Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
706 commits 1 branch 0 tags 18 MiB
Commit graph

706 commits

This branch
This branch
All branches
Author SHA1 Message Date
Adam Shih
026cb8d935 Merge "comply with VTS requirements" into udc-dev am: 7cb203f3c2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22306662

Change-Id: I03432b1457e7b251ac5f5f9d7e10e3b4485260cf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 00:47:11 +00:00
TreeHugger Robot
5d6157b523 Merge "Allow bootctl to access trusty device" into udc-d1-dev 2023-03-29 00:00:55 +00:00
Adam Shih
7cb203f3c2 Merge "comply with VTS requirements" into udc-dev 2023-03-28 23:58:03 +00:00
Mingguang Xu
203dd313e7 Merge "Add permissions to connect radioext to twoshay." into udc-dev am: 57e322c17c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21956466

Change-Id: Ib70d523bc36e1a789b003374207094f2eaf722d5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 23:09:15 +00:00
Mingguang Xu
57e322c17c Merge "Add permissions to connect radioext to twoshay." into udc-dev 2023-03-28 23:03:46 +00:00
Feiyu Chen
02cc06b4ab Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev am: 2d34b0b1f6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22248613

Change-Id: Icf1b60bc90121ad358639abe52ea15b4b69bb652
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 09:19:09 +00:00
Feiyu Chen
2d34b0b1f6 Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev 2023-03-28 08:43:23 +00:00
Donnie Pollitz
74e0bf60c2 Allow bootctl to access trusty device 
Background:
* Boot Control needs to be able to blow AR fuses, which requires access
  to the OTP port on trusty.

Bug: 267714941
Test: AVC denial doesn't show up in log
Change-Id: I5635f2358b379ae0ffe882ca9ee162a455f554f0
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-03-28 09:58:16 +02:00
Adam Shih
d4a7ff694a comply with VTS requirements 
Bug: 275142299
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default
Built pass on target-userdebug and aosp_target-userdebug

Change-Id: Ifd75afdf2365687eed9598f74dd4cf3241be2964
 2023-03-28 03:28:55 +00:00
RD Babiera
a82406ee28 Merge "Revert "comply with VTS requirements"" into udc-dev am: 3616de2c26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22298904

Change-Id: I49798505d571f538127fc5d2b9474cce3992421c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 22:31:37 +00:00
RD Babiera
3616de2c26 Merge "Revert "comply with VTS requirements"" into udc-dev 2023-03-27 21:52:39 +00:00
RD Babiera
8720ececf1 Revert "comply with VTS requirements" 
Revert submission 22242215-dumpstate aidl

Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_udc-d1-dev&target=aosp_husky-userdebug&lkgb=9826121&lkbb=9829863&fkbb=9826130, bug b/275279368.

Reverted changes: /q/submissionid:22242215-dumpstate+aidl

Change-Id: Ida32309c468074a5671c30aa28cf801c1695d786
 2023-03-27 20:58:33 +00:00
Wilson Sung
98c7894070 Merge "Move OTA context out of legacy folder" into udc-d1-dev 2023-03-27 14:27:28 +00:00
Alan
afafafd8a4 Add permissions to connect radioext to twoshay. 
Connection through grilantennatuningservice binder call.

Test: manual
Bug: 258970389
Change-Id: I419b40042cce363428f72fa723adf89bcf269ef4
 2023-03-27 17:07:16 +08:00
TreeHugger Robot
84aab225cf Merge "comply with VTS requirements" into udc-dev am: c83e5be8d9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22286084

Change-Id: I0b9cf28cdfb549e2c3571e144f73f59d0004bc02
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 06:27:52 +00:00
TreeHugger Robot
c83e5be8d9 Merge "comply with VTS requirements" into udc-dev 2023-03-27 06:05:51 +00:00
Gina Ko
5821d671f3 Merge "Allow systemui to find cameraserver_service" into udc-d1-dev 2023-03-27 05:32:14 +00:00
Neo Yu
e9aabf7e9e Merge "Remove the bug of hal_radioext_default because the fix is merged." into udc-d1-dev 2023-03-27 04:17:02 +00:00
Adam Shih
e124d5aea9 comply with VTS requirements 
Bug: 275036679
Bug: 275034315
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default

Change-Id: I1c89d7662351ffae5409c3f81b4360579fdc00ae
 2023-03-27 12:07:24 +08:00
Wilson Sung
6acea9d647 Move OTA context out of legacy folder 
Bug: 275143841
Test: OTA
Change-Id: I4774b7c48c075afc1b02d8c34fded212cd0efffb
 2023-03-27 11:44:51 +08:00
Dinesh Yadav
4a01ae23ad Merge "Add certificate & label for GCA-ENG & GCA-Next" into udc-d1-dev 2023-03-27 03:13:24 +00:00
Neo Yu
58ff635b67 Remove the bug of hal_radioext_default because the fix is merged. 
Bug: 274374768
Test: verify by test rom
Change-Id: Ia9665e5223997cf498f9320dfd0b1dbdacaae0b2
 2023-03-27 11:08:25 +08:00
Neo Yu
70749d1b96 Merge "sepolicy: allow hal_radioext_default binder call with servicemanager" into udc-dev am: 5b1689534f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22222570

Change-Id: I2d2a07056322f6971050e9299e17201b95773eaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 03:07:31 +00:00
Neo Yu
5b1689534f Merge "sepolicy: allow hal_radioext_default binder call with servicemanager" into udc-dev 2023-03-27 02:36:56 +00:00
Gina Ko
ce85639700 Allow systemui to find cameraserver_service 
avc:  denied  { find } for pid=2435 uid=10235 name=media.camera
scontext=u:r:systemui_app:s0:c235,c256,c512,c768
tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=0

Bug: 272628174
Bug: 269964574
Bug: 274734888
Test: Manual. Able to turn on/off flashlight from QS.
Change-Id: Icedf70b06bd06eb5b819a00c9157b4f475e9a126
 2023-03-25 00:18:23 -07:00
feiyuchen
f0dc7907b0 Allow camera HAL to access edgetpu_app_service 
Today the EdgeTpu metrics logging library (used by EdgeTpu library used by camera HAL) has a dependency on edgetpu_app_service, in order to call its UserIsAuthorized API to know whether to log the metrics (We don't want to log metrics for 3P apps), see b/275016466.

This is not ideal, because strictly speaking, camera HAL doesn't need such dependency.

Still, this is fine and there is no security risk, because today even untrusted apps can call edgetpu_app_service: http://cs/android-internal/device/google/gs-common/edgetpu/sepolicy/untrusted_app_all.te;l=2;rcl=f4b62d12c171d4e294d8251e34197ab555c40673

Bug: 266084950
Test: Just mm
Change-Id: I6c0e4411370e4b300b9ceb3ad804688d873371cd
 2023-03-24 17:01:49 +00:00
Dinesh Yadav
84aa699ac8 Add certificate & label for GCA-ENG & GCA-Next 
This commit makes following changes:
- Add selinux policies for GCA-Eng & GCA-Next to access GXP device &
edgetpu services.
- Refactor code to push policies for Google Camera app from
legacy/whitechapel_pro/* to vendor/*

Tested:
- flashed both GCA-Eng & GCA-Next apps and observed no crashes due to gxp or edgetpu.
- scontext changed from "untrusted_app_32" to "debug_camera_app" in both cases.

Bug: 264490031
Change-Id: I51f69168eebd6c7e54e512b7abde8dd6bbe7c443
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-03-24 12:56:53 +00:00
Adam Shih
ebc5ee8dab [automerger skipped] Merge "Move pixel dumpstate to gs-common" into udc-dev am: 2b921528f1 -s ours 
am skip reason: Merged-In I4c46a2495ea07b9e44f56c4c6be726621e0ebf65 with SHA-1 ee45cfea78 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22236029

Change-Id: I6d02ee84161d92b4b2723cf6b08ccc76bc51ab81
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 06:23:08 +00:00
Adam Shih
79ea18119e [automerger skipped] Move pixel dumpstate to gs-common am: 8538fd33da -s ours 
am skip reason: Merged-In I4c46a2495ea07b9e44f56c4c6be726621e0ebf65 with SHA-1 ee45cfea78 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22236029

Change-Id: Ia5202a87a85fa610fc08f0b9ec8be23592c98585
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 06:23:07 +00:00
Adam Shih
2b921528f1 Merge "Move pixel dumpstate to gs-common" into udc-dev 2023-03-24 05:54:52 +00:00
TreeHugger Robot
b5a5ffb5e7 Merge "Update SELinux error" into udc-d1-dev 2023-03-24 05:07:42 +00:00
Darren Hsu
2965ba405c sepolicy: remove power stats from bug map 
Bug: 272166847
Test: N/A
Change-Id: If920d18418f87f14a1826dbe061cef4632a9646f
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-24 11:43:42 +08:00
Wilson Sung
599f4f5382 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 275001641
Test: scanBugreport
Bug: 268566481
Test: scanAvcDeniedLogRightAfterReboot
Bug: 268566481
Change-Id: I5a7ea66483985b6ca99162666d155fef69d65360
 2023-03-24 11:11:17 +08:00
Adam Shih
8538fd33da Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-24 02:55:51 +00:00
KRIS CHEN
4f15bf412d Merge "Allow fingerprint hal to read sysfs_leds" into udc-dev am: dba88b81d3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22178643

Change-Id: Ic8a12d3e5a4d79ef5edbe17fc340c54760cf8998
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 02:41:26 +00:00
KRIS CHEN
dba88b81d3 Merge "Allow fingerprint hal to read sysfs_leds" into udc-dev 2023-03-24 02:06:37 +00:00
Darren Hsu
128550da69 Merge "Revert "Enforce system ui app"" into udc-d1-dev 2023-03-24 00:48:36 +00:00
Dave Mankoff
eeeae0265a Revert "Enforce system ui app" 
This reverts commit ba953cdb9a.

Reason for revert: http://b/274366326#comment22. We can check this back in once we know what's going on.

Bug: 274366326
Bug: 264266705

Change-Id: I879cdec377e71af9142c82078bd3c022295c98c5
 2023-03-23 19:44:22 +00:00
neoyu
44ee5a2fb2 sepolicy: allow hal_radioext_default binder call with servicemanager 
avc: denied { call } for comm="binder:795_2" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

Bug: 274374768
Test: verify by test rom
Change-Id: I31cfbd234756fdc41663cec766f6b3bf23063bc7
 2023-03-24 02:30:44 +08:00
Mark Chang
3c027fdc6e Merge "Add IScreenProtectorDetectorService policy for systemui_app." into udc-d1-dev 2023-03-23 08:30:24 +00:00
TreeHugger Robot
24536aa24c Merge "Revert "Move pixel dumpstate to gs-common"" into udc-dev am: 3fae47e04b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22215371

Change-Id: I3b6ed885d80985c85846b1ec6627c093ba94431f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 08:07:36 +00:00
TreeHugger Robot
3fae47e04b Merge "Revert "Move pixel dumpstate to gs-common"" into udc-dev 2023-03-23 07:24:01 +00:00
TreeHugger Robot
b76a3b6257 Merge "sepolicy: label odpm paths for system suspend" into udc-d1-dev 2023-03-23 07:19:55 +00:00
Andy Hsu
93e86449e5 Merge "Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL." into udc-d1-dev 2023-03-23 07:01:32 +00:00
Andy Hsu
9c91ba1a2f Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL. 
Note that this only adds permission to GCARelease and GCADogfood, while GCANext and GCAEng are still untrusted app on zuma now and after this change GCANext and GCAEng will still be denied.

Bug: 264490031

Test: Portrait processing in GCARelease didn't get denial message when accessing PowerHAL after this change  (https://cnsviewer-static.corp.google.com/cns/md-d/home/pixel-camera-data-readers/acat/hwandy/ag/22215364?user=pixel-camera-data-readers).

Change-Id: Ia4a4c2f24215b9da9db7985cf67112997df355fa
 2023-03-23 06:41:13 +00:00
Darren Hsu
8e028f0a03 sepolicy: label odpm paths for system suspend 
Bug: 272166423
Test: run singleCommand pts -m PtsSELinuxTestCases
Change-Id: I0295cc09cd8eb46b19edcec0d74440e497440423
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-23 14:13:43 +08:00
Wilson Sung
3e68836e43 Revert "Move pixel dumpstate to gs-common" 
Revert submission 22188471-dumpstate aidl

Reason for revert: Build break

Reverted changes: /q/submissionid:22188471-dumpstate+aidl
Bug: 274858145

Change-Id: I757111541257eecd4936572376fe42a4c866a1d6
 2023-03-23 05:58:12 +00:00
Adam Shih
cad969da74 Merge "Move pixel dumpstate to gs-common" into udc-dev am: 0c17644417 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22188471

Change-Id: I58ded180038a8aa507095d31a069547b7f02efea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 05:52:55 +00:00
Adam Shih
0c17644417 Merge "Move pixel dumpstate to gs-common" into udc-dev 2023-03-23 04:39:46 +00:00
TreeHugger Robot
0b1499354d Merge "Enforce bootdevice_sysdev" into udc-d1-dev 2023-03-23 03:36:47 +00:00