Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
735 commits 1 branch 0 tags 18 MiB
Commit graph

735 commits

This branch
This branch
All branches
Author SHA1 Message Date
Wilson Sung
676c7a674c Remove proc_vendor_sched obsolete denials 
Bug: 264490054
(cherry picked from commit 6545bc156a)
Change-Id: I308df50eefe611a0a87afc9a21387465487cc6ea
Merged-In: I308df50eefe611a0a87afc9a21387465487cc6ea
 2023-02-20 11:01:42 +00:00
Nicole Lee
7706be6c71 logger_app: don't audit default_prop and fix errors 
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger

Bug: 264489961
Bug: 269383459
Test: Make sure no avc denied for logger_app when using Pixel Logger
(cherry picked from commit ef1d13d86d)
Change-Id: I8999372d243286586eb53602e167fa111d39a00f
Merged-In: I8999372d243286586eb53602e167fa111d39a00f
 2023-02-20 11:00:59 +00:00
TreeHugger Robot
9adfa9a961 Merge "Revert "Revert "Update error on ROM 9624328""" 2023-02-20 08:00:15 +00:00
Sean.JS Tsai
6f7bde4d0e Merge "Revert "Update error on ROM 9624328"" into udc-dev am: 8838f4e286 am: f0e29936a5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21502536

Change-Id: Ie75b3d535e6dbe6d5dbad91fa69df58e61c25b27
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-20 07:55:14 +00:00
Wilson Sung
47570e0ed6 Revert "Revert "Update error on ROM 9624328"" 
This reverts commit d8572861e3.

Remove hal_googlebattery related denied

Bug: 269813282
Bug: 269813059
Bug: 268566481
Bug: 269812912
Change-Id: I25b0f417af3e741719f959aed79e7e330687e117
 2023-02-20 15:07:14 +08:00
Sean.JS Tsai
f0e29936a5 Merge "Revert "Update error on ROM 9624328"" into udc-dev am: 8838f4e286 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21502536

Change-Id: I564275400b71dd3f2859b4a4cf7b4bcce56e0969
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-20 06:46:09 +00:00
Sean.JS Tsai
5c6a9053e5 Merge "Revert "Update error on ROM 9624328"" into udc-dev am: 8838f4e286 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21502536

Change-Id: I6be9c22256297c1417b6f9f4c361ba1e818b540f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-20 06:44:47 +00:00
Sean.JS Tsai
8838f4e286 Merge "Revert "Update error on ROM 9624328"" into udc-dev 2023-02-20 05:59:29 +00:00
TreeHugger Robot
0d91c28418 Merge "Update error on ROM 9624328" into udc-dev am: ea203448fd am: f5aeedf6fc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21482714

Change-Id: Ia337af931a821f03c8c72f491113eea8e7bf043f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-20 05:23:43 +00:00
Sean.JS Tsai
d8572861e3 Revert "Update error on ROM 9624328" 
This reverts commit cf747f40d6.

Reason for revert: <b/269976373>

Change-Id: I1bee9c1da2571ab753c2193491ebc71b288b66b2
 2023-02-20 04:29:33 +00:00
Ken Yang
dd3eaa4dce Merge "WLC: cleanup the unused hal_wlc policies" 2023-02-20 04:21:11 +00:00
Ken Yang
91045cea32 Merge "WLC: cleanup WLC trakcing_denials" 2023-02-20 04:20:59 +00:00
TreeHugger Robot
f5aeedf6fc Merge "Update error on ROM 9624328" into udc-dev am: ea203448fd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21482714

Change-Id: I4c579890ef5ee1c6427b3b699223d3d9cea138be
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-20 04:16:13 +00:00
TreeHugger Robot
864bf07d5c Merge "Update error on ROM 9624328" into udc-dev am: ea203448fd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21482714

Change-Id: If0e5d0b805f5cf467d0ec8c66310919df9acd088
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-20 04:13:24 +00:00
TreeHugger Robot
ea203448fd Merge "Update error on ROM 9624328" into udc-dev 2023-02-20 03:28:27 +00:00
sukiliu
cf747f40d6 Update error on ROM 9624328 
Bug: 269813282
Bug: 269813059
Bug: 268566481
Bug: 269812912
Test: SELinuxUncheckedDenialBootTest
Change-Id: Id8cbfb7c55f2acdc3102b20cdbd2702b594992ba
 2023-02-20 10:28:33 +08:00
Ken Yang
6f9844d137 WLC: cleanup the unused hal_wlc policies 
Bug: 264489562
Bug: 262455719
Bug: 260366297
Bug: 260363384
Change-Id: I90b9e442082b8e03e76ce63aaee56e5882933449
Signed-off-by: Ken Yang <yangken@google.com>
 2023-02-20 00:58:13 +00:00
Ken Yang
da69d2a494 WLC: cleanup WLC trakcing_denials 
Bug: 268566583
Change-Id: I2b3fda7b1b84ff4407eee4017df351f9f1d3bb51
Signed-off-by: Ken Yang <yangken@google.com>
 2023-02-20 00:42:35 +00:00
TreeHugger Robot
d19076e7ff Merge "hal_health_default: allow to access persist.vendor.shutdown.*" into udc-dev am: c012a8a10a am: dfd3d8e7c5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475626

Change-Id: I7beb6ec7071cba88880bf0f1c8ce17ec0a54fb0b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 16:01:39 +00:00
TreeHugger Robot
dfd3d8e7c5 Merge "hal_health_default: allow to access persist.vendor.shutdown.*" into udc-dev am: c012a8a10a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475626

Change-Id: Ice2cb63d7abc67b3185532be682db8841d018c1a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 14:51:17 +00:00
TreeHugger Robot
213f91ad98 Merge "hal_health_default: allow to access persist.vendor.shutdown.*" into udc-dev am: c012a8a10a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475626

Change-Id: I897ae56dfb2a8fb577cc1ca3340a9feecab8c15b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 14:49:15 +00:00
TreeHugger Robot
c012a8a10a Merge "hal_health_default: allow to access persist.vendor.shutdown.*" into udc-dev 2023-02-18 13:46:15 +00:00
Kuen-Han Tsai
f939579c6e SEPolicy: remove tracking denials for hal_usb am: d0ac5bffa3 am: e4af4e0824 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21486210

Change-Id: I3d48ca424b1490004894b0809d6b9c03f3a17532
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 06:04:38 +00:00
Kuen-Han Tsai
e4af4e0824 SEPolicy: remove tracking denials for hal_usb am: d0ac5bffa3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21486210

Change-Id: I639171077e99d6e17698e7a1905712ab7d4446a6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 04:54:12 +00:00
Kuen-Han Tsai
f0173dff8a SEPolicy: remove tracking denials for hal_usb am: d0ac5bffa3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21486210

Change-Id: I949f460625696b1de5b5a89caeef9b59869b9e1d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 04:48:21 +00:00
neoyu
9ae44843ad Fix avc denied for hal_radioext_default am: c0da946f48 am: 4ff3dbefcd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475628

Change-Id: Ia082d38a7ea7079fd0f7d2cd86b3d7c3d847d10d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 03:27:40 +00:00
Kuen-Han Tsai
d0ac5bffa3 SEPolicy: remove tracking denials for hal_usb 
Remove tracking denials since there is no avc denials related to hal_usb
found in the bug report.

Bug: 264483531
Bug: 264483531
Bug: 264482981
Bug: 264600052
Bug: 264482981
Bug: 264600052
Bug: 261651112
Test: Capture bugreport and check any denials related to hal_usb
Change-Id: I535c94c1112fc51f80b80c99562b43afee32ddd6
 2023-02-18 02:41:51 +00:00
neoyu
4ff3dbefcd Fix avc denied for hal_radioext_default am: c0da946f48 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475628

Change-Id: I1cbdf50e1f0dc138076cf70b8229885f60482c60
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 02:23:12 +00:00
neoyu
e4e8a1df0f Fix avc denied for hal_radioext_default am: c0da946f48 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475628

Change-Id: Id91591d00b8ba8a606dfc9938d82a89fb861756a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 02:21:37 +00:00
neoyu
c0da946f48 Fix avc denied for hal_radioext_default 
avc: denied { call } for comm="HwBinder:782_1" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=binder permissive=0

Bug: 269684065
Test: manual
Change-Id: I5ebf280feafabf4688718197c79bd6c4cac6e8fe
 2023-02-17 08:39:47 +00:00
Ken Tsou
10e84d8327 hal_health_default: allow to access persist.vendor.shutdown.* 
msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 266181615
Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4
Signed-off-by: Ken Tsou <kentsou@google.com>
 2023-02-17 07:00:37 +00:00
Kah Xuan Lim
77ce224141 modem_svc_sit: grant modem property access 
Log message gotten before adding the policy:
avc: denied { connectto } for comm="modem_svc_sit" path="/dev/socket/property_service" scontext=u:r:modem_svc_sit:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1

Bug: 247669574
Change-Id: Id5e66d94eb14c6979d3b93d54fd73634444cdea1
 2023-02-17 06:24:53 +00:00
Wilson Sung
967da5da4f allow bootctl to read devinfo 
Bug: 260522436
Change-Id: I41d2763ffe40d7465a11cc86612fed9f92905eff
 2023-02-17 03:06:49 +00:00
Wilson Sung
6545bc156a Remove proc_vendor_sched obsolete denials 
Bug: 264490054
Change-Id: I308df50eefe611a0a87afc9a21387465487cc6ea
 2023-02-17 03:06:26 +00:00
Nicole Lee
ef1d13d86d logger_app: don't audit default_prop and fix errors 
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger

Bug: 264489961
Bug: 269383459
Test: Make sure no avc denied for logger_app when using Pixel Logger
Change-Id: I8999372d243286586eb53602e167fa111d39a00f
 2023-02-16 10:59:51 +00:00
Wilson Sung
3432cc6b0b Enforce system_server and remove obsolete denials 
Bug: 261519050
Bug: 262455682
Bug: 264489786
Test: boot to home and avc gone
Change-Id: I0a51e029a85af0a77faebfdcfe0b4dc26b71cca6
 2023-02-16 05:35:19 +00:00
Wilson Sung
c43a6186bf Add app_domain to con_monitor_app 
Bug: 261782930
Bug: 264490077
Test: boot to home and avc gone
Change-Id: I86a0793c93549172ee60397b9735ddcfe0d20bac
 2023-02-16 13:00:39 +08:00
TreeHugger Robot
061a2d7f82 Merge "Remove shell related denied" 2023-02-16 04:01:25 +00:00
Jayachandran C
b85f29bb54 Merge "Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets."" 2023-02-16 02:59:18 +00:00
Jayachandran C
75fc4f2051 Merge "Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding" 2023-02-16 02:59:18 +00:00
Wilson Sung
ae2403dca7 Remove shell related denied 
Bug: 260366321
Bug: 264489784
Change-Id: I21c5011358862ea911a3240aa0ff650d503514e9
 2023-02-16 02:21:56 +00:00
Neo Yu
a5eb63a4ca Merge "Fix avc denied for hal_radioext_default" 2023-02-16 00:34:33 +00:00
Jayachandran C
f54ab444ac Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding 
This fixes the follow denials

Vendor ImsStack denials
================
type=1400 audit(0.0:9): avc: denied { read write } for comm="pool-28-thread-" path="socket:[109431]" dev="sockfs" ino=109431 scontext=u:r:radio:s0 tcontext=u:r:vendor_ims_app:s0:c7,c257,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice

AOC denials
===========
type=1400 audit(0.0:11): avc: denied { write } for name="acd-audio_rtp_tx" dev="tmpfs" ino=1185 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
type=1400 audit(0.0:12): avc: denied { read } for name="acd-audio_rtp_rx" dev="tmpfs" ino=1186 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 259178236
Test: Manually verified on the device with AOC

Change-Id: I000c0c72d8a37ab5680caddd499977db66939bfa
 2023-02-15 22:20:56 +00:00
Jayachandran C
8a51382598 Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets." 
This reverts commit ebe77e31f4.

Reason for revert: Re-worked as part of ag/21259162
Bug: 259178236

Change-Id: I0494e71339c335b2efc2f23d4087f19184cfd1b5
 2023-02-15 21:31:26 +00:00
Jörg Wagner
6834d6f59f Update Mali DDK to r40 : Additional SELinux settings 
Expose DDK's dynamic configuration options through the Android Sysprop
interface, following recommendations from Arm's Android Integration
Manual.

Bug: 261718474
Change-Id: I785106b6d2d05e21bf60fcd6da3d716b32e1bc1d
 2023-02-15 14:19:50 +00:00
neoyu
8a9b4fde21 Fix avc denied for hal_radioext_default 
avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 269048898
Bug: 269045233
Test: manual
Change-Id: Ie5c926a8c22859d1ca2655b1bd91f36201f48285
 2023-02-15 17:58:39 +08:00
Wilson Sung
4ea1dcff3a Fix zram avc denied 
Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
 2023-02-15 08:23:49 +00:00
TreeHugger Robot
386ec7e920 Merge "Remove logger_app in bug_map" 2023-02-15 07:05:52 +00:00
Adam Shih
650b20d27f Merge "create cma dump" 2023-02-15 06:28:52 +00:00
Welly Hsu
5a441a9ca3 Merge "Remove unnecessary dontaudit for context euiccpixel_app" 2023-02-15 05:27:41 +00:00