Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
897 commits 1 branch 0 tags 18 MiB
Commit graph

897 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ankit Goyal
344fb91207 Allow dmabuf heap access to graphics allocator 
There is no change in dmabuf heaps from pro, so these use the exact same
SEpolicy rules

Fix: 264489636
Test: Boots to home (with SELinux enforced)
Test: VtsHalGraphicsMapperV4_0TargetTest
Change-Id: I58ec8d9558fa76b805c0882cbbb20bfd08aead13
 2023-01-09 16:16:28 -08:00
George Lee
394b28b7b1 selinux: Enable lpf_power for sys_odpm 
Bug: 264929465
Test: Confirm selinux error no longer exist
Change-Id: Ibd7bfccac0d942507f3f1a9e2bf667ed1a54a9e6
Signed-off-by: George Lee <geolee@google.com>
 2023-01-09 14:54:57 -08:00
Suki Liu
67584383ca Merge "Update error on ROM 9467820" 2023-01-09 13:01:06 +00:00
Miller Liang
89bdcc93cc Merge "audio:fix AAudio API access denial" 2023-01-09 12:36:34 +00:00
millerliang
8889eb6496 audio:fix AAudio API access denial 
This commit adds the sepolicy file for AAudio API

I auditd  : type=1400 audit(0.0:113):
avc: denied { map } for comm="binder:900_7" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=1191 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=1

Bug: 264484544
Test: test_steal_exclusive -c0
Test: Check no avc_deny on audioserver
Change-Id: I9efde74c74722b1b32c1d800a4cbceea8a850bfa
 2023-01-09 14:55:32 +08:00
sukiliu
acd718f65a Update error on ROM 9467820 
Bug: 264831112
Test: SELinuxUncheckedDenialBootTest
Change-Id: I3f3ca17d3620cf3b1c6c21fc996143be25622b48
 2023-01-09 14:55:19 +08:00
Cheng Chang
67ff25f88c Merge "allow system_server binder call gpsd" 2023-01-09 06:04:41 +00:00
Neo Yu
c13eb657f9 Merge "Remove rild.te because all issues about rild are fixed." 2023-01-09 03:57:40 +00:00
KRIS CHEN
3d15476ae0 Merge "Remove tracking_denials/hal_fingerprint_default.te" 2023-01-09 03:20:16 +00:00
Kris Chen
9be7a3368a Remove tracking_denials/hal_fingerprint_default.te 
Bug: 264489559
Test: test fingerprint under enforcing mode
Change-Id: Ifd8637cba54264a1906e444b25d735c81f7037f0
 2023-01-09 03:19:57 +00:00
Cheng Chang
e83f8dcee8 allow system_server binder call gpsd 
01-05 17:56:17.416 hidl_ssvc_poll: type=1400 audit(0.0:467): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:gpsd:s0 tclass=binder permissive=1

Bug: 264508279
Test: flash test build and check avc denied logs are goned
Change-Id: I6f3f27de7466cb594c192cd8339009ca6633ec6d
 2023-01-09 03:19:43 +00:00
neoyu
f2ed76a124 Remove rild.te because all issues about rild are fixed. 
Bug: 264490075
Test: build pass
Change-Id: I37e6caedb9903faa1f1f974d596753223fde0f5f
 2023-01-09 10:54:14 +08:00
Aaron Tsai
6d11fe20d0 Merge "Fix avc denied for rild" 2023-01-09 02:21:17 +00:00
TreeHugger Robot
09ba144bc6 Merge "sepolicy: remove tracking denials for hal_power_stats" 2023-01-09 01:58:14 +00:00
Aaron Tsai
93dd7a2935 Fix avc denied for rild 
original log: [  158.669951] type=1400 audit(1671200951.308:888): avc: denied { write } for comm="dumpstate" path="pipe:[227853]" dev="pipefs" ino=227853 scontext=u:r:rild:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=1
original log: [  174.593792] type=1400 audit(1671063328.232:1003): avc: denied { use } for comm="dumpstate" path="pipe:[235312]" dev="pipefs" ino=235312 scontext=u:r:rild:s0 tcontext=u:r:dumpstate:s0 tclass=fd permissive=1

Bug: 263049190
Bug: 262633094
Test: manual test and check log
Change-Id: I56b26c8dc820e00ef659844cceff45edded4d677
 2023-01-07 14:05:10 +00:00
TreeHugger Robot
f4841acd83 Merge "Wifi: Add sepolicy files for hal_wifi_ext service" 2023-01-07 07:38:08 +00:00
Darren Hsu
8eed3af1eb sepolicy: remove tracking denials for hal_power_stats 
Bug: 264489189
Test: Captured bugreport and make sure there is no any avc denails
Test: related to hal_power_stats
Change-Id: Id83022ebaca5a507873bee57363a54baf4a27310
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-01-07 15:04:35 +08:00
Randall Huang
a3c890ba1e Merge "sepolicy: remove vold tracking_denials." 2023-01-07 03:07:09 +00:00
Xu Han
b8ab0fed91 Fix permission regarding camera HAL, raidoExt and rlsservice 
Bug: 264483024
Bug: 264489641
Bug: 263185565
Test: selinux log
Change-Id: Ieb174aef18c218efdcb357245c7d5ac4953a949c
 2023-01-06 11:56:55 -08:00
Xu Han
ffdcbabbab Merge "Allow camera HAL to call radioExt HAL for desense" 2023-01-06 17:31:02 +00:00
Suki Liu
8f3cb77d1c Merge "Update error on ROM 9460470" 2023-01-06 08:31:23 +00:00
kensun
0f5b5efdd1 Wifi: Add sepolicy files for hal_wifi_ext service 
This commit adds the sepolicy related files for hal_wifi_ext service.

[   27.714476] type=1400 audit(1670979557.360:29): avc: denied { call } for comm="binder:942_1" scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1
12-14 08:59:17.360   942   942 I binder:942_1: type=1400 audit(0.0:29): avc: denied { call } for scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1

Bug: 262455388
Test: Check no avc_deny on hal_wifi_ext
Change-Id: Ibc48225845b0cd10bbe88527449016daa9ef9eff
 2023-01-06 08:06:57 +00:00
Randall Huang
55133b1c0c sepolicy: remove vold tracking_denials. 
Move platform-specific vold rule to common folder.

Bug: 264483567
Bug: 264483569
Bug: 264489799
Test: run atest
Change-Id: Idad799d9f536ca18a0c3b5e7eb9d0bc182015e64
Signed-off-by: Randall Huang <huangrandall@google.com>
 2023-01-06 14:04:21 +08:00
sukiliu
18257ad81e Update error on ROM 9460470 
Bug: 264483456
Bug: 264483024
Bug: 264600083
Bug: 264483531
Bug: 264606212
Bug: 264600084
Bug: 264483754
Test: SELinuxUncheckedDenialBootTest
Change-Id: I4a281b360783032132179fd9f9b314d0a65d233a
 2023-01-06 10:46:28 +08:00
Adam Shih
9fbe949e7c Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 264483456
Bug: 264483024
Bug: 264600083
Bug: 264483531
Bug: 264600052
Bug: 264600084
Bug: 264483754
Test: scanBugreport
Bug: 264600171
Bug: 264600086
Bug: 264600053
Bug: 264599934
Change-Id: Idd111c69fbcebadf941f2a7cb6e0af7c8e24711d
 2023-01-06 09:32:22 +08:00
Xu Han
525acba924 Allow camera HAL to call radioExt HAL for desense 
Bug: 264204392
Test: selinux log
Change-Id: Iee7f45a649444cc6c95b8094f001645e85eb83ba
 2023-01-05 18:54:59 +00:00
Adam Shih
16452851f3 dispatch domains to owner via bugs 
Bug: 264484544
Bug: 264489606
Bug: 264489743
Bug: 264489675
Bug: 264489633
Bug: 264489777
Bug: 264489520
Bug: 264489270
Bug: 264489387
Bug: 264489745
Bug: 264489957
Bug: 264489521
Bug: 264490031
Bug: 264489388
Bug: 264489608
Bug: 264489609
Bug: 264489778
Bug: 264489634
Bug: 264489794
Bug: 264489795
Bug: 264489559
Bug: 264489636
Bug: 264489746
Bug: 264490032
Bug: 264489188
Bug: 264489676
Bug: 264489779
Bug: 264489189
Bug: 264489677
Bug: 264489780
Bug: 264489637
Bug: 264490033
Bug: 264489390
Bug: 264489561
Bug: 264489750
Bug: 264489190
Bug: 264490051
Bug: 264489958
Bug: 264489610
Bug: 264489562
Bug: 264489797
Bug: 264489781
Bug: 264490034
Bug: 264489678
Bug: 264490091
Bug: 264490035
Bug: 264490011
Bug: 264490052
Bug: 264489639
Bug: 264489961
Bug: 264490072
Bug: 264490012
Bug: 264489523
Bug: 264489679
Bug: 264490053
Bug: 264489564
Bug: 264489783
Bug: 264490036
Bug: 264490074
Bug: 264490054
Bug: 264489565
Bug: 264490092
Bug: 264490075
Bug: 264489641
Bug: 264490093
Bug: 264489962
Bug: 264489784
Bug: 264489567
Bug: 264490076
Bug: 264489786
Bug: 264490014
Bug: 264489524
Bug: 264490055
Bug: 264489569
Bug: 264489526
Bug: 264489642
Bug: 264489681
Bug: 264489963
Bug: 264489787
Bug: 264490095
Bug: 264489799
Bug: 264490077
Test: boot to home in enforcing mode
Change-Id: I784ee1653800119308c22c85652764a99ca076e4
 2023-01-05 13:15:51 +08:00
Adam Shih
c858342332 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 264483752
Bug: 264483024
Bug: 264483531
Bug: 264483532
Bug: 264483567
Bug: 264483670
Bug: 264483151
Bug: 264483152
Bug: 264483352
Bug: 264483568
Bug: 264483753
Bug: 264482981
Bug: 264483754
Bug: 264483456
Bug: 264483787
Test: scanBugreport
Bug: 264483390
Bug: 264482983
Bug: 264483355
Bug: 264483356
Bug: 264483533
Bug: 264483319
Bug: 264483569
Test: scanAvcDeniedLogRightAfterReboot
Bug: 264321380
Bug: 264483357
Change-Id: I39f2a98bbbc8e416b86dd06cc99984acbab97baa
 2023-01-05 11:04:42 +08:00
TreeHugger Robot
10a6384587 Merge "label GPU as same_process_hal" 2023-01-04 06:21:24 +00:00
TreeHugger Robot
e9a315b81a Merge "set necessary domains to permissive" 2023-01-04 05:06:08 +00:00
Adam Shih
92f2edf487 label GPU as same_process_hal 
Bug: 261933250
Bug: 261933249
Bug: 261933226
Bug: 261933097
Bug: 261933428
Bug: 261933227
Bug: 260768740
Bug: 260922185
Test: boot to home under enforcing mode
Change-Id: Ied95ce0c1f851785e0848f7af788969f27e45101
 2023-01-04 12:10:27 +08:00
Adam Shih
97748d82a9 set necessary domains to permissive 
Bug: 254378739
Test: enforce and boot to home
Change-Id: I1dc8f400971e0926dbb2c5c0ac6f0ef99250e067
 2023-01-04 11:57:28 +08:00
Adam Shih
00b1421a56 Update error on ROM 9451592 
Bug: 264321380
Test: scanAvcDeniedLogRightAfterReboot
Change-Id: Ibdf5acaa5898a728aac202902a1577d05f7d1f25
 2023-01-04 10:23:28 +08:00
TreeHugger Robot
bd992ad2b4 Merge "Sepolicy: Pixelstats: Battery history sepolicy" 2023-01-04 02:19:54 +00:00
TreeHugger Robot
af402f7187 Merge "Update error on ROM 9449178" 2023-01-03 03:06:21 +00:00
TreeHugger Robot
9bb06f3d46 Merge "modem_svc_sit: Grant permission to read vendor_fw_file" 2023-01-03 02:50:17 +00:00
Adam Shih
ef8da88fdc Update error on ROM 9449178 
Bug: 264204392
Bug: 264204525
Bug: 264204023
Bug: 264204215
Test: scanAvcDeniedLogRightAfterReboot
Change-Id: Ice60ef7f25f549a990e3c6f006ed528b0b0beedf
 2023-01-03 10:03:13 +08:00
Wasb Liu
cefb0a621f hal_health_default: updated sepolicy 
Add necessary sepolicy.

Bug: 260366438
Bug: 261933135
Bug: 262178574
Bug: 262794970
Test: no avc denied for hal_health_default
Change-Id: I47043f64931c191063a0b3d5807ef814fa8b787f
Signed-off-by: Wasb Liu <wasbliu@google.com>
 2022-12-29 09:47:23 +00:00
Darren Hsu
3ea4ff4944 sepolicy: Allow hal_power_stats to access required sysfs 
Bug: 260366519
Bug: 260768935
Bug: 260922184
Bug: 261105152
Bug: 261363958
Bug: 261519183
Bug: 261651283
Bug: 261783107
Test: Captured bugreport and make sure there is no any avc denails
Test: related to hal_power_stats
Change-Id: Ic214dc1d8ea920b1bb8f700cd8b75918af3ab046
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-12-29 14:33:17 +08:00
Kris Chen
4963317cad zuma: fingerprint: fix SELinux denails 
Bug: 261105164
Test: boot with no relevant error on p23 device
Change-Id: I8d897693685591a042c5febfeca0121375749b8e
 2022-12-23 17:43:50 +08:00
Kadyr Narmamatov
3fc1ab6583 modem_svc_sit: Grant permission to read vendor_fw_file 
Bug: 260371849
Change-Id: Ia1bb3483c0d1dfcc1fc34b625f8b0eddf099cafb
 2022-12-23 04:11:01 +00:00
Timmy Li
a6fd3e2122 Merge "Add hal_camera_default se linux file for zuma" 2022-12-23 03:47:09 +00:00
TreeHugger Robot
42fb73dfeb Merge "Move the sepolicy setting of als_table to the new file." 2022-12-23 02:25:58 +00:00
Adam Shih
d045e5ac5e Update error on ROM 9431928 
Bug: 263525155
Test: scanAvcDeniedLogRightAfterReboot
Change-Id: Ie309aafff8d3772f19c28e3d3b049b642bd2c221
 2022-12-23 08:19:30 +08:00
Chia-Ching Yu
0dfdbed76e Move the sepolicy setting of als_table to the new file. 
Bug: 261111968
Test: There is no als_table avc denied log after reboot.

Change-Id: I41f9472e6a17dd7fce021d916e3e626a81fe79cf
 2022-12-23 07:05:57 +08:00
timmyli
8d061f7ebc Add hal_camera_default se linux file for zuma 
Add hal_camera_default.te for zuma. Move referenced contexts and
settings to new zuma-sepolicy folders. Add hal_camera_default type declaration
to file.te

Bug: 261651093, 260366029, 263185135
Test: Build and test for hal_camera_default denials
Change-Id: Id0246f9ca8fd399853894e9e41548976ab44ccd0
 2022-12-22 21:41:11 +00:00
Dennycy
79210088c5 Sepolicy: Pixelstats: Battery history sepolicy 
avc: denied { read } for comm="pixelstats-vend" name="battery_history"
dev="tmpfs" ino=845 scontext=u:r:pixelstats_vendor:s0 tcontext=u
:object_r:battery_history_device:s0 tclass=chr_file permissive=1

Bug: 260366322
Test: No more battery_history sepolicy found
Change-Id: Ic5d351ed0e42d08b24b5fd0af2d9ebd155086bc9
Signed-off-by: Dennycy <dennycylee@google.com>
 2022-12-22 09:21:56 +00:00
Ernie Hsu
0faf3d2c7b Merge "mediacodec_samsung: add sepolicy for mfc codec" 2022-12-22 05:25:29 +00:00
Ernie Hsu
bb7586ac03 mediacodec_samsung: add sepolicy for mfc codec 
Add necessary sepolicy. Log and reason are added in review comment
move sysfs out from legacy setting

Bug: 262633502
Bug: 263049105
Bug: 262794577
Bug: 262794578
Bug: 262794634
Test: video playback
      SELinuxTest#scanBugreport
      SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I240f3fc4672a0d3133699f76a808573e172d23f2
 2022-12-22 03:46:04 +00:00
Adam Shih
b3894c8262 Update error on ROM 9428849 
Bug: 263429589
Bug: 263429985
Bug: 263429986
Test: scanAvcDeniedLogRightAfterReboot
Change-Id: I7387105916c4cb8ca9c6a6ab0e6d58f6c8d24d0b
 2022-12-22 10:02:41 +08:00