Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2199 commits 1 branch 0 tags 18 MiB
Commit graph

2199 commits

This branch
This branch
All branches
Author SHA1 Message Date
Android Build Coastguard Worker
380a00046a Snap for 11915075 from 79e1531622 to 24Q4-release 
Change-Id: I33710600a44bc9372a6e2d8f33e0e21a4d797728
 2024-06-01 01:03:23 +00:00
Xin Li
79e1531622 [automerger skipped] Merge Android 24Q2 Release (ab/11526283) to aosp-main-future am: 42aa8de219 -s ours 
am skip reason: Merged-In I56143303453cce01d812997ed4a06d815f2a6859 with SHA-1 97a16aff57 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27273322

Change-Id: Ib48cb1570130e89e98ce755f22b4b222be981e69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 19:46:13 +00:00
chenkris
090928722e Add sepolicy for fingerprint HAL to check NSP file 
Fix the following avc denials:
avc:  denied  { search } for  name="copied" dev="dm-58" ino=428
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:modem_efs_image_file:s0 tclass=dir

avc:  denied  { search } for  name="persist" dev="dm-58" ino=443
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

avc:  denied  { search } for  name="ss" dev="dm-58" ino=445
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=dir

avc:  denied  { read } for  name="nsp" dev="dm-58" ino=15500
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=file

avc:  denied  { open } for  path="/data/vendor/copied/persist/ss/nsp"
dev="dm-58" ino=15500
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=file

Bug: 335525798
Test: Use UDFPS repair tool to update calibration files
Change-Id: Ic233a07ced8fd828c0e4b4ae1cffa93763a83b42
 2024-05-29 04:39:37 +00:00
Wilson Sung
cdc4acc647 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 340722729
Change-Id: I8f11ea5848724f18765cca2dda91a7d916b82f72
 2024-05-15 03:50:08 +00:00
Shiyong Li
0455a656b7 Merge "Add sepolicy for power_state node" into 24D1-dev am: 7107af6af0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27057168

Change-Id: Iebbdf2275b4d0460ac58100db1ab1b865ed63d04
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-09 05:21:38 +00:00
Shiyong Li
7107af6af0 Merge "Add sepolicy for power_state node" into 24D1-dev 2024-05-09 05:16:16 +00:00
Treehugger Robot
bc68fdd684 Merge "Reland: Add necessary sepolicy for convert_modem_to_ext4" into main 2024-05-08 16:13:27 +00:00
KRIS CHEN
3cbe2de42c Merge "Allow fingerprint to access the folder /data/vendor/fingerprint" into main 2024-05-08 08:46:30 +00:00
chenkris
4035d467ad Allow fingerprint to access the folder /data/vendor/fingerprint 
Fix the following avc denial:
android.hardwar: type=1400 audit(0.0:20): avc:  denied  { write } for  name="fingerprint" dev="dm-56" ino=36703 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 267766859
Test: Tested fingerprint under enforcing mode
Change-Id: Iadd058432b7db8c20a949aeda1df5f8309663004
 2024-05-08 06:48:41 +00:00
Kelvin Zhang
be41aa688e Reland: Add necessary sepolicy for convert_modem_to_ext4 
The original CL was reverted because it references
enable_16k_pages_prop, which is only available on board API level >
202504.

This reland removes enable_16k_pages_prop usage, and worked around it by
reading PRODUCT_16K_DEVELOPER_OPTION at build time.

Test: reformat data as ext4, reboot
Bug: 293313353
Change-Id: Ibd8f57d1ef4fd2b0fd8b4170153d57fe9a9cefc2
 2024-05-07 13:24:15 -07:00
Pechetty Sravani
7c7e028271 Merge "Revert "Add necessary sepolicy for convert_modem_to_ext4"" into main 2024-05-07 13:08:44 +00:00
Pechetty Sravani
2bf59857da Revert "Add necessary sepolicy for convert_modem_to_ext4" 
Revert submission 26822004

Reason for revert: <Potential culprit for b/339099720- verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Reverted changes: /q/submissionid:26822004

Change-Id: I90e3bf5ecbdf6c058c56293cfba59c628ccc7aba
 2024-05-07 08:50:45 +00:00
Treehugger Robot
20f1383abd Merge "Add necessary sepolicy for convert_modem_to_ext4" into main 2024-05-06 23:19:28 +00:00
Xin Li
42aa8de219 Merge Android 24Q2 Release (ab/11526283) to aosp-main-future 
Bug: 337098550
Merged-In: I56143303453cce01d812997ed4a06d815f2a6859
Change-Id: I61f611a2fcb900fcb4bb035c2abfbb19a840fddb
 2024-05-06 12:09:17 -07:00
Enzo Liao
2247b84115 [automerger skipped] Merge "Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common." into 24D1-dev am: c3c5b0fb90 -s ours 
am skip reason: Merged-In Id42c4de6c29d4a95f8a68a5732c4732edfb71da8 with SHA-1 df85139d17 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27046738

Change-Id: I74a2603921e024818214cdd40206f83cadcb6b40
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-25 08:31:17 +00:00
Enzo Liao
146d62c821 [automerger skipped] Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. am: 7c420c0703 -s ours 
am skip reason: Merged-In Id42c4de6c29d4a95f8a68a5732c4732edfb71da8 with SHA-1 df85139d17 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27046738

Change-Id: Ic8c15dba652af326c8860b4de81f42ea204c93b0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-25 08:31:13 +00:00
Enzo Liao
c3c5b0fb90 Merge "Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common." into 24D1-dev 2024-04-25 08:22:06 +00:00
Spade Lee
9d059a073d [automerger skipped] pixelstats_vendor: add logbuffer_device r_file_perms am: 52df1a478b -s ours 
am skip reason: Merged-In Ieca53f3092355c72784d4216c138cbb7cc9c7fa4 with SHA-1 3f707d13c2 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27094861

Change-Id: I27d28e4e8b14f71a16aba5f7de9b8874d205e708
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-25 08:20:29 +00:00
Spade Lee
52df1a478b pixelstats_vendor: add logbuffer_device r_file_perms 
avc: denied { read } for name="logbuffer_maxfg_monitor" dev="tmpfs" ino=1034 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0

Bug: 329174074
Test: no denied log, and able to read logbuffer in pixelstats_vendor
Signed-off-by: Spade Lee <spadelee@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3f707d13c29300fab31a1ba6a8657771ba4946a8)
Merged-In: Ieca53f3092355c72784d4216c138cbb7cc9c7fa4
Change-Id: Ieca53f3092355c72784d4216c138cbb7cc9c7fa4
 2024-04-25 06:11:20 +00:00
Kevin Ying
a78ae51ef1 Add sepolicy for power_state node 
Bug: 329703995
Test: manual - used camera
Change-Id: I1f156fe7f10210b933f360fef771cb37ff3cbedb
Signed-off-by: Kevin Ying <kevinying@google.com>
 2024-04-24 19:10:19 +00:00
Kelvin Zhang
276b386b6f Add necessary sepolicy for convert_modem_to_ext4 
Test: reformat data as ext4, reboot
Bug: 293313353
Change-Id: Iede84b1827166f1581d80077fe1c4d93d01a815b
 2024-04-22 10:14:13 -07:00
Kelvin Zhang
c1341de4c3 Add necessary sepolicy for ro.vendor.persist.status 
This prop will be set to "mounted" after /mnt/vendor/persist mounts.
Need this prop to synchronize different actions in init.rc script.

Test: th
Bug: 319335586
Change-Id: I9e8bd5e875956393d610b7def6be713565543d05
 2024-04-22 10:14:12 -07:00
Enzo Liao
7c420c0703 Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. 
New paths (ag/26620507):
  RamdumpService: device/google/gs-common/ramdump_app
  SSRestartDetector: device/google/gs-common/ssr_detector_app

Bug: 298102808
Design: go/sys-software-logging
Test: Manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:df85139d173644b7ec44cb7151845026872a1648)
Merged-In: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
Change-Id: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
 2024-04-22 03:02:53 +00:00
Martin Liu
e028d802db move common MM policy to gs common folder 
Bug: 332916849
Bug: 309409009
Test: boot
Change-Id: I05803943752f7b021c9d4f97b475b493f6ceadcb
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-18 01:59:46 +00:00
Krzysztof Kosiński
d4f04d19cc Remove rlsservice sepolicy. am: 41c22587a2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/26948256

Change-Id: I60d0c43786dc869f9d69ce7c95e2199652efda3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-15 21:58:31 +00:00
Kadi Narmamatov
99c5c3dc9e Merge "rsfd: add get_prop for cbd property" into main 2024-04-15 07:36:23 +00:00
Krzysztof Kosiński
41c22587a2 Remove rlsservice sepolicy. 
rlsservice is not included on zuma and later, only gs101/gs201.
Relevant code search link:
https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:vendor/google/services/LyricCameraHAL/src/apex/Android.bp;l=26;drc=e4b49a6d945df6d5210c35251de8046b162d799d

Bug: 278627483
Test: presubmit
Change-Id: I15398ddeea8c0a10920c987e55789ba4a8322774
 2024-04-12 22:03:22 +00:00
Treehugger Robot
32ce8f9878 Merge "allow vendor init to access compaction_proactiveness" into main 2024-04-12 15:03:00 +00:00
Enzo Liao
4104efb34f Merge "Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common." into main 2024-04-11 02:03:26 +00:00
Martin Liu
fb44539d8d allow vendor init to access compaction_proactiveness 
Bug: 332916849
Test: boot
Change-Id: If1930fe0f174f2794296ded69d29420f2e59f6c2
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-10 23:34:49 +00:00
kadirpili
22844d59ca rsfd: add get_prop for cbd property 
Bug: 323086582

Test: flash ROM and check for rfsd sepolicy logs

Change-Id: I6f8c555614386fda784b4532a4b004d5fe857bc6
 2024-04-10 05:52:54 +00:00
Enzo Liao
df85139d17 Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. 
New paths (ag/26620507):
  RamdumpService: device/google/gs-common/ramdump_app
  SSRestartDetector: device/google/gs-common/ssr_detector_app

Bug: 298102808
Design: go/sys-software-logging
Test: Manual
Change-Id: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
 2024-04-08 19:21:13 +08:00
Treehugger Robot
2ab2661048 Merge "display: low-light blocking zone support" into 24D1-dev am: 0a3562a15c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/26800869

Change-Id: Ic14a269756206f63e9978bc453d68163fef6d868
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-04 03:27:45 +00:00
Treehugger Robot
0a3562a15c Merge "display: low-light blocking zone support" into 24D1-dev 2024-04-04 02:46:42 +00:00
Spade Lee
5a4b459eff sepolicy: allow kernel to search vendor debugfs am: 0ac2d9f7bc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/26738853

Change-Id: Ic8f63f4bbda165e07ea150a2f5a9cfc7211f5c07
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-03 04:24:44 +00:00
cweichun
495b0120ea display: low-light blocking zone support 
Bug: 315876417
Test: verify the functionality works
Change-Id: Id8972d4c9057aa76f72dd32d47a5d07c0822645b
 2024-04-02 15:25:43 +00:00
Spade Lee
0ac2d9f7bc sepolicy: allow kernel to search vendor debugfs 
audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: I0e0c2fee4d508cc4e76714df0efbe5eca7ca5966
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-04-02 07:35:39 +00:00
Treehugger Robot
2a01ceedb9 Merge "display: low-light blocking zone support" into main 2024-04-02 04:21:29 +00:00
cweichun
e9c8f2af69 display: low-light blocking zone support 
Bug: 315876417
Test: verify the functionality works
Change-Id: Id8972d4c9057aa76f72dd32d47a5d07c0822645b
 2024-04-01 22:31:48 +00:00
Treehugger Robot
ff1c6fe2ba Merge "usb: correct the xhci wakeup path" into main 2024-04-01 04:00:20 +00:00
Mike Wang
aa7749fb7b Merge "Add the selinux policy for MDS to access modem_state file" into main 2024-03-29 15:16:19 +00:00
mikeyuewang
6546398c27 Add the selinux policy for MDS to access modem_state file 
Add the selinux policy for MDS to access modem_state file

avc deny:
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:14): avc:  denied  { read } for  name="modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:15): avc:  denied  { open } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:16): avc:  denied  { getattr } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds

Bug: 331202327

Change-Id: I5e0088d274bc4f45010a19631ecbaece7cc3cc42
 2024-03-28 20:28:10 +00:00
Albert Wang
c24ead7ce9 usb: correct the xhci wakeup path 
Error log:
Error opening kernel wakelock stats for: wakeup177 (...xhci-hcd-exynos.5.auto/usb1/1-1/wakeup/wakeup177): Permission denied

bug: 311087938
Test: boot to home and host mode works well
Change-Id: I8bdd38499dec3852ba33510f40e58cebd3a4560f
 2024-03-27 10:26:45 +00:00
Megha Patil
c8c92bd593 Sepolicy for the new property to switch Modem Binary 
Sepolicy Rules added for telephony.TnNtn.image_switch

BUG: b/298322438
Bug: 323087490

Test: Test Binding sequence of Service
Change-Id: Ie79aff94159d79a573ec92546a5d3e390b802b22
 2024-03-26 08:44:51 +00:00
Hungyen Weng
e0e63c38d7 Merge "Allow modem_svc to access modem files and perfetto" into main 2024-03-22 23:52:52 +00:00
Spade Lee
dbc39c622b Merge "pixelstats_vendor: add logbuffer_device r_file_perms" into main 2024-03-22 07:30:31 +00:00
Hungyen Weng
1db18cf4b3 Allow modem_svc to access modem files and perfetto 
Bug: 330730987

Test: Confirmed that modem_svc is able to access token db files in modem partition
Test: Confiemed that modem_svc can send traces to perfetto

Change-Id: Ic8b724e0e8d72f5ead83e75ab85471bcbdaf8749
 2024-03-22 00:29:41 +00:00
Oleg Blinnikov
920bae7e33 Merge "persist.sys.hdcp_checking property added" into main 2024-03-21 12:21:30 +00:00
Spade Lee
6ad6fb5edb sepolicy: allow kernel to search vendor debugfs 
audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: I0e0c2fee4d508cc4e76714df0efbe5eca7ca5966
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-03-20 18:16:41 +00:00
Oleg Blinnikov
57d222ff5f persist.sys.hdcp_checking property added 
Change-Id: I518db2909d2356a42421a626288365bb7458cc9c
Bug: 321344894
Test: modify property, see that max_ver file modified
 2024-03-19 16:06:51 +00:00