Branch zuma from gs201

Branch zuma from gs201 sha1 63751751aa91275b083797278d638078b3a0bf7a cp/pantah/ripcurrent cp/gs201/zuma Bug: 229340586 Change-Id: Ie692d8dbbf0fc4d3b376dc9fe3e930bd3955a88e Signed-off-by: Aaron Ding <aaronding@google.com>
2022-04-15 13:18:52 +08:00 · 2022-04-15 13:18:52 +08:00 · e47b3d9991
commit e47b3d9991
parent e4a3061192
199 changed files with 3343 additions and 0 deletions
--- a/tracking_denials/README.txt
+++ b/tracking_denials/README.txt
@ -0,0 +1,2 @@
+This folder stores known errors detected by PTS. Be sure to remove relevant
+files to reproduce error log on latest ROMs.
--- a/tracking_denials/clatd.te
+++ b/tracking_denials/clatd.te
@ -0,0 +1,3 @@
+# b/210363983
+#dontaudit clatd netd:rawip_socket { read write };
+#dontaudit clatd netd:rawip_socket { setopt };
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@ -0,0 +1,6 @@
+# b/221384768
+dontaudit dumpstate app_zygote:process { signal };
+dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
+dontaudit dumpstate sysfs:file { read };
+# b/227694693
+dontaudit dumpstate incident:process { signal };
--- a/tracking_denials/google_camera_app.te
+++ b/tracking_denials/google_camera_app.te
@ -0,0 +1,8 @@
+# b/209889068
+dontaudit google_camera_app edgetpu_app_service:service_manager { find };
+dontaudit google_camera_app edgetpu_device:chr_file { ioctl };
+dontaudit google_camera_app edgetpu_device:chr_file { map };
+dontaudit google_camera_app edgetpu_device:chr_file { read write };
+dontaudit google_camera_app vendor_default_prop:file { getattr };
+dontaudit google_camera_app vendor_default_prop:file { map };
+dontaudit google_camera_app vendor_default_prop:file { open };
--- a/tracking_denials/hal_camera_default.te
+++ b/tracking_denials/hal_camera_default.te
@ -0,0 +1,5 @@
+# b/205780065
+dontaudit hal_camera_default system_data_file:dir { search };
+# b/218585004
+dontaudit hal_camera_default traced:unix_stream_socket { connectto };
+dontaudit hal_camera_default traced_producer_socket:sock_file { write };
--- a/tracking_denials/hal_drm_widevine.te
+++ b/tracking_denials/hal_drm_widevine.te
@ -0,0 +1,2 @@
+# b/229209076
+dontaudit hal_drm_widevine vndbinder_device:chr_file { read };
--- a/tracking_denials/hal_neuralnetworks_armnn.te
+++ b/tracking_denials/hal_neuralnetworks_armnn.te
@ -0,0 +1,8 @@
+# b/205073167
+dontaudit hal_neuralnetworks_armnn default_prop:file { open };
+dontaudit hal_neuralnetworks_armnn default_prop:file { read };
+# b/205202540
+dontaudit hal_neuralnetworks_armnn default_prop:file { getattr };
+dontaudit hal_neuralnetworks_armnn default_prop:file { map };
+# b/205779871
+dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
--- a/tracking_denials/hal_power_default.te
+++ b/tracking_denials/hal_power_default.te
@ -0,0 +1,4 @@
+# b/208909174
+dontaudit hal_power_default hal_power_default:capability { dac_read_search };
+# b/221384860
+dontaudit hal_power_default hal_power_default:capability { dac_override };
--- a/tracking_denials/hal_radioext_default.te
+++ b/tracking_denials/hal_radioext_default.te
@ -0,0 +1,2 @@
+# b/227122249
+dontaudit hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager { find };
--- a/tracking_denials/hal_secure_element_st33spi.te
+++ b/tracking_denials/hal_secure_element_st33spi.te
@ -0,0 +1,2 @@
+# b/229167195
+dontaudit hal_secure_element_st33spi vendor_secure_element_prop:file { read };
--- a/tracking_denials/hal_sensors_default.te
+++ b/tracking_denials/hal_sensors_default.te
@ -0,0 +1,2 @@
+# b/227695036
+dontaudit hal_sensors_default sensor_reg_data_file:dir { write };
--- a/tracking_denials/hal_thermal_default.te
+++ b/tracking_denials/hal_thermal_default.te
@ -0,0 +1,7 @@
+# b/205904328
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { bind };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { create };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { getattr };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { read };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { setopt };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { write };
--- a/tracking_denials/hal_uwb_vendor_default.te
+++ b/tracking_denials/hal_uwb_vendor_default.te
@ -0,0 +1,3 @@
+# b/208721505
+dontaudit hal_uwb_vendor_default dumpstate:fd { use };
+dontaudit hal_uwb_vendor_default dumpstate:fifo_file { write };
--- a/tracking_denials/hardware_info_app.te
+++ b/tracking_denials/hardware_info_app.te
@ -0,0 +1,2 @@
+# b/208909060
+dontaudit hardware_info_app vendor_maxfg_debugfs:dir search;
--- a/tracking_denials/incidentd.te
+++ b/tracking_denials/incidentd.te
@ -0,0 +1,2 @@
+# b/226850644
+dontaudit incidentd debugfs_wakeup_sources:file { read };
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@ -0,0 +1,11 @@
+# b/213817227
+dontaudit kernel vendor_battery_debugfs:dir { search };
+# b/220801802
+allow kernel same_process_hal_file:file r_file_perms;
+# b/227121550
+dontaudit kernel vendor_usb_debugfs:dir { search };
+dontaudit kernel vendor_votable_debugfs:dir { search };
+# b/227286343
+dontaudit kernel vendor_regmap_debugfs:dir { search };
+# b/228181404
+dontaudit kernel vendor_maxfg_debugfs:dir { search };
--- a/tracking_denials/rebalance_interrupts_vendor.te
+++ b/tracking_denials/rebalance_interrupts_vendor.te
@ -0,0 +1,2 @@
+# b/214472867
+dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override };
--- a/tracking_denials/servicemanager.te
+++ b/tracking_denials/servicemanager.te
@ -0,0 +1,2 @@
+# b/214122471
+dontaudit servicemanager hal_fingerprint_default:binder { call };
--- a/tracking_denials/ssr_detector_app.te
+++ b/tracking_denials/ssr_detector_app.te
@ -0,0 +1,12 @@
+# b/205202542
+dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { getattr };
+dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { map };
+dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { open };
+dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { read };
+# b/207571417
+dontaudit ssr_detector_app cgroup:file { open };
+dontaudit ssr_detector_app cgroup:file { write };
+dontaudit ssr_detector_app sysfs:file { getattr };
+dontaudit ssr_detector_app sysfs:file { open };
+dontaudit ssr_detector_app sysfs:file { read };
+dontaudit ssr_detector_app sysfs:file { write };
--- a/tracking_denials/surfaceflinger.te
+++ b/tracking_denials/surfaceflinger.te
@ -0,0 +1,4 @@
+# b/215042694
+dontaudit surfaceflinger kernel:process { setsched };
+# b/208721808
+dontaudit surfaceflinger hal_graphics_composer_default:dir { search };
--- a/tracking_denials/tee.te
+++ b/tracking_denials/tee.te
@ -0,0 +1,5 @@
+# TODO(b/205904330): avoid using setuid, setgid permission
+allow tee tee:capability { setuid setgid };
+# b/215649571
+dontaudit tee gsi_metadata_file:dir { search };
+dontaudit tee metadata_file:dir { search };
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@ -0,0 +1,4 @@
+# b/205656950
+dontaudit vendor_init thermal_link_device:file { create };
+# b/226271913
+dontaudit vendor_init vendor_maxfg_debugfs:file setattr;
--- a/tracking_denials/vendor_telephony_silentlogging_app.te
+++ b/tracking_denials/vendor_telephony_silentlogging_app.te
@ -0,0 +1,3 @@
+# b/221384996
+dontaudit vendor_telephony_silentlogging_app system_app_data_file:dir { getattr };
+dontaudit vendor_telephony_silentlogging_app system_app_data_file:dir { search };