Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2048 commits 1 branch 0 tags 18 MiB
Commit graph

170 commits

Author SHA1 Message Date
Martin Liu
e4e930185a Add sepolicies for gcma_camera heaps 
Bug: 275481134
Test: launch camera
Change-Id: I2efe897826d3c32bb85c815207865c0db557ea9f
Signed-off-by: Martin Liu <liumartin@google.com>
 2023-05-08 23:54:55 +08:00
TreeHugger Robot
99c3feb294 Merge "Add tele sensor sepolicy permission" into udc-d1-dev am: b417627fb8 am: 899d3062b6 am: ebb31ef6bb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23020018

Change-Id: I2c9c384487f02bf9d8a12db6121982a611a903f1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-08 04:00:55 +00:00
TreeHugger Robot
b417627fb8 Merge "Add tele sensor sepolicy permission" into udc-d1-dev 2023-05-08 02:00:59 +00:00
Treehugger Robot
ab47a1ae3b Merge "Add sepolicy permission of new camera components" into udc-d1-dev am: 74e0e5fc37 am: ad2c33b44a am: 76ab0fefef 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22982823

Change-Id: Ia805db6bdaa4a25a8606473eb668ab9bcf029590
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-05 07:36:25 +00:00
Kamal Shafi
e1464f8e53 Add tele sensor sepolicy permission 
Bug: 280370254
Test: build pass
Change-Id: If76c157e272f40159bcd6aac08d4b3bc88991338
 2023-05-04 09:18:55 +00:00
horngchuang
5e6e5b568b Add sepolicy permission of new camera components 
Bug: 279885244
Bug: 280392819
Test: Build and test for sensor denials
Change-Id: Ib29b0287bc52f9c0fe6e3c18c272e6593507371b
 2023-05-04 07:38:46 +00:00
Treehugger Robot
03abfd7621 Merge "Correct sepolicy permission for new UW cam EEPROM" into udc-d1-dev am: cdb62d5474 am: a43377782f am: 8efc7938fe 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22896105

Change-Id: Id34f927edf557c108df3e70acb5e8fe57ddae3d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-03 10:27:45 +00:00
Treehugger Robot
cdb62d5474 Merge "Correct sepolicy permission for new UW cam EEPROM" into udc-d1-dev 2023-05-03 08:20:05 +00:00
Horng Chuang
bf13c5b01c Merge "Add sepolicy permission for new svarog sensor" into udc-d1-dev am: 5a2189a5ae am: 0f17ef32db am: de56475f2b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22668237

Change-Id: Idc51f1cac6f6f8b441a90372de16d129c152c7ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-03 05:48:17 +00:00
Horng Chuang
5a2189a5ae Merge "Add sepolicy permission for new svarog sensor" into udc-d1-dev 2023-05-03 03:26:50 +00:00
Tom Huang
8fde4edfbf Merge "Add hidraw device sepolicy for headtracking" into udc-d1-dev am: dd5df5791f am: 5c0053c5ec am: 34dd9a81d9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22874908

Change-Id: Id094f59aa2876b5742ae239f0f546ca9cda868e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 12:37:13 +00:00
Tom Huang
dd5df5791f Merge "Add hidraw device sepolicy for headtracking" into udc-d1-dev 2023-05-02 04:07:15 +00:00
horngchuang
a6d7203408 Add sepolicy permission for new svarog sensor 
Bug: 278473644
Test: Build and test for sensor denials
Change-Id: I2816a2ada49d4369b975ac22693994cff5cd6aec
 2023-05-01 15:34:33 +00:00
Kamal Shafi
47f407fa8d Correct sepolicy permission for new UW cam EEPROM 
change imentet camera sensor EEPROM naming to its codename.

Bug: 279547216
Test: build pass
Change-Id: Ib831119318a0b4467f81f93c009a28831cebac25
 2023-04-28 02:56:30 +00:00
Andrew Chant
4f15fe1b3c Merge "Use tof sensor codenames" into udc-d1-dev am: 6641141f91 am: ffa498bd79 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22307463

Change-Id: Ia9f66a6de0435447964bbaca863318d44e0e889f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-27 02:41:14 +00:00
Kamal Shafi
36cf79f233 Add sepolicy permission for new UW camera am: eb22b7d648 am: fedde4710a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22880541

Change-Id: I49afec0ddae190e345d286f2e267852a3698aef8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-27 02:38:58 +00:00
Andrew Chant
6641141f91 Merge "Use tof sensor codenames" into udc-d1-dev 2023-04-27 02:07:29 +00:00
Kamal Shafi
eb22b7d648 Add sepolicy permission for new UW camera 
sepolicy including imentet camera sensor and gt24p64e EEPROM

Bug: 277988592
Bug: 279547216
Test: build pass
Change-Id: I01e2bc558eba7cf03c11818d9c806e6053808fd1
 2023-04-26 11:32:33 +00:00
kuanyuhuang
477d58d695 Add hidraw device sepolicy for headtracking 
Test: make and incoming HID data from Pixel Buds Pro
Bug: 276163506
Change-Id: I10833e215962ad007ad32a0d713e9b37ae888fdb
 2023-04-26 09:20:11 +00:00
Treehugger Robot
57eb37c05b Merge "Add sepolicy permission for new project" into udc-d1-dev am: dd9d69e132 am: b00e740e38 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22839998

Change-Id: Id3c71d2796366c78ced9b77cc1003c32c9fb65f4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-26 03:57:50 +00:00
Treehugger Robot
dd9d69e132 Merge "Add sepolicy permission for new project" into udc-d1-dev 2023-04-26 02:34:56 +00:00
TreeHugger Robot
0c8288d278 Merge "Add memtrack" into udc-d1-dev am: d1c31b785d am: e23db371db 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22780494

Change-Id: Ida509a8cc023577b896d3df8f60e15f61421cf13
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-26 00:37:20 +00:00
TreeHugger Robot
d1c31b785d Merge "Add memtrack" into udc-d1-dev 2023-04-25 21:44:08 +00:00
Prasanna Prapancham
43abed40a0 Merge "add 8411 to logbuffer" 2023-04-25 18:06:51 +00:00
horngchuang
4c3cd890be Add sepolicy permission for new project 
Bug: 279542096
Test: Build and test for sensor denials
Change-Id: I3d6b7ce33e101bd9eeacefae128239af3512b67f
 2023-04-25 08:09:29 +00:00
Ankit Goyal
5e4db7517c Add memtrack 
Bug: 279108265
Test: dumpsys meminfo
Change-Id: Ib46c89811aa3aa1a5573076f9dc69e7222f56ea4
 2023-04-20 23:18:56 -07:00
Ankit Goyal
33999737a0 Merge "Mark video secure devices as default dmabuf heaps" into udc-d1-dev am: 2f30e8ca85 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22743596

Change-Id: Iae3c3b2e55eb6dd245beb941d2a935d695a0939c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:44:04 +00:00
Prasanna Prapancham
c1715483d1 add 8411 to logbuffer 
Test: Flash local build and collect bugreport
Bug: 277799048
Change-Id: I877a91999a2f17df5ea90d3d2257b93bfd67e8e6
Signed-off-by: Prasanna Prapancham <prapancham@google.com>
 2023-04-20 17:43:30 +00:00
Ankit Goyal
ded9266dd4 Mark video secure devices as default dmabuf heaps 
Mali driver (and codec HAL as well) require direct access to video
secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly
write blanket rules for all the scontext. So, we piggyback on
dmabuf_system_secure_heap_device to allow all scontext to be able to use
these device nodes.

This is just as secure as dmabuf_system_secure_heap_device in that case.
There is no additional security impact. An app can still use gralloc to
allocate buffers from these heaps and disallowing access to these heaps
to the intended users.

Fix: 278823239
Fix: 278513588
Fix: 275646321
Test: dEQP-VK.memory.allocation
Change-Id: I01a2730fc222efe94d4e48e7ee4c317aa65f0064
 2023-04-19 19:48:38 +00:00
Treehugger Robot
e3fcb41f40 Merge "Update rules for android.hardware.secure_element-service.thales" into udc-d1-dev am: fde5823b6f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22601631

Change-Id: Ie60f65e8ee6f88a0f4f03fdb10c3caadf7865504
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 01:54:41 +00:00
Treehugger Robot
fde5823b6f Merge "Update rules for android.hardware.secure_element-service.thales" into udc-d1-dev 2023-04-14 01:21:56 +00:00
Ankit Goyal
d9655a4999 Add sepolicy for framebuffer-secure heap am: 9576cfaca7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21990547

Change-Id: I39b3df563b40fabb4ae836ecb196ca4ec3a20509
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 22:32:19 +00:00
Ankit Goyal
9576cfaca7 Add sepolicy for framebuffer-secure heap 
Bug: 245053092
Test: Secure video playback
Change-Id: I715ea5a4e9ee70ec2a022351b9e722a25bfb9f93
 2023-04-13 13:47:11 -07:00
Yixuan Wang
98bffc0a44 Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev am: 2c0e44805a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22613725

Change-Id: Ia79eb1e60a6fe53a2155874be0f83be644c1d9f6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 20:18:36 +00:00
Yixuan Wang
2c0e44805a Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev 2023-04-13 19:38:38 +00:00
Joner Lin
44155e103e Merge "allow bthal to access vendor bluetooth folder" into udc-d1-dev am: edd47032af 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22271813

Change-Id: Ic8fa74d729ca69d7c051c19848b9a0113e23bac3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 14:26:11 +00:00
Joner Lin
edd47032af Merge "allow bthal to access vendor bluetooth folder" into udc-d1-dev 2023-04-13 13:57:32 +00:00
George
95d0a4b76f Update rules for android.hardware.secure_element-service.thales 
A new domain hal_secure_element_st54spi_aidl for AIDL HAL

Bug: 261566299
Test: run cts -m CtsOmapiTestCases
Test: atest VtsAidlHalNfcTargetTest
Change-Id: Id76a3f3337e2ee72031b39975eb010178855f36f
 2023-04-13 11:02:49 +00:00
Yixuan Wang
1095231e38 Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for 
chre

[ 7.760870] type=1400 audit(1669944054.440:61): avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1099 scontext=u:r:hal_contexthub_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
[ 12.519414] type=1400 audit(1669944059.196:138): avc: denied {connectto } for comm="android.hardwar" path="/dev/socket/chre"scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1

Bug: 264489794
Bug: 261105224
Test: atest scanAvcDeniedLogRightAfterReboot
Change-Id: I7bf13913188deedc987f82e54626a18357ab84c5
 2023-04-13 06:43:41 +00:00
Minchan Kim
11e5da54ef Merge "remove dump_cma" 2023-04-12 03:25:58 +00:00
Wilson Sung
bf1baa3448 Merge "Add recovery related policy" into udc-d1-dev am: 5bee37db26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22574699

Change-Id: Iafa23558e51dbc2608ff3158cd7b1259253f25cf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 01:55:36 +00:00
Minchan Kim
1b4fae5ce3 remove dump_cma 
We will introduce it into gs-common

Bug: 276901078
Change-Id: I56a0c67fb09563baacbabf738625bf748ab80378
Signed-off-by: Minchan Kim <minchan@google.com>
 2023-04-12 01:22:08 +00:00
Wilson Sung
c2eedff70c Add recovery related policy 
Fix: 275143841
Fix: 264490092
Test: adb sideload and no avc error
Change-Id: I52003c9417560a6c5dab815a6929681710f0b0a4
 2023-04-12 03:46:54 +08:00
jonerlin
940b51e1e4 allow bthal to access vendor bluetooth folder 
Bug: 240636731
Test: enable vendor btsnoop property and check the vendor snoop log
Change-Id: Ib7c36e7398bdbe7abc2f3b2dba684f95a4ce90a8
 2023-04-11 17:01:40 +00:00
TreeHugger Robot
6cbdc36e1b Merge "Move pixel dumpstate to gs-common" into udc-d1-dev 2023-03-29 16:06:45 +00:00
TreeHugger Robot
b8afba5124 Merge "Keep name "dmabuf_system_secure_heap_device" for secure playback" into udc-d1-dev am: 83588e636f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22185170

Change-Id: I8ae4c6a6f1c4e63adddc3fcdea47143e0e5e22d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 03:27:57 +00:00
Jerry Huang
912984c964 Keep name "dmabuf_system_secure_heap_device" for secure playback 
Fixes the following denials:

03-13 14:31:22.796 W CodecLooper: type=1400 audit(0.0:284): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo

03-13 14:31:22.796 I auditd  : type=1400 audit(0.0:281): avc: denied { read } for comm="CodecLooper" name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo

03-14 15:01:48.069  1429  1429 W CodecLooper: type=1400 audit(0.0:1469): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=807 scontext=u:r:untrusted_app_32:s0:c65,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.disney.disneyplus

Bug: 268197530
Test: secure playback
Change-Id: I09a24fcf03f1f66b4c85d3b3949f33ad0d0f8dac
 2023-03-28 15:04:43 +08:00
Boon Jun Soh
0a1cba518a Use tof sensor codenames 
Bug: 272224875
Test: Camera CTS + PTS + unittests
Change-Id: Iedd90e285364b28add7298bae7662efbac31474c
 2023-03-28 13:00:09 +08:00
Adam Shih
036fb44a5d Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
(cherry picked from commit 8538fd33da)
 2023-03-27 17:57:22 +00:00
TreeHugger Robot
24536aa24c Merge "Revert "Move pixel dumpstate to gs-common"" into udc-dev am: 3fae47e04b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22215371

Change-Id: I3b6ed885d80985c85846b1ec6627c093ba94431f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 08:07:36 +00:00