Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
263 commits 1 branch 0 tags 18 MiB
Commit graph

102 commits

Author SHA1 Message Date
Welly Hsu
1f350465ce Merge "Fix euiccpixel_app SELinux error for eSIM firmware upgrade" 2023-01-13 07:46:40 +00:00
Leo Liou
af6131d348 Merge "zuma: add sepolicy for ufs_firmware_update process" 2023-01-13 03:21:07 +00:00
Leo Liou
30f3c17252 zuma: add sepolicy for ufs_firmware_update process 
Allow the script to access the specified partition and sysfs.

Bug: 224464892
Test: full build and test ffu flow
Change-Id: I27f0d4d97f15a7c108e6ae1b8c12fda2c69c303a
Signed-off-by: Leo Liou <leoliou@google.com>
 2023-01-13 08:19:27 +08:00
Jaegeuk Kim
0cf7210eb1 Allow mkfs/fsck for vendor partitons 
Change-Id: I425c56edf9b12f1b86994f58100ecc9a8e1b58b2
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
 2023-01-12 09:42:16 -08:00
Welly Hsu
48ef4308be Fix euiccpixel_app SELinux error for eSIM firmware upgrade 
bug: 265286368

Test: generate test build and confirm no avc error happens
Change-Id: I2f457157d92cb48dfe328ba1520c3e598bd6d6b6
 2023-01-13 01:17:19 +08:00
TreeHugger Robot
7544c3c104 Merge "Wifi: Add sepolicy files for wifi_sniffer service" 2023-01-12 05:55:41 +00:00
kensun
fb69c41387 Wifi: Add sepolicy files for wifi_sniffer service 
Bug: 237465412
Test: Manual Test
Change-Id: I558b7f401c8d0da0f7f5b376165b42e1073a7900
 2023-01-12 05:47:03 +00:00
Xu Han
e8f6804674 Merge "Fix permission regarding camera HAL, raidoExt and rlsservice" 2023-01-11 23:06:17 +00:00
Hasini Gunasinghe
ab3f430aae Merge "[Port ag/20645453] Map Rust KeyMint to same SELinux policy as C++" 2023-01-10 19:52:48 +00:00
TreeHugger Robot
029f002a34 Merge "Allow dmabuf heap access to graphics allocator" 2023-01-10 01:52:35 +00:00
Hasini Gunasinghe
76c4f20434 [Port ag/20645453] Map Rust KeyMint to same SELinux policy as C++ 
Allow the Rust and C++ implementations of the KeyMint HAL service to be
toggled easily, by mapping them to the same SELinux policy.

Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic43985f32aaabb2560ef0b02573a1e587e24fc6a
 2023-01-10 01:19:17 +00:00
Ankit Goyal
344fb91207 Allow dmabuf heap access to graphics allocator 
There is no change in dmabuf heaps from pro, so these use the exact same
SEpolicy rules

Fix: 264489636
Test: Boots to home (with SELinux enforced)
Test: VtsHalGraphicsMapperV4_0TargetTest
Change-Id: I58ec8d9558fa76b805c0882cbbb20bfd08aead13
 2023-01-09 16:16:28 -08:00
George Lee
394b28b7b1 selinux: Enable lpf_power for sys_odpm 
Bug: 264929465
Test: Confirm selinux error no longer exist
Change-Id: Ibd7bfccac0d942507f3f1a9e2bf667ed1a54a9e6
Signed-off-by: George Lee <geolee@google.com>
 2023-01-09 14:54:57 -08:00
Miller Liang
89bdcc93cc Merge "audio:fix AAudio API access denial" 2023-01-09 12:36:34 +00:00
millerliang
8889eb6496 audio:fix AAudio API access denial 
This commit adds the sepolicy file for AAudio API

I auditd  : type=1400 audit(0.0:113):
avc: denied { map } for comm="binder:900_7" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=1191 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=1

Bug: 264484544
Test: test_steal_exclusive -c0
Test: Check no avc_deny on audioserver
Change-Id: I9efde74c74722b1b32c1d800a4cbceea8a850bfa
 2023-01-09 14:55:32 +08:00
Cheng Chang
67ff25f88c Merge "allow system_server binder call gpsd" 2023-01-09 06:04:41 +00:00
Cheng Chang
e83f8dcee8 allow system_server binder call gpsd 
01-05 17:56:17.416 hidl_ssvc_poll: type=1400 audit(0.0:467): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:gpsd:s0 tclass=binder permissive=1

Bug: 264508279
Test: flash test build and check avc denied logs are goned
Change-Id: I6f3f27de7466cb594c192cd8339009ca6633ec6d
 2023-01-09 03:19:43 +00:00
TreeHugger Robot
09ba144bc6 Merge "sepolicy: remove tracking denials for hal_power_stats" 2023-01-09 01:58:14 +00:00
TreeHugger Robot
f4841acd83 Merge "Wifi: Add sepolicy files for hal_wifi_ext service" 2023-01-07 07:38:08 +00:00
Darren Hsu
8eed3af1eb sepolicy: remove tracking denials for hal_power_stats 
Bug: 264489189
Test: Captured bugreport and make sure there is no any avc denails
Test: related to hal_power_stats
Change-Id: Id83022ebaca5a507873bee57363a54baf4a27310
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-01-07 15:04:35 +08:00
Xu Han
b8ab0fed91 Fix permission regarding camera HAL, raidoExt and rlsservice 
Bug: 264483024
Bug: 264489641
Bug: 263185565
Test: selinux log
Change-Id: Ieb174aef18c218efdcb357245c7d5ac4953a949c
 2023-01-06 11:56:55 -08:00
kensun
0f5b5efdd1 Wifi: Add sepolicy files for hal_wifi_ext service 
This commit adds the sepolicy related files for hal_wifi_ext service.

[   27.714476] type=1400 audit(1670979557.360:29): avc: denied { call } for comm="binder:942_1" scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1
12-14 08:59:17.360   942   942 I binder:942_1: type=1400 audit(0.0:29): avc: denied { call } for scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1

Bug: 262455388
Test: Check no avc_deny on hal_wifi_ext
Change-Id: Ibc48225845b0cd10bbe88527449016daa9ef9eff
 2023-01-06 08:06:57 +00:00
Xu Han
525acba924 Allow camera HAL to call radioExt HAL for desense 
Bug: 264204392
Test: selinux log
Change-Id: Iee7f45a649444cc6c95b8094f001645e85eb83ba
 2023-01-05 18:54:59 +00:00
Adam Shih
92f2edf487 label GPU as same_process_hal 
Bug: 261933250
Bug: 261933249
Bug: 261933226
Bug: 261933097
Bug: 261933428
Bug: 261933227
Bug: 260768740
Bug: 260922185
Test: boot to home under enforcing mode
Change-Id: Ied95ce0c1f851785e0848f7af788969f27e45101
 2023-01-04 12:10:27 +08:00
Adam Shih
97748d82a9 set necessary domains to permissive 
Bug: 254378739
Test: enforce and boot to home
Change-Id: I1dc8f400971e0926dbb2c5c0ac6f0ef99250e067
 2023-01-04 11:57:28 +08:00
TreeHugger Robot
bd992ad2b4 Merge "Sepolicy: Pixelstats: Battery history sepolicy" 2023-01-04 02:19:54 +00:00
Wasb Liu
cefb0a621f hal_health_default: updated sepolicy 
Add necessary sepolicy.

Bug: 260366438
Bug: 261933135
Bug: 262178574
Bug: 262794970
Test: no avc denied for hal_health_default
Change-Id: I47043f64931c191063a0b3d5807ef814fa8b787f
Signed-off-by: Wasb Liu <wasbliu@google.com>
 2022-12-29 09:47:23 +00:00
Darren Hsu
3ea4ff4944 sepolicy: Allow hal_power_stats to access required sysfs 
Bug: 260366519
Bug: 260768935
Bug: 260922184
Bug: 261105152
Bug: 261363958
Bug: 261519183
Bug: 261651283
Bug: 261783107
Test: Captured bugreport and make sure there is no any avc denails
Test: related to hal_power_stats
Change-Id: Ic214dc1d8ea920b1bb8f700cd8b75918af3ab046
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-12-29 14:33:17 +08:00
Kris Chen
4963317cad zuma: fingerprint: fix SELinux denails 
Bug: 261105164
Test: boot with no relevant error on p23 device
Change-Id: I8d897693685591a042c5febfeca0121375749b8e
 2022-12-23 17:43:50 +08:00
Timmy Li
a6fd3e2122 Merge "Add hal_camera_default se linux file for zuma" 2022-12-23 03:47:09 +00:00
Chia-Ching Yu
0dfdbed76e Move the sepolicy setting of als_table to the new file. 
Bug: 261111968
Test: There is no als_table avc denied log after reboot.

Change-Id: I41f9472e6a17dd7fce021d916e3e626a81fe79cf
 2022-12-23 07:05:57 +08:00
timmyli
8d061f7ebc Add hal_camera_default se linux file for zuma 
Add hal_camera_default.te for zuma. Move referenced contexts and
settings to new zuma-sepolicy folders. Add hal_camera_default type declaration
to file.te

Bug: 261651093, 260366029, 263185135
Test: Build and test for hal_camera_default denials
Change-Id: Id0246f9ca8fd399853894e9e41548976ab44ccd0
 2022-12-22 21:41:11 +00:00
Dennycy
79210088c5 Sepolicy: Pixelstats: Battery history sepolicy 
avc: denied { read } for comm="pixelstats-vend" name="battery_history"
dev="tmpfs" ino=845 scontext=u:r:pixelstats_vendor:s0 tcontext=u
:object_r:battery_history_device:s0 tclass=chr_file permissive=1

Bug: 260366322
Test: No more battery_history sepolicy found
Change-Id: Ic5d351ed0e42d08b24b5fd0af2d9ebd155086bc9
Signed-off-by: Dennycy <dennycylee@google.com>
 2022-12-22 09:21:56 +00:00
Ernie Hsu
0faf3d2c7b Merge "mediacodec_samsung: add sepolicy for mfc codec" 2022-12-22 05:25:29 +00:00
Ernie Hsu
bb7586ac03 mediacodec_samsung: add sepolicy for mfc codec 
Add necessary sepolicy. Log and reason are added in review comment
move sysfs out from legacy setting

Bug: 262633502
Bug: 263049105
Bug: 262794577
Bug: 262794578
Bug: 262794634
Test: video playback
      SELinuxTest#scanBugreport
      SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I240f3fc4672a0d3133699f76a808573e172d23f2
 2022-12-22 03:46:04 +00:00
Chung-Kai (Michael) Mei
839546d2e3 Merge "Revert "Fix avc denials for powerhal"" 2022-12-21 08:39:31 +00:00
Chung-Kai (Michael) Mei
21426ea726 Revert "Fix avc denials for powerhal" 
This reverts commit 92e550d83f.

Reason for revert: here's duplicated setting

Change-Id: I4188deee0010c5dd10501fd9b36ae3876c412322
 2022-12-21 08:37:50 +00:00
TreeHugger Robot
aed7870cb2 Merge "Fix avc denials for powerhal" 2022-12-21 07:20:07 +00:00
TreeHugger Robot
e9868935cf Merge "mediacodec_google: updated sepolicy" 2022-12-21 04:58:31 +00:00
Chungkai Mei
92e550d83f Fix avc denials for powerhal 
Test: bott passed and no avc log after boot
Bug: 260769063
Bug: 261105028
Bug: 260366126
Bug: 261650934
Bug: 262178497
Bug: 262315567
Bug: 262633072
Change-Id: I84e5cdaeb8016bd3f5506a242ee8e3a58052ab07
Signed-off-by: Chungkai Mei <chungkai@google.com>
 2022-12-21 02:46:39 +00:00
Taylor Nelms
9f72e56d46 Merge "Modify permissions to allow dumpstate process to access decon_counters node" 2022-12-21 01:41:40 +00:00
Ruofei Ma
fd79c76365 mediacodec_google: updated sepolicy 
Add necessary sepolicy.

Bug: 262633230
Test: no avc denied for mediacodec_google

Change-Id: I0b2a8a12d9d9a6484cf899fabdf213b8c9a279e9
Signed-off-by: Ruofei Ma <ruofeim@google.com>
 2022-12-19 19:37:52 -08:00
Adam Shih
169b9143fb restart domains 
Bug: 254378739
Test: boot to home
Change-Id: I7d077b7c5edfb3bee07a05fda05e5076e515c7bf
 2022-12-20 08:50:43 +08:00
Adam Shih
be72019a1c restart domains 
Bug: 254378739
Test: boot to home
Change-Id: I6faa55132d52896c5138eb4dcff2bde3557dcf90
 2022-12-19 11:01:25 +08:00
Taylor Nelms
e7f915c920 Modify permissions to allow dumpstate process to access decon_counters node 
Bug: 240346564
Test: Build for P23 device with "user" build, check bugreport for decon_counters content
Change-Id: Iac569b53880f903aa6496cb24bdadc6e38975171
Signed-off-by: Taylor Nelms <tknelms@google.com>
 2022-12-16 16:50:49 +00:00
TreeHugger Robot
3406af9012 Merge "Add BrownoutDetected Events - zuma sepolicy" 2022-12-15 05:29:35 +00:00
Adam Shih
dc479f78a5 Merge "restart domains" 2022-12-15 03:15:49 +00:00
Adam Shih
419fa5774c create an empty dump file for wlan 
Bug: 261784587
Test: adb bugreport
Change-Id: I6a0e65e4624348f5f34cb618150a6978996dcdc9
 2022-12-14 13:33:33 +08:00
Adam Shih
ce44423468 restart domains 
Bug: 254378739
Test: boot to home
Change-Id: I427f1647d5a0a95e750fd59419575cdb7553111e
 2022-12-14 11:27:03 +08:00
Adam Shih
4b9a4886f1 restart domains 
Bug: 254378739
Test: boot to home
Change-Id: Ie67dbbdad041d84cddbabf62e98b0a8f2b1eadf2
 2022-12-14 09:19:54 +08:00