Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
914 commits 1 branch 0 tags 18 MiB
Commit graph

914 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
cccb610bb4 Merge "allow vendor_init to acces watermark_scale_factor" into udc-d1-dev 2023-04-17 03:05:35 +00:00
Martin Liu
fe24903d2c allow vendor_init to acces watermark_scale_factor 
Bug: 278075546
Test: boot
Change-Id: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0
Merged-in: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0
Signed-off-by: Martin Liu <liumartin@google.com>
 2023-04-16 03:59:57 +00:00
Bruno BELANYI
cd905228d1 Move ARM runtime option SELinux rules out of 'legacy/' 
Addressing some review feedback on ag/22381542 about this folder being
removed in the future.

Bug: b/272740524
Test: CtsDeqpTestCases (dEQP-VK.protected_memory.stack.stacksize_*)
Change-Id: I8506da9b80fe060cd5093acafd58594e4db3341b
 2023-04-14 09:20:40 +00:00
Bruno BELANYI
1337c54005 Use restricted vendor property for ARM runtime options 
They need to be read by everything that links with libmali, but we don't
expect anybody to actually write to them.

Bug: b/272740524
Test: CtsDeqpTestCases (dEQP-VK.protected_memory.stack.stacksize_*)
Change-Id: I7f6f021378467484544cc3dbbe71a8e9e037cf98
 2023-04-14 08:33:48 +00:00
Dinesh Yadav
b8b2445251 Add se-policies for google_camera_app from pro 
- Found selinux violations on google_camera_app for these services which are fixed after these changes are included.

Bug: 264490031
Change-Id: Ib6f4a8a548425b0b98ed9b69edff6c973b9cbe3e
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-04-14 03:59:03 +00:00
Treehugger Robot
9ea22dde19 Merge "Enforce servicemanager" into udc-d1-dev 2023-04-14 03:53:11 +00:00
Wilson Sung
af0ad04c3c Enforce priv_app 
Fix: 260366281
Fix: 260522282
Fix: 260768358
Fix: 260922442
Fix: 263185432
Fix: 264490074
Fix: 268572216
Change-Id: I2efbb1971c09506a7b1e0e5e0e3d22eda91018c1
 2023-04-14 03:34:46 +00:00
TreeHugger Robot
89d4a4df13 Merge "Suppress bootanim behavior meant for Android Wear devices" into udc-d1-dev 2023-04-14 03:19:53 +00:00
Treehugger Robot
2ac0374b22 Merge changes Ie20be0af,Id9a80c47 into udc-d1-dev 
* changes:
  Enforce rebalance_interrupts_vendor
  Enforce hwservicemanager
 2023-04-14 03:18:10 +00:00
Treehugger Robot
224eebae32 Merge "Remove ofl_app selinux policy" into udc-d1-dev 2023-04-14 02:11:22 +00:00
Treehugger Robot
fde5823b6f Merge "Update rules for android.hardware.secure_element-service.thales" into udc-d1-dev 2023-04-14 01:21:56 +00:00
Ankit Goyal
9576cfaca7 Add sepolicy for framebuffer-secure heap 
Bug: 245053092
Test: Secure video playback
Change-Id: I715ea5a4e9ee70ec2a022351b9e722a25bfb9f93
 2023-04-13 13:47:11 -07:00
Sayanna Chandula
34ff37262f Merge "thermal: enable pixelstats access to thermal metrics" into udc-d1-dev 2023-04-13 20:26:31 +00:00
Yixuan Wang
2c0e44805a Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev 2023-04-13 19:38:38 +00:00
Joner Lin
edd47032af Merge "allow bthal to access vendor bluetooth folder" into udc-d1-dev 2023-04-13 13:57:32 +00:00
George
95d0a4b76f Update rules for android.hardware.secure_element-service.thales 
A new domain hal_secure_element_st54spi_aidl for AIDL HAL

Bug: 261566299
Test: run cts -m CtsOmapiTestCases
Test: atest VtsAidlHalNfcTargetTest
Change-Id: Id76a3f3337e2ee72031b39975eb010178855f36f
 2023-04-13 11:02:49 +00:00
Lily Lin
6f41705151 Remove ofl_app selinux policy 
OFLAgent is deprecated in ag/22504130. This CL is to remove ofl_app
selinux policy.

Bug: 224611871
Test: adb bugreport
Change-Id: I2264d79b8fe4084c3acd65db8f5384bb08216c5f
(cherry picked from commit 0fed5cc2b6cae6aebb411a58319474798d2fb25a)
 2023-04-13 10:49:13 +00:00
Yixuan Wang
1095231e38 Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for 
chre

[ 7.760870] type=1400 audit(1669944054.440:61): avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1099 scontext=u:r:hal_contexthub_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
[ 12.519414] type=1400 audit(1669944059.196:138): avc: denied {connectto } for comm="android.hardwar" path="/dev/socket/chre"scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1

Bug: 264489794
Bug: 261105224
Test: atest scanAvcDeniedLogRightAfterReboot
Change-Id: I7bf13913188deedc987f82e54626a18357ab84c5
 2023-04-13 06:43:41 +00:00
Wilson Sung
3df3008917 Suppress bootanim behavior meant for Android Wear devices 
Fix: 260522279
Test: boot-to-home and no bootanim avc error
Change-Id: I29d4168720887bc2f90d5f7ad20367887f9cae51
 2023-04-13 00:00:38 +00:00
Wilson Sung
5468e420e3 Enforce rebalance_interrupts_vendor 
Fix: 264489565
Test: boot-to-home
Change-Id: Ie20be0afe1a95b8cb512b57019539eb52948a155
 2023-04-12 22:58:13 +08:00
Wilson Sung
90f838f16f Enforce hwservicemanager 
Test: boot-to-home and no avc error
Fix: 264489781
Change-Id: Id9a80c478a2eae8472023f3bbcc514f30f5bfbab
 2023-04-12 22:32:46 +08:00
Wilson Sung
527f215d20 Enforce servicemanager 
Fix: 263429985
Fix: 264489962
Test: boot-to-home, no avc error
Change-Id: Ib3b0916bdbd09638f5b7b34f2d214690eed314ab
 2023-04-12 22:14:16 +08:00
Minchan Kim
a382f85f96 move vendor_cma_debugfs into gs-common 
The CMA dump is common feature for pixel devices so move
it to gs-common.

Bug: 276901078
Test: dumpstate_board.txt on adb bugreport includes the info
Change-Id: I46be7899939da3ae7e9323a0d3ee92f4b3759acf
Signed-off-by: Minchan Kim <minchan@google.com>
(cherry picked from commit afb8d91c5dd0df836c6c8a53963b44e23005efb7)
 2023-04-12 13:25:46 +00:00
Kah Xuan Lim
6e8c79e7db Modem ML: Grant access to modem ML data dir 
Bug: 229801544
Change-Id: Ia2e9c5a48ad935a49f3b8a9c6bceae3f4f833b4e
 2023-04-12 08:48:57 +00:00
Wilson Sung
5bee37db26 Merge "Add recovery related policy" into udc-d1-dev 2023-04-12 01:44:17 +00:00
Treehugger Robot
bc7379022a Merge "Add btbcm wakelock node context" into udc-d1-dev 2023-04-12 00:32:46 +00:00
Wilson Sung
c2eedff70c Add recovery related policy 
Fix: 275143841
Fix: 264490092
Test: adb sideload and no avc error
Change-Id: I52003c9417560a6c5dab815a6929681710f0b0a4
 2023-04-12 03:46:54 +08:00
jonerlin
940b51e1e4 allow bthal to access vendor bluetooth folder 
Bug: 240636731
Test: enable vendor btsnoop property and check the vendor snoop log
Change-Id: Ib7c36e7398bdbe7abc2f3b2dba684f95a4ce90a8
 2023-04-11 17:01:40 +00:00
Wei Wang
4cd8d2fef9 Merge "sepolicy: label bci and dsu max frequency" into udc-d1-dev 2023-04-11 16:14:29 +00:00
Wilson Sung
2e19e54fe5 Add btbcm wakelock node context 
avc: denied { read } for name="wakeup178" dev="sysfs" ino=119871 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0

Bug: 277717252
Test: boot-to-home and no avc error
Change-Id: I82ed45ff6bf28c0cf2237098c54b6ead59c6c284
 2023-04-11 11:02:26 +00:00
Treehugger Robot
32ec77111d Merge "remove obsolete entries" into udc-d1-dev 2023-04-11 04:23:40 +00:00
Adam Shih
e188582ba8 remove obsolete entries 
Bug: 264483390
Bug: 272166771
Bug: 264482983
Bug: 264600086
Bug: 264482983
Bug: 273638940
Test: adb bugreport
Change-Id: Ia89c409a20e6a4514c57389f82c57d8c265f1e81
 2023-04-11 11:23:17 +08:00
Wilson Sung
79b4b329f0 Allow update_engine to change slot 
Bug: 275143841
Change-Id: Id9e19ae74a32521ab083eff87e4e3e583f881bbb
 2023-04-11 11:03:12 +08:00
Ali K. Zadeh
1f56ec32b6 sepolicy: label bci and dsu max frequency 
Bug: 274005880
Test: powerhint is able to change the bci/dsu max frequency
Change-Id: I8d59450878ba8e349d7f797cc74f0f1cc00c6187
 2023-04-10 23:24:55 +00:00
Sayanna Chandula
0df51526da thermal: enable pixelstats access to thermal metrics 
Allow pixelstats daemon to access thermal metric nodes

Bug: 277625975
Test: Build and boot on device. Check DFS stats

Change-Id: I50d71d12f4f9d3a1b83a606ba6a7159c46ebec14
Signed-off-by: Sayanna Chandula <sayanna@google.com>
 2023-04-10 13:55:26 -07:00
Adam Shih
e5e6273048 enforce gmscore_app 
Bug: 259302023
Test: boot with no relevant errors
Change-Id: I61cb95224096dbc999bc3c8051a4e4c6ad700522
 2023-04-10 11:13:21 +08:00
Treehugger Robot
8da223020e Merge "Revert "Revert "Enforce system ui app""" into udc-d1-dev 2023-04-07 10:04:20 +00:00
Gina Ko
bb27434f22 Revert "Revert "Enforce system ui app"" 
This reverts commit eeeae0265a.

Reason for revert: b/274366326 was fixed

Change-Id: I9d9c4f4dd831aa80109cc53790f6b6491133fb42
 2023-04-07 08:46:00 +00:00
Wilson Sung
f2d0dbb66a update error on ROM 9900526 
Bug: 277155496
Bug: 277300017
Bug: 277300125
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I2a2f230589695b0240abb26909c94fd4cf2420bf
 2023-04-07 14:43:36 +08:00
Adam Shih
46fd63b761 comply with VTS requirements am: 22e1c0756a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22344148

Change-Id: I02d1e5a2af5bb6d3009d2b7687dff6080f56724f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 03:08:17 +00:00
Dinesh Yadav
d9a75c1639 Merge "Allow google_camera_app to access edgetpu" into udc-d1-dev 2023-04-06 02:34:35 +00:00
Sayanna Chandula
387145ed85 Remove hal_thermal_default bug from bug_map 
SELinux errors are fixed and hence removing from bug map

Bug: 272166987
Test: Build and boot on device

Change-Id: Ic0d314486a2ed6fbc1c4497b122827b17f5b9022
Signed-off-by: Sayanna Chandula <sayanna@google.com>
 2023-04-05 22:26:40 +00:00
Dinesh Yadav
478b11708f Allow google_camera_app to access edgetpu 
These permissions are needed by GCA-release & GCA-dogfood to access
edgetpu.

Bug: 264490031
Change-Id: Idd9dff906c86f9e83f1dc67698c23387e174d99c
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-04-04 06:11:47 +00:00
Adam Shih
22e1c0756a comply with VTS requirements 
Bug: 275142299
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default
Built pass on target-userdebug and aosp_target-userdebug

Change-Id: I6a114aa2aa92f7b06cfd5bbd1f73d34b5477b109
 2023-03-30 13:28:43 +08:00
TreeHugger Robot
8041addc24 Merge "sepolicy: fix VTS failure for system suspend [RESTRICT AUTOMERGE]" into udc-d1-dev 2023-03-30 01:52:41 +00:00
TreeHugger Robot
4bb2e02b1c Merge "Add logd selinux allow permissions" into udc-d1-dev 2023-03-30 01:44:29 +00:00
TreeHugger Robot
6cbdc36e1b Merge "Move pixel dumpstate to gs-common" into udc-d1-dev 2023-03-29 16:06:45 +00:00
Darren Hsu
bc15f1c8ee sepolicy: fix VTS failure for system suspend [RESTRICT AUTOMERGE] 
Bug: 275143652
Test: run vts -m SuspendSepolicyTests
Change-Id: I7cb5fdb18e7b16d98961bfed11da21496e8fa026
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-29 18:46:56 +08:00
Donnie Pollitz
885a790f2d Add logd selinux allow permissions 
Bug: 261105354
Bug: 264489639
Test: Ran atest SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I377dbb3bbdecd6780c1bdfb3aab53ee3c754c163
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-03-29 09:24:47 +02:00
TreeHugger Robot
866b23080c Merge "Update SELinux error" into udc-d1-dev 2023-03-29 05:35:51 +00:00