Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2235 commits 1 branch 0 tags 18 MiB
Commit graph

840 commits

Author SHA1 Message Date
gilliu
22c17673b0 add hal_graphics_composer to access thermal temperature 
type=1400 audit(0.0:77): avc:  denied  { search } for  name="thermal"
dev="tmpfs" ino=1618 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=0

type=1400 audit(0.0:74): avc:  denied  { search } for  name="thermal"
dev="sysfs" ino=21594 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0

type=1400 audit(0.0:74): avc:  denied  { read } for  name="temp"
dev="sysfs" ino=73536 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0

type=1400 audit(0.0:74): avc:  denied  { getattr } for
path="/sys/devices/virtual/thermal/thermal_zone12/temp" dev="sysfs"
ino=73537 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0

Bug: 343141590
Test: check no avc pattern on logcat from test image
Flag: NONE add permission
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1dde3ea2ff33bdf253fbbfb609ec21eaccffeaf4)
Cherry-pick temp_rr_regamma to 24Q3
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c0fa5fcc6da5545982c8293c644aa1adccbc270f)
Merged-In: I87fce47644b07342d756e7594685eea0dded1926
Change-Id: I87fce47644b07342d756e7594685eea0dded1926
 2024-09-20 18:35:27 +00:00
Cheng Chang
7969077e3b gps: Move hal_gnss_pixel declaration to device folder am: 5ff76196c8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27576137

Change-Id: Ic16f628926a47350f0e0caf7293e1cfa4521a7fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-12 07:27:17 +00:00
Cheng Chang
5ff76196c8 gps: Move hal_gnss_pixel declaration to device folder 
Bug: 343280252
Test: b/343280252 compile and abtd test
Change-Id: Ief591d28aaea4223f05917d29bc896edec065613
 2024-06-11 06:23:21 +00:00
chenkris
090928722e Add sepolicy for fingerprint HAL to check NSP file 
Fix the following avc denials:
avc:  denied  { search } for  name="copied" dev="dm-58" ino=428
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:modem_efs_image_file:s0 tclass=dir

avc:  denied  { search } for  name="persist" dev="dm-58" ino=443
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

avc:  denied  { search } for  name="ss" dev="dm-58" ino=445
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=dir

avc:  denied  { read } for  name="nsp" dev="dm-58" ino=15500
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=file

avc:  denied  { open } for  path="/data/vendor/copied/persist/ss/nsp"
dev="dm-58" ino=15500
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=file

Bug: 335525798
Test: Use UDFPS repair tool to update calibration files
Change-Id: Ic233a07ced8fd828c0e4b4ae1cffa93763a83b42
 2024-05-29 04:39:37 +00:00
Shiyong Li
0455a656b7 Merge "Add sepolicy for power_state node" into 24D1-dev am: 7107af6af0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27057168

Change-Id: Iebbdf2275b4d0460ac58100db1ab1b865ed63d04
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-09 05:21:38 +00:00
Shiyong Li
7107af6af0 Merge "Add sepolicy for power_state node" into 24D1-dev 2024-05-09 05:16:16 +00:00
KRIS CHEN
3cbe2de42c Merge "Allow fingerprint to access the folder /data/vendor/fingerprint" into main 2024-05-08 08:46:30 +00:00
chenkris
4035d467ad Allow fingerprint to access the folder /data/vendor/fingerprint 
Fix the following avc denial:
android.hardwar: type=1400 audit(0.0:20): avc:  denied  { write } for  name="fingerprint" dev="dm-56" ino=36703 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 267766859
Test: Tested fingerprint under enforcing mode
Change-Id: Iadd058432b7db8c20a949aeda1df5f8309663004
 2024-05-08 06:48:41 +00:00
Pechetty Sravani
2bf59857da Revert "Add necessary sepolicy for convert_modem_to_ext4" 
Revert submission 26822004

Reason for revert: <Potential culprit for b/339099720- verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Reverted changes: /q/submissionid:26822004

Change-Id: I90e3bf5ecbdf6c058c56293cfba59c628ccc7aba
 2024-05-07 08:50:45 +00:00
Enzo Liao
c3c5b0fb90 Merge "Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common." into 24D1-dev 2024-04-25 08:22:06 +00:00
Spade Lee
52df1a478b pixelstats_vendor: add logbuffer_device r_file_perms 
avc: denied { read } for name="logbuffer_maxfg_monitor" dev="tmpfs" ino=1034 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0

Bug: 329174074
Test: no denied log, and able to read logbuffer in pixelstats_vendor
Signed-off-by: Spade Lee <spadelee@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3f707d13c29300fab31a1ba6a8657771ba4946a8)
Merged-In: Ieca53f3092355c72784d4216c138cbb7cc9c7fa4
Change-Id: Ieca53f3092355c72784d4216c138cbb7cc9c7fa4
 2024-04-25 06:11:20 +00:00
Kevin Ying
a78ae51ef1 Add sepolicy for power_state node 
Bug: 329703995
Test: manual - used camera
Change-Id: I1f156fe7f10210b933f360fef771cb37ff3cbedb
Signed-off-by: Kevin Ying <kevinying@google.com>
 2024-04-24 19:10:19 +00:00
Kelvin Zhang
276b386b6f Add necessary sepolicy for convert_modem_to_ext4 
Test: reformat data as ext4, reboot
Bug: 293313353
Change-Id: Iede84b1827166f1581d80077fe1c4d93d01a815b
 2024-04-22 10:14:13 -07:00
Kelvin Zhang
c1341de4c3 Add necessary sepolicy for ro.vendor.persist.status 
This prop will be set to "mounted" after /mnt/vendor/persist mounts.
Need this prop to synchronize different actions in init.rc script.

Test: th
Bug: 319335586
Change-Id: I9e8bd5e875956393d610b7def6be713565543d05
 2024-04-22 10:14:12 -07:00
Enzo Liao
7c420c0703 Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. 
New paths (ag/26620507):
  RamdumpService: device/google/gs-common/ramdump_app
  SSRestartDetector: device/google/gs-common/ssr_detector_app

Bug: 298102808
Design: go/sys-software-logging
Test: Manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:df85139d173644b7ec44cb7151845026872a1648)
Merged-In: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
Change-Id: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
 2024-04-22 03:02:53 +00:00
Martin Liu
e028d802db move common MM policy to gs common folder 
Bug: 332916849
Bug: 309409009
Test: boot
Change-Id: I05803943752f7b021c9d4f97b475b493f6ceadcb
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-18 01:59:46 +00:00
Krzysztof Kosiński
d4f04d19cc Remove rlsservice sepolicy. am: 41c22587a2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/26948256

Change-Id: I60d0c43786dc869f9d69ce7c95e2199652efda3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-15 21:58:31 +00:00
Krzysztof Kosiński
41c22587a2 Remove rlsservice sepolicy. 
rlsservice is not included on zuma and later, only gs101/gs201.
Relevant code search link:
https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:vendor/google/services/LyricCameraHAL/src/apex/Android.bp;l=26;drc=e4b49a6d945df6d5210c35251de8046b162d799d

Bug: 278627483
Test: presubmit
Change-Id: I15398ddeea8c0a10920c987e55789ba4a8322774
 2024-04-12 22:03:22 +00:00
Treehugger Robot
32ce8f9878 Merge "allow vendor init to access compaction_proactiveness" into main 2024-04-12 15:03:00 +00:00
Martin Liu
fb44539d8d allow vendor init to access compaction_proactiveness 
Bug: 332916849
Test: boot
Change-Id: If1930fe0f174f2794296ded69d29420f2e59f6c2
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-10 23:34:49 +00:00
Enzo Liao
df85139d17 Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. 
New paths (ag/26620507):
  RamdumpService: device/google/gs-common/ramdump_app
  SSRestartDetector: device/google/gs-common/ssr_detector_app

Bug: 298102808
Design: go/sys-software-logging
Test: Manual
Change-Id: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
 2024-04-08 19:21:13 +08:00
Treehugger Robot
0a3562a15c Merge "display: low-light blocking zone support" into 24D1-dev 2024-04-04 02:46:42 +00:00
cweichun
495b0120ea display: low-light blocking zone support 
Bug: 315876417
Test: verify the functionality works
Change-Id: Id8972d4c9057aa76f72dd32d47a5d07c0822645b
 2024-04-02 15:25:43 +00:00
Spade Lee
0ac2d9f7bc sepolicy: allow kernel to search vendor debugfs 
audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: I0e0c2fee4d508cc4e76714df0efbe5eca7ca5966
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-04-02 07:35:39 +00:00
Treehugger Robot
2a01ceedb9 Merge "display: low-light blocking zone support" into main 2024-04-02 04:21:29 +00:00
cweichun
e9c8f2af69 display: low-light blocking zone support 
Bug: 315876417
Test: verify the functionality works
Change-Id: Id8972d4c9057aa76f72dd32d47a5d07c0822645b
 2024-04-01 22:31:48 +00:00
Albert Wang
c24ead7ce9 usb: correct the xhci wakeup path 
Error log:
Error opening kernel wakelock stats for: wakeup177 (...xhci-hcd-exynos.5.auto/usb1/1-1/wakeup/wakeup177): Permission denied

bug: 311087938
Test: boot to home and host mode works well
Change-Id: I8bdd38499dec3852ba33510f40e58cebd3a4560f
 2024-03-27 10:26:45 +00:00
Spade Lee
dbc39c622b Merge "pixelstats_vendor: add logbuffer_device r_file_perms" into main 2024-03-22 07:30:31 +00:00
Spade Lee
6ad6fb5edb sepolicy: allow kernel to search vendor debugfs 
audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: I0e0c2fee4d508cc4e76714df0efbe5eca7ca5966
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-03-20 18:16:41 +00:00
Spade Lee
3f707d13c2 pixelstats_vendor: add logbuffer_device r_file_perms 
avc: denied { read } for name="logbuffer_maxfg_monitor" dev="tmpfs" ino=1034 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0

Bug: 329174074
Test: no denied log, and able to read logbuffer in pixelstats_vendor
Change-Id: Ieca53f3092355c72784d4216c138cbb7cc9c7fa4
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-03-14 03:31:14 +00:00
John Chang
28e6526f84 display: change vrr.enabled to xrr.version 
Bug: 328001545
Test: Test MRR Version 2 is properly configured
Change-Id: Ide6493d77a6047023f20fbd9c5723a36033e3691
 2024-03-07 22:19:51 +00:00
John Chang
7baab4b7e7 display: change vrr.enabled to xrr.version 
Bug: 328001545
Test: Test MRR Version 2 is properly configured
Change-Id: Ide6493d77a6047023f20fbd9c5723a36033e3691
 2024-03-06 16:13:39 +00:00
Treehugger Robot
10dcc53e99 Merge "Add AIDL media.c2 into service_contexts" into main 2024-03-05 06:17:02 +00:00
Sungtak Lee
84531ff361 Add AIDL media.c2 into service_contexts 
Bug: 321808716
Change-Id: I7c79bc46112b8330c6d2a62db030ecc13d1cece4
 2024-02-27 18:05:41 +00:00
Treehugger Robot
48a81fa140 Merge "add dsim wakeup labels" into main 2024-02-27 13:14:49 +00:00
Peter Lin
161bbcd1e6 add dsim wakeup labels 
Bug: 320693841
Bug: 321733124
test: ls sys/devices/platform/19440000.drmdsim/19440000.drmdsim.0/wakeup -Z
Change-Id: Ie99007455ef3879c8ee0aa1fa20801e4baf5e978
 2024-02-17 08:11:13 +00:00
Will McVicker
1d8864cdee Update tcpm i2c sepolicy with new device name 
The new names fix uninformative kernel wakelock names.

Bug: 315190967
Bug: 323447554
Change-Id: I5e0a4e13484c9886be398782e580313892987e2f
 2024-02-16 15:15:55 -08:00
Weizhung Ding
15fda1a501 Add HWC permission to access IStats AIDL 
avc:  denied  { call } for  scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:r:system_server:s0 tclass=binder permissive=0

Bug: 266898132
Test: Build and check log
Change-Id: I7e5ec165df0d397250b09f5981c1f45aea27bd4c
 2024-02-10 02:18:16 +00:00
Treehugger Robot
4e66878b19 Merge "[displayport-stats] add sysfs access permission on Zuma devices." into main 2024-02-09 09:17:34 +00:00
Roy Luo
6c5b44f1bb hal_usb_impl: Grant read permission to usb overheat files 
Carried over from WHI PRO setting.

Bug: 307583011
Test: no audit logs
Change-Id: I45bb396f2597a4a8c150ad2975ecfa427d44f2a9
 2024-02-07 05:18:41 +00:00
Hongbo Zeng
cfe12763f2 Allow con_monitor_app to read/write the folder /data/vendor/radio 
Bug: 322266425
Test: after apply the patch, we can see the adum_log/adum_log_old files
      are included in dumpstate_board.bin successfully without denial

Change-Id: Ic488a84a1942fbc424b08aa0cbd4d526014152cd
 2024-02-02 15:42:31 +00:00
Kyle Tso
98972beada Allow dump_power to read sysfs directories 
dump_power needs to read the directories under /sys/class/power_supply.

Bug: 320613177
Bug: 322294676
Change-Id: I7bc55b90d67a1d05bb097955ed632d62535e0f40
Signed-off-by: Kyle Tso <kyletso@google.com>
 2024-01-31 07:01:55 +00:00
Daniel Chapin
6a6f65b5e5 Merge "Revert "Allow dump_power to read directories under "/sys/class/p..."" into main 2024-01-25 22:59:25 +00:00
Daniel Chapin
a5df4f07bf Revert "Allow dump_power to read directories under "/sys/class/p..." 
Revert submission 25915320-320613177

Reason for revert: Droidfood blocking bug: 322294676

Reverted changes: /q/submissionid:25915320-320613177

Change-Id: I5545dcd73cdce5ae029444c313bf5dc3f642a5c0
 2024-01-25 21:44:18 +00:00
Treehugger Robot
ab46db5fef Merge "Add capacity_headroom to gpu sysfs" into main 2024-01-24 23:30:45 +00:00
Sean Callanan
d7decd5eee Add capacity_headroom to gpu sysfs 
This allows userspace (notably the power HAL) to apply a boost to GPU
frequency independent of previously measured load.

Bug: 290625326
Test: boot, run modified Power HAL
Change-Id: Ia71266ee751a36a960706ac8aacc7fdefdf8a0f0
 2024-01-24 21:46:23 +00:00
Weizhung Ding
3d156c0ad6 [displayport-stats] add sysfs access permission on Zuma devices. 
Bug: 266898132
Test: Build
Change-Id: I4c5bd4729f837c843668c447abbbe4c34beb3fce
 2024-01-24 08:28:40 +00:00
Kyle Tso
4e48a45727 Allow dump_power to read directories under "/sys/class/power_supply" 
Bug: 320613177
Change-Id: I1a39ddb5fbbf4c62fa5b96e3562b34f2f2091c13
Signed-off-by: Kyle Tso <kyletso@google.com>
 2024-01-22 08:52:59 +00:00
Angela Wu
0d32d1c172 Change the type of hw_jpg_device for selinux policy so that the GCA release flavor could access hw_jpg_device 
Bug: 320410642
Test:m

Change-Id: If77a097b4ca823322ef41b13d6283390dac69d6c
 2024-01-16 08:51:05 +00:00
Midas Chien
d6e79769c1 Allow Powerstats service to access refresh rate residency node 
Bug: 315424658
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I86288b4f523b4463a46d710a6556fa6852d4bea0
 2024-01-12 13:01:17 +00:00