a --- /dev/null +++ b/private/debug_camera_app.te @@ -0,0 +1,16 @@ +typeattribute debug_camera_app coredomain; + +userdebug_or_eng(` + app_domain(debug_camera_app) + net_domain(debug_camera_app) + + allow debug_camera_app app_api_service:service_manager find; + allow debug_camera_app audioserver_service:service_manager find; + allow debug_camera_app cameraserver_service:service_manager find; + allow debug_camera_app mediaextractor_service:service_manager find; + allow debug_camera_app mediametrics_service:service_manager find; + allow debug_camera_app mediaserver_service:service_manager find; + + # Allows GCA_Eng & GCA-Next to access the PowerHAL. + hal_client_domain(debug_camera_app, hal_power) +') diff --git a/private/google_camera_app.te b/private/google_camera_app.te new file mode 100644 index 00000000..4ce84afb --- /dev/null +++ b/private/google_camera_app.te @@ -0,0 +1,16 @@ +typeattribute google_camera_app coredomain; +app_domain(google_camera_app) +net_domain(google_camera_app) + +allow google_camera_app app_api_service:service_manager find; +allow google_camera_app audioserver_service:service_manager find; +allow google_camera_app cameraserver_service:service_manager find; +allow google_camera_app mediaextractor_service:service_manager find; +allow google_camera_app mediametrics_service:service_manager find; +allow google_camera_app mediaserver_service:service_manager find; + +# Allows GCA to access the PowerHAL. +hal_client_domain(google_camera_app, hal_power) + +# Library code may try to access vendor properties, but should be denied +dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/private/seapp_contexts b/private/seapp_contexts new file mode 100644 index 00000000..38c4e6ee --- /dev/null +++ b/private/seapp_contexts @@ -0,0 +1,11 @@ +# Google Camera +user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + +# Google Camera Eng +user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera +user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Also label GoogleCameraNext, built with debug keys as debug_camera_app. +user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all diff --git a/public/debug_camera_app.te b/public/debug_camera_app.te new file mode 100644 index 00000000..6f497680 --- /dev/null +++ b/public/debug_camera_app.te @@ -0,0 +1 @@ +type debug_camera_app, domain; diff --git a/public/google_camera_app.te b/public/google_camera_app.te new file mode 100644 index 00000000..c93038cc --- /dev/null +++ b/public/google_camera_app.te @@ -0,0 +1 @@ +type google_camera_app, domain; diff --git a/system_ext/private/pixeldisplayservice_app.te b/system_ext/private/pixeldisplayservice_app.te new file mode 100644 index 00000000..9d603b76 --- /dev/null +++ b/system_ext/private/pixeldisplayservice_app.te @@ -0,0 +1,11 @@ +typeattribute pixeldisplayservice_app coredomain; + +app_domain(pixeldisplayservice_app); + +allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; +allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; + +# Standard system services +allow pixeldisplayservice_app app_api_service:service_manager find; + +allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts index 3e1fa341..c3ec6d38 100644 --- a/system_ext/private/seapp_contexts +++ b/system_ext/private/seapp_contexts @@ -1,3 +1,6 @@ # SystemUI user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all + +# PixelDisplayService +user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all diff --git a/system_ext/public/pixeldisplayservice_app.te b/system_ext/public/pixeldisplayservice_app.te new file mode 100644 index 00000000..2c608b4f --- /dev/null +++ b/system_ext/public/pixeldisplayservice_app.te @@ -0,0 +1 @@ +type pixeldisplayservice_app, domain; diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te index eb7ccde5..86394cf5 100644 --- a/vendor/debug_camera_app.te +++ b/vendor/debug_camera_app.te @@ -1,16 +1,4 @@ -type debug_camera_app, domain, coredomain; - userdebug_or_eng(` - app_domain(debug_camera_app) - net_domain(debug_camera_app) - - allow debug_camera_app app_api_service:service_manager find; - allow debug_camera_app audioserver_service:service_manager find; - allow debug_camera_app cameraserver_service:service_manager find; - allow debug_camera_app mediaextractor_service:service_manager find; - allow debug_camera_app mediametrics_service:service_manager find; - allow debug_camera_app mediaserver_service:service_manager find; - # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; get_prop(debug_camera_app, vendor_gxp_prop) @@ -19,9 +7,6 @@ userdebug_or_eng(` allow debug_camera_app edgetpu_app_service:service_manager find; allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - # Allows GCA_Eng & GCA-Next to access the PowerHAL. - hal_client_domain(debug_camera_app, hal_power) - # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; ') diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index f368d393..fd19c05d 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -1,24 +1,7 @@ -type google_camera_app, domain, coredomain; -app_domain(google_camera_app) -net_domain(google_camera_app) - -allow google_camera_app app_api_service:service_manager find; -allow google_camera_app audioserver_service:service_manager find; -allow google_camera_app cameraserver_service:service_manager find; -allow google_camera_app mediaextractor_service:service_manager find; -allow google_camera_app mediametrics_service:service_manager find; -allow google_camera_app mediaserver_service:service_manager find; - # Allows GCA to acccess the GXP device & properties. allow google_camera_app gxp_device:chr_file rw_file_perms; get_prop(google_camera_app, vendor_gxp_prop) -# Allows GCA to access the PowerHAL. -hal_client_domain(google_camera_app, hal_power) - # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - -# Library code may try to access vendor properties, but should be denied -dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te index 7320d002..e9c8d789 100644 --- a/vendor/pixeldisplayservice_app.te +++ b/vendor/pixeldisplayservice_app.te @@ -1,14 +1,2 @@ -type pixeldisplayservice_app, domain, coredomain; - -app_domain(pixeldisplayservice_app); - -allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; -allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; - allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; binder_call(pixeldisplayservice_app, hal_graphics_composer_default) - -# Standard system services -allow pixeldisplayservice_app app_api_service:service_manager find; - -allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts index f9949930..ed23ae5a 100644 --- a/vendor/seapp_contexts +++ b/vendor/seapp_contexts @@ -7,25 +7,9 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all -# PixelDisplayService -user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all - -# Google Camera -user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - -# Google Camera Eng -user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all - -# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera -user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all - -# Also label GoogleCameraNext, built with debug keys as debug_camera_app. -user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all - # Qorvo UWB system app # TODO(b/222204912): Should this run under uwb user? user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all - diff --git a/zuma-sepolicy.mk b/zuma-sepolicy.mk index 579a50f9..2d80f554 100644 --- a/zuma-sepolicy.mk +++ b/zuma-sepolicy.mk @@ -6,6 +6,7 @@ PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zuma-sepolicy/radio/private # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/zuma-sepolicy/tracking_denials +PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/zuma-sepolicy/public PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zuma-sepolicy/private # system_ext From 2f5496582dc965f50a2dd5aa33799e38ae6dbfdf Mon Sep 17 00:00:00 2001 From: kierancyphus Date: Fri, 5 May 2023 16:14:32 +0800 Subject: [PATCH 38/93] DMD MDS: register proxy service and update MDS policy. MDS is a privileged app which get its permissions from `privapp-permissions-google-product.xml`, however, part of this work requires custom SEPolicy and so those permissions have been translated in SEPolicy. Test: Manually flash device Bug: 270279779 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:022dd13252865e131127da6596f5ada71fbf104f) Merged-In: I47c1a1163a7d40089d36960ed11822505a7a0a7a Change-Id: I47c1a1163a7d40089d36960ed11822505a7a0a7a --- radio/dmd.te | 6 ++++++ radio/modem_diagnostic_app.te | 4 ++++ radio/private/service_contexts | 2 ++ radio/service.te | 2 ++ 4 files changed, 14 insertions(+) create mode 100644 radio/service.te diff --git a/radio/dmd.te b/radio/dmd.te index 76177b50..c940eccc 100644 --- a/radio/dmd.te +++ b/radio/dmd.te @@ -30,3 +30,9 @@ binder_call(dmd, hwservicemanager) binder_call(dmd, modem_diagnostic_app) binder_call(dmd, modem_logging_control) binder_call(dmd, vendor_telephony_silentlogging_app) + +# Allow proxy to register as android Service +binder_use(dmd) +add_service(dmd, liboemservice_proxy) +allow dmd radio_vendor_data_file:dir create_dir_perms; +allow dmd radio_vendor_data_file:file create_file_perms; diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index 8c4a0cac..02af0235 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -34,4 +34,8 @@ userdebug_or_eng(` allow modem_diagnostic_app sysfs_batteryinfo:dir search; dontaudit modem_diagnostic_app default_prop:file r_file_perms; + + # Modem Log Mask Library Permissions + binder_call(modem_diagnostic_app, liboemservice_proxy) + allow modem_diagnostic_app liboemservice_proxy:service_manager find; ') diff --git a/radio/private/service_contexts b/radio/private/service_contexts index 84ef341b..00032283 100644 --- a/radio/private/service_contexts +++ b/radio/private/service_contexts @@ -1,2 +1,4 @@ telephony.oem.oemrilhook u:object_r:radio_service:s0 +# DMD oemservice aidl proxy +com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy:s0 diff --git a/radio/service.te b/radio/service.te new file mode 100644 index 00000000..620a3d4b --- /dev/null +++ b/radio/service.te @@ -0,0 +1,2 @@ +# dmd liboemservice_proxy +type liboemservice_proxy, hal_service_type, service_manager_type; From 3773ca269e96b1478b78e4345fce0359a8203167 Mon Sep 17 00:00:00 2001 From: Seungjae Yoo Date: Fri, 11 Aug 2023 12:28:12 +0900 Subject: [PATCH 39/93] Label dtbo partition as dtbo_block_device Bug: 291191362 Test: m Change-Id: Iccca8de440cad7e9cd12015e0271262a217c457b --- vendor/file_contexts | 2 +- vendor/update_engine.te | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index 372052b7..67a4d492 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -67,7 +67,7 @@ /dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 diff --git a/vendor/update_engine.te b/vendor/update_engine.te index a403d9e4..fb59e4bc 100644 --- a/vendor/update_engine.te +++ b/vendor/update_engine.te @@ -1,3 +1,4 @@ allow update_engine custom_ab_block_device:blk_file rw_file_perms; +allow update_engine dtbo_block_device:blk_file rw_file_perms; allow update_engine modem_block_device:blk_file rw_file_perms; allow update_engine proc_bootconfig:file r_file_perms; From 96f1f214a2bf67cede639da7bbab82185241864f Mon Sep 17 00:00:00 2001 From: Renato Grottesi Date: Thu, 17 Aug 2023 09:03:35 +0000 Subject: [PATCH 40/93] Cleanup unused ArmNN settings. Test: pre-submit Bug: 294463729 Change-Id: Ic417154724c4ddc06925ee2de1bd419dddfa1413 --- vendor/property.te | 3 --- vendor/property_contexts | 3 --- vendor/vendor_init.te | 3 --- 3 files changed, 9 deletions(-) diff --git a/vendor/property.te b/vendor/property.te index 105574b9..8ef51a8c 100644 --- a/vendor/property.te +++ b/vendor/property.te @@ -13,6 +13,3 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # Mali Integration vendor_restricted_prop(vendor_arm_runtime_option_prop) - -# ArmNN -vendor_internal_prop(vendor_armnn_config_prop) diff --git a/vendor/property_contexts b/vendor/property_contexts index e837a5cb..8e439464 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -20,6 +20,3 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix - -# ArmNN configuration -ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index d95920ad..45edeb80 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -33,8 +33,5 @@ set_prop(vendor_init, vendor_usb_config_prop) set_prop(vendor_init, vendor_arm_runtime_option_prop) set_prop(vendor_init, vendor_ssrdump_prop) -# ArmNN -set_prop(vendor_init, vendor_armnn_config_prop) - # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; From f4b5074d4876474f565cc77f15b16354b52f1097 Mon Sep 17 00:00:00 2001 From: Hsin-Yi Chen Date: Fri, 18 Aug 2023 07:40:37 +0000 Subject: [PATCH 41/93] Revert "DMD MDS: register proxy service and update MDS policy." This reverts commit 2f5496582dc965f50a2dd5aa33799e38ae6dbfdf. Bug: 296329753 Reason for revert: broken build Change-Id: I9336cebf8d4947450f5d3e2f0ec4df839aca3574 --- radio/dmd.te | 6 ------ radio/modem_diagnostic_app.te | 4 ---- radio/private/service_contexts | 2 -- radio/service.te | 2 -- 4 files changed, 14 deletions(-) delete mode 100644 radio/service.te diff --git a/radio/dmd.te b/radio/dmd.te index c940eccc..76177b50 100644 --- a/radio/dmd.te +++ b/radio/dmd.te @@ -30,9 +30,3 @@ binder_call(dmd, hwservicemanager) binder_call(dmd, modem_diagnostic_app) binder_call(dmd, modem_logging_control) binder_call(dmd, vendor_telephony_silentlogging_app) - -# Allow proxy to register as android Service -binder_use(dmd) -add_service(dmd, liboemservice_proxy) -allow dmd radio_vendor_data_file:dir create_dir_perms; -allow dmd radio_vendor_data_file:file create_file_perms; diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index 02af0235..8c4a0cac 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -34,8 +34,4 @@ userdebug_or_eng(` allow modem_diagnostic_app sysfs_batteryinfo:dir search; dontaudit modem_diagnostic_app default_prop:file r_file_perms; - - # Modem Log Mask Library Permissions - binder_call(modem_diagnostic_app, liboemservice_proxy) - allow modem_diagnostic_app liboemservice_proxy:service_manager find; ') diff --git a/radio/private/service_contexts b/radio/private/service_contexts index 00032283..84ef341b 100644 --- a/radio/private/service_contexts +++ b/radio/private/service_contexts @@ -1,4 +1,2 @@ telephony.oem.oemrilhook u:object_r:radio_service:s0 -# DMD oemservice aidl proxy -com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy:s0 diff --git a/radio/service.te b/radio/service.te deleted file mode 100644 index 620a3d4b..00000000 --- a/radio/service.te +++ /dev/null @@ -1,2 +0,0 @@ -# dmd liboemservice_proxy -type liboemservice_proxy, hal_service_type, service_manager_type; From 9c6ec7fdd9ecf47f963b5386878e71516cfa29fe Mon Sep 17 00:00:00 2001 From: kierancyphus Date: Tue, 22 Aug 2023 06:32:37 +0000 Subject: [PATCH 42/93] DMD MDS: register proxy service and update MDS policy. MDS is a privileged app which get its permissions from `privapp-permissions-google-product.xml`, however, part of this work requires custom SEPolicy and so those permissions have been translated in SEPolicy. This is a copy of 022dd13252865e131127da6596f5ada71fbf104f (ag/23056498) which can't be cherry picked because it was previously merged and reverted on main. Test: Manually flash device Bug: 270279779 Change-Id: If93515aa6b37bcbe8ec34241da1fa144d61e3d5d --- radio/dmd.te | 6 ++++++ radio/modem_diagnostic_app.te | 4 ++++ radio/private/service_contexts | 2 ++ radio/service.te | 2 ++ 4 files changed, 14 insertions(+) create mode 100644 radio/service.te diff --git a/radio/dmd.te b/radio/dmd.te index 76177b50..6216106a 100644 --- a/radio/dmd.te +++ b/radio/dmd.te @@ -30,3 +30,9 @@ binder_call(dmd, hwservicemanager) binder_call(dmd, modem_diagnostic_app) binder_call(dmd, modem_logging_control) binder_call(dmd, vendor_telephony_silentlogging_app) + +# Allow proxy to register as android Service +binder_use(dmd) +add_service(dmd, liboemservice_proxy) +allow dmd radio_vendor_data_file:dir create_dir_perms; +allow dmd radio_vendor_data_file:file create_file_perms; \ No newline at end of file diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index 8c4a0cac..02af0235 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -34,4 +34,8 @@ userdebug_or_eng(` allow modem_diagnostic_app sysfs_batteryinfo:dir search; dontaudit modem_diagnostic_app default_prop:file r_file_perms; + + # Modem Log Mask Library Permissions + binder_call(modem_diagnostic_app, liboemservice_proxy) + allow modem_diagnostic_app liboemservice_proxy:service_manager find; ') diff --git a/radio/private/service_contexts b/radio/private/service_contexts index 84ef341b..fdd49d4b 100644 --- a/radio/private/service_contexts +++ b/radio/private/service_contexts @@ -1,2 +1,4 @@ telephony.oem.oemrilhook u:object_r:radio_service:s0 +# DMD oemservice aidl proxy +com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy:s0 \ No newline at end of file diff --git a/radio/service.te b/radio/service.te new file mode 100644 index 00000000..620a3d4b --- /dev/null +++ b/radio/service.te @@ -0,0 +1,2 @@ +# dmd liboemservice_proxy +type liboemservice_proxy, hal_service_type, service_manager_type; From b27308445d18217b16fcbfed591dac96fed369dd Mon Sep 17 00:00:00 2001 From: Safayat Ullah Date: Fri, 25 Aug 2023 10:39:53 +0000 Subject: [PATCH 43/93] display: add persist property to vendor_display_prop Bug: 290162920 Test: no avc denied log Change-Id: I2497960fbc76e56dd3a9c69d3fe274f0685744f8 --- vendor/property_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/property_contexts b/vendor/property_contexts index 8e439464..4dc2533f 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -20,3 +20,6 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + +# Display +persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix From 9687d162bc18b8edd106b2d3be865b7fac53811a Mon Sep 17 00:00:00 2001 From: Woody Lin Date: Thu, 14 Sep 2023 10:48:08 +0800 Subject: [PATCH 44/93] Add vendor_sjtag_lock_state_prop and init-check_ap_pd_auth-sh 1. Add init-check_ap_pd_auth-sh for the vendor daemon script `/vendor/bin/init.check_ap_pd_auth.sh`. 2. Add policy for properties `ro.vendor.sjtag_{ap,gsa}_is_unlocked` for init, init-check_ap_pd_auth-sh and ssr_detector to access them. SjtagService: type=1400 audit(0.0:1005): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1 SjtagService: type=1400 audit(0.0:1006): avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1 SjtagService: type=1400 audit(0.0:1007): avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1 SjtagService: type=1400 audit(0.0:1008): avc: denied { write } for name="property_service" dev="tmpfs" ino=446 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1 SjtagService: type=1400 audit(0.0:1009): avc: denied { connectto } for path="/dev/socket/property_service" scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1 Bug: 299043634 Change-Id: I6b2abf69fca9b4765f2dfb7ed82e6546159e96e9 --- radio/file_contexts | 1 + radio/init-check_ap_pd_auth-sh.te | 14 ++++++++++++++ radio/property.te | 2 ++ radio/property_contexts | 3 +++ radio/ssr_detector.te | 2 ++ 5 files changed, 22 insertions(+) create mode 100644 radio/init-check_ap_pd_auth-sh.te diff --git a/radio/file_contexts b/radio/file_contexts index 8d74be8e..f158b42a 100644 --- a/radio/file_contexts +++ b/radio/file_contexts @@ -11,6 +11,7 @@ /vendor/bin/cbd u:object_r:cbd_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 +/vendor/bin/init\.check_ap_pd_auth\.sh u:object_r:init-check_ap_pd_auth-sh_exec:s0 # Config files /vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0 diff --git a/radio/init-check_ap_pd_auth-sh.te b/radio/init-check_ap_pd_auth-sh.te new file mode 100644 index 00000000..bcd855c2 --- /dev/null +++ b/radio/init-check_ap_pd_auth-sh.te @@ -0,0 +1,14 @@ +type init-check_ap_pd_auth-sh, domain; +type init-check_ap_pd_auth-sh_exec, vendor_file_type, exec_type, file_type; + +userdebug_or_eng(` + init_daemon_domain(init-check_ap_pd_auth-sh) + + set_prop(init-check_ap_pd_auth-sh, vendor_sjtag_lock_state_prop) + + allow init-check_ap_pd_auth-sh sysfs_sjtag:dir r_dir_perms; + allow init-check_ap_pd_auth-sh sysfs_sjtag:file r_file_perms; + + allow init-check_ap_pd_auth-sh vendor_shell_exec:file rx_file_perms; + allow init-check_ap_pd_auth-sh vendor_toolbox_exec:file rx_file_perms; +') diff --git a/radio/property.te b/radio/property.te index 16ccefce..dfb1e689 100644 --- a/radio/property.te +++ b/radio/property.te @@ -15,3 +15,5 @@ vendor_internal_prop(vendor_tcpdump_log_prop) # Telephony debug app vendor_internal_prop(vendor_telephony_app_prop) +# SJTAG lock state +vendor_internal_prop(vendor_sjtag_lock_state_prop) diff --git a/radio/property_contexts b/radio/property_contexts index 0cad5bcf..ff410c5e 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -57,3 +57,6 @@ persist.vendor.gps. u:object_r:vendor_gps_prop:s0 persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 +# SJTAG lock state +ro.vendor.sjtag_ap_is_unlocked u:object_r:vendor_sjtag_lock_state_prop:s0 +ro.vendor.sjtag_gsa_is_unlocked u:object_r:vendor_sjtag_lock_state_prop:s0 diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te index 2caf6d77..a93d5bdb 100644 --- a/radio/ssr_detector.te +++ b/radio/ssr_detector.te @@ -13,11 +13,13 @@ userdebug_or_eng(` allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; get_prop(ssr_detector_app, vendor_aoc_prop) + set_prop(ssr_detector_app, vendor_sjtag_lock_state_prop) allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; allow ssr_detector_app sysfs_sjtag:file rw_file_perms; allow ssr_detector_app proc_vendor_sched:dir search; allow ssr_detector_app proc_vendor_sched:file rw_file_perms; allow ssr_detector_app cgroup:file write; + allow ssr_detector_app vendor_toolbox_exec:file execute_no_trans; ') get_prop(ssr_detector_app, vendor_ssrdump_prop) From 6f2589ec74bca852689e313551f60fca28d4fbd7 Mon Sep 17 00:00:00 2001 From: Desmond Huang Date: Wed, 13 Sep 2023 01:31:07 +0800 Subject: [PATCH 45/93] Remove obsolete entries Bug: 299029620 Change-Id: Ib4782148b3e1167fd0113e5ec3eced7348a0cac2 --- tracking_denials/bug_map | 3 --- 1 file changed, 3 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 7c532aca..9b8f7325 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,9 +1,6 @@ -dump_gxp vendor_gxp_prop file b/287898138 dumpstate app_zygote process b/288049050 -hal_uwb_default debugfs file b/288049522 incidentd debugfs_wakeup_sources file b/288049561 incidentd incidentd anon_inode b/288049561 insmod-sh insmod-sh key b/274374722 mtectrl unlabeled dir b/264483752 systemui_app wm_trace_data_file dir b/288049075 -vendor_init proc file b/289856761 From c62d6871b33ac2af5efcaa33b14cf3707ef5ccf6 Mon Sep 17 00:00:00 2001 From: Desmond Huang Date: Thu, 14 Sep 2023 13:59:56 +0800 Subject: [PATCH 46/93] Relocate common tracking denial entries Bug: 299029620 Change-Id: I587e53a54e6bf4e3ccaa572cb35c28b4a0bc1eed --- tracking_denials/bug_map | 2 ++ tracking_denials/priv_app.te | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 tracking_denials/priv_app.te diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 9b8f7325..0be75b9c 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,3 +4,5 @@ incidentd incidentd anon_inode b/288049561 insmod-sh insmod-sh key b/274374722 mtectrl unlabeled dir b/264483752 systemui_app wm_trace_data_file dir b/288049075 +pixelstats_vendor sysfs file b/299553682 +system_server sysfs_batteryinfo file b/294967729 diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te new file mode 100644 index 00000000..975e2c4c --- /dev/null +++ b/tracking_denials/priv_app.te @@ -0,0 +1,2 @@ +# b/299553227 +dontaudit priv_app default_android_service:service_manager { find }; From 0a4d3c2f89b2717cde46d9b79650e1db2ce261e2 Mon Sep 17 00:00:00 2001 From: yixuanwang Date: Sat, 16 Sep 2023 02:51:45 +0000 Subject: [PATCH 47/93] Add selinux policy for chre vendor data directory Bug: 278114604 Test: on device test Change-Id: I33d1e73a375c86602ce632665fe96c5876347c52 --- vendor/chre.te | 4 ++++ vendor/file.te | 1 + vendor/file_contexts | 1 + 3 files changed, 6 insertions(+) diff --git a/vendor/chre.te b/vendor/chre.te index a1d1ca59..081da089 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -9,6 +9,10 @@ allow chre aoc_device:chr_file rw_file_perms; allow chre sysfs_aoc:dir search; allow chre sysfs_aoc_boottime:file r_file_perms; +# Allow CHRE to write to data to chre data directory +allow chre chre_data_file:dir create_dir_perms; +allow chre chre_data_file:file create_file_perms; + # Allow CHRE to create thread to watch AOC's device allow chre device:dir r_dir_perms; diff --git a/vendor/file.te b/vendor/file.te index c06b22ef..de42709b 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -41,6 +41,7 @@ type vendor_bt_data_file, file_type, data_file_type; type sensor_reg_data_file, file_type, data_file_type; type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type uwb_data_vendor, file_type, data_file_type; +type chre_data_file, file_type, data_file_type; # Vendor sched files userdebug_or_eng(` diff --git a/vendor/file_contexts b/vendor/file_contexts index dbd30732..67a4d492 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -40,6 +40,7 @@ # Vendor /data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 # persist /mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 From 85d45d67763657f69a2805efb37f252644406ad8 Mon Sep 17 00:00:00 2001 From: John Chang Date: Fri, 8 Sep 2023 19:01:14 +0000 Subject: [PATCH 48/93] display: properties of vrr settings Bug: 290843234 Test: verify getprop/setprop after reboot. Change-Id: I1ff2b7069f0e6a5a9aef6ac2f6ac6d89b457dcc3 --- vendor/property_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/property_contexts b/vendor/property_contexts index 4dc2533f..d6b559d0 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -23,3 +23,5 @@ vendor.mali. u:object_r:vendor_arm_runtime_option_ # Display persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix +ro.vendor.primarydisplay.vrr.hs.vsync_hz u:object_r:vendor_display_prop:s0 exact int +ro.vendor.primarydisplay.vrr.ns.vsync_hz u:object_r:vendor_display_prop:s0 exact int From a1e0faee5bbc88a871b4a4a1274082e9b187255d Mon Sep 17 00:00:00 2001 From: Sergey Volk Date: Wed, 16 Aug 2023 22:11:38 +0000 Subject: [PATCH 49/93] Allow HWC access to dp_hotplug_error_code in sysfs When an error is detected, DisplayPort kernel driver writes hotplug error code into a sysfs file. Hardware composer reads the error code from sysfs and then needs to write 0 in there to reset the code. Test: manual Bug: 283461313 Change-Id: Ifadc2403d62b12b0661fd170fa6df36b6a199fc3 --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e8685240..582b3d21 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -94,6 +94,7 @@ genfscon sysfs /devices/platform/exynos-drm/tui_status genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 From e853c1919d4fef493c545ed3e1c79958158f7d20 Mon Sep 17 00:00:00 2001 From: Jing Wang Date: Thu, 28 Sep 2023 21:03:10 +0000 Subject: [PATCH 50/93] Revert "Add vendor_sjtag_lock_state_prop and init-check_ap_pd_au..." Test: Revert submission 24754347-zuma-etm2dram Reason for revert: b/302352974 Reverted changes: /q/submissionid:24754347-zuma-etm2dram Bug: 302352974 Change-Id: I251c3a62c79722a9050bdbce85dc758fc4b6fda9 --- radio/file_contexts | 1 - radio/init-check_ap_pd_auth-sh.te | 14 -------------- radio/property.te | 2 -- radio/property_contexts | 3 --- radio/ssr_detector.te | 2 -- 5 files changed, 22 deletions(-) delete mode 100644 radio/init-check_ap_pd_auth-sh.te diff --git a/radio/file_contexts b/radio/file_contexts index f158b42a..8d74be8e 100644 --- a/radio/file_contexts +++ b/radio/file_contexts @@ -11,7 +11,6 @@ /vendor/bin/cbd u:object_r:cbd_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 -/vendor/bin/init\.check_ap_pd_auth\.sh u:object_r:init-check_ap_pd_auth-sh_exec:s0 # Config files /vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0 diff --git a/radio/init-check_ap_pd_auth-sh.te b/radio/init-check_ap_pd_auth-sh.te deleted file mode 100644 index bcd855c2..00000000 --- a/radio/init-check_ap_pd_auth-sh.te +++ /dev/null @@ -1,14 +0,0 @@ -type init-check_ap_pd_auth-sh, domain; -type init-check_ap_pd_auth-sh_exec, vendor_file_type, exec_type, file_type; - -userdebug_or_eng(` - init_daemon_domain(init-check_ap_pd_auth-sh) - - set_prop(init-check_ap_pd_auth-sh, vendor_sjtag_lock_state_prop) - - allow init-check_ap_pd_auth-sh sysfs_sjtag:dir r_dir_perms; - allow init-check_ap_pd_auth-sh sysfs_sjtag:file r_file_perms; - - allow init-check_ap_pd_auth-sh vendor_shell_exec:file rx_file_perms; - allow init-check_ap_pd_auth-sh vendor_toolbox_exec:file rx_file_perms; -') diff --git a/radio/property.te b/radio/property.te index dfb1e689..16ccefce 100644 --- a/radio/property.te +++ b/radio/property.te @@ -15,5 +15,3 @@ vendor_internal_prop(vendor_tcpdump_log_prop) # Telephony debug app vendor_internal_prop(vendor_telephony_app_prop) -# SJTAG lock state -vendor_internal_prop(vendor_sjtag_lock_state_prop) diff --git a/radio/property_contexts b/radio/property_contexts index ff410c5e..0cad5bcf 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -57,6 +57,3 @@ persist.vendor.gps. u:object_r:vendor_gps_prop:s0 persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 -# SJTAG lock state -ro.vendor.sjtag_ap_is_unlocked u:object_r:vendor_sjtag_lock_state_prop:s0 -ro.vendor.sjtag_gsa_is_unlocked u:object_r:vendor_sjtag_lock_state_prop:s0 diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te index a93d5bdb..2caf6d77 100644 --- a/radio/ssr_detector.te +++ b/radio/ssr_detector.te @@ -13,13 +13,11 @@ userdebug_or_eng(` allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; get_prop(ssr_detector_app, vendor_aoc_prop) - set_prop(ssr_detector_app, vendor_sjtag_lock_state_prop) allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; allow ssr_detector_app sysfs_sjtag:file rw_file_perms; allow ssr_detector_app proc_vendor_sched:dir search; allow ssr_detector_app proc_vendor_sched:file rw_file_perms; allow ssr_detector_app cgroup:file write; - allow ssr_detector_app vendor_toolbox_exec:file execute_no_trans; ') get_prop(ssr_detector_app, vendor_ssrdump_prop) From ad0075acd630b3594dbc2eb98944da049f074ba9 Mon Sep 17 00:00:00 2001 From: Matthew Sedam Date: Mon, 2 Oct 2023 20:52:36 +0000 Subject: [PATCH 51/93] Allow CHRE to access the IStats service for the zuma target Bug: 298459533 Test: Use stats service from chre Change-Id: Ie4c9a24d3cd331621136c7c21989685631d87519 --- vendor/chre.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vendor/chre.te b/vendor/chre.te index 081da089..31f61127 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -18,3 +18,7 @@ allow chre device:dir r_dir_perms; # Allow CHRE to use WakeLock wakelock_use(chre) + +# Allow CHRE host to talk to stats service +allow chre fwk_stats_service:service_manager find; +binder_call(chre, stats_service_server) From aa5218c8a70bc12f0f9615327ce1460d655b18c1 Mon Sep 17 00:00:00 2001 From: Roy Luo Date: Wed, 20 Sep 2023 22:01:18 +0000 Subject: [PATCH 52/93] Support metric upload in USB HAL Grant access to stats service. Sample error logs: avc: denied { find } for pid=949 uid=1000 name=android.frameworks.stats.IStats/default scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=0 Bug: 297224564 Test: no audit log in logcat after command execution Change-Id: I4a80e11e63ec164dff73288e93aac851ffebb696 --- vendor/hal_usb_impl.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index e4610507..d282a559 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -19,3 +19,6 @@ hal_client_domain(hal_usb_impl, hal_thermal); # For monitoring usb sysfs attributes allow hal_usb_impl sysfs_wakeup:dir search; allow hal_usb_impl sysfs_wakeup:file r_file_perms; + +# For metrics upload +allow hal_usb_impl fwk_stats_service:service_manager find; From 33c5d3185c9a6dba1eca890a2ca1d6fd23eafc72 Mon Sep 17 00:00:00 2001 From: John Chang Date: Tue, 10 Oct 2023 18:28:55 +0000 Subject: [PATCH 53/93] display: properties of vrr settings Bug: 290843234 Test: verify getprop/setprop after reboot. Change-Id: I7e69fba9d16cabf899bf0d1c4ba041f079e645c1 --- vendor/property_contexts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/vendor/property_contexts b/vendor/property_contexts index d6b559d0..32563633 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -22,6 +22,7 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix # Display -persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix -ro.vendor.primarydisplay.vrr.hs.vsync_hz u:object_r:vendor_display_prop:s0 exact int -ro.vendor.primarydisplay.vrr.ns.vsync_hz u:object_r:vendor_display_prop:s0 exact int +persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix +ro.vendor.primarydisplay.vrr.enabled u:object_r:vendor_display_prop:s0 exact bool +ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int +ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int From c31ec37715a992ceb9039c4e5e168f52226630bc Mon Sep 17 00:00:00 2001 From: Rick Chen Date: Fri, 13 Oct 2023 00:22:14 +0800 Subject: [PATCH 54/93] hal_sensors_default: Add permission to AOC reset sysfs node. [21675.099727] type=1400 audit(1697127034.684:751): avc: denied { write } for comm="binder:912_1" name="reset" dev="sysfs" ino=102250 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_aoc_reset:s0 tclass=file permissive=0 Bug: 304681766 Test: Modify sensor HAL to trigger SSR when init. No avc denied log when sensor HAL access AOC reset sysfs node. Change-Id: Iede0fa94a627c5e0d3166bec05ef7041154d8efe Signed-off-by: Rick Chen --- vendor/hal_sensors_default.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te index fe24c8a8..7dcf5022 100644 --- a/vendor/hal_sensors_default.te +++ b/vendor/hal_sensors_default.te @@ -62,3 +62,6 @@ allow hal_sensors_default sysfs_chosen:file r_file_perms; # Allow display_info_service access to the backlight driver. allow hal_sensors_default sysfs_leds:dir search; allow hal_sensors_default sysfs_leds:file r_file_perms; + +# Allow sensor HAL to reset AOC. +allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms; From 400a9d2068a7663b95a84e087a20bbe42b662d4f Mon Sep 17 00:00:00 2001 From: Hiroshi Akiyama Date: Sat, 14 Oct 2023 04:09:52 +0000 Subject: [PATCH 55/93] Update missing dump_power sepolicy Bug: 304851502 Test: adb bugreport and check dumpstate_board.txt Change-Id: I1aed85ec3c1106381a395867a6eb90c11a8a1f84 Signed-off-by: Hiroshi Akiyama --- vendor/file_contexts | 2 +- vendor/genfs_contexts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index 67a4d492..d1ed5daf 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -14,7 +14,7 @@ /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 /vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 +/vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 /vendor/bin/storageproxyd u:object_r:tee_exec:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 582b3d21..166f411a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -142,6 +142,8 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-mete genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 # Power Stats genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/power_stats u:object_r:sysfs_power_stats:s0 @@ -289,6 +291,9 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/chg_stats genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 # wake up nodes genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 From d48c63c21571de05c982dbaf1e11c26f29682f1f Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 16 Oct 2023 12:19:18 +0800 Subject: [PATCH 56/93] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 305600857 Change-Id: I4715b66f1b1c051c8d83cffefdf4f3de6e5971ef --- tracking_denials/bug_map | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 0be75b9c..c98f50ed 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,8 +1,9 @@ dumpstate app_zygote process b/288049050 +hal_face_default traced_producer_socket sock_file b/305600857 incidentd debugfs_wakeup_sources file b/288049561 incidentd incidentd anon_inode b/288049561 insmod-sh insmod-sh key b/274374722 mtectrl unlabeled dir b/264483752 -systemui_app wm_trace_data_file dir b/288049075 pixelstats_vendor sysfs file b/299553682 system_server sysfs_batteryinfo file b/294967729 +systemui_app wm_trace_data_file dir b/288049075 From fcf7f847ae2dae94e12c68184de2b6ef8621456e Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Fri, 20 Oct 2023 09:48:03 +0000 Subject: [PATCH 57/93] SELinux: fix wakeup selinux issue Bug: 305600876 Change-Id: I21a8993291b05a991e32bb7c363b5e831f4d0db0 Signed-off-by: Ken Yang --- vendor/genfs_contexts | 205 ++++++++++++++++++++++-------------------- 1 file changed, 109 insertions(+), 96 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 41a7bc24..d20311f8 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -296,107 +296,107 @@ genfscon sysfs /class/power_supply/wireless/device/status genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 # wake up nodes -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 @@ -404,6 +404,19 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-9/9-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 + genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 From a534079494eb7ee7fcf869ee945f7d860523f38b Mon Sep 17 00:00:00 2001 From: samou Date: Mon, 23 Oct 2023 01:44:06 +0000 Subject: [PATCH 58/93] Allow battery_motigation to access gpu cur_freq Bug: 290149543 Change-Id: I3396573d67f9f0995e63cd1e559f968107695d8b Signed-off-by: samou --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 41a7bc24..18038093 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -512,6 +512,7 @@ genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:obje genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 # GSA logs genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 From 8d46bb7983dd0d2e201ee6b0c9a7ea95052b1447 Mon Sep 17 00:00:00 2001 From: Jacky Liu Date: Thu, 19 Oct 2023 17:02:29 +0800 Subject: [PATCH 59/93] Update sepolicy for new static i2c bus numbers Bug: 305242309 Test: Boot to home Change-Id: Ic235f6c2a4d325103dcd03e0977c1a88e98a0605 --- vendor/genfs_contexts | 402 +++++------------------------------------- 1 file changed, 47 insertions(+), 355 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index d20311f8..b8e294ca 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -38,15 +38,7 @@ genfscon debugfs /maxfg u:object genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 # Extcon -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 # Storage genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 @@ -100,62 +92,33 @@ genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 # Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 # Power Stats genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 @@ -181,252 +144,35 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 # wake up nodes genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-9/9-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 - -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/tcpm-source-psy-11-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 @@ -441,66 +187,12 @@ genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 From 32d99c3e05a847a8fd50bfe00201de583607fbe1 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Thu, 12 Oct 2023 08:02:49 +0000 Subject: [PATCH 60/93] Set context for sysfs file panel_pwr_vreg Bug: 296978805 Test: read panel_pwr_vreg by dumpstate Change-Id: Idc4845cadb278ef6406003cb3e55bfbdba758b4b --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e0d7add2..bb457557 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -79,6 +79,7 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_pwr_vreg u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 From 11ea7dd6d6f5b2e128e907c1a00ca3218c8c5543 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki Date: Fri, 27 Oct 2023 18:45:43 +0000 Subject: [PATCH 61/93] dump_power: adding dwell defend logs sepolicy Bug: 306108267 Test: build/flash Test: adb bugreport Change-Id: Idb0571b6a974b98649f9cc071d506a8be94966f5 Signed-off-by: Daniel Okazaki --- vendor/dump_power.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/dump_power.te b/vendor/dump_power.te index e4252146..4b112ba5 100644 --- a/vendor/dump_power.te +++ b/vendor/dump_power.te @@ -16,6 +16,11 @@ allow dump_power sysfs_wlc:file r_file_perms; allow dump_power sysfs_power_dump:file r_file_perms; allow dump_power mitigation_vendor_data_file:dir r_dir_perms; allow dump_power mitigation_vendor_data_file:file rw_file_perms; +allow dump_power mnt_vendor_file:dir search; +allow dump_power persist_file:dir search; +allow dump_power persist_battery_file:dir r_dir_perms; +allow dump_power persist_battery_file:file r_file_perms; +allow dump_power vendor_shell_exec:file execute_no_trans; userdebug_or_eng(` allow dump_power debugfs:dir r_dir_perms; From eb2dcaedc8ec80ce8a904d8dddc6164735976d29 Mon Sep 17 00:00:00 2001 From: Chia-Chi Teng Date: Fri, 27 Oct 2023 19:31:40 +0000 Subject: [PATCH 62/93] Revert^2 "bluetooth: Allow triggering AOC reset from BT HAL" This reverts commit 0aa787efa82477a31e9941374ec5fa17738a4f07. Reason for revert: Debug BT HCI timeout on UD2A build and P23 on main Bug: 306646797 Test: presubmit PTS Change-Id: Ia72ea9d0ba0209cce483d220b420933b243e05b3 --- vendor/hal_bluetooth_btlinux.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te index b2a7529c..1076442f 100644 --- a/vendor/hal_bluetooth_btlinux.te +++ b/vendor/hal_bluetooth_btlinux.te @@ -8,5 +8,9 @@ allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms; # Allow triggering uart skip suspend allow hal_bluetooth_btlinux sysfs_bt_uart:file rw_file_perms; +# Allow triggering AOC reset +allow hal_bluetooth_btlinux sysfs_aoc:dir search; +allow hal_bluetooth_btlinux sysfs_aoc_reset:file rw_file_perms; + # allow the HAL to call cccdktimesync registered callbacks binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app) From 3f67ca94787f9ede833bac54bbe6b99a2eb1d67c Mon Sep 17 00:00:00 2001 From: samou Date: Tue, 31 Oct 2023 12:13:45 +0000 Subject: [PATCH 63/93] Update odpm scale value sepolicy Bug: 290149543 Change-Id: I66108d908ffa5cc6853b1e8280a5568c92a2e66f Signed-off-by: samou --- vendor/genfs_contexts | 96 ++++++++++++++++++++++++++++++++----------- 1 file changed, 72 insertions(+), 24 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index bb457557..d1d6eeca 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -93,30 +93,78 @@ genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 # Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current11_scale u:object_r:sysfs_odpm:s0 # Power Stats genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/power_stats u:object_r:sysfs_power_stats:s0 From b066861a226d0946c517154dea3b59c1c1a94aaf Mon Sep 17 00:00:00 2001 From: mikeyuewang Date: Wed, 27 Sep 2023 16:18:34 +0000 Subject: [PATCH 64/93] Add selinux policy change to allow MDS access Samsung OemRil hal. Bug: 301641283 selinux log: 11-03 15:32:38.850 2643 2643 I auditd : type=1400 audit(0.0:1616): avc: denied { call } for comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds 11-03 15:32:38.850 2643 2643 I binder:2643_3: type=1400 audit(0.0:1616): avc: denied { call } for scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds 11-03 15:32:38.854 2643 2643 I auditd : type=1400 audit(0.0:1617): avc: denied { transfer } for comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds 11-03 15:32:38.854 2643 2643 I binder:2643_3: type=1400 audit(0.0:1617): avc: denied { transfer } for scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds 11-03 15:32:38.854 1095 1095 I auditd : type=1400 audit(0.0:1618): avc: denied { call } for comm="HwBinder:1095_1" scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1 11-03 15:32:38.854 1095 1095 I HwBinder:1095_1: type=1400 audit(0.0:1618): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1 Change-Id: Ia71844db230302fd3120b28b3ade2e55443ec078 --- radio/modem_diagnostic_app.te | 3 +++ radio/rild.te | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index 1c59004f..ecd27394 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -9,6 +9,9 @@ allow modem_diagnostic_app radio_service:service_manager find; userdebug_or_eng(` hal_client_domain(modem_diagnostic_app, hal_power_stats); + allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find; + binder_call(modem_diagnostic_app, rild) + binder_call(modem_diagnostic_app, dmd) set_prop(modem_diagnostic_app, vendor_cbd_prop) diff --git a/radio/rild.te b/radio/rild.te index 3a2bac7f..2c272a53 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -40,3 +40,7 @@ add_hwservice(rild, hal_exynos_rild_hwservice) allow rild modem_img_file:dir r_dir_perms; allow rild modem_img_file:file r_file_perms; allow rild modem_img_file:lnk_file r_file_perms; + +userdebug_or_eng(` + binder_call(rild, modem_diagnostic_app) +') From 90ef181121a6bdd296d3e467b441deb8000c79d0 Mon Sep 17 00:00:00 2001 From: samou Date: Thu, 2 Nov 2023 09:47:24 +0000 Subject: [PATCH 65/93] Allow dump_power to create thismeal.txt by executing battery_mitigation Bug: 293899466 Change-Id: I88d4e3bcf18e818e9ee53ed69e522c9678c6edff Signed-off-by: samou --- vendor/dump_power.te | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/vendor/dump_power.te b/vendor/dump_power.te index 4b112ba5..7c836ea2 100644 --- a/vendor/dump_power.te +++ b/vendor/dump_power.te @@ -14,13 +14,15 @@ allow dump_power sysfs_batteryinfo:file r_file_perms; allow dump_power sysfs_wlc:dir search; allow dump_power sysfs_wlc:file r_file_perms; allow dump_power sysfs_power_dump:file r_file_perms; -allow dump_power mitigation_vendor_data_file:dir r_dir_perms; -allow dump_power mitigation_vendor_data_file:file rw_file_perms; +allow dump_power mitigation_vendor_data_file:dir rw_dir_perms; +allow dump_power mitigation_vendor_data_file:file create_file_perms; allow dump_power mnt_vendor_file:dir search; allow dump_power persist_file:dir search; allow dump_power persist_battery_file:dir r_dir_perms; allow dump_power persist_battery_file:file r_file_perms; allow dump_power vendor_shell_exec:file execute_no_trans; +allow dump_power battery_mitigation_exec:file execute_no_trans; +allow dump_power sysfs_iio_devices:dir search; userdebug_or_eng(` allow dump_power debugfs:dir r_dir_perms; From c13e6b0d82ceef4a73e11c3ddc3fba761ded260b Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Mon, 6 Nov 2023 09:25:32 +0000 Subject: [PATCH 66/93] Allow HWC to access display refresh control Bug: 295603692 Test: write the node successfully Change-Id: Ie900a9de4c23201ddefd61456bb2b8a80ba1945a --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index bb457557..559ed29c 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -80,6 +80,7 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_numb genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_pwr_vreg u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctrl u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 From 587903f7c46e25679b820c2d57eb535d820935a5 Mon Sep 17 00:00:00 2001 From: Rick Chen Date: Fri, 3 Nov 2023 20:05:13 +0800 Subject: [PATCH 67/93] sensors: Move USF related sepolicy to gs-common. Bug: 305120274 Test: Compile pass. Flash the build to ZUMA devices and no sensor related avc denied log. Change-Id: I6911992b59802b62ffd206fd53e678da65ef1363 Signed-off-by: Rick Chen --- legacy/whitechapel_pro/file.te | 1 - legacy/whitechapel_pro/file_contexts | 4 -- legacy/whitechapel_pro/te_macros | 14 ------- vendor/file.te | 2 - vendor/hal_sensors_default.te | 61 +++++----------------------- 5 files changed, 10 insertions(+), 72 deletions(-) delete mode 100644 legacy/whitechapel_pro/te_macros diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index db0b31f6..786e5f4a 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -3,7 +3,6 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; -type sensor_debug_data_file, file_type, data_file_type; # sysfs type bootdevice_sysdev, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index 3ee41cda..184c9977 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -40,9 +40,5 @@ /data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 -/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 - -# Persist -/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 diff --git a/legacy/whitechapel_pro/te_macros b/legacy/whitechapel_pro/te_macros deleted file mode 100644 index 01ac13c1..00000000 --- a/legacy/whitechapel_pro/te_macros +++ /dev/null @@ -1,14 +0,0 @@ -# -# USF SELinux type enforcement macros. -# - -# -# usf_low_latency_transport(domain) -# -# Allows domain use of the USF low latency transport. -# -define(`usf_low_latency_transport', ` - allow $1 hal_graphics_mapper_hwservice:hwservice_manager find; - hal_client_domain($1, hal_graphics_allocator) -') - diff --git a/vendor/file.te b/vendor/file.te index 931d8fc6..81d41c1d 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -2,7 +2,6 @@ type persist_display_file, file_type, vendor_persist_type; type persist_battery_file, file_type, vendor_persist_type; type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; type persist_uwb_file, file_type, vendor_persist_type; #sysfs @@ -39,7 +38,6 @@ type vendor_bt_data_file, file_type, data_file_type; type sysfs_bt_uart, sysfs_type, fs_type; # Data -type sensor_reg_data_file, file_type, data_file_type; type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type uwb_data_vendor, file_type, data_file_type; type chre_data_file, file_type, data_file_type; diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te index 7dcf5022..7267dd31 100644 --- a/vendor/hal_sensors_default.te +++ b/vendor/hal_sensors_default.te @@ -1,67 +1,26 @@ -# Allow access to the AoC communication driver. -allow hal_sensors_default aoc_device:chr_file rw_file_perms; +# Allow reading of camera persist files. +r_dir_file(hal_sensors_default, persist_camera_file) -# Allow create thread to watch AOC's device. -allow hal_sensors_default device:dir r_dir_perms; - -# Allow access to CHRE socket to connect to nanoapps. -allow hal_sensors_default chre:unix_stream_socket connectto; -allow hal_sensors_default chre_socket:sock_file write; - -# Allow SensorSuez to connect AIDL stats. -allow hal_sensors_default fwk_stats_service:service_manager find; - -# Allow sensor HAL to access the graphics composer. -binder_call(hal_sensors_default, hal_graphics_composer_default); - -# Allow sensor HAL to access the display service HAL -allow hal_sensors_default hal_pixel_display_service:service_manager find; +# Allow access to the files of CDT information. +r_dir_file(hal_sensors_default, sysfs_chosen) # Allow sensor HAL to access the thermal service HAL hal_client_domain(hal_sensors_default, hal_thermal); -# Allow reading of sensor registry persist files and camera persist files. -allow hal_sensors_default mnt_vendor_file:dir search; -allow hal_sensors_default persist_file:dir search; -allow hal_sensors_default persist_file:file r_file_perms; -allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms; -allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; -r_dir_file(hal_sensors_default, persist_camera_file) - -# Allow creation and writing of sensor registry data files. -allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; -allow hal_sensors_default sensor_reg_data_file:file create_file_perms; - -# Allow access to the sysfs_aoc. -allow hal_sensors_default sysfs_aoc:dir search; -allow hal_sensors_default sysfs_aoc:file r_file_perms; - -# Allow access to the AoC clock and kernel boot time sys FS node. This is needed -# to synchronize the AP and AoC clock timestamps. -allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms; - # Allow display_info_service access to the backlight driver. allow hal_sensors_default sysfs_write_leds:file rw_file_perms; -# Allow access to sensor service for sensor_listener. -binder_call(hal_sensors_default, system_server); - # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) # Allow access to raw HID devices for dynamic sensors. allow hal_sensors_default hidraw_device:chr_file rw_file_perms; -# Allow access to the display info for ALS. -allow hal_sensors_default sysfs_display:file rw_file_perms; +# Allow sensor HAL to access the display service HAL +allow hal_sensors_default hal_pixel_display_service:service_manager find; -# Allow access to the files of CDT information. -allow hal_sensors_default sysfs_chosen:dir search; -allow hal_sensors_default sysfs_chosen:file r_file_perms; +# Allow sensor HAL to access the graphics composer. +binder_call(hal_sensors_default, hal_graphics_composer_default) -# Allow display_info_service access to the backlight driver. -allow hal_sensors_default sysfs_leds:dir search; -allow hal_sensors_default sysfs_leds:file r_file_perms; - -# Allow sensor HAL to reset AOC. -allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms; +# Allow access to the power supply files for MagCC. +allow hal_sensors_default sysfs_wlc:dir r_dir_perms; From 73caf508ecfe025e9cf3f12e6be79516d2bbda28 Mon Sep 17 00:00:00 2001 From: Angela Wu Date: Wed, 8 Nov 2023 01:28:39 +0000 Subject: [PATCH 68/93] Allows GCA to access the hw_jpeg /dev/video12. Bug: 309578078 Change-Id: Ic243a8dc0d6b2decd0ac70d076a456296936e9af Test: https://android-build.corp.google.com/builds/abtd/run/L93200030000133974 --- vendor/google_camera_app.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index fd19c05d..c572c26e 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -5,3 +5,6 @@ get_prop(google_camera_app, vendor_gxp_prop) # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Allows GCA to access the hw_jpeg /dev/video12. +allow google_camera_app hw_jpg_device:chr_file rw_file_perms; From 96bac14cb1964fd27f7224050b7e4cb2adc15d70 Mon Sep 17 00:00:00 2001 From: Mike Wang Date: Wed, 8 Nov 2023 03:38:09 +0000 Subject: [PATCH 69/93] Change the MDS to platform app in selinux ap context. The MDS will be signed with platform key and become a platform app. To make the selinux rules for modem_diagnostic_app work, need to set it to platform app in app context. Bug: 287683516 Test: Tested with both dev key or platform key signed MDS apps and the selinux rules works. Change-Id: I375f57537a81514d3a6230ca042a4407accd6c15 --- radio/seapp_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 6d0de367..9caa3947 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -6,6 +6,7 @@ user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type= # Modem Diagnostic System user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user +user=_app isPrivApp=true seinfo=platform name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user # grilservice user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all From 6216625ef81c98f8ddc17d788043acff0e9a06cb Mon Sep 17 00:00:00 2001 From: Angela Wu Date: Thu, 9 Nov 2023 08:09:14 +0000 Subject: [PATCH 70/93] Allows GCA to access the hw_jpeg /dev/video12. Bug: 309578078 Test: https://android-build.corp.google.com/builds/abtd/run/L93200030000133974 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0dde58951666a96f788a8a75bf63cde34079d48a) Merged-In: I5b1649ec393d2f998159299b0f4feddcde4da80f Change-Id: I5b1649ec393d2f998159299b0f4feddcde4da80f This change is essentially a re-submission of ag/25305073 to an upstream branch. Change-Id: I97a96bddaaca9e95f0596cd4eff0d7e80d6023d6 --- vendor/google_camera_app.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index c0f13ef7..9c775a4a 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -7,3 +7,6 @@ get_prop(google_camera_app, vendor_gxp_prop) # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Allows GCA to access the hw_jpeg /dev/video12. +allow google_camera_app hw_jpg_device:chr_file rw_file_perms; From ca145d66c3390e204726d21cc2586a33ead88680 Mon Sep 17 00:00:00 2001 From: Alex Iacobucci Date: Fri, 10 Nov 2023 18:22:48 +0000 Subject: [PATCH 71/93] aoc: add sysfs file entry Test: on device Bug: 309950738 Change-Id: Iddaf30fce0bfd88d275d577b71bedd826b7a3ee6 Signed-off-by: Alex Iacobucci --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index eb62fcc6..fc17154b 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -293,6 +293,7 @@ genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:ob genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0 genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0 genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0 +genfscon sysfs /devices/platform/17000000.aoc/notify_timeout_aoc_status u:object_r:sysfs_aoc_notifytimeout:s0 # Faceauth genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 From 8ff4604573a3be2755f132171c32b95c76a6a948 Mon Sep 17 00:00:00 2001 From: Daniel Norman Date: Fri, 10 Nov 2023 22:45:23 +0000 Subject: [PATCH 72/93] Removes duplicate hidraw_device type definition. This type is now defined by the platform. Bug: 303522222 Change-Id: Ic46a7327bb2dab89f424cde2682a40f2b28a04db Test: ls -z /dev/hidraw0 --- vendor/device.te | 3 --- vendor/file_contexts | 3 --- 2 files changed, 6 deletions(-) diff --git a/vendor/device.te b/vendor/device.te index b9d32075..ee136aa8 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -24,6 +24,3 @@ type st54spi_device, dev_type; # OTA type sda_block_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index d1ed5daf..d44aba07 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -201,6 +201,3 @@ /dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 /dev/uci u:object_r:uci_device:s0 /dev/video12 u:object_r:hw_jpg_device:s0 - -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 From 8912975a8b1fc48ccee4cdcd5f1d7402aad34019 Mon Sep 17 00:00:00 2001 From: Kyle Tso Date: Mon, 13 Nov 2023 16:35:46 +0800 Subject: [PATCH 73/93] hal_usb_impl: Add get_prop for vendor_usb_config_prop avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=391 scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=0 Bug: 310560098 Change-Id: I86588715cae2696dd0e045c5b75dde55e0f84c1e Signed-off-by: Kyle Tso --- vendor/hal_usb_impl.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index d282a559..4086fb37 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -8,6 +8,7 @@ hal_server_domain(hal_usb_impl, hal_usb_gadget) allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; allow hal_usb_impl dumpstate:fd use; +get_prop(hal_usb_impl, vendor_usb_config_prop) # Needed for monitoring usb port temperature allow hal_usb_impl self:capability2 wake_alarm; From 77ce6120937415c4969a502c3cd0f662655004b8 Mon Sep 17 00:00:00 2001 From: Angela Wu Date: Thu, 9 Nov 2023 08:09:14 +0000 Subject: [PATCH 74/93] Allows GCA to access the hw_jpeg /dev/video12. Bug: 309578078 Test: https://android-build.corp.google.com/builds/abtd/run/L41100030000291922 Merged-In: I97a96bddaaca9e95f0596cd4eff0d7e80d6023d6 Change-Id: I5b1649ec393d2f998159299b0f4feddcde4da80f --- vendor/google_camera_app.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index fd09abc2..077f492e 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -22,5 +22,8 @@ hal_client_domain(google_camera_app, hal_power) allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; +# Allows GCA to access the hw_jpeg /dev/video12. +allow google_camera_app hw_jpg_device:chr_file rw_file_perms; + # Library code may try to access vendor properties, but should be denied dontaudit google_camera_app vendor_default_prop:file { getattr map open }; From b5c8a252b215b85eac4d1d34a35000ba0f13c3c7 Mon Sep 17 00:00:00 2001 From: Devika Krishnadas Date: Thu, 16 Nov 2023 01:23:03 +0000 Subject: [PATCH 75/93] Add Pixel Mapper as a sp-HAL Bug: 267352318 Change-Id: I3068038eb51f1a78a2cd300a6b71d96a2647b641 Signed-off-by: Devika Krishnadas --- vendor/file_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index d1ed5daf..35f10e13 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -33,6 +33,9 @@ /vendor/lib64/arm\.mali\.platform-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 +# Gralloc +/(vendor|system/vendor)/lib(64)?/hw/mapper\.pixel\.so u:object_r:same_process_hal_file:s0 + # Vendor libraries /vendor/lib(64)?/lib_jpg_encoder\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libhwjpeg\.so u:object_r:same_process_hal_file:s0 From d240d1b4e29a9c7f9b5229bc32a716f44e18f768 Mon Sep 17 00:00:00 2001 From: Chia-Chi Teng Date: Thu, 16 Nov 2023 22:37:36 +0000 Subject: [PATCH 76/93] Revert^3 "bluetooth: Allow triggering AOC reset from BT HAL" eb2dcaedc8ec80ce8a904d8dddc6164735976d29 Change-Id: Idb64a3e6d60747273159682102a5367b99fe6833 --- vendor/hal_bluetooth_btlinux.te | 4 ---- 1 file changed, 4 deletions(-) diff --git a/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te index 1076442f..b2a7529c 100644 --- a/vendor/hal_bluetooth_btlinux.te +++ b/vendor/hal_bluetooth_btlinux.te @@ -8,9 +8,5 @@ allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms; # Allow triggering uart skip suspend allow hal_bluetooth_btlinux sysfs_bt_uart:file rw_file_perms; -# Allow triggering AOC reset -allow hal_bluetooth_btlinux sysfs_aoc:dir search; -allow hal_bluetooth_btlinux sysfs_aoc_reset:file rw_file_perms; - # allow the HAL to call cccdktimesync registered callbacks binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app) From 658c20d02471763cdc6a7930cb4a07f218e93795 Mon Sep 17 00:00:00 2001 From: Kyle Tso Date: Wed, 15 Nov 2023 16:51:18 +0800 Subject: [PATCH 77/93] dontaudit on dir search for vendor_votable_debugfs Bug: 305880925 Bug: 310539058 Change-Id: I5e13370fe5430f3dfbf73ccff787986fbe80f9ea Signed-off-by: Kyle Tso --- vendor/kernel.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/kernel.te b/vendor/kernel.te index 28f140ab..8465b6c2 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -19,6 +19,7 @@ dontaudit kernel system_bootstrap_lib_file:file getattr; dontaudit kernel system_dlkm_file:dir getattr; dontaudit kernel vendor_battery_debugfs:dir search; dontaudit kernel vendor_charger_debugfs:dir search; +dontaudit kernel vendor_votable_debugfs:dir search; allow kernel vendor_regmap_debugfs:dir search; From e5f95d1fc7b6a95ecc270b5d60da10da6153a8d0 Mon Sep 17 00:00:00 2001 From: Luis Delgado de Mendoza Date: Tue, 14 Nov 2023 16:06:23 -0800 Subject: [PATCH 78/93] Add sepolicy entries for new BT channel Bug: 308452948 Test: Validated locally on husky. Change-Id: I68bce4f12b086168bdcbe6193b07dd1c11097c2d --- vendor/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index eb62fcc6..02d59bba 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -235,6 +235,8 @@ genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/ genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.bt.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.bt/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 From 039124e7a447a120dd1f0e395ee32e782a039efc Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 22 Nov 2023 03:15:40 +0000 Subject: [PATCH 79/93] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 312590044 Change-Id: I24e5462f111f05d051d398487a5931d808cf3002 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index c98f50ed..7133a2f2 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,5 +1,6 @@ dumpstate app_zygote process b/288049050 hal_face_default traced_producer_socket sock_file b/305600857 +hal_radioext_default radio_vendor_data_file file b/312590044 incidentd debugfs_wakeup_sources file b/288049561 incidentd incidentd anon_inode b/288049561 insmod-sh insmod-sh key b/274374722 From 60b467ac40912882db9e102d46ba1f812dc95aab Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Wed, 22 Nov 2023 14:21:06 +0800 Subject: [PATCH 80/93] Move sg_device related policy Bug: 312582937 Test: make selinux_policy Change-Id: Ic6e1f6228764cd2ddc96d574a10838ca4bc05332 Signed-off-by: Randall Huang --- legacy/whitechapel_pro/device.te | 1 - vendor/tee.te | 1 - vendor/vendor_init.te | 1 - 3 files changed, 3 deletions(-) diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index 7d31940a..8c24eefb 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -1,4 +1,3 @@ -type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; diff --git a/vendor/tee.te b/vendor/tee.te index 67509b80..c99a02d9 100644 --- a/vendor/tee.te +++ b/vendor/tee.te @@ -7,7 +7,6 @@ allow tee persist_file:dir r_dir_perms; allow tee mnt_vendor_file:dir r_dir_perms; allow tee tee_data_file:dir rw_dir_perms; allow tee tee_data_file:lnk_file r_file_perms; -allow tee sg_device:chr_file rw_file_perms; allow tee tee_persist_block_device:blk_file rw_file_perms; allow tee block_device:dir search; diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 45edeb80..399626ca 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -7,7 +7,6 @@ set_prop(vendor_init, logpersistd_logging_prop) allow vendor_init proc_dirty:file w_file_perms; allow vendor_init proc_sched:file w_file_perms; -allow vendor_init sg_device:chr_file r_file_perms; allow vendor_init bootdevice_sysdev:file create_file_perms; allow vendor_init modem_img_file:filesystem { getattr }; From b25d110b3822dc4e18e1df84b02a3fa7b9dacc98 Mon Sep 17 00:00:00 2001 From: Martin Liu Date: Thu, 23 Nov 2023 15:35:07 +0800 Subject: [PATCH 81/93] allow vendor init to access percpu_pagelist_high_fraction Bug: 309409009 Test: boot Change-Id: I2a4b34e3318b5de8688fe25133d7839165a2566d Signed-off-by: Martin Liu --- vendor/vendor_init.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 399626ca..78228049 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -34,3 +34,4 @@ set_prop(vendor_init, vendor_ssrdump_prop) # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; +allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms; From 5775ea074a067454fc26be1c97a35b0984542c9d Mon Sep 17 00:00:00 2001 From: Kyle Tso Date: Mon, 13 Nov 2023 16:35:46 +0800 Subject: [PATCH 82/93] hal_usb_impl: Add get_prop for vendor_usb_config_prop avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=391 scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=0 Bug: 310560098 Change-Id: I86588715cae2696dd0e045c5b75dde55e0f84c1e Signed-off-by: Kyle Tso --- vendor/hal_usb_impl.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index 27d7bdde..34ee19e2 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -8,6 +8,7 @@ hal_server_domain(hal_usb_impl, hal_usb_gadget) allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; allow hal_usb_impl dumpstate:fd use; +get_prop(hal_usb_impl, vendor_usb_config_prop) # Needed for monitoring usb port temperature allow hal_usb_impl self:capability2 wake_alarm; From 23feade4db0884aadcd2a3924cdd07cf3799cd0d Mon Sep 17 00:00:00 2001 From: Jason Chiu Date: Mon, 27 Nov 2023 17:45:29 +0800 Subject: [PATCH 83/93] zuma: move sepolicy related to bootctrl hal to gs-common Bug: 265063384 Change-Id: I230ca394c5d1b6e68dd8b4d51ea06568810eb4e0 Signed-off-by: Jason Chiu --- vendor/device.te | 4 ---- vendor/file.te | 1 - vendor/file_contexts | 1 - vendor/hal_bootctl_default.te | 8 -------- 4 files changed, 14 deletions(-) delete mode 100644 vendor/hal_bootctl_default.te diff --git a/vendor/device.te b/vendor/device.te index ee136aa8..fdb49579 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,7 +1,6 @@ type persist_block_device, dev_type; type tee_persist_block_device, dev_type; type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type ufs_internal_block_device, dev_type; type logbuffer_device, dev_type; @@ -21,6 +20,3 @@ type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; # SecureElement SPI device type st54spi_device, dev_type; - -# OTA -type sda_block_device, dev_type; diff --git a/vendor/file.te b/vendor/file.te index 81d41c1d..6498f828 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -50,7 +50,6 @@ userdebug_or_eng(` # sysfs type sysfs_fabric, sysfs_type, fs_type; type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; type sysfs_ospm, sysfs_type, fs_type; # GSA diff --git a/vendor/file_contexts b/vendor/file_contexts index ba6f2bcb..488cc407 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,6 +1,5 @@ # Binaries /vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te deleted file mode 100644 index 2ffeb27f..00000000 --- a/vendor/hal_bootctl_default.te +++ /dev/null @@ -1,8 +0,0 @@ -allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; -allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; -allow hal_bootctl_default sysfs_ota:file rw_file_perms; -allow hal_bootctl_default tee_device:chr_file rw_file_perms; - -recovery_only(` - allow hal_bootctl_default rootfs:dir r_dir_perms; -') From fb1c8b60bb599b04cd15d25fc461c71007c310e2 Mon Sep 17 00:00:00 2001 From: Khoa Hong Date: Thu, 30 Nov 2023 14:50:52 +0800 Subject: [PATCH 84/93] Suppress avc error log on debugfs's usb folder. The XHCI driver in kernel will write debugging information to DebugFS on some USB host operations (for example: plugging in a USB headphone). We are not using those information right now. Bug: 311088739 Test: No error when plugging a USB headphone in. Change-Id: I3a8e2290e97967c02453eadff440d8bbeefa31b1 --- vendor/kernel.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/kernel.te b/vendor/kernel.te index 8465b6c2..7eca5ce6 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -20,6 +20,7 @@ dontaudit kernel system_dlkm_file:dir getattr; dontaudit kernel vendor_battery_debugfs:dir search; dontaudit kernel vendor_charger_debugfs:dir search; dontaudit kernel vendor_votable_debugfs:dir search; +dontaudit kernel vendor_usb_debugfs:dir search; allow kernel vendor_regmap_debugfs:dir search; From 14dda6e255982b02f731cf4cbefee6aad32cf523 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 07:14:04 +0000 Subject: [PATCH 85/93] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 314054292 Test: scanBugreport Bug: 313804706 Bug: 312894238 Change-Id: Ibf9517b585dcd8e06c62075d85dc55eb8ed7d18d --- tracking_denials/bug_map | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 7133a2f2..e56da60d 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,10 +1,14 @@ dumpstate app_zygote process b/288049050 +dumpstate virtual_camera binder b/312894238 +dumpstate virtual_camera process b/312894238 hal_face_default traced_producer_socket sock_file b/305600857 hal_radioext_default radio_vendor_data_file file b/312590044 +hal_vibrator_default default_android_service service_manager b/314054292 incidentd debugfs_wakeup_sources file b/288049561 incidentd incidentd anon_inode b/288049561 insmod-sh insmod-sh key b/274374722 mtectrl unlabeled dir b/264483752 pixelstats_vendor sysfs file b/299553682 +surfaceflinger selinuxfs file b/313804706 system_server sysfs_batteryinfo file b/294967729 systemui_app wm_trace_data_file dir b/288049075 From fbe923d20a8886d6900eda6f09c7a760c87a15ca Mon Sep 17 00:00:00 2001 From: Sebastian Pickl Date: Fri, 1 Dec 2023 11:30:35 +0000 Subject: [PATCH 86/93] Revert "zuma: move sepolicy related to bootctrl hal to gs-common" Revert submission 25477883-gs-common_bootctrl-aidl Reason for revert: breaking builds b/314240126 Bug: 314240126 Reverted changes: /q/submissionid:25477883-gs-common_bootctrl-aidl Change-Id: I84dda0a7c98ed1d1f7958734761c9c1a0bd9d169 --- vendor/device.te | 4 ++++ vendor/file.te | 1 + vendor/file_contexts | 1 + vendor/hal_bootctl_default.te | 8 ++++++++ 4 files changed, 14 insertions(+) create mode 100644 vendor/hal_bootctl_default.te diff --git a/vendor/device.te b/vendor/device.te index fdb49579..ee136aa8 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,6 +1,7 @@ type persist_block_device, dev_type; type tee_persist_block_device, dev_type; type custom_ab_block_device, dev_type; +type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type ufs_internal_block_device, dev_type; type logbuffer_device, dev_type; @@ -20,3 +21,6 @@ type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; # SecureElement SPI device type st54spi_device, dev_type; + +# OTA +type sda_block_device, dev_type; diff --git a/vendor/file.te b/vendor/file.te index 6498f828..81d41c1d 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -50,6 +50,7 @@ userdebug_or_eng(` # sysfs type sysfs_fabric, sysfs_type, fs_type; type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; type sysfs_ospm, sysfs_type, fs_type; # GSA diff --git a/vendor/file_contexts b/vendor/file_contexts index 488cc407..ba6f2bcb 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,5 +1,6 @@ # Binaries /vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te new file mode 100644 index 00000000..2ffeb27f --- /dev/null +++ b/vendor/hal_bootctl_default.te @@ -0,0 +1,8 @@ +allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; +allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; +allow hal_bootctl_default sysfs_ota:file rw_file_perms; +allow hal_bootctl_default tee_device:chr_file rw_file_perms; + +recovery_only(` + allow hal_bootctl_default rootfs:dir r_dir_perms; +') From 2729e96ec8071c32ff73a064c72ba7a8bc6319dc Mon Sep 17 00:00:00 2001 From: Daniel Norman Date: Fri, 10 Nov 2023 22:45:23 +0000 Subject: [PATCH 87/93] Removes duplicate hidraw_device type definition. This type is now defined by the platform. Bug: 303522222 Test: ls -z /dev/hidraw0 Change-Id: Ic46a7327bb2dab89f424cde2682a40f2b28a04db Merged-In: Ic46a7327bb2dab89f424cde2682a40f2b28a04db (cherry picked from commit 8ff4604573a3be2755f132171c32b95c76a6a948) --- vendor/device.te | 3 --- vendor/file_contexts | 3 --- 2 files changed, 6 deletions(-) diff --git a/vendor/device.te b/vendor/device.te index 50b7c59a..dbf1befb 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -25,6 +25,3 @@ type st54spi_device, dev_type; # OTA type sda_block_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index f93f5c72..cfdeb7f0 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -205,6 +205,3 @@ /dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 /dev/uci u:object_r:uci_device:s0 /dev/video12 u:object_r:hw_jpg_device:s0 - -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 From 47c545c8b016c8525029a47d13216910f5ddaf59 Mon Sep 17 00:00:00 2001 From: Jason Chiu Date: Mon, 27 Nov 2023 17:45:29 +0800 Subject: [PATCH 88/93] zuma: move sepolicy related to bootctrl hal to gs-common Bug: 265063384 Change-Id: Ic99547173f6eade30bce2d60051163336b27ca3b Signed-off-by: Jason Chiu --- vendor/device.te | 4 ---- vendor/file.te | 1 - vendor/file_contexts | 1 - vendor/hal_bootctl_default.te | 8 -------- 4 files changed, 14 deletions(-) delete mode 100644 vendor/hal_bootctl_default.te diff --git a/vendor/device.te b/vendor/device.te index ee136aa8..fdb49579 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,7 +1,6 @@ type persist_block_device, dev_type; type tee_persist_block_device, dev_type; type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type ufs_internal_block_device, dev_type; type logbuffer_device, dev_type; @@ -21,6 +20,3 @@ type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; # SecureElement SPI device type st54spi_device, dev_type; - -# OTA -type sda_block_device, dev_type; diff --git a/vendor/file.te b/vendor/file.te index 81d41c1d..6498f828 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -50,7 +50,6 @@ userdebug_or_eng(` # sysfs type sysfs_fabric, sysfs_type, fs_type; type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; type sysfs_ospm, sysfs_type, fs_type; # GSA diff --git a/vendor/file_contexts b/vendor/file_contexts index ba6f2bcb..488cc407 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,6 +1,5 @@ # Binaries /vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te deleted file mode 100644 index 2ffeb27f..00000000 --- a/vendor/hal_bootctl_default.te +++ /dev/null @@ -1,8 +0,0 @@ -allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; -allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; -allow hal_bootctl_default sysfs_ota:file rw_file_perms; -allow hal_bootctl_default tee_device:chr_file rw_file_perms; - -recovery_only(` - allow hal_bootctl_default rootfs:dir r_dir_perms; -') From 7e755bb1437bad55e7fca73c8ea6acef18926d1f Mon Sep 17 00:00:00 2001 From: Ray Chi Date: Wed, 29 Nov 2023 18:38:56 +0800 Subject: [PATCH 89/93] Add eusb_repeater to vendor_usb_debugfs context Bug: 305145476 Test: adb bugreport Change-Id: I8fe6eebb43ed80de486d93882879512d0918acee --- vendor/dump_power.te | 1 + vendor/genfs_contexts | 1 + 2 files changed, 2 insertions(+) diff --git a/vendor/dump_power.te b/vendor/dump_power.te index 7c836ea2..4437dfaf 100644 --- a/vendor/dump_power.te +++ b/vendor/dump_power.te @@ -32,6 +32,7 @@ userdebug_or_eng(` allow dump_power vendor_charger_debugfs:dir r_dir_perms; allow dump_power vendor_charger_debugfs:file r_file_perms; allow dump_power vendor_usb_debugfs:dir r_dir_perms; + allow dump_power vendor_usb_debugfs:file r_file_perms; allow dump_power vendor_votable_debugfs:dir r_dir_perms; allow dump_power vendor_votable_debugfs:file r_file_perms; allow dump_power vendor_maxfg_debugfs:dir r_dir_perms; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 7dccf93a..f4415e1b 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -34,6 +34,7 @@ genfscon debugfs /gvotables u:object genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /eusb_repeater u:object_r:vendor_usb_debugfs:s0 genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 From 98448f5628d51403b9c022f3c9380cd3d4629190 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Mon, 13 Nov 2023 13:19:25 +0000 Subject: [PATCH 90/93] Add Secretkeeper HAL Test: VtsAidlAuthGraphSessionTest Bug: 306364873 Change-Id: I57de11a4c08476979e9283914a552a90254ee3fb --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index ba6f2bcb..9ad35c2b 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -24,6 +24,7 @@ /vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty u:object_r:hal_secretkeeper_default_exec:s0 /vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 /vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 /vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 From 2ecdf16781f311f6294938f55288e99723537ac4 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 6 Dec 2023 10:44:09 +0000 Subject: [PATCH 91/93] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 315104235 Test: scanBugreport Bug: 315104508 Bug: 315104235 Test: scanAvcDeniedLogRightAfterReboot Bug: 315104941 Bug: 315104235 Change-Id: Icb01366f95e6ca4001246215e487d702131b6947 --- tracking_denials/bug_map | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e56da60d..94683350 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -12,3 +12,7 @@ pixelstats_vendor sysfs file b/299553682 surfaceflinger selinuxfs file b/313804706 system_server sysfs_batteryinfo file b/294967729 systemui_app wm_trace_data_file dir b/288049075 +twoshay chre_socket sock_file b/315104508 +twoshay chre_socket sock_file b/315104941 +vendor_init default_prop file b/315104235 +vendor_init default_prop property_service b/315104235 From 259348f8f767348988917badc565ef7da7425b5d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 11 Dec 2023 02:54:00 +0000 Subject: [PATCH 92/93] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 315720601 Test: scanBugreport Bug: 315720874 Bug: 315104803 Test: scanAvcDeniedLogRightAfterReboot Bug: 315104803 Change-Id: If15ba27fec6c876984823f8bb214bb7db59f7fd2 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 94683350..1d2ea187 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -9,10 +9,13 @@ incidentd incidentd anon_inode b/288049561 insmod-sh insmod-sh key b/274374722 mtectrl unlabeled dir b/264483752 pixelstats_vendor sysfs file b/299553682 +rild default_prop file b/315720601 +rild default_prop file b/315720874 surfaceflinger selinuxfs file b/313804706 system_server sysfs_batteryinfo file b/294967729 systemui_app wm_trace_data_file dir b/288049075 twoshay chre_socket sock_file b/315104508 twoshay chre_socket sock_file b/315104941 vendor_init default_prop file b/315104235 +vendor_init default_prop file b/315104803 vendor_init default_prop property_service b/315104235 From b3e48816fafd3d91652d8ac283587f050a986df7 Mon Sep 17 00:00:00 2001 From: Imo Richard Umoren Date: Tue, 12 Dec 2023 02:36:44 +0000 Subject: [PATCH 93/93] Twoshay: Add SELinux Permissions for CHRE [Zuma] Adds connection and write permissions for chre socket to SELinux policy. Used for the Wallaby nanoapp. Bug: b/315347346 Bug: b/314721681 Test: Manually tested on SB3 Proto 1.0 Change-Id: I4a01be73d76a577d8da07c36276349525c0fda68 --- vendor/twoshay.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/twoshay.te b/vendor/twoshay.te index 219619ac..0456028b 100644 --- a/vendor/twoshay.te +++ b/vendor/twoshay.te @@ -2,3 +2,8 @@ binder_call(twoshay, systemui_app) binder_call(twoshay, hal_radioext_default) + +# b/315347346 +# b/314721681 +unix_socket_connect(twoshay, chre, chre) +allow twoshay self:capability2 block_suspend;