Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1031 commits 1 branch 0 tags 18 MiB
Commit graph

373 commits

Author SHA1 Message Date
TreeHugger Robot
b8afba5124 Merge "Keep name "dmabuf_system_secure_heap_device" for secure playback" into udc-d1-dev am: 83588e636f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22185170

Change-Id: I8ae4c6a6f1c4e63adddc3fcdea47143e0e5e22d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 03:27:57 +00:00
TreeHugger Robot
83588e636f Merge "Keep name "dmabuf_system_secure_heap_device" for secure playback" into udc-d1-dev 2023-03-29 02:56:22 +00:00
TreeHugger Robot
a0beb1cf16 Merge "Allow bootctl to access trusty device" into udc-d1-dev am: 5d6157b523 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22307863

Change-Id: Icab0b0b06400d4b7c362813726b878d59a7d7f7c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 00:56:36 +00:00
TreeHugger Robot
5d6157b523 Merge "Allow bootctl to access trusty device" into udc-d1-dev 2023-03-29 00:00:55 +00:00
Mingguang Xu
afdff68774 Merge "Add permissions to connect radioext to twoshay." into udc-dev am: 57e322c17c am: e283627fac 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21956466

Change-Id: Id3525c06cc58f816eee7797145fbb301c4208ac7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 23:34:30 +00:00
Mingguang Xu
e283627fac Merge "Add permissions to connect radioext to twoshay." into udc-dev am: 57e322c17c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21956466

Change-Id: Iac8bc11118a1c8f6f401f938039899f03bdeea95
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 23:16:41 +00:00
Mingguang Xu
203dd313e7 Merge "Add permissions to connect radioext to twoshay." into udc-dev am: 57e322c17c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21956466

Change-Id: Ib70d523bc36e1a789b003374207094f2eaf722d5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 23:09:15 +00:00
Mingguang Xu
57e322c17c Merge "Add permissions to connect radioext to twoshay." into udc-dev 2023-03-28 23:03:46 +00:00
Feiyu Chen
67f06b0a3d Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev am: 2d34b0b1f6 am: 02cc06b4ab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22248613

Change-Id: I7cd7a542c4d855dac45e34b698303e18847057f9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 09:47:10 +00:00
Feiyu Chen
02cc06b4ab Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev am: 2d34b0b1f6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22248613

Change-Id: Icf1b60bc90121ad358639abe52ea15b4b69bb652
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 09:19:09 +00:00
Feiyu Chen
719b7aae1f Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev am: 2d34b0b1f6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22248613

Change-Id: Ia56751b481fd666dedec73f11ee2ee5ff7e4d088
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 09:18:37 +00:00
Feiyu Chen
2d34b0b1f6 Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev 2023-03-28 08:43:23 +00:00
Donnie Pollitz
74e0bf60c2 Allow bootctl to access trusty device 
Background:
* Boot Control needs to be able to blow AR fuses, which requires access
  to the OTP port on trusty.

Bug: 267714941
Test: AVC denial doesn't show up in log
Change-Id: I5635f2358b379ae0ffe882ca9ee162a455f554f0
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-03-28 09:58:16 +02:00
Jerry Huang
912984c964 Keep name "dmabuf_system_secure_heap_device" for secure playback 
Fixes the following denials:

03-13 14:31:22.796 W CodecLooper: type=1400 audit(0.0:284): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo

03-13 14:31:22.796 I auditd  : type=1400 audit(0.0:281): avc: denied { read } for comm="CodecLooper" name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo

03-14 15:01:48.069  1429  1429 W CodecLooper: type=1400 audit(0.0:1469): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=807 scontext=u:r:untrusted_app_32:s0:c65,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.disney.disneyplus

Bug: 268197530
Test: secure playback
Change-Id: I09a24fcf03f1f66b4c85d3b3949f33ad0d0f8dac
 2023-03-28 15:04:43 +08:00
Wilson Sung
98c7894070 Merge "Move OTA context out of legacy folder" into udc-d1-dev 2023-03-27 14:27:28 +00:00
Wilson Sung
21226c4c24 Merge changes from topic "275143841" 
* changes:
  Merge "Move OTA context out of legacy folder" to master
  Move OTA context out of legacy folder
 2023-03-27 14:27:28 +00:00
Alan
afafafd8a4 Add permissions to connect radioext to twoshay. 
Connection through grilantennatuningservice binder call.

Test: manual
Bug: 258970389
Change-Id: I419b40042cce363428f72fa723adf89bcf269ef4
 2023-03-27 17:07:16 +08:00
Gina Ko
7a32ef8f12 Merge "Allow systemui to find cameraserver_service" into udc-d1-dev am: 5821d671f3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22270826

Change-Id: Id6c48fa93ffdf03e50925cec717fe971e6b63cb6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 05:57:43 +00:00
Gina Ko
5821d671f3 Merge "Allow systemui to find cameraserver_service" into udc-d1-dev 2023-03-27 05:32:14 +00:00
Wilson Sung
c705e81227 Merge "Move OTA context out of legacy folder" to master 
Bug: 275143841
Test: OTA
Change-Id: I4774b7c48c075afc1b02d8c34fded212cd0efffb
 2023-03-27 11:46:05 +08:00
Wilson Sung
6acea9d647 Move OTA context out of legacy folder 
Bug: 275143841
Test: OTA
Change-Id: I4774b7c48c075afc1b02d8c34fded212cd0efffb
 2023-03-27 11:44:51 +08:00
Dinesh Yadav
81ad90854c Merge "Add certificate & label for GCA-ENG & GCA-Next" into udc-d1-dev am: 4a01ae23ad 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22246482

Change-Id: Iee99f93a8a15d9f723d849f22565ce30ac552885
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 03:34:15 +00:00
Gina Ko
ce85639700 Allow systemui to find cameraserver_service 
avc:  denied  { find } for pid=2435 uid=10235 name=media.camera
scontext=u:r:systemui_app:s0:c235,c256,c512,c768
tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=0

Bug: 272628174
Bug: 269964574
Bug: 274734888
Test: Manual. Able to turn on/off flashlight from QS.
Change-Id: Icedf70b06bd06eb5b819a00c9157b4f475e9a126
 2023-03-25 00:18:23 -07:00
feiyuchen
f0dc7907b0 Allow camera HAL to access edgetpu_app_service 
Today the EdgeTpu metrics logging library (used by EdgeTpu library used by camera HAL) has a dependency on edgetpu_app_service, in order to call its UserIsAuthorized API to know whether to log the metrics (We don't want to log metrics for 3P apps), see b/275016466.

This is not ideal, because strictly speaking, camera HAL doesn't need such dependency.

Still, this is fine and there is no security risk, because today even untrusted apps can call edgetpu_app_service: http://cs/android-internal/device/google/gs-common/edgetpu/sepolicy/untrusted_app_all.te;l=2;rcl=f4b62d12c171d4e294d8251e34197ab555c40673

Bug: 266084950
Test: Just mm
Change-Id: I6c0e4411370e4b300b9ceb3ad804688d873371cd
 2023-03-24 17:01:49 +00:00
Dinesh Yadav
84aa699ac8 Add certificate & label for GCA-ENG & GCA-Next 
This commit makes following changes:
- Add selinux policies for GCA-Eng & GCA-Next to access GXP device &
edgetpu services.
- Refactor code to push policies for Google Camera app from
legacy/whitechapel_pro/* to vendor/*

Tested:
- flashed both GCA-Eng & GCA-Next apps and observed no crashes due to gxp or edgetpu.
- scontext changed from "untrusted_app_32" to "debug_camera_app" in both cases.

Bug: 264490031
Change-Id: I51f69168eebd6c7e54e512b7abde8dd6bbe7c443
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-03-24 12:56:53 +00:00
Adam Shih
2b921528f1 Merge "Move pixel dumpstate to gs-common" into udc-dev 2023-03-24 05:54:52 +00:00
KRIS CHEN
355457bf9d Merge "Allow fingerprint hal to read sysfs_leds" into udc-dev am: dba88b81d3 am: 24b32ddd4c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22178643

Change-Id: I0b1312780a03417859f9203ee8e1d34bca1ec2a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 03:09:02 +00:00
Adam Shih
8538fd33da Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-24 02:55:51 +00:00
KRIS CHEN
4f15bf412d Merge "Allow fingerprint hal to read sysfs_leds" into udc-dev am: dba88b81d3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22178643

Change-Id: Ic8a12d3e5a4d79ef5edbe17fc340c54760cf8998
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 02:41:26 +00:00
Mark Chang
75f77b7bc6 Merge "Add IScreenProtectorDetectorService policy for systemui_app." into udc-d1-dev am: 3c027fdc6e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22197842

Change-Id: I084554e9af7107be6c13aace51cab06c4bf614b0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 09:00:24 +00:00
Mark Chang
3c027fdc6e Merge "Add IScreenProtectorDetectorService policy for systemui_app." into udc-d1-dev 2023-03-23 08:30:24 +00:00
TreeHugger Robot
24536aa24c Merge "Revert "Move pixel dumpstate to gs-common"" into udc-dev am: 3fae47e04b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22215371

Change-Id: I3b6ed885d80985c85846b1ec6627c093ba94431f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 08:07:36 +00:00
TreeHugger Robot
48b6856587 Merge "sepolicy: label odpm paths for system suspend" into udc-d1-dev am: b76a3b6257 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22189946

Change-Id: I16131bd8b5cde5325378a6f22bca3042dd1fdf05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 07:46:35 +00:00
Andy Hsu
88d801e092 Merge "Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL." into udc-d1-dev am: 93e86449e5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22215364

Change-Id: Ic14bcd44370d4dc064537b2ac888677985d5cf12
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 07:43:50 +00:00
TreeHugger Robot
b76a3b6257 Merge "sepolicy: label odpm paths for system suspend" into udc-d1-dev 2023-03-23 07:19:55 +00:00
Andy Hsu
93e86449e5 Merge "Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL." into udc-d1-dev 2023-03-23 07:01:32 +00:00
Andy Hsu
9c91ba1a2f Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL. 
Note that this only adds permission to GCARelease and GCADogfood, while GCANext and GCAEng are still untrusted app on zuma now and after this change GCANext and GCAEng will still be denied.

Bug: 264490031

Test: Portrait processing in GCARelease didn't get denial message when accessing PowerHAL after this change  (https://cnsviewer-static.corp.google.com/cns/md-d/home/pixel-camera-data-readers/acat/hwandy/ag/22215364?user=pixel-camera-data-readers).

Change-Id: Ia4a4c2f24215b9da9db7985cf67112997df355fa
 2023-03-23 06:41:13 +00:00
Darren Hsu
8e028f0a03 sepolicy: label odpm paths for system suspend 
Bug: 272166423
Test: run singleCommand pts -m PtsSELinuxTestCases
Change-Id: I0295cc09cd8eb46b19edcec0d74440e497440423
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-23 14:13:43 +08:00
Wilson Sung
3e68836e43 Revert "Move pixel dumpstate to gs-common" 
Revert submission 22188471-dumpstate aidl

Reason for revert: Build break

Reverted changes: /q/submissionid:22188471-dumpstate+aidl
Bug: 274858145

Change-Id: I757111541257eecd4936572376fe42a4c866a1d6
 2023-03-23 05:58:12 +00:00
Adam Shih
cad969da74 Merge "Move pixel dumpstate to gs-common" into udc-dev am: 0c17644417 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22188471

Change-Id: I58ded180038a8aa507095d31a069547b7f02efea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 05:52:55 +00:00
Miranda Kephart
04ac3ce7f5 Fix screenshot shutter sound on P23 devices am: 8cc50336c8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22200827

Change-Id: I1bc148a562bc22bdab4be3984f1394ecf0da364f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 04:13:55 +00:00
Miranda Kephart
8cc50336c8 Fix screenshot shutter sound on P23 devices 
SystemUI didn't have permission to access media server or the audio
server. Looks like both are required (and sufficient).

Bug: 273688513
Bug: 272628174
Fix: 273688513
Test: manual; take a screenshot with ringer on and verify it
makes a sound

Change-Id: Ibbe54db8cbf78ed199cb329804221709a2822242
 2023-03-22 18:40:47 +00:00
Mark Chang
9e2ce3d5c0 Add IScreenProtectorDetectorService policy for systemui_app. 
Bug: 260302317
Test: system ui app successfully started.
Change-Id: Ibbeab03e738fbbd4103bb5bf4e9f6bbd2998cd29
Signed-off-by: Mark Chang <changmark@google.com>
 2023-03-22 11:53:18 +00:00
Adam Shih
ee45cfea78 Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-22 05:06:27 +00:00
Adam Shih
9844033c0a Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-22 13:05:44 +08:00
TreeHugger Robot
7cd8b7fd2f Merge "change device type for /dev/stmvl53l1_ranging" into udc-d1-dev am: 03d439f0e1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22167058

Change-Id: I40aab624c447d94be30d25ea2b256f289c576f7e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 03:09:42 +00:00
TreeHugger Robot
03d439f0e1 Merge "change device type for /dev/stmvl53l1_ranging" into udc-d1-dev 2023-03-22 02:36:37 +00:00
Joerg Wagner
6351914802 Merge "Update Mali DDK to r40 : Additional SELinux settings" into udc-d1-dev 2023-03-21 14:36:16 +00:00
Kris Chen
0ea531896c Allow fingerprint hal to read sysfs_leds 
Fix the following avc denials:
avc: denied { search } for name="backlight" dev="sysfs" ino=79316
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=dir permissive=1

avc: denied { read } for name="state" dev="sysfs" ino=79365
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=file permissive=1

Bug: 271072126
Test: Authenticate fingerprint.
Change-Id: Ibefbcefc005ab2cec7c417f197fd134b154ed9a1
 2023-03-21 12:18:59 +00:00
JimiChen
ee1df407be change device type for /dev/stmvl53l1_ranging 
It was a rls_device. Move to lwis_device now.

Bug: 274552433
Test: launch GCA
Change-Id: Id920583cc06b09063de85b160c12a5c3a5468c11
 2023-03-21 20:00:00 +08:00