Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1071 commits 1 branch 0 tags 18 MiB
Commit graph

378 commits

Author SHA1 Message Date
Wilson Sung
bf1baa3448 Merge "Add recovery related policy" into udc-d1-dev am: 5bee37db26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22574699

Change-Id: Iafa23558e51dbc2608ff3158cd7b1259253f25cf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 01:55:36 +00:00
Wilson Sung
c2eedff70c Add recovery related policy 
Fix: 275143841
Fix: 264490092
Test: adb sideload and no avc error
Change-Id: I52003c9417560a6c5dab815a6929681710f0b0a4
 2023-04-12 03:46:54 +08:00
Treehugger Robot
fb28384538 Merge "remove obsolete entries" into udc-d1-dev am: 32ec77111d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22563759

Change-Id: I2754b08406869ae6843b5bec4bf2cbe256de9657
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-11 04:36:46 +00:00
Adam Shih
e188582ba8 remove obsolete entries 
Bug: 264483390
Bug: 272166771
Bug: 264482983
Bug: 264600086
Bug: 264482983
Bug: 273638940
Test: adb bugreport
Change-Id: Ia89c409a20e6a4514c57389f82c57d8c265f1e81
 2023-04-11 11:23:17 +08:00
Adam Shih
cfa00dfc88 enforce gmscore_app am: e5e6273048 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22548983

Change-Id: Ia16a967d75b19bbceaf83f7e7374fbabfab5ea12
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-10 04:55:17 +00:00
Adam Shih
e5e6273048 enforce gmscore_app 
Bug: 259302023
Test: boot with no relevant errors
Change-Id: I61cb95224096dbc999bc3c8051a4e4c6ad700522
 2023-04-10 11:13:21 +08:00
Treehugger Robot
59030392be Merge "Revert "Revert "Enforce system ui app""" into udc-d1-dev am: 8da223020e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22527495

Change-Id: I32179cccc22c4b6963c9f7df8b9645d42e44e624
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-07 10:27:07 +00:00
Treehugger Robot
8da223020e Merge "Revert "Revert "Enforce system ui app""" into udc-d1-dev 2023-04-07 10:04:20 +00:00
Gina Ko
bb27434f22 Revert "Revert "Enforce system ui app"" 
This reverts commit eeeae0265a.

Reason for revert: b/274366326 was fixed

Change-Id: I9d9c4f4dd831aa80109cc53790f6b6491133fb42
 2023-04-07 08:46:00 +00:00
Wilson Sung
c5d73c373f update error on ROM 9900526 am: f2d0dbb66a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22525843

Change-Id: Ib30856b7e71a03fa949c1fd81cc9c6a051ac9073
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-07 08:26:17 +00:00
Wilson Sung
f2d0dbb66a update error on ROM 9900526 
Bug: 277155496
Bug: 277300017
Bug: 277300125
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I2a2f230589695b0240abb26909c94fd4cf2420bf
 2023-04-07 14:43:36 +08:00
Dinesh Yadav
0829947959 Merge "Allow google_camera_app to access edgetpu" into udc-d1-dev am: d9a75c1639 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22286148

Change-Id: I46aa0db686e57dfcf9daaf7d302ec6754c86d630
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 03:06:08 +00:00
Dinesh Yadav
d9a75c1639 Merge "Allow google_camera_app to access edgetpu" into udc-d1-dev 2023-04-06 02:34:35 +00:00
Sayanna Chandula
bfef2f5cea Remove hal_thermal_default bug from bug_map am: 387145ed85 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22465501

Change-Id: Ie87df886d0451eb8aa9b3110b67fabaa11b28a76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 00:22:02 +00:00
Sayanna Chandula
387145ed85 Remove hal_thermal_default bug from bug_map 
SELinux errors are fixed and hence removing from bug map

Bug: 272166987
Test: Build and boot on device

Change-Id: Ic0d314486a2ed6fbc1c4497b122827b17f5b9022
Signed-off-by: Sayanna Chandula <sayanna@google.com>
 2023-04-05 22:26:40 +00:00
Dinesh Yadav
478b11708f Allow google_camera_app to access edgetpu 
These permissions are needed by GCA-release & GCA-dogfood to access
edgetpu.

Bug: 264490031
Change-Id: Idd9dff906c86f9e83f1dc67698c23387e174d99c
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-04-04 06:11:47 +00:00
TreeHugger Robot
b99f943900 Merge "Add logd selinux allow permissions" into udc-d1-dev am: 4bb2e02b1c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22307864

Change-Id: I7f9a2c6d4af714625fb4d347c0988052d8f77852
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:17:02 +00:00
Donnie Pollitz
885a790f2d Add logd selinux allow permissions 
Bug: 261105354
Bug: 264489639
Test: Ran atest SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I377dbb3bbdecd6780c1bdfb3aab53ee3c754c163
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-03-29 09:24:47 +02:00
TreeHugger Robot
de4eba7c13 Merge "Update SELinux error" into udc-d1-dev am: 866b23080c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22328782

Change-Id: I03be4caa61b5a6f1d075cc3373df73ac1b58277b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 06:04:15 +00:00
Wilson Sung
5227dfe6ab Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 275646098
Test: scanBugreport
Bug: 275646003
Test: scanAvcDeniedLogRightAfterReboot
Bug: 275645636
Change-Id: Iedd660e3937792d5ac58f384605300b39f6dfcb0
 2023-03-29 12:17:48 +08:00
Gina Ko
7a32ef8f12 Merge "Allow systemui to find cameraserver_service" into udc-d1-dev am: 5821d671f3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22270826

Change-Id: Id6c48fa93ffdf03e50925cec717fe971e6b63cb6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 05:57:43 +00:00
Gina Ko
5821d671f3 Merge "Allow systemui to find cameraserver_service" into udc-d1-dev 2023-03-27 05:32:14 +00:00
Neo Yu
69b786f1a1 Merge "Remove the bug of hal_radioext_default because the fix is merged." into udc-d1-dev am: e9aabf7e9e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22286082

Change-Id: I66001f37eb2bf0626f14fc3b92beb34ac77f6d00
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 04:46:22 +00:00
Neo Yu
58ff635b67 Remove the bug of hal_radioext_default because the fix is merged. 
Bug: 274374768
Test: verify by test rom
Change-Id: Ia9665e5223997cf498f9320dfd0b1dbdacaae0b2
 2023-03-27 11:08:25 +08:00
Gina Ko
ce85639700 Allow systemui to find cameraserver_service 
avc:  denied  { find } for pid=2435 uid=10235 name=media.camera
scontext=u:r:systemui_app:s0:c235,c256,c512,c768
tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=0

Bug: 272628174
Bug: 269964574
Bug: 274734888
Test: Manual. Able to turn on/off flashlight from QS.
Change-Id: Icedf70b06bd06eb5b819a00c9157b4f475e9a126
 2023-03-25 00:18:23 -07:00
Nicolas Geoffray
af3702bffd Remove old debug map entries. 
Bug: 264483352
Change-Id: Ie47107328f58dc4f1d4070e93c0cd09e88cee021
 2023-03-24 08:16:00 +00:00
TreeHugger Robot
b5a5ffb5e7 Merge "Update SELinux error" into udc-d1-dev 2023-03-24 05:07:42 +00:00
Darren Hsu
2965ba405c sepolicy: remove power stats from bug map 
Bug: 272166847
Test: N/A
Change-Id: If920d18418f87f14a1826dbe061cef4632a9646f
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-24 11:43:42 +08:00
Wilson Sung
599f4f5382 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 275001641
Test: scanBugreport
Bug: 268566481
Test: scanAvcDeniedLogRightAfterReboot
Bug: 268566481
Change-Id: I5a7ea66483985b6ca99162666d155fef69d65360
 2023-03-24 11:11:17 +08:00
Darren Hsu
128550da69 Merge "Revert "Enforce system ui app"" into udc-d1-dev 2023-03-24 00:48:36 +00:00
Dave Mankoff
eeeae0265a Revert "Enforce system ui app" 
This reverts commit ba953cdb9a.

Reason for revert: http://b/274366326#comment22. We can check this back in once we know what's going on.

Bug: 274366326
Bug: 264266705

Change-Id: I879cdec377e71af9142c82078bd3c022295c98c5
 2023-03-23 19:44:22 +00:00
Darren Hsu
8e028f0a03 sepolicy: label odpm paths for system suspend 
Bug: 272166423
Test: run singleCommand pts -m PtsSELinuxTestCases
Change-Id: I0295cc09cd8eb46b19edcec0d74440e497440423
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-23 14:13:43 +08:00
TreeHugger Robot
0b1499354d Merge "Enforce bootdevice_sysdev" into udc-d1-dev 2023-03-23 03:36:47 +00:00
TreeHugger Robot
75b82f7092 Merge "Enforce systesm_app" into udc-d1-dev 2023-03-23 03:32:48 +00:00
TreeHugger Robot
a8dfe1fd3c Merge "Update SELinux error" into udc-d1-dev 2023-03-23 03:27:12 +00:00
Welly Hsu
e0adad9eb0 Remove euiccpixel_app dontaudit from gmscore_app am: a133586e4e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22188469

Change-Id: I48f0e1eb633c44a4c6445c6423d10e500be6f6c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 14:41:23 +00:00
Wilson Sung
6bf3029916 Enforce systesm_app 
Fix: 260768379
Fix: 260922048
Fix: 264490076
Test: boot-to-home, no related avc error
Change-Id: If9ead09340f5d810ec549f4c83015f3301f1113c
 2023-03-22 16:01:09 +08:00
Wilson Sung
a1739828f2 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 274727372
Bug: 274727542
Test: scanBugreport
Bug: 274727542
Bug: 268566481
Test: scanAvcDeniedLogRightAfterReboot
Bug: 274727542
Bug: 268566481
Change-Id: Ie846f2f7146e52c4e094d9fd7cfa1fa68e3e21df
 2023-03-22 15:38:52 +08:00
Wilson Sung
503ae703df Enforce bootdevice_sysdev 
Fix: 264489743
Test: boot-to-home and no avc errors
Change-Id: I14648c8d7b1b334c3d02971ffbf20b1f9b5a9354
 2023-03-22 15:35:45 +08:00
TreeHugger Robot
a112b65748 Merge "[SELinux] remove uwb remaining tracking denials" into udc-d1-dev 2023-03-22 05:30:57 +00:00
Welly Hsu
a133586e4e Remove euiccpixel_app dontaudit from gmscore_app 
bug: 265383359
Change-Id: I6ee7d37187725408e0f443a40affe4c4e50dac91
 2023-03-22 13:27:32 +08:00
Rex Lin
e95656d6fc [SELinux] remove uwb remaining tracking denials 
- hal_uwb_vendor_default
- uwb_vendor_app

Bug: 264489190
Bug: 264489787
Test: remove denials and no avc lob observed and ranging works
Change-Id: I5fd7f5b6bed8f819b2d5812c882ac596f1f1871b
Signed-off-by: Rex Lin <rexcylin@google.com>
 2023-03-22 11:07:51 +08:00
Nicole Lee
f23893994b Move logger_app dontaudit items out of tracking_denials am: aa4b374120 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22173747

Change-Id: If3e54f3595eac5942175b29250ca6888471876ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 00:17:23 +00:00
Wilson Sung
e85dc12d69 Enforce untrusted_app 
Fix: 264489681
Test: boot-to-home and no untrusted_app avc error
Change-Id: Ic7a0fac4893265b4abde55d0a65372419fc09392
 2023-03-22 01:38:31 +08:00
Nicole Lee
aa4b374120 Move logger_app dontaudit items out of tracking_denials 
Bug: 269383459
Test: Open Pixel Logger and check logs
Change-Id: Id5b89a7eeaa5b06539113d4c86c64d6022080949
 2023-03-21 10:11:58 +00:00
TreeHugger Robot
504b4cc2eb Merge "Allow regmap debugfs permission" into udc-d1-dev 2023-03-21 08:00:49 +00:00
Donnie Pollitz
4ce51ebfba Merge "Removing audit for system_suspend tee" into udc-d1-dev 2023-03-21 07:55:13 +00:00
Robert Lee
78603ddb7e Allow regmap debugfs permission 
auditd  : type=1400 audit(0.0:7): avc: denied { search } for comm="kworker/u18:1" name="regmap" dev="debugfs" ino=1049 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_regmap_debugfs:s0 tclass=dir permissive=0

Bug: 273891639
Test: builds
Change-Id: I9700d34e4d8a9d96d904fe5119a8bf4601bf8ea6
Signed-off-by: Robert Lee <lerobert@google.com>
 2023-03-21 14:17:00 +08:00
Wilson Sung
aa45dde84e Allow systemui find radio_service 
avc:  denied  { find } for pid=1810 uid=10231 name=phone scontext=u:r:systemui_app:s0:c231,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0

Bug: 272628174
Bug: 272628396
Bug: 273674238
Test: boot-to-home and sim icon showed up
Change-Id: Ia7f84f53f131d868d356fd6d358188748c723757
 2023-03-21 02:13:46 +00:00
Donnie Pollitz
8034369bdd Removing audit for system_suspend tee 
Background:
* wakelock_use(tee) was added in previous CL: http://go/ag/21082565

Bug: 263305203
Test: Ran SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I6e8a6796ef5a7156b89ba89c74430f368727e2b8
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-03-20 11:26:10 +01:00