Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2249 commits 1 branch 0 tags 18 MiB
Commit graph

2249 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kelvin Zhang
667f2a4670 Allow copy_efs_files_to_data to read efs block devices 
Previously, we rely on mount points to copy files out of
efs partitions. Switch over to dump.f2fs to read directly
from block device without mounting. This allows us to copy
files out of efs partition in both 4K and 16K mode.

Test: Boot ext4 device with dev option enabled
Bug: 340965747
Change-Id: Ie3108319cfdb5d922a18863de7431c3cfcc4cf16
 2024-06-04 16:49:42 -07:00
Xin Li
79e1531622 [automerger skipped] Merge Android 24Q2 Release (ab/11526283) to aosp-main-future am: 42aa8de219 -s ours 
am skip reason: Merged-In I56143303453cce01d812997ed4a06d815f2a6859 with SHA-1 97a16aff57 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27273322

Change-Id: Ib48cb1570130e89e98ce755f22b4b222be981e69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 19:46:13 +00:00
chenkris
090928722e Add sepolicy for fingerprint HAL to check NSP file 
Fix the following avc denials:
avc:  denied  { search } for  name="copied" dev="dm-58" ino=428
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:modem_efs_image_file:s0 tclass=dir

avc:  denied  { search } for  name="persist" dev="dm-58" ino=443
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

avc:  denied  { search } for  name="ss" dev="dm-58" ino=445
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=dir

avc:  denied  { read } for  name="nsp" dev="dm-58" ino=15500
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=file

avc:  denied  { open } for  path="/data/vendor/copied/persist/ss/nsp"
dev="dm-58" ino=15500
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:persist_ss_file:s0 tclass=file

Bug: 335525798
Test: Use UDFPS repair tool to update calibration files
Change-Id: Ic233a07ced8fd828c0e4b4ae1cffa93763a83b42
 2024-05-29 04:39:37 +00:00
Wilson Sung
cdc4acc647 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 340722729
Change-Id: I8f11ea5848724f18765cca2dda91a7d916b82f72
 2024-05-15 03:50:08 +00:00
Shiyong Li
0455a656b7 Merge "Add sepolicy for power_state node" into 24D1-dev am: 7107af6af0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27057168

Change-Id: Iebbdf2275b4d0460ac58100db1ab1b865ed63d04
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-09 05:21:38 +00:00
Shiyong Li
7107af6af0 Merge "Add sepolicy for power_state node" into 24D1-dev 2024-05-09 05:16:16 +00:00
Treehugger Robot
bc68fdd684 Merge "Reland: Add necessary sepolicy for convert_modem_to_ext4" into main 2024-05-08 16:13:27 +00:00
KRIS CHEN
3cbe2de42c Merge "Allow fingerprint to access the folder /data/vendor/fingerprint" into main 2024-05-08 08:46:30 +00:00
chenkris
4035d467ad Allow fingerprint to access the folder /data/vendor/fingerprint 
Fix the following avc denial:
android.hardwar: type=1400 audit(0.0:20): avc:  denied  { write } for  name="fingerprint" dev="dm-56" ino=36703 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 267766859
Test: Tested fingerprint under enforcing mode
Change-Id: Iadd058432b7db8c20a949aeda1df5f8309663004
 2024-05-08 06:48:41 +00:00
Kelvin Zhang
be41aa688e Reland: Add necessary sepolicy for convert_modem_to_ext4 
The original CL was reverted because it references
enable_16k_pages_prop, which is only available on board API level >
202504.

This reland removes enable_16k_pages_prop usage, and worked around it by
reading PRODUCT_16K_DEVELOPER_OPTION at build time.

Test: reformat data as ext4, reboot
Bug: 293313353
Change-Id: Ibd8f57d1ef4fd2b0fd8b4170153d57fe9a9cefc2
 2024-05-07 13:24:15 -07:00
Pechetty Sravani
7c7e028271 Merge "Revert "Add necessary sepolicy for convert_modem_to_ext4"" into main 2024-05-07 13:08:44 +00:00
Pechetty Sravani
2bf59857da Revert "Add necessary sepolicy for convert_modem_to_ext4" 
Revert submission 26822004

Reason for revert: <Potential culprit for b/339099720- verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Reverted changes: /q/submissionid:26822004

Change-Id: I90e3bf5ecbdf6c058c56293cfba59c628ccc7aba
 2024-05-07 08:50:45 +00:00
Treehugger Robot
20f1383abd Merge "Add necessary sepolicy for convert_modem_to_ext4" into main 2024-05-06 23:19:28 +00:00
Xin Li
42aa8de219 Merge Android 24Q2 Release (ab/11526283) to aosp-main-future 
Bug: 337098550
Merged-In: I56143303453cce01d812997ed4a06d815f2a6859
Change-Id: I61f611a2fcb900fcb4bb035c2abfbb19a840fddb
 2024-05-06 12:09:17 -07:00
Enzo Liao
2247b84115 [automerger skipped] Merge "Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common." into 24D1-dev am: c3c5b0fb90 -s ours 
am skip reason: Merged-In Id42c4de6c29d4a95f8a68a5732c4732edfb71da8 with SHA-1 df85139d17 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27046738

Change-Id: I74a2603921e024818214cdd40206f83cadcb6b40
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-25 08:31:17 +00:00
Enzo Liao
146d62c821 [automerger skipped] Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. am: 7c420c0703 -s ours 
am skip reason: Merged-In Id42c4de6c29d4a95f8a68a5732c4732edfb71da8 with SHA-1 df85139d17 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27046738

Change-Id: Ic8c15dba652af326c8860b4de81f42ea204c93b0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-25 08:31:13 +00:00
Enzo Liao
c3c5b0fb90 Merge "Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common." into 24D1-dev 2024-04-25 08:22:06 +00:00
Spade Lee
9d059a073d [automerger skipped] pixelstats_vendor: add logbuffer_device r_file_perms am: 52df1a478b -s ours 
am skip reason: Merged-In Ieca53f3092355c72784d4216c138cbb7cc9c7fa4 with SHA-1 3f707d13c2 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/27094861

Change-Id: I27d28e4e8b14f71a16aba5f7de9b8874d205e708
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-25 08:20:29 +00:00
Spade Lee
52df1a478b pixelstats_vendor: add logbuffer_device r_file_perms 
avc: denied { read } for name="logbuffer_maxfg_monitor" dev="tmpfs" ino=1034 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0

Bug: 329174074
Test: no denied log, and able to read logbuffer in pixelstats_vendor
Signed-off-by: Spade Lee <spadelee@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3f707d13c29300fab31a1ba6a8657771ba4946a8)
Merged-In: Ieca53f3092355c72784d4216c138cbb7cc9c7fa4
Change-Id: Ieca53f3092355c72784d4216c138cbb7cc9c7fa4
 2024-04-25 06:11:20 +00:00
Kevin Ying
a78ae51ef1 Add sepolicy for power_state node 
Bug: 329703995
Test: manual - used camera
Change-Id: I1f156fe7f10210b933f360fef771cb37ff3cbedb
Signed-off-by: Kevin Ying <kevinying@google.com>
 2024-04-24 19:10:19 +00:00
Kelvin Zhang
276b386b6f Add necessary sepolicy for convert_modem_to_ext4 
Test: reformat data as ext4, reboot
Bug: 293313353
Change-Id: Iede84b1827166f1581d80077fe1c4d93d01a815b
 2024-04-22 10:14:13 -07:00
Kelvin Zhang
c1341de4c3 Add necessary sepolicy for ro.vendor.persist.status 
This prop will be set to "mounted" after /mnt/vendor/persist mounts.
Need this prop to synchronize different actions in init.rc script.

Test: th
Bug: 319335586
Change-Id: I9e8bd5e875956393d610b7def6be713565543d05
 2024-04-22 10:14:12 -07:00
Enzo Liao
7c420c0703 Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. 
New paths (ag/26620507):
  RamdumpService: device/google/gs-common/ramdump_app
  SSRestartDetector: device/google/gs-common/ssr_detector_app

Bug: 298102808
Design: go/sys-software-logging
Test: Manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:df85139d173644b7ec44cb7151845026872a1648)
Merged-In: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
Change-Id: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
 2024-04-22 03:02:53 +00:00
Martin Liu
e028d802db move common MM policy to gs common folder 
Bug: 332916849
Bug: 309409009
Test: boot
Change-Id: I05803943752f7b021c9d4f97b475b493f6ceadcb
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-18 01:59:46 +00:00
Krzysztof Kosiński
d4f04d19cc Remove rlsservice sepolicy. am: 41c22587a2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/26948256

Change-Id: I60d0c43786dc869f9d69ce7c95e2199652efda3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-15 21:58:31 +00:00
Kadi Narmamatov
99c5c3dc9e Merge "rsfd: add get_prop for cbd property" into main 2024-04-15 07:36:23 +00:00
Krzysztof Kosiński
41c22587a2 Remove rlsservice sepolicy. 
rlsservice is not included on zuma and later, only gs101/gs201.
Relevant code search link:
https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:vendor/google/services/LyricCameraHAL/src/apex/Android.bp;l=26;drc=e4b49a6d945df6d5210c35251de8046b162d799d

Bug: 278627483
Test: presubmit
Change-Id: I15398ddeea8c0a10920c987e55789ba4a8322774
 2024-04-12 22:03:22 +00:00
Treehugger Robot
32ce8f9878 Merge "allow vendor init to access compaction_proactiveness" into main 2024-04-12 15:03:00 +00:00
Enzo Liao
4104efb34f Merge "Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common." into main 2024-04-11 02:03:26 +00:00
Martin Liu
fb44539d8d allow vendor init to access compaction_proactiveness 
Bug: 332916849
Test: boot
Change-Id: If1930fe0f174f2794296ded69d29420f2e59f6c2
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-10 23:34:49 +00:00
kadirpili
22844d59ca rsfd: add get_prop for cbd property 
Bug: 323086582

Test: flash ROM and check for rfsd sepolicy logs

Change-Id: I6f8c555614386fda784b4532a4b004d5fe857bc6
 2024-04-10 05:52:54 +00:00
Enzo Liao
df85139d17 Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. 
New paths (ag/26620507):
  RamdumpService: device/google/gs-common/ramdump_app
  SSRestartDetector: device/google/gs-common/ssr_detector_app

Bug: 298102808
Design: go/sys-software-logging
Test: Manual
Change-Id: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8
 2024-04-08 19:21:13 +08:00
Treehugger Robot
2ab2661048 Merge "display: low-light blocking zone support" into 24D1-dev am: 0a3562a15c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/26800869

Change-Id: Ic14a269756206f63e9978bc453d68163fef6d868
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-04 03:27:45 +00:00
Treehugger Robot
0a3562a15c Merge "display: low-light blocking zone support" into 24D1-dev 2024-04-04 02:46:42 +00:00
Spade Lee
5a4b459eff sepolicy: allow kernel to search vendor debugfs am: 0ac2d9f7bc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/26738853

Change-Id: Ic8f63f4bbda165e07ea150a2f5a9cfc7211f5c07
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-03 04:24:44 +00:00
cweichun
495b0120ea display: low-light blocking zone support 
Bug: 315876417
Test: verify the functionality works
Change-Id: Id8972d4c9057aa76f72dd32d47a5d07c0822645b
 2024-04-02 15:25:43 +00:00
Spade Lee
0ac2d9f7bc sepolicy: allow kernel to search vendor debugfs 
audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: I0e0c2fee4d508cc4e76714df0efbe5eca7ca5966
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-04-02 07:35:39 +00:00
Treehugger Robot
2a01ceedb9 Merge "display: low-light blocking zone support" into main 2024-04-02 04:21:29 +00:00
cweichun
e9c8f2af69 display: low-light blocking zone support 
Bug: 315876417
Test: verify the functionality works
Change-Id: Id8972d4c9057aa76f72dd32d47a5d07c0822645b
 2024-04-01 22:31:48 +00:00
Treehugger Robot
ff1c6fe2ba Merge "usb: correct the xhci wakeup path" into main 2024-04-01 04:00:20 +00:00
Mike Wang
aa7749fb7b Merge "Add the selinux policy for MDS to access modem_state file" into main 2024-03-29 15:16:19 +00:00
mikeyuewang
6546398c27 Add the selinux policy for MDS to access modem_state file 
Add the selinux policy for MDS to access modem_state file

avc deny:
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:14): avc:  denied  { read } for  name="modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:15): avc:  denied  { open } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:16): avc:  denied  { getattr } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds

Bug: 331202327

Change-Id: I5e0088d274bc4f45010a19631ecbaece7cc3cc42
 2024-03-28 20:28:10 +00:00
Albert Wang
c24ead7ce9 usb: correct the xhci wakeup path 
Error log:
Error opening kernel wakelock stats for: wakeup177 (...xhci-hcd-exynos.5.auto/usb1/1-1/wakeup/wakeup177): Permission denied

bug: 311087938
Test: boot to home and host mode works well
Change-Id: I8bdd38499dec3852ba33510f40e58cebd3a4560f
 2024-03-27 10:26:45 +00:00
Megha Patil
c8c92bd593 Sepolicy for the new property to switch Modem Binary 
Sepolicy Rules added for telephony.TnNtn.image_switch

BUG: b/298322438
Bug: 323087490

Test: Test Binding sequence of Service
Change-Id: Ie79aff94159d79a573ec92546a5d3e390b802b22
 2024-03-26 08:44:51 +00:00
Hungyen Weng
e0e63c38d7 Merge "Allow modem_svc to access modem files and perfetto" into main 2024-03-22 23:52:52 +00:00
Spade Lee
dbc39c622b Merge "pixelstats_vendor: add logbuffer_device r_file_perms" into main 2024-03-22 07:30:31 +00:00
Hungyen Weng
1db18cf4b3 Allow modem_svc to access modem files and perfetto 
Bug: 330730987

Test: Confirmed that modem_svc is able to access token db files in modem partition
Test: Confiemed that modem_svc can send traces to perfetto

Change-Id: Ic8b724e0e8d72f5ead83e75ab85471bcbdaf8749
 2024-03-22 00:29:41 +00:00
Oleg Blinnikov
920bae7e33 Merge "persist.sys.hdcp_checking property added" into main 2024-03-21 12:21:30 +00:00
Spade Lee
6ad6fb5edb sepolicy: allow kernel to search vendor debugfs 
audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: I0e0c2fee4d508cc4e76714df0efbe5eca7ca5966
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-03-20 18:16:41 +00:00
Oleg Blinnikov
57d222ff5f persist.sys.hdcp_checking property added 
Change-Id: I518db2909d2356a42421a626288365bb7458cc9c
Bug: 321344894
Test: modify property, see that max_ver file modified
 2024-03-19 16:06:51 +00:00