From f688a56d8e9bcab7081bb76163446466b4dbda26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= Date: Tue, 1 Oct 2024 14:48:00 +1000 Subject: [PATCH 1/7] Remove duplicate service entries These entries are defined in the platform policy. Flag: EXEMPT bugfix Bug: 367832910 Test: TH Change-Id: I34e04111d74d0b7b4d9e3e4e359feb1b92b40593 --- vendor/service_contexts | 2 -- 1 file changed, 2 deletions(-) diff --git a/vendor/service_contexts b/vendor/service_contexts index 00cf9c5b..ffa2639b 100644 --- a/vendor/service_contexts +++ b/vendor/service_contexts @@ -3,5 +3,3 @@ com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_ vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 arm.mali.platform.ICompression/default u:object_r:arm_mali_platform_service:s0 - -android.hardware.media.c2.IComponentStore/default1 u:object_r:hal_codec2_service:s0 From d898a7a7875a6434f856fa749fff9d79b031cdef Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Tue, 8 Oct 2024 11:25:58 +0800 Subject: [PATCH 2/7] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 372121912 Test: scanBugreport Bug: 359428180 Test: scanAvcDeniedLogRightAfterReboot Bug: 359428180 Flag: EXEMPT NDK Change-Id: I88cf70ace59b6ca4cf66a4b0ffaf3bc8220f932b --- tracking_denials/bug_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 405e1051..a7f7b3b3 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -17,6 +17,8 @@ modem_svc_sit modem_ml_svc_sit file b/360060992 mtectrl unlabeled dir b/264483752 pixelstats_vendor block_device dir b/369540673 pixelstats_vendor block_device dir b/369540836 +platform_app vendor_fw_file dir b/372121912 +platform_app vendor_rild_prop file b/372121912 ramdump ramdump capability b/369475700 shell sysfs_net file b/330081782 ssr_detector_app default_prop file b/340722729 From a6eb3139feba64f934a5e1242adf9b0d163fe470 Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Wed, 9 Oct 2024 11:05:01 +0800 Subject: [PATCH 3/7] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 372348756 Bug: 372348383 Bug: 372348502 Flag: EXEMPT NDK Change-Id: I126496a25529a73293430c9a1e7009e82b161331 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index a7f7b3b3..104567da 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,6 +4,9 @@ dumpstate app_zygote process b/288049050 edgetpu_vendor_server shell_data_file dir b/369475225 edgetpu_vendor_server shell_data_file dir b/369475363 hal_bluetooth_btlinux vendor_default_prop property_service b/350832030 +hal_camera_default cgroup_desc_file file b/372348756 +hal_graphics_composer_default cgroup_desc_file file b/372348383 +hal_power_default cgroup_desc_file file b/372348502 hal_radioext_default radio_vendor_data_file file b/312590044 hal_vibrator_default default_android_service service_manager b/314054292 hal_vibrator_default default_android_service service_manager b/367943515 From c2660d9ba428938e88f296b72981a7bc6a17f8ec Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Wed, 2 Oct 2024 04:01:42 +0000 Subject: [PATCH 4/7] modem_svc: use shared_modem_platform to replace all modem_svc_sit Bug: 368257019 Flag: NONE local testing only Change-Id: I9a9ff83d2bf3cf55b4c8806d808efde03ca2de70 --- radio/file_contexts | 2 +- radio/modem_svc_sit.te | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/radio/file_contexts b/radio/file_contexts index d4f29be0..ed9c2201 100644 --- a/radio/file_contexts +++ b/radio/file_contexts @@ -6,13 +6,13 @@ /vendor/bin/sced u:object_r:sced_exec:s0 /vendor/bin/rfsd u:object_r:rfsd_exec:s0 /vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0 -/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0 /vendor/bin/modem_ml_svc_sit u:object_r:modem_ml_svc_sit_exec:s0 /vendor/bin/cbd u:object_r:cbd_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 /vendor/bin/liboemservice_proxy_default u:object_r:liboemservice_proxy_default_exec:s0 /vendor/bin/copy_efs_files_to_data u:object_r:copy_efs_files_to_data_exec:s0 +/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 # Config files /vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0 diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te index 2b348743..fb77bf80 100644 --- a/radio/modem_svc_sit.te +++ b/radio/modem_svc_sit.te @@ -1,3 +1,4 @@ +# Selinux rule for modem_svc_sit daemon type modem_svc_sit, domain; type modem_svc_sit_exec, vendor_file_type, exec_type, file_type; init_daemon_domain(modem_svc_sit) @@ -37,6 +38,9 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) +# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. +hal_server_domain(modem_svc_sit, hal_shared_modem_platform) + # Write trace data to the Perfetto traced daemon. This requires connecting to # its producer socket and obtaining a (per-process) tmpfs fd. perfetto_producer(modem_svc_sit) From bf1d975910090602252572360bba460c869ee5d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= Date: Tue, 15 Oct 2024 06:20:12 +0000 Subject: [PATCH 5/7] Revert "Update SELinux error" This reverts commit a6eb3139feba64f934a5e1242adf9b0d163fe470. Reason for revert: Caused by b/372273614, relevant CL was reverted Fix: 372348756 Change-Id: I1ca54668c33b80d5139526f6ecf8dd65864787e4 --- tracking_denials/bug_map | 3 --- 1 file changed, 3 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 104567da..a7f7b3b3 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,9 +4,6 @@ dumpstate app_zygote process b/288049050 edgetpu_vendor_server shell_data_file dir b/369475225 edgetpu_vendor_server shell_data_file dir b/369475363 hal_bluetooth_btlinux vendor_default_prop property_service b/350832030 -hal_camera_default cgroup_desc_file file b/372348756 -hal_graphics_composer_default cgroup_desc_file file b/372348383 -hal_power_default cgroup_desc_file file b/372348502 hal_radioext_default radio_vendor_data_file file b/312590044 hal_vibrator_default default_android_service service_manager b/314054292 hal_vibrator_default default_android_service service_manager b/367943515 From 139f5304a3655b25887ba271cd7bc1fbb25a2619 Mon Sep 17 00:00:00 2001 From: Roy Luo Date: Tue, 29 Oct 2024 21:24:15 +0000 Subject: [PATCH 6/7] Revert^3 "Add udc sysfs to udc_sysfs fs context" 371f678632b6b155cb2261e2bccbf1eb098af104 Bug: 339241080 Change-Id: Ia1355fca00339bce7ba5554680b62509558c2b4f --- vendor/genfs_contexts | 3 --- vendor/hal_usb_impl.te | 3 --- 2 files changed, 6 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 78f6cee2..f43bce14 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -255,9 +255,6 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply/pca9 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -is_flag_enabled(RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED, ` -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state u:object_r:sysfs_udc:s0 -') genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1 u:object_r:sysfs_wakeup:s0 diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index 7c320b65..3d89a09f 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -20,9 +20,6 @@ hal_client_domain(hal_usb_impl, hal_thermal); # For monitoring usb sysfs attributes allow hal_usb_impl sysfs_wakeup:dir search; allow hal_usb_impl sysfs_wakeup:file r_file_perms; -is_flag_enabled(RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED, ` -allow hal_usb_impl sysfs_udc:file r_file_perms; -') # For metrics upload allow hal_usb_impl fwk_stats_service:service_manager find; From 6f1672a38702773f7724f8f161857e13fe1808bb Mon Sep 17 00:00:00 2001 From: Nina Chen Date: Thu, 31 Oct 2024 14:18:03 +0800 Subject: [PATCH 7/7] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 376602341 Flag: EXEMPT NDK Change-Id: I6b3a9d802022ace579de13dc03e1738ee31f7b6f --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index a7f7b3b3..2483e1ef 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,6 +4,7 @@ dumpstate app_zygote process b/288049050 edgetpu_vendor_server shell_data_file dir b/369475225 edgetpu_vendor_server shell_data_file dir b/369475363 hal_bluetooth_btlinux vendor_default_prop property_service b/350832030 +hal_fingerprint_default default_android_service service_manager b/376602341 hal_radioext_default radio_vendor_data_file file b/312590044 hal_vibrator_default default_android_service service_manager b/314054292 hal_vibrator_default default_android_service service_manager b/367943515