Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2310 commits 1 branch 0 tags 18 MiB
Commit graph

2310 commits

This branch
This branch
All branches
Author SHA1 Message Date
Xiaofan Jiang
3f8aadb455 Merge "zuma: update selinux to allow UMI on user build" into main 2025-01-10 11:37:10 -08:00
Nina Chen
5159a671f2 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Flag: EXEMPT bugfix
Bug: 388949246
Change-Id: I35755091bde97e167173375033134a78c6eb6c69
 2025-01-09 19:26:00 -08:00
Xiaofan Jiang
6fb9c00880 zuma: update selinux to allow UMI on user build 
Bug: 375335464

[   68.189198] type=1400 audit(1722986580.568:59): avc:  denied  { unlink } for  comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { create } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { write } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1

Flag: EXEMPT Critical modem system service
Change-Id: Id238114b40a3cb70efab1d8c88bda070b054d991
 2025-01-10 03:16:04 +00:00
Wilson Sung
417ef69506 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 386149375
Flag: EXEMPT update sepolicy
Change-Id: I1be4fa4b29e0e28b61c7ff1444169ab1d20fe5d5
 2024-12-26 23:22:47 -08:00
Nina Chen
bdfee8a704 Update SELinux error. 
Test: SELinuxUncheckedDenialBootTest
Bug: 385858590
Bug: 385858993

Bug: 385829048
Flag: EXEMPT bugfix
Change-Id: I946909b9bc1aec1728c9999d25bdccfe70443fd9
 2024-12-24 19:11:28 -08:00
Liz Prucka
d20b253d18 Merge "Restrict ioctl access for appdomain to gpu_device" into main 2024-12-23 09:09:24 -08:00
Liz Prucka
b2f00a1549 Restrict ioctl access for appdomain to gpu_device 
Add a list of Mali-specific ioctls (ioctl_defines).
Define categories for these ioctls (ioctl_macros).
This list was gathered by the ARM GPU team.

All defined ioctls are granted access. Deprecated
ioctls and ioctls intended for GPU development are
logged to estimate the impact of their removal.

During testing, no logging was observed during the
launch of the top 100 apps. It is unlikely that such
logging would spam the device's log.

Bug: 384720119
Test: Csuite test of top 100 apps
Flag: EXEMPT uses build system flag: RELEASE_PIXEL_MALI_SEPOLICY_ENABLED
Change-Id: I49f7ffade42e1039e13601a81d814d33dfbc3e5a
 2024-12-19 12:03:02 -08:00
Timmy Li
29cd1c7a2d Revert "Remove hal_camera_default aconfig_storage_metadata_file ..." 
Revert submission 30893287-hal_camera_default_ aconfig_storage_metadata_file

Reason for revert: b/384580942

Reverted changes: /q/submissionid:30893287-hal_camera_default_+aconfig_storage_metadata_file

Change-Id: I8bed2f61c7fc0ee6f0fb8cfc15bdb435d30dc70d
 2024-12-16 16:32:22 -08:00
timmyli
d077655445 Remove hal_camera_default aconfig_storage_metadata_file from bug map 
Bug: 383013471
Test: manual test to see no avc denial
Flag: EXEMPT bug fix
Change-Id: I1958da80539ae17ab48c3aa9f70f7ea3707ea2db
 2024-12-15 19:44:03 -08:00
Xin Li
d25f090a34 [automerger skipped] Merge 24Q4 into AOSP main am: c5a0418122 -s ours am: 46f147f372 -s ours 
am skip reason: Merged-In I1c2fb12e09ffe8083d6b14b0ee5aa957e031ddf3 with SHA-1 f03cc7ce1c is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/29525402

Change-Id: I5dc79c2c48b24078aae4f34b5c0a68aa493500cd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-12-13 19:45:16 -08:00
Xin Li
46f147f372 [automerger skipped] Merge 24Q4 into AOSP main am: c5a0418122 -s ours 
am skip reason: Merged-In I1c2fb12e09ffe8083d6b14b0ee5aa957e031ddf3 with SHA-1 f03cc7ce1c is already in history

Original change: https://android-review.googlesource.com/c/device/google/zuma-sepolicy/+/3413723

Change-Id: I8b8c13745cfbffbf29411e410fef24fa284aa070
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-12-13 18:42:00 -08:00
Xin Li
c5a0418122 Merge 24Q4 into AOSP main 
Bug: 370570306
Merged-In: I1c2fb12e09ffe8083d6b14b0ee5aa957e031ddf3
Change-Id: I1f96c1fc29847035394513fad852d1bacbc43296
 2024-12-13 11:15:10 -08:00
Nina Chen
e408d5681e Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Flag: EXEMPT sepolicy
Bug: 383949325
Change-Id: I3392bafe7873812b2e7df6ecec5725097eb085ab
 2024-12-12 22:40:45 -08:00
chenkris
9ea8cdc64f zuma: Add selinux permission for fth 
Fix the following avc denials:
avc:  denied  { open } for  path="/dev/fth_fd" dev="tmpfs" ino=1575 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
avc:  denied  { read } for  name="wakeup96" dev="sysfs" ino=101698 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

Bug: 383048849
Test: ls -lZ /sys/devices/platform/odm//odm:fps_touch_handler/wakeup
Test: authenticate fingerprint
Flag: EXEMPT NDK
Change-Id: Iec9de84c8faa6790f9f27c5875b5a822a02fcee9
 2024-12-12 00:15:56 -08:00
Eileen Lai
2e5674bd21 Merge "modem_svc: move shared_modem_platform related sepolicy to gs-common" into main 2024-12-09 15:09:36 +00:00
Nina Chen
b81b3428d8 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 383013471
Flag: EXEMPT sepolicy
Change-Id: Ia8c27c5031bb14d77f581b4569a8d39a5613244f
 2024-12-09 03:32:09 +00:00
Eileen Lai
4b9ca7c0a7 modem_svc: move shared_modem_platform related sepolicy to gs-common 
Bug: 372400955

Change-Id: I3570cf0e90ceebc1ac6d19850e53df6c721b0020
Flag: NONE local testing only
 2024-12-08 04:44:23 +00:00
Dinesh Yadav
6e4418cacd Merge "Allow tachyon service to make binder calls to GCA" into main 2024-12-06 16:20:42 +00:00
Dinesh Yadav
1b7a5a0078 Allow tachyon service to make binder calls to GCA 
This permission is needed for tachyon service to call callbacks.

AVC Error seen when tachyon tries accessing GCA:
12-02 11:40:03.212  6987  6987 W com.google.edge: type=1400 audit(0.0:17): avc:  denied  { call } for  scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:google_camera_app:s0:c145,c256,c512,c768 tclass=binder permissive=0
12-03 07:12:26.424  4166  4166 W com.google.edge: type=1400 audit(0.0:254): avc:  denied  { call } for  scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:debug_camera_app:s0:c67,c257,c512,c768 tclass=binder permissive=0

Bug: 381787911
Flag: EXEMPT updates device sepolicy only
Change-Id: I5544fbc11cea0d98dfdeffd9d2871fc037d87c61
 2024-12-06 04:13:42 +00:00
Nina Chen
9f0f02d33e Update SELinux error 
Remove b/376602341, b/314054292 and b/367943515 as they are closed

Flag: EXEMPT sepolicy
Test: SELinuxUncheckedDenialBootTest
Bug: 382362125
Change-Id: I7911102a96cdb602fecf8dae5f87c41448b7e6ba
 2024-12-05 12:53:03 +08:00
Roy Luo
18df6c5e6f Merge "Add udc sysfs to udc_sysfs fs context" into main 2024-12-04 03:31:01 +00:00
Nina Chen
9f5ced1134 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 381326735
Flag: EXEMPT sepolicy
Change-Id: I8381703d4a44d7bce9ead55437e269684f0d5530
 2024-11-28 02:59:26 +00:00
Nina Chen
b7ab33d829 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 380756119
Flag: EXEMPT NDK
Change-Id: I252d772efcdc0b27467c6de41c685fb903e5a62d
 2024-11-25 02:49:21 +00:00
Roy Luo
3c17e28269 Add udc sysfs to udc_sysfs fs context 
Meeded for system server to monitor usb gadget state.
Grant hal_usb_impl read access as it's needed by UsbDataSessionMonitor.
Starting at board level api 202504 due to its dependency on aosp/3337514

10956 10956 W android.hardwar: type=1400 audit(0.0:327): avc:  denied  { read } for  name="state" dev="sysfs" ino=84394 scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:sysfs_udc:s0 tclass=file permissive=0

Bug: 339241080
Test: tested on Shiba
Flag: android.hardware.usb.flags.enable_udc_sysfs_usb_state_update
Change-Id: Ied2d669df74a2f71771e672e27327b60e7687168
 2024-11-22 02:07:21 +00:00
Liana Kazanova (xWF)
fcfaec8bea Merge "Revert "modem_svc: move shared_modem_platform related sepolicy t..."" into main 2024-11-21 20:16:06 +00:00
Liana Kazanova (xWF)
9880272db8 Revert "modem_svc: move shared_modem_platform related sepolicy t..." 
Revert submission 30519089-move_modem_sepolicy

Reason for revert: DroidMonitor: Potential culprit for http://b/380274930 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.

Reverted changes: /q/submissionid:30519089-move_modem_sepolicy

Change-Id: I7fc88068835f662d1f1827488089f5898e88ff9d
 2024-11-21 17:54:05 +00:00
Eileen Lai
e1b7b090e5 Merge "modem_svc: move shared_modem_platform related sepolicy to gs-common" into main 2024-11-21 17:03:11 +00:00
Eileen Lai
41e0d7662d modem_svc: move shared_modem_platform related sepolicy to gs-common 
Bug: 372400955


Flag: NONE local testing only
Change-Id: I5502d8aeae7ca11b301bb8183201cf8294c811f9
 2024-11-21 08:25:08 +00:00
Nina Chen
80c32be9f1 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 379245855
Bug: 379246064
Bug: 379245771
Bug: 379245754
Change-Id: I2b8b5c74f406d59e5ac17280e365dd6733100719
 2024-11-15 18:29:14 +08:00
Nina Chen
5515229d16 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 379207041
Bug: 379207101
Flag: EXEMPT NDK
Change-Id: Icf0da01e2bcf1f57d9048ac601a94d04db00e754
 2024-11-15 06:54:19 +00:00
Xin Li
e547b08ebd [automerger skipped] Merge 24Q4 (ab/12406339) into aosp-main-future am: cf6b23c473 -s ours 
am skip reason: Merged-In I1c2fb12e09ffe8083d6b14b0ee5aa957e031ddf3 with SHA-1 f03cc7ce1c is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/30283793

Change-Id: I064b667d35ba392523f55d4a00ef31ffa462cad9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-11-14 00:31:46 +00:00
Xin Li
cf6b23c473 Merge 24Q4 (ab/12406339) into aosp-main-future 
Bug: 370570306
Merged-In: I1c2fb12e09ffe8083d6b14b0ee5aa957e031ddf3
Change-Id: Ic9f5cbcae1fdd40d57ca6d958adeb4b355339f68
 2024-11-06 11:19:03 -08:00
Nina Chen
6f1672a387 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 376602341
Flag: EXEMPT NDK
Change-Id: I6b3a9d802022ace579de13dc03e1738ee31f7b6f
 2024-11-01 08:13:03 +00:00
Roy Luo
841ad6da33 Merge "Revert^3 "Add udc sysfs to udc_sysfs fs context"" into main 2024-10-30 18:51:30 +00:00
Roy Luo
139f5304a3 Revert^3 "Add udc sysfs to udc_sysfs fs context" 
371f678632

Bug: 339241080
Change-Id: Ia1355fca00339bce7ba5554680b62509558c2b4f
 2024-10-29 21:36:05 +00:00
Thiébaud Weksteen
d46376319b Merge "Remove duplicate service entries" into main 2024-10-17 02:59:51 +00:00
Treehugger Robot
d3a5c9f8d8 Merge "Revert "Update SELinux error"" into main 2024-10-16 11:04:36 +00:00
Krzysztof Kosiński
bf1d975910 Revert "Update SELinux error" 
This reverts commit a6eb3139fe.

Reason for revert: Caused by b/372273614, relevant CL was reverted

Fix: 372348756
Change-Id: I1ca54668c33b80d5139526f6ecf8dd65864787e4
 2024-10-15 06:31:33 +00:00
Eileen Lai
bc3e73c6b5 Merge "modem_svc: use shared_modem_platform to replace all modem_svc_sit" into main 2024-10-14 07:27:51 +00:00
Eileen Lai
c2660d9ba4 modem_svc: use shared_modem_platform to replace all modem_svc_sit 
Bug: 368257019

Flag: NONE local testing only
Change-Id: I9a9ff83d2bf3cf55b4c8806d808efde03ca2de70
 2024-10-09 08:34:45 +00:00
Nina Chen
a6eb3139fe Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 372348756
Bug: 372348383
Bug: 372348502
Flag: EXEMPT NDK
Change-Id: I126496a25529a73293430c9a1e7009e82b161331
 2024-10-09 03:24:11 +00:00
Nina Chen
d898a7a787 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 372121912
Test: scanBugreport
Bug: 359428180
Test: scanAvcDeniedLogRightAfterReboot
Bug: 359428180
Flag: EXEMPT NDK
Change-Id: I88cf70ace59b6ca4cf66a4b0ffaf3bc8220f932b
 2024-10-08 03:31:04 +00:00
Ben Murdoch
ce7cdaa39f Allow systemui_app to set 'debug.tracing.desktop_mode_visible_tasks' system property 
See also: Iad8dc7a66765856ee7affb707f2dba6c1bbfbf49

Bug: 363893429
Flag: EXEMPT, SEPolicy
Test: Verified on device.
Change-Id: I4916370be55d4d5fd5c53ac5418b8a2bd99e9b37
 2024-10-03 15:01:54 +00:00
Thiébaud Weksteen
f688a56d8e Remove duplicate service entries 
These entries are defined in the platform policy.

Flag: EXEMPT bugfix
Bug: 367832910
Test: TH
Change-Id: I34e04111d74d0b7b4d9e3e4e359feb1b92b40593
 2024-10-01 14:48:00 +10:00
Treehugger Robot
bab0ee8b25 Merge "Fix error in systemui when toggling airplane mode" into main 2024-09-26 16:11:38 +00:00
Wilson Sung
c6822be533 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 369540836
Test: scanBugreport
Bug: 369540673
Bug: 359428180
Test: scanAvcDeniedLogRightAfterReboot
Bug: 359428180
Flag: EXEMPT NDK
Change-Id: I096e8d513a393d70fc70edf658dcdf7650072c9a
 2024-09-25 12:46:23 +00:00
Wilson Sung
e40a281856 Fix error in systemui when toggling airplane mode 
avc:  denied  { read } for  name="u:object_r:radio_cdma_ecm_prop:s0" dev="tmpfs" ino=321 scontext=u:r:systemui_app:s0:c3,c257,c512,c768 tcontext=u:object_r:radio_cdma_ecm_prop:s0 tclass=file

Bug: 197722115
Bug: 359381748
Test: make selinux_policy
Flag: EXEMPT bugfix
Change-Id: I96d17e562ac1cc0e0e0597ce332e94be95652026
 2024-09-25 08:40:47 +00:00
Nina Chen
e6639e9e9f Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 369475700
Test: scanBugreport
Bug: 369475363
Bug: 359428180
Test: scanAvcDeniedLogRightAfterReboot
Bug: 369475225
Bug: 359428180
Flag: EXEMPT NDK
Change-Id: I154c0c347aa62a5eb262c2a8174ad3b3f2ba03aa
 2024-09-25 06:30:51 +00:00
Treehugger Robot
cd06811f33 Merge "Update sepolicy for nfc antenna selftest values" into main 2024-09-24 07:34:38 +00:00
Tej Singh
f03cc7ce1c Make android.framework.stats-v2-ndk app reachable 
For libedgetpu

Test: TH
Bug: 354763040
Flag: EXEMPT bugfix
Change-Id: I1c2fb12e09ffe8083d6b14b0ee5aa957e031ddf3
 2024-09-20 21:39:59 -07:00