Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
882 commits 1 branch 0 tags 18 MiB
Commit graph

399 commits

Author SHA1 Message Date
Ted Wang
be9ee4c01d Merge "Add sepolicy for aidl bt extension hal" into udc-d1-dev 2023-05-05 06:19:10 +00:00
TreeHugger Robot
1db3ac365d Merge "[display-stats] enable pixelstats access to display metrics on Zuma devices." into udc-d1-dev 2023-05-05 05:35:55 +00:00
Manali Bhutiyani
cf161d6ce3 [display-stats] enable pixelstats access to display metrics on Zuma devices. 
Bug: 259554507
Test: Build and boot on device
adb shell cmd stats print-stats | grep -i <atom-id>

Change-Id: Ifc47211063b98f727b3b0eb7f7ebd42e3c7bb99b
 2023-05-04 20:56:24 +00:00
George Chang
178e94cb81 Allow systemui_app to access Nfc service 
avc:  denied  { find } for pid=1867 uid=10249 name=nfc
scontext=u:r:systemui_app:s0:c249,c256,c512,c768
tcontext=u:object_r:nfc_service:s0 tclass=service_manager
permissive=0

Bug: 280531969
Test: manually check nfc signal after battery share on
Change-Id: I7c9092388d031e8714b8f3f4738db77776c66326
 2023-05-04 09:52:14 +00:00
Treehugger Robot
b3c7fb06fa Merge "Allow accessing dumpstate from hal_usb_impl" into udc-d1-dev 2023-05-03 15:42:14 +00:00
Jack Wu
8d45937a38 sepolicy: allows pixelstat to access pca file nodes 
Bug: 262520811
Test: no Permission denied while accessing the file node
Change-Id: I0b50d85ea7002c9ee16f4c34b472b45def7f374e
Signed-off-by: Jack Wu <wjack@google.com>
 2023-05-03 09:31:08 +00:00
Treehugger Robot
cdb62d5474 Merge "Correct sepolicy permission for new UW cam EEPROM" into udc-d1-dev 2023-05-03 08:20:05 +00:00
Horng Chuang
5a2189a5ae Merge "Add sepolicy permission for new svarog sensor" into udc-d1-dev 2023-05-03 03:26:50 +00:00
Kyle Tso
649f19fc94 Allow accessing dumpstate from hal_usb_impl 
Fix SELinux errors.

Bug: 267261163
Change-Id: I73a311d796eb520ede3849edc6384c965ec5c915
Signed-off-by: Kyle Tso <kyletso@google.com>
 2023-05-03 11:23:52 +08:00
Tommy Kardach
6bf3b733ac Merge "Allow P23 Camera HAL to acquire wake locks" into udc-d1-dev 2023-05-02 22:23:36 +00:00
Tommy Kardach
659c17d428 Allow P23 Camera HAL to acquire wake locks 
Bug: 279977277
Test: mm && flash/test
Change-Id: I6150ccf788d5074ab9e2d29c6866c8a477a3ef71
 2023-05-02 17:25:51 +00:00
Dan Moore
47eea99fb2 Merge "Allow sensor HAL access to thermal HAL" into udc-d1-dev 2023-05-02 15:00:31 +00:00
Treehugger Robot
470eda92e4 Merge "Enforce fastbootd" into udc-d1-dev 2023-05-02 04:54:37 +00:00
Treehugger Robot
5c70865797 Merge "sepolicy: ignore avc denial" into udc-d1-dev 2023-05-02 04:36:22 +00:00
Tom Huang
dd5df5791f Merge "Add hidraw device sepolicy for headtracking" into udc-d1-dev 2023-05-02 04:07:15 +00:00
Wilson Sung
8080b95d06 Enforce fastbootd 
Fix: 264489957
Test: flash and no related avc error
Change-Id: Ibf616a98e9341310e18db6dda27d86adbf24deac
 2023-05-02 11:42:59 +08:00
horngchuang
a6d7203408 Add sepolicy permission for new svarog sensor 
Bug: 278473644
Test: Build and test for sensor denials
Change-Id: I2816a2ada49d4369b975ac22693994cff5cd6aec
 2023-05-01 15:34:33 +00:00
Krzysztof Kosiński
9f7dec1023 Merge "Enforce sepolicy for Google Camera App." into udc-d1-dev 2023-04-28 22:18:37 +00:00
Dan Moore
4a0259ff34 Allow sensor HAL access to thermal HAL 
The FIR temperature sensor must report an estimate of window temperature
so that the BTS SaMD can determine if the boundary condition between the
sensor and window is within accuracy specification.

Test: logcat previously reported access denied to thermal HAL. Access is
now granted and the Twindow elements are accessible.

Bug: 276738070
Change-Id: I72846053840e36ba8d3d59df9ba580c6c416e867
 2023-04-28 12:13:32 -04:00
Ted Wang
8831352474 Add sepolicy for aidl bt extension hal 
Bug: 274906319
Test: build pass and manual test
Change-Id: Id54796fec22e790a197255f2db4ba23b4a58212d
 2023-04-28 04:48:33 +00:00
Kamal Shafi
47f407fa8d Correct sepolicy permission for new UW cam EEPROM 
change imentet camera sensor EEPROM naming to its codename.

Bug: 279547216
Test: build pass
Change-Id: Ib831119318a0b4467f81f93c009a28831cebac25
 2023-04-28 02:56:30 +00:00
Krzysztof Kosiński
5b2134d5c5 Enforce sepolicy for Google Camera App. 
Added missing statement allowing GXP firmware access.

Bug: 264489778
Test: GCA smoke test in setenforce mode.
Change-Id: Ied2f675a2e11f7aebcf4e1e6ac49fc2e39dd2ecf
 2023-04-27 19:53:25 +00:00
Chungkai Mei
fdd0ef451e sepolicy: ignore avc denial 
ignore avc denial since it is debugfs

Bug: 271931921
Test: pass boot health check extra test https://android-build.googleplex.com/builds/abtd/run/L49300000960255489
Change-Id: Iceee4d347b5e90bce6d16054c6ee0c8091652a9b
Signed-off-by: Chungkai Mei <chungkai@google.com>
 2023-04-27 14:24:40 +00:00
martinwu
09aaf3dfbc [TSV2] Add sepolicy for dumpstate to zip tcpdump into bugreport 
Bug: 264490014
Test: 1. Enable tcpdump_logger always-on function
      2. Dump bugreport
      3. Pull dumpstate_board.bin and chagne it to zip
      4. Unzip dumpstate_board.zip and check if tcpdump files
         are there.
Change-Id: I45c894fa9378a7878bc853f7723162ebd6141115
 2023-04-27 13:47:34 +00:00
Bruno BELANYI
83087bd818 Merge "Add ArmNN config sysprops SELinux rules" into udc-d1-dev 2023-04-27 08:06:48 +00:00
Carol Cheng
bb1f0f25bb Merge "Revert "Add sepolicy for dumpstate to zip tcpdump into bugreport"" into udc-d1-dev 2023-04-27 06:36:48 +00:00
Martin Wu
4e2023c263 Revert "Add sepolicy for dumpstate to zip tcpdump into bugreport" 
Revert submission 22814097-Fix-tcpdump-sepolicy

Reason for revert: build break

Reverted changes: /q/submissionid:22814097-Fix-tcpdump-sepolicy

Change-Id: I795de89a17c5ccee702fa3a59af03d48d89fbaf2
 2023-04-27 02:21:00 +00:00
Andrew Chant
6641141f91 Merge "Use tof sensor codenames" into udc-d1-dev 2023-04-27 02:07:29 +00:00
Treehugger Robot
fe27339606 Merge "Add sepolicy for dumpstate to zip tcpdump into bugreport" into udc-d1-dev 2023-04-27 01:43:58 +00:00
martinwu
da1f9ffa79 Add sepolicy for dumpstate to zip tcpdump into bugreport 
Bug: 264490014
Test: 1. Enable tcpdump_logger always-on function
      2. Dump bugreport
      3. Pull dumpstate_board.bin and chagne it to zip
      4. Unzip dumpstate_board.zip and check if tcpdump files
         are there.
Change-Id: I04ca96860c78baf24afd7deecff7dd4d470d9539
 2023-04-26 14:17:56 +00:00
Kamal Shafi
eb22b7d648 Add sepolicy permission for new UW camera 
sepolicy including imentet camera sensor and gt24p64e EEPROM

Bug: 277988592
Bug: 279547216
Test: build pass
Change-Id: I01e2bc558eba7cf03c11818d9c806e6053808fd1
 2023-04-26 11:32:33 +00:00
kuanyuhuang
477d58d695 Add hidraw device sepolicy for headtracking 
Test: make and incoming HID data from Pixel Buds Pro
Bug: 276163506
Change-Id: I10833e215962ad007ad32a0d713e9b37ae888fdb
 2023-04-26 09:20:11 +00:00
Bruno BELANYI
61df5feff7 Add ArmNN config sysprops SELinux rules 
Bug: 205202540
Bug: 264489188
Test: manual - reboot device and check the absence of AVC denials
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:aac79fd4d9bec6517b2932cfca1e1c84b7711cc8)
Merged-In: I77b29468258520265e5f660452794aff068ca07d
Change-Id: I77b29468258520265e5f660452794aff068ca07d
 2023-04-26 08:12:29 +00:00
Joseph Jang
49269dd7dc Merge "Move recovery.te to device/google/gs-common/dauntless/sepolicy" into udc-d1-dev 2023-04-26 04:41:05 +00:00
Treehugger Robot
dd9d69e132 Merge "Add sepolicy permission for new project" into udc-d1-dev 2023-04-26 02:34:56 +00:00
TreeHugger Robot
d1c31b785d Merge "Add memtrack" into udc-d1-dev 2023-04-25 21:44:08 +00:00
horngchuang
4c3cd890be Add sepolicy permission for new project 
Bug: 279542096
Test: Build and test for sensor denials
Change-Id: I3d6b7ce33e101bd9eeacefae128239af3512b67f
 2023-04-25 08:09:29 +00:00
timmyli
c09931ad38 Allow camera hal to access aoc device 
Camera team needs to talk to aoc device in order to use libusf.
It will do this instead of talking to rlsservice. Soon, we can
remove rlsservice from the se policy for camera hal.

Bug: 277959222
Test: manual test, logs provided in comments
Change-Id: I7453fd94891dcc0c1c587bccb3bb6cff80f46e8b
 2023-04-24 20:05:57 +00:00
Joseph Jang
6d754405ff Move recovery.te to device/google/gs-common/dauntless/sepolicy 
Bug: 279381809
Change-Id: Icb4f899d76e1a5e1d6f6f2cee4c1c7f46105338c
 2023-04-24 08:01:42 +00:00
Ankit Goyal
5e4db7517c Add memtrack 
Bug: 279108265
Test: dumpsys meminfo
Change-Id: Ib46c89811aa3aa1a5573076f9dc69e7222f56ea4
 2023-04-20 23:18:56 -07:00
Treehugger Robot
c84559a813 Merge changes from topic "260522202" into udc-d1-dev 
* changes:
  Remove untraceable rules
  Enforce installd
 2023-04-21 03:45:54 +00:00
Treehugger Robot
0f96c2225e Merge "ril: dump radio hal from user build." into udc-d1-dev 2023-04-21 01:49:54 +00:00
Ankit Goyal
2f30e8ca85 Merge "Mark video secure devices as default dmabuf heaps" into udc-d1-dev 2023-04-20 17:03:32 +00:00
Tim Lin
54bb68984a ril: dump radio hal from user build. 
Sync from ag/17155484

To get radio hal debug info on user build as we do on previous Pixels.

Bug: 278477468
Test: Trigger bugreport on USERDEBUG with dumpstate.unroot set
to true and check IRadio log

Change-Id: Ic9dd8357eb326d5c5f03b16408b7ba0a5e5f5818
(cherry picked from commit e08be6ab76327511002ebd343bda13a2fcc1434d)
 2023-04-20 03:40:59 +00:00
Treehugger Robot
b51385226b Merge "Camera: Allow rw access to TEE devices" into udc-d1-dev 2023-04-19 20:02:33 +00:00
Ankit Goyal
ded9266dd4 Mark video secure devices as default dmabuf heaps 
Mali driver (and codec HAL as well) require direct access to video
secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly
write blanket rules for all the scontext. So, we piggyback on
dmabuf_system_secure_heap_device to allow all scontext to be able to use
these device nodes.

This is just as secure as dmabuf_system_secure_heap_device in that case.
There is no additional security impact. An app can still use gralloc to
allocate buffers from these heaps and disallowing access to these heaps
to the intended users.

Fix: 278823239
Fix: 278513588
Fix: 275646321
Test: dEQP-VK.memory.allocation
Change-Id: I01a2730fc222efe94d4e48e7ee4c317aa65f0064
 2023-04-19 19:48:38 +00:00
Edmond Chung
57d920f582 Camera: Allow rw access to TEE devices 
This is to enable face authentication on P23 devices.

Bug: 278898746
Test: Build, face authentication
Change-Id: I75311770a9780e0d97a9240b589e4e4cd9e2dc56
 2023-04-19 11:18:14 -07:00
Wilson Sung
5394ad595e Remove untraceable rules 
avc: denied  { quotaget } for  comm="binder:1312_1" scontext=u:r:installd:s0 tcontext=u:object_r:modem_img_file:s0 tclass=filesystem permissive=0
Test: boot to home
Bug: 196916111
Bug: 264490035
Change-Id: Iec3dd7161bb788d81fe8034f3471ece0dfde7e0d
 2023-04-19 23:53:54 +08:00
Dave Mankoff
633f19376e Merge "Give SystemUI access to necessary selinux properties." into udc-d1-dev 2023-04-18 17:50:42 +00:00
Dave Mankoff
78b9dcdb69 Give SystemUI access to necessary selinux properties. 
Other errors mentioned in the bugs are already absent.

Fixes: 269964574
Fixes: 272628396
Fixes: 272628174
Test: built and flash device. No selinux errors printed.
Change-Id: Ic285b1f5a2ce6973899011a7c6a596e807c3e933
 2023-04-17 14:28:59 +00:00