Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2109 commits 1 branch 0 tags 18 MiB
Commit graph

112 commits

Author SHA1 Message Date
Nicole Lee
728e6baa64 Allows modem_svc to read the logging related properties 
avc:  denied  { read } for  comm="modem_svc_sit" name="u:object_r:vendor_logger_prop:s0" dev="tmpfs" ino=387 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_logger_prop:s0 tclass=file permissive=0

Bug: 316250607
Change-Id: If1942986a0804e24b13c021740f7df8f406e53c2
 2024-01-02 08:50:36 +00:00
Chi Zhang
f965c0b222 Merge "Allow GRIL to get power stats." into main 2023-12-22 19:29:06 +00:00
kadirpili
5c28db1f6b rfsd: add new property to sepolicy 
Bug: 307481296
Change-Id: Icd287f863fd6d309297ce984f4ce387fb5d3ae24
 2023-12-20 07:27:32 +00:00
Chi Zhang
a2e8969139 Allow GRIL to get power stats. 
SELinux : avc:  denied  { find } for pid=3147 uid=10219 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:grilservice_app:s0:c219,c256,c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1

Bug: 286187143
Test: build and boot
Change-Id: I6df25e78ba8fa8efaa7f51aed8e981ac382dcd29
 2023-12-19 12:22:08 -08:00
Mike Wang
96bac14cb1 Change the MDS to platform app in selinux ap context. 
The MDS will be signed with platform key and become a platform app. To
make the selinux rules for modem_diagnostic_app work, need to set it to
platform app in app context.

Bug: 287683516

Test: Tested with both dev key or platform key signed MDS apps and the selinux rules works.


Change-Id: I375f57537a81514d3a6230ca042a4407accd6c15
 2023-11-08 04:01:26 +00:00
mikeyuewang
b066861a22 Add selinux policy change to allow MDS access Samsung OemRil hal. 
Bug: 301641283

selinux log:
11-03 15:32:38.850  2643  2643 I auditd  : type=1400 audit(0.0:1616): avc:  denied  { call } for  comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.850  2643  2643 I binder:2643_3: type=1400 audit(0.0:1616): avc:  denied  { call } for  scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  2643  2643 I auditd  : type=1400 audit(0.0:1617): avc:  denied  { transfer } for  comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  2643  2643 I binder:2643_3: type=1400 audit(0.0:1617): avc:  denied  { transfer } for  scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  1095  1095 I auditd  : type=1400 audit(0.0:1618): avc:  denied  { call } for  comm="HwBinder:1095_1" scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1
11-03 15:32:38.854  1095  1095 I HwBinder:1095_1: type=1400 audit(0.0:1618): avc:  denied  { call } for  scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1


Change-Id: Ia71844db230302fd3120b28b3ade2e55443ec078
 2023-11-03 07:42:38 +00:00
Mike Wang
bb474d5e68 Merge "Grant the MDS access to the IPowerStats hal service." into udc-qpr-dev am: fd78823dfa am: 7eafbc0be0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/24610375

Change-Id: Ic1bc4799d21df9a120946241f5bf278a1be6e12c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-05 17:13:10 +00:00
Jing Wang
e853c1919d Revert "Add vendor_sjtag_lock_state_prop and init-check_ap_pd_au..." 
Test: Revert submission 24754347-zuma-etm2dram

Reason for revert: b/302352974

Reverted changes: /q/submissionid:24754347-zuma-etm2dram

Bug: 302352974
Change-Id: I251c3a62c79722a9050bdbce85dc758fc4b6fda9
 2023-09-29 01:25:27 +00:00
mikeyuewang
1ee598d5d2 Grant the MDS access to the IPowerStats hal service. 
ref logs:
09-06 10:07:18.006   536   536 I auditd  : avc:  denied  { find } for pid=22543 uid=10225 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1
09-06 10:07:18.010 22543 22543 I auditd  : type=1400 audit(0.0:65): avc:  denied  { call } for  comm="pool-4-thread-1" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=1 app=com.google.mds

Test: Tested with MDS app and the MDS can get IPowerStats binder and
call the interface.

Bug: 297250368
Change-Id: I7b0eeabdafb49eb33d8016666f9c02f2616f898d
 2023-09-28 15:22:00 +00:00
Woody Lin
9687d162bc Add vendor_sjtag_lock_state_prop and init-check_ap_pd_auth-sh 
1. Add init-check_ap_pd_auth-sh for the vendor daemon script
   `/vendor/bin/init.check_ap_pd_auth.sh`.
2. Add policy for properties `ro.vendor.sjtag_{ap,gsa}_is_unlocked` for
   init, init-check_ap_pd_auth-sh and ssr_detector to access them.

SjtagService: type=1400 audit(0.0:1005): avc:  denied  { open } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1006): avc:  denied  { getattr } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1007): avc:  denied  { map } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1008): avc:  denied  { write } for  name="property_service" dev="tmpfs" ino=446 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
SjtagService: type=1400 audit(0.0:1009): avc:  denied  { connectto } for  path="/dev/socket/property_service" scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1

Bug: 299043634
Change-Id: I6b2abf69fca9b4765f2dfb7ed82e6546159e96e9
 2023-09-14 10:48:08 +08:00
Treehugger Robot
216f86b0c2 Merge "audio: move related sepolicy of audio to gs-common" into udc-qpr-dev am: 4bb847b815 am: 207188241d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/24585767

Change-Id: Ia622fbf9e355e3e04e4dd732776d30657b02ff2d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-30 18:24:30 +00:00
Jasmine Cha
8fb992eacb audio: move related sepolicy of audio to gs-common 
Bug: 297482504
Test: build pass

Change-Id: I9444b9e63f32bf898c845e42edbf682798bce300
Signed-off-by: Jasmine Cha <chajasmine@google.com>
 2023-08-29 16:45:47 +08:00
Kieran Cyphus
68fae0f171 Merge "DMD MDS: register proxy service and update MDS policy." into main 2023-08-28 01:42:43 +00:00
kierancyphus
9c6ec7fdd9 DMD MDS: register proxy service and update MDS policy. 
MDS is a privileged app which get its permissions from `privapp-permissions-google-product.xml`, however, part of this work requires custom SEPolicy and so those permissions have been translated in SEPolicy.

This is a copy of 022dd13252865e131127da6596f5ada71fbf104f (ag/23056498) which can't be cherry picked because it was previously merged and reverted on main.

Test: Manually flash device
Bug: 270279779
Change-Id: If93515aa6b37bcbe8ec34241da1fa144d61e3d5d
 2023-08-22 06:41:36 +00:00
Nicole Lee
3c5d001e7d Add rules for letting logger app send the command to ril 
avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:logger_app:s0:c3,c257,c512,c768 pid=3217 scontext=u:r:logger_app:s0:c3,c257,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 293351399
Test: Verify SetDebugTrace funciton on p23
Change-Id: I1e51954886a7ea8bf5d31213634d4df34619eb33
 2023-08-18 07:59:11 +00:00
Hsin-Yi Chen
f4b5074d48 Revert "DMD MDS: register proxy service and update MDS policy." 
This reverts commit 2f5496582d.

Bug: 296329753
Reason for revert: broken build

Change-Id: I9336cebf8d4947450f5d3e2f0ec4df839aca3574
 2023-08-18 07:40:37 +00:00
kierancyphus
2f5496582d DMD MDS: register proxy service and update MDS policy. 
MDS is a privileged app which get its permissions from `privapp-permissions-google-product.xml`, however, part of this work requires custom SEPolicy and so those permissions have been translated in SEPolicy.

Test: Manually flash device
Bug: 270279779
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:022dd13252865e131127da6596f5ada71fbf104f)
Merged-In: I47c1a1163a7d40089d36960ed11822505a7a0a7a
Change-Id: I47c1a1163a7d40089d36960ed11822505a7a0a7a
 2023-08-14 02:10:34 +00:00
Cheng Chang
cd3d87535f gps: maintain one solution 
Bug: 288813677
Test: compile for different devices and check binary.
Test: verification test at b/288813677.
Change-Id: I7ee13ab2641aee0256d4ddb5ba27070b51dbc5e5
 2023-07-31 02:26:40 +00:00
Samuel Huang
0166c5fe0a Revert "Revert "Create telephony.ril.silent_reset system_ext pro..." 
Revert submission 23817868-revert-23736941-tpsr-ril-property-WQVGKEVBKX

Reason for revert: The root cause is missing property definition in gs101-sepolicy. This CL can be merged safely. Verified by abtd run: https://android-build.googleplex.com/builds/abtd/run/L48900000961646046

Reverted changes: /q/submissionid:23817868-revert-23736941-tpsr-ril-property-WQVGKEVBKX

Bug: 286476107
Change-Id: I6dde24447cb7caae0bf35d8b0342985e8c2f434a
 2023-06-28 10:28:24 +00:00
Sebastian Pickl
a14eb4e6b5 Revert "Create telephony.ril.silent_reset system_ext property fo..." 
Revert submission 23736941-tpsr-ril-property

Reason for revert: culprit for b/289014054 verified by abtd run: https://android-build.googleplex.com/builds/abtd/run/L54800000961620143

Bug: 289014054

Reverted changes: /q/submissionid:23736941-tpsr-ril-property

Change-Id: I6bd6b1e890fa77140d2d0e33ce6ae8a8a03e16f6
 2023-06-27 10:05:32 +00:00
Samuel Huang
1f2933970f Create telephony.ril.silent_reset system_ext property for RILD restart 
RILD listens for changes to this property. If the value changes to 1, RILD will restart itself and set this property back to 0.

The TelephonyGoogle app will set this property to 1 when it receives a request from the SCONE app. Since TelephonyGoogle runs in the com.android.phone process, we also need to give the radio domain permission to set the telephony.ril.silent_reset property.

Bug: 286476107
Test: manual
Change-Id: I5ee72c7ab8e0bce75bbb23b676f515cabe40ed23
 2023-06-21 06:34:55 +00:00
Mahesh Kallelil
1f885d0bcd Allow dump_modem to read logbuffer and wakeup events 
Updating sepolicy for dump_modem to read /dev/logbuffer_cpif. This is
required as part of bugreport.

Test: Tested bugreport on P23
Bug: 278501642
Change-Id: I102583e37ec2e3852fd901a75bbb06de9ac6f77c
Signed-off-by: Mahesh Kallelil <kallelil@google.com>
 2023-05-09 00:20:07 -07:00
Ted Wang
8831352474 Add sepolicy for aidl bt extension hal 
Bug: 274906319
Test: build pass and manual test
Change-Id: Id54796fec22e790a197255f2db4ba23b4a58212d
 2023-04-28 04:48:33 +00:00
Wilson Sung
e4e854fcd9 Add Ims process label 
Bug: 260522282
Test: boot-to-home, no avc error
Change-Id: I8f3c7c64ecace4ca7ddd69275a093606a8492204
 2023-04-21 03:38:17 +00:00
kadirpili
92636953cf zuma: Allow GRIL Service to access radio_vendor_data_file 
Bug: 274737512
Change-Id: I90c008172af7bd0d8b7bf2b214f422c4165f3769
(cherry picked from commit 5c31a6f55ac18dd941e50b455c38a37efa12354f)
 2023-04-20 03:37:22 +00:00
Wilson Sung
ab9b7f7609 Label ims_remote_app and rcs_service_app 
Bug: 260522282
Change-Id: I4bf27e30eda51794d2047da9ca17044632ec3786
 2023-04-20 00:13:52 +08:00
Kah Xuan Lim
6e8c79e7db Modem ML: Grant access to modem ML data dir 
Bug: 229801544
Change-Id: Ia2e9c5a48ad935a49f3b8a9c6bceae3f4f833b4e
 2023-04-12 08:48:57 +00:00
Adam Shih
46fd63b761 comply with VTS requirements am: 22e1c0756a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22344148

Change-Id: I02d1e5a2af5bb6d3009d2b7687dff6080f56724f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 03:08:17 +00:00
Adam Shih
22e1c0756a comply with VTS requirements 
Bug: 275142299
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default
Built pass on target-userdebug and aosp_target-userdebug

Change-Id: I6a114aa2aa92f7b06cfd5bbd1f73d34b5477b109
 2023-03-30 13:28:43 +08:00
TreeHugger Robot
6cbdc36e1b Merge "Move pixel dumpstate to gs-common" into udc-d1-dev 2023-03-29 16:06:45 +00:00
Adam Shih
b19966b929 Merge "Revert "comply with VTS requirements"" into udc-dev am: 97c56013be 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22328024

Change-Id: Ic5841fefdd7576548fff66fc340259814e542df9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 03:12:09 +00:00
Adam Shih
97c56013be Merge "Revert "comply with VTS requirements"" into udc-dev 2023-03-29 02:49:09 +00:00
Adam Shih
a0b5162488 Revert "comply with VTS requirements" 
Revert submission 22302106-dumpstate aidl

Reason for revert: build failed on udc-d1-dev

Reverted changes: /q/submissionid:22302106-dumpstate+aidl

Change-Id: I6bd0ec81272827498ce36bee556fd89acc6b20ca
 2023-03-29 02:45:20 +00:00
Adam Shih
026cb8d935 Merge "comply with VTS requirements" into udc-dev am: 7cb203f3c2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22306662

Change-Id: I03432b1457e7b251ac5f5f9d7e10e3b4485260cf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 00:47:11 +00:00
Adam Shih
7cb203f3c2 Merge "comply with VTS requirements" into udc-dev 2023-03-28 23:58:03 +00:00
Mingguang Xu
203dd313e7 Merge "Add permissions to connect radioext to twoshay." into udc-dev am: 57e322c17c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21956466

Change-Id: Ib70d523bc36e1a789b003374207094f2eaf722d5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 23:09:15 +00:00
Mingguang Xu
57e322c17c Merge "Add permissions to connect radioext to twoshay." into udc-dev 2023-03-28 23:03:46 +00:00
Adam Shih
d4a7ff694a comply with VTS requirements 
Bug: 275142299
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default
Built pass on target-userdebug and aosp_target-userdebug

Change-Id: Ifd75afdf2365687eed9598f74dd4cf3241be2964
 2023-03-28 03:28:55 +00:00
RD Babiera
a82406ee28 Merge "Revert "comply with VTS requirements"" into udc-dev am: 3616de2c26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22298904

Change-Id: I49798505d571f538127fc5d2b9474cce3992421c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 22:31:37 +00:00
RD Babiera
3616de2c26 Merge "Revert "comply with VTS requirements"" into udc-dev 2023-03-27 21:52:39 +00:00
RD Babiera
8720ececf1 Revert "comply with VTS requirements" 
Revert submission 22242215-dumpstate aidl

Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_udc-d1-dev&target=aosp_husky-userdebug&lkgb=9826121&lkbb=9829863&fkbb=9826130, bug b/275279368.

Reverted changes: /q/submissionid:22242215-dumpstate+aidl

Change-Id: Ida32309c468074a5671c30aa28cf801c1695d786
 2023-03-27 20:58:33 +00:00
Adam Shih
036fb44a5d Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
(cherry picked from commit 8538fd33da)
 2023-03-27 17:57:22 +00:00
Alan
afafafd8a4 Add permissions to connect radioext to twoshay. 
Connection through grilantennatuningservice binder call.

Test: manual
Bug: 258970389
Change-Id: I419b40042cce363428f72fa723adf89bcf269ef4
 2023-03-27 17:07:16 +08:00
TreeHugger Robot
84aab225cf Merge "comply with VTS requirements" into udc-dev am: c83e5be8d9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22286084

Change-Id: I0b9cf28cdfb549e2c3571e144f73f59d0004bc02
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 06:27:52 +00:00
TreeHugger Robot
c83e5be8d9 Merge "comply with VTS requirements" into udc-dev 2023-03-27 06:05:51 +00:00
Adam Shih
e124d5aea9 comply with VTS requirements 
Bug: 275036679
Bug: 275034315
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default

Change-Id: I1c89d7662351ffae5409c3f81b4360579fdc00ae
 2023-03-27 12:07:24 +08:00
Neo Yu
70749d1b96 Merge "sepolicy: allow hal_radioext_default binder call with servicemanager" into udc-dev am: 5b1689534f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22222570

Change-Id: I2d2a07056322f6971050e9299e17201b95773eaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 03:07:31 +00:00
Neo Yu
5b1689534f Merge "sepolicy: allow hal_radioext_default binder call with servicemanager" into udc-dev 2023-03-27 02:36:56 +00:00
Adam Shih
8538fd33da Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-24 02:55:51 +00:00
neoyu
44ee5a2fb2 sepolicy: allow hal_radioext_default binder call with servicemanager 
avc: denied { call } for comm="binder:795_2" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

Bug: 274374768
Test: verify by test rom
Change-Id: I31cfbd234756fdc41663cec766f6b3bf23063bc7
 2023-03-24 02:30:44 +08:00