Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1420 commits 1 branch 0 tags 18 MiB
Commit graph

1420 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bruno BELANYI
33c0bf3aad Merge "Move ARM runtime option SELinux rules out of 'legacy/'" into udc-d1-dev am: ac239dd97d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22627129

Change-Id: Id46dee4c6dfc14fc86748fc88dc5ef96a0b0f708
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 11:27:59 +00:00
Bruno BELANYI
905a545184 Merge "Use restricted vendor property for ARM runtime options" into udc-d1-dev am: d217ae19cb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22627127

Change-Id: If670a7a869d2642c96d5f89b03dda2fce22f9519
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 11:27:20 +00:00
Jenny Ho
cddf77cdac Merge "sepolicy: fix charger_vendor permission denied" into udc-d1-dev am: 2e3228660e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22606969

Change-Id: Ifcf4b4a1f1654519eb756d658d0d1a14c5495e16
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 11:26:46 +00:00
Bruno BELANYI
ac239dd97d Merge "Move ARM runtime option SELinux rules out of 'legacy/'" into udc-d1-dev 2023-04-17 11:00:08 +00:00
Bruno BELANYI
d217ae19cb Merge "Use restricted vendor property for ARM runtime options" into udc-d1-dev 2023-04-17 10:59:23 +00:00
Jenny Ho
2e3228660e Merge "sepolicy: fix charger_vendor permission denied" into udc-d1-dev 2023-04-17 10:56:58 +00:00
Dinesh Yadav
56658f83ed Merge "Add se-policies for google_camera_app from pro" into udc-d1-dev am: 39b4b20545 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22414449

Change-Id: I1a7ccce3db7dee7e1b816af6a4703baa2f03ef3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 09:05:27 +00:00
Dinesh Yadav
39b4b20545 Merge "Add se-policies for google_camera_app from pro" into udc-d1-dev 2023-04-17 08:32:26 +00:00
Jenny Ho
6f201db16a sepolicy: fix charger_vendor permission denied 
type=1400 audit(1679973171.472:14): avc: denied { search } for comm="android.hardwar" name="vendor" dev="tmpfs" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0
type=1400 audit(1679973171.256:10): avc: denied { read } for comm="android.hardwar" name="stat" dev="sysfs" ino=67924 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0␍␊
type=1107 audit(1679973171.472:20): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.battery.defender.state pid=414 uid=1000 gid=1000 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=property_service permissive=0
type=1400 audit(1679973171.476:23): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_battery_defender_prop:s0" dev="tmpfs" ino=356 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=file permissive=0
type=1400 audit(1679973171.472:21): avc: denied { write } for comm="android.hardwar" name="capacity" dev="sysfs" ino=74690 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0
type=1400 audit(1679973171.476:32): avc: denied { read } for comm="android.hardwar" name="u:object_r:default_prop:s0" dev="tmpfs" ino=164 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
type=1400 audit(1681358719.792:6): avc:  denied  { search } for  comm="android.hardwar" name="/" dev="sda1" ino=3 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0

Bug: 277898259
Change-Id: I055eaab6df7c4549cc3817aaec80b0f85ec3b475
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2023-04-17 07:24:32 +00:00
Treehugger Robot
e285b839db [automerger skipped] Merge "allow vendor_init to acces watermark_scale_factor" into udc-d1-dev am: cccb610bb4 -s ours 
am skip reason: Merged-In Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0 with SHA-1 2c2e198e61 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22624776

Change-Id: I1ece813be75b6e1efbd8232e337dd8ed83664f9a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 03:41:53 +00:00
Martin Liu
761f9a44b8 [automerger skipped] allow vendor_init to acces watermark_scale_factor am: fe24903d2c -s ours 
am skip reason: Merged-In Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0 with SHA-1 2c2e198e61 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22624776

Change-Id: I622045022a29ceddf91d3a1a26fd4133571ef8ee
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 03:41:51 +00:00
Treehugger Robot
cccb610bb4 Merge "allow vendor_init to acces watermark_scale_factor" into udc-d1-dev 2023-04-17 03:05:35 +00:00
Martin Liu
2c2e198e61 allow vendor_init to acces watermark_scale_factor 
Bug: 278075546
Test: boot
Change-Id: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0
Signed-off-by: Martin Liu <liumartin@google.com>
 2023-04-16 04:05:34 +00:00
Martin Liu
fe24903d2c allow vendor_init to acces watermark_scale_factor 
Bug: 278075546
Test: boot
Change-Id: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0
Merged-in: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0
Signed-off-by: Martin Liu <liumartin@google.com>
 2023-04-16 03:59:57 +00:00
Bruno BELANYI
cd905228d1 Move ARM runtime option SELinux rules out of 'legacy/' 
Addressing some review feedback on ag/22381542 about this folder being
removed in the future.

Bug: b/272740524
Test: CtsDeqpTestCases (dEQP-VK.protected_memory.stack.stacksize_*)
Change-Id: I8506da9b80fe060cd5093acafd58594e4db3341b
 2023-04-14 09:20:40 +00:00
Bruno BELANYI
1337c54005 Use restricted vendor property for ARM runtime options 
They need to be read by everything that links with libmali, but we don't
expect anybody to actually write to them.

Bug: b/272740524
Test: CtsDeqpTestCases (dEQP-VK.protected_memory.stack.stacksize_*)
Change-Id: I7f6f021378467484544cc3dbbe71a8e9e037cf98
 2023-04-14 08:33:48 +00:00
Treehugger Robot
224c260019 Merge "Enforce servicemanager" into udc-d1-dev am: 9ea22dde19 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22574729

Change-Id: If04b8697019e9388da37addb6f65f7d025a5becf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 04:35:17 +00:00
Dinesh Yadav
b8b2445251 Add se-policies for google_camera_app from pro 
- Found selinux violations on google_camera_app for these services which are fixed after these changes are included.

Bug: 264490031
Change-Id: Ib6f4a8a548425b0b98ed9b69edff6c973b9cbe3e
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-04-14 03:59:03 +00:00
Treehugger Robot
9ea22dde19 Merge "Enforce servicemanager" into udc-d1-dev 2023-04-14 03:53:11 +00:00
TreeHugger Robot
065f1c5a75 Merge "Suppress bootanim behavior meant for Android Wear devices" into udc-d1-dev am: 89d4a4df13 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22098965

Change-Id: I041686fffcd34b58026080c4e6538adfaf8a3407
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 03:46:21 +00:00
Treehugger Robot
bb79528e37 Merge changes Ie20be0af,Id9a80c47 into udc-d1-dev am: 2ac0374b22 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22573649

Change-Id: Id5edbe1f2e6ef273387af77a257063a149150764
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 03:45:38 +00:00
Wilson Sung
af0ad04c3c Enforce priv_app 
Fix: 260366281
Fix: 260522282
Fix: 260768358
Fix: 260922442
Fix: 263185432
Fix: 264490074
Fix: 268572216
Change-Id: I2efbb1971c09506a7b1e0e5e0e3d22eda91018c1
 2023-04-14 03:34:46 +00:00
TreeHugger Robot
89d4a4df13 Merge "Suppress bootanim behavior meant for Android Wear devices" into udc-d1-dev 2023-04-14 03:19:53 +00:00
Treehugger Robot
2ac0374b22 Merge changes Ie20be0af,Id9a80c47 into udc-d1-dev 
* changes:
  Enforce rebalance_interrupts_vendor
  Enforce hwservicemanager
 2023-04-14 03:18:10 +00:00
Treehugger Robot
a04af8a730 Merge "Remove ofl_app selinux policy" into udc-d1-dev am: 224eebae32 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22601630

Change-Id: I64cac9c1b589c2f5be6ac74b9339d6ee5f8af42a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 02:55:52 +00:00
Treehugger Robot
224eebae32 Merge "Remove ofl_app selinux policy" into udc-d1-dev 2023-04-14 02:11:22 +00:00
Treehugger Robot
e3fcb41f40 Merge "Update rules for android.hardware.secure_element-service.thales" into udc-d1-dev am: fde5823b6f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22601631

Change-Id: Ie60f65e8ee6f88a0f4f03fdb10c3caadf7865504
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 01:54:41 +00:00
Treehugger Robot
fde5823b6f Merge "Update rules for android.hardware.secure_element-service.thales" into udc-d1-dev 2023-04-14 01:21:56 +00:00
Ankit Goyal
d9655a4999 Add sepolicy for framebuffer-secure heap am: 9576cfaca7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21990547

Change-Id: I39b3df563b40fabb4ae836ecb196ca4ec3a20509
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 22:32:19 +00:00
Ankit Goyal
9576cfaca7 Add sepolicy for framebuffer-secure heap 
Bug: 245053092
Test: Secure video playback
Change-Id: I715ea5a4e9ee70ec2a022351b9e722a25bfb9f93
 2023-04-13 13:47:11 -07:00
Sayanna Chandula
e94b921ca4 Merge "thermal: enable pixelstats access to thermal metrics" into udc-d1-dev am: 34ff37262f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22559579

Change-Id: I3fb332012004c2e91b8bcc858dcfbdc12e5c8679
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 20:43:22 +00:00
Sayanna Chandula
34ff37262f Merge "thermal: enable pixelstats access to thermal metrics" into udc-d1-dev 2023-04-13 20:26:31 +00:00
Yixuan Wang
98bffc0a44 Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev am: 2c0e44805a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22613725

Change-Id: Ia79eb1e60a6fe53a2155874be0f83be644c1d9f6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 20:18:36 +00:00
Yixuan Wang
2c0e44805a Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev 2023-04-13 19:38:38 +00:00
Joner Lin
44155e103e Merge "allow bthal to access vendor bluetooth folder" into udc-d1-dev am: edd47032af 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22271813

Change-Id: Ic8fa74d729ca69d7c051c19848b9a0113e23bac3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 14:26:11 +00:00
Joner Lin
edd47032af Merge "allow bthal to access vendor bluetooth folder" into udc-d1-dev 2023-04-13 13:57:32 +00:00
George
95d0a4b76f Update rules for android.hardware.secure_element-service.thales 
A new domain hal_secure_element_st54spi_aidl for AIDL HAL

Bug: 261566299
Test: run cts -m CtsOmapiTestCases
Test: atest VtsAidlHalNfcTargetTest
Change-Id: Id76a3f3337e2ee72031b39975eb010178855f36f
 2023-04-13 11:02:49 +00:00
Lily Lin
6f41705151 Remove ofl_app selinux policy 
OFLAgent is deprecated in ag/22504130. This CL is to remove ofl_app
selinux policy.

Bug: 224611871
Test: adb bugreport
Change-Id: I2264d79b8fe4084c3acd65db8f5384bb08216c5f
(cherry picked from commit 0fed5cc2b6cae6aebb411a58319474798d2fb25a)
 2023-04-13 10:49:13 +00:00
Yixuan Wang
1095231e38 Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for 
chre

[ 7.760870] type=1400 audit(1669944054.440:61): avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1099 scontext=u:r:hal_contexthub_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
[ 12.519414] type=1400 audit(1669944059.196:138): avc: denied {connectto } for comm="android.hardwar" path="/dev/socket/chre"scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1

Bug: 264489794
Bug: 261105224
Test: atest scanAvcDeniedLogRightAfterReboot
Change-Id: I7bf13913188deedc987f82e54626a18357ab84c5
 2023-04-13 06:43:41 +00:00
Wilson Sung
3df3008917 Suppress bootanim behavior meant for Android Wear devices 
Fix: 260522279
Test: boot-to-home and no bootanim avc error
Change-Id: I29d4168720887bc2f90d5f7ad20367887f9cae51
 2023-04-13 00:00:38 +00:00
Minchan Kim
2155fd3711 move vendor_cma_debugfs into gs-common am: a382f85f96 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22573601

Change-Id: I52c5fb3fe3a1d89d26fa547dd25cd57806cbfdc9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 15:53:59 +00:00
Wilson Sung
5468e420e3 Enforce rebalance_interrupts_vendor 
Fix: 264489565
Test: boot-to-home
Change-Id: Ie20be0afe1a95b8cb512b57019539eb52948a155
 2023-04-12 22:58:13 +08:00
Wilson Sung
90f838f16f Enforce hwservicemanager 
Test: boot-to-home and no avc error
Fix: 264489781
Change-Id: Id9a80c478a2eae8472023f3bbcc514f30f5bfbab
 2023-04-12 22:32:46 +08:00
Wilson Sung
527f215d20 Enforce servicemanager 
Fix: 263429985
Fix: 264489962
Test: boot-to-home, no avc error
Change-Id: Ib3b0916bdbd09638f5b7b34f2d214690eed314ab
 2023-04-12 22:14:16 +08:00
Minchan Kim
a382f85f96 move vendor_cma_debugfs into gs-common 
The CMA dump is common feature for pixel devices so move
it to gs-common.

Bug: 276901078
Test: dumpstate_board.txt on adb bugreport includes the info
Change-Id: I46be7899939da3ae7e9323a0d3ee92f4b3759acf
Signed-off-by: Minchan Kim <minchan@google.com>
(cherry picked from commit afb8d91c5dd0df836c6c8a53963b44e23005efb7)
 2023-04-12 13:25:46 +00:00
Kah Xuan Lim
6e8c79e7db Modem ML: Grant access to modem ML data dir 
Bug: 229801544
Change-Id: Ia2e9c5a48ad935a49f3b8a9c6bceae3f4f833b4e
 2023-04-12 08:48:57 +00:00
Minchan Kim
11e5da54ef Merge "remove dump_cma" 2023-04-12 03:25:58 +00:00
Wilson Sung
bf1baa3448 Merge "Add recovery related policy" into udc-d1-dev am: 5bee37db26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22574699

Change-Id: Iafa23558e51dbc2608ff3158cd7b1259253f25cf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 01:55:36 +00:00
Wilson Sung
5bee37db26 Merge "Add recovery related policy" into udc-d1-dev 2023-04-12 01:44:17 +00:00
Treehugger Robot
eefef62f70 Merge "Add btbcm wakelock node context" into udc-d1-dev am: bc7379022a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22572817

Change-Id: Ie49fcc84a41c924558050f7d4a283a915bc68b84
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 01:40:12 +00:00