Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1146 commits 1 branch 0 tags 18 MiB
Commit graph

437 commits

Author SHA1 Message Date
Treehugger Robot
6dba4fa8b3 Merge "Camera: Allow rw access to TEE devices" into udc-d1-dev am: b51385226b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22743594

Change-Id: I0529653e75ab3bbe0815a7b9eeef4f0a5db0849f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-19 21:12:32 +00:00
Treehugger Robot
b51385226b Merge "Camera: Allow rw access to TEE devices" into udc-d1-dev 2023-04-19 20:02:33 +00:00
Edmond Chung
57d920f582 Camera: Allow rw access to TEE devices 
This is to enable face authentication on P23 devices.

Bug: 278898746
Test: Build, face authentication
Change-Id: I75311770a9780e0d97a9240b589e4e4cd9e2dc56
 2023-04-19 11:18:14 -07:00
Dave Mankoff
73cb48bef6 Merge "Give SystemUI access to necessary selinux properties." into udc-d1-dev am: 633f19376e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22603639

Change-Id: I39974b746d4bddff960fcad6ff2ecb7047615360
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-18 18:30:03 +00:00
Dave Mankoff
633f19376e Merge "Give SystemUI access to necessary selinux properties." into udc-d1-dev 2023-04-18 17:50:42 +00:00
Dave Mankoff
78b9dcdb69 Give SystemUI access to necessary selinux properties. 
Other errors mentioned in the bugs are already absent.

Fixes: 269964574
Fixes: 272628396
Fixes: 272628174
Test: built and flash device. No selinux errors printed.
Change-Id: Ic285b1f5a2ce6973899011a7c6a596e807c3e933
 2023-04-17 14:28:59 +00:00
Bruno BELANYI
33c0bf3aad Merge "Move ARM runtime option SELinux rules out of 'legacy/'" into udc-d1-dev am: ac239dd97d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22627129

Change-Id: Id46dee4c6dfc14fc86748fc88dc5ef96a0b0f708
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 11:27:59 +00:00
Jenny Ho
cddf77cdac Merge "sepolicy: fix charger_vendor permission denied" into udc-d1-dev am: 2e3228660e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22606969

Change-Id: Ifcf4b4a1f1654519eb756d658d0d1a14c5495e16
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 11:26:46 +00:00
Bruno BELANYI
ac239dd97d Merge "Move ARM runtime option SELinux rules out of 'legacy/'" into udc-d1-dev 2023-04-17 11:00:08 +00:00
Jenny Ho
2e3228660e Merge "sepolicy: fix charger_vendor permission denied" into udc-d1-dev 2023-04-17 10:56:58 +00:00
Dinesh Yadav
56658f83ed Merge "Add se-policies for google_camera_app from pro" into udc-d1-dev am: 39b4b20545 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22414449

Change-Id: I1a7ccce3db7dee7e1b816af6a4703baa2f03ef3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 09:05:27 +00:00
Dinesh Yadav
39b4b20545 Merge "Add se-policies for google_camera_app from pro" into udc-d1-dev 2023-04-17 08:32:26 +00:00
Jenny Ho
6f201db16a sepolicy: fix charger_vendor permission denied 
type=1400 audit(1679973171.472:14): avc: denied { search } for comm="android.hardwar" name="vendor" dev="tmpfs" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0
type=1400 audit(1679973171.256:10): avc: denied { read } for comm="android.hardwar" name="stat" dev="sysfs" ino=67924 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0␍␊
type=1107 audit(1679973171.472:20): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.battery.defender.state pid=414 uid=1000 gid=1000 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=property_service permissive=0
type=1400 audit(1679973171.476:23): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_battery_defender_prop:s0" dev="tmpfs" ino=356 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=file permissive=0
type=1400 audit(1679973171.472:21): avc: denied { write } for comm="android.hardwar" name="capacity" dev="sysfs" ino=74690 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0
type=1400 audit(1679973171.476:32): avc: denied { read } for comm="android.hardwar" name="u:object_r:default_prop:s0" dev="tmpfs" ino=164 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
type=1400 audit(1681358719.792:6): avc:  denied  { search } for  comm="android.hardwar" name="/" dev="sda1" ino=3 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0

Bug: 277898259
Change-Id: I055eaab6df7c4549cc3817aaec80b0f85ec3b475
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2023-04-17 07:24:32 +00:00
Treehugger Robot
cccb610bb4 Merge "allow vendor_init to acces watermark_scale_factor" into udc-d1-dev 2023-04-17 03:05:35 +00:00
Martin Liu
2c2e198e61 allow vendor_init to acces watermark_scale_factor 
Bug: 278075546
Test: boot
Change-Id: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0
Signed-off-by: Martin Liu <liumartin@google.com>
 2023-04-16 04:05:34 +00:00
Martin Liu
fe24903d2c allow vendor_init to acces watermark_scale_factor 
Bug: 278075546
Test: boot
Change-Id: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0
Merged-in: Ib5fc92b4f21ca9b1ff6fdd3a32c97117cc12aac0
Signed-off-by: Martin Liu <liumartin@google.com>
 2023-04-16 03:59:57 +00:00
Bruno BELANYI
cd905228d1 Move ARM runtime option SELinux rules out of 'legacy/' 
Addressing some review feedback on ag/22381542 about this folder being
removed in the future.

Bug: b/272740524
Test: CtsDeqpTestCases (dEQP-VK.protected_memory.stack.stacksize_*)
Change-Id: I8506da9b80fe060cd5093acafd58594e4db3341b
 2023-04-14 09:20:40 +00:00
Dinesh Yadav
b8b2445251 Add se-policies for google_camera_app from pro 
- Found selinux violations on google_camera_app for these services which are fixed after these changes are included.

Bug: 264490031
Change-Id: Ib6f4a8a548425b0b98ed9b69edff6c973b9cbe3e
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-04-14 03:59:03 +00:00
TreeHugger Robot
065f1c5a75 Merge "Suppress bootanim behavior meant for Android Wear devices" into udc-d1-dev am: 89d4a4df13 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22098965

Change-Id: I041686fffcd34b58026080c4e6538adfaf8a3407
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 03:46:21 +00:00
TreeHugger Robot
89d4a4df13 Merge "Suppress bootanim behavior meant for Android Wear devices" into udc-d1-dev 2023-04-14 03:19:53 +00:00
Treehugger Robot
a04af8a730 Merge "Remove ofl_app selinux policy" into udc-d1-dev am: 224eebae32 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22601630

Change-Id: I64cac9c1b589c2f5be6ac74b9339d6ee5f8af42a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 02:55:52 +00:00
Treehugger Robot
224eebae32 Merge "Remove ofl_app selinux policy" into udc-d1-dev 2023-04-14 02:11:22 +00:00
Treehugger Robot
e3fcb41f40 Merge "Update rules for android.hardware.secure_element-service.thales" into udc-d1-dev am: fde5823b6f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22601631

Change-Id: Ie60f65e8ee6f88a0f4f03fdb10c3caadf7865504
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-14 01:54:41 +00:00
Treehugger Robot
fde5823b6f Merge "Update rules for android.hardware.secure_element-service.thales" into udc-d1-dev 2023-04-14 01:21:56 +00:00
Ankit Goyal
d9655a4999 Add sepolicy for framebuffer-secure heap am: 9576cfaca7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21990547

Change-Id: I39b3df563b40fabb4ae836ecb196ca4ec3a20509
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 22:32:19 +00:00
Ankit Goyal
9576cfaca7 Add sepolicy for framebuffer-secure heap 
Bug: 245053092
Test: Secure video playback
Change-Id: I715ea5a4e9ee70ec2a022351b9e722a25bfb9f93
 2023-04-13 13:47:11 -07:00
Sayanna Chandula
e94b921ca4 Merge "thermal: enable pixelstats access to thermal metrics" into udc-d1-dev am: 34ff37262f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22559579

Change-Id: I3fb332012004c2e91b8bcc858dcfbdc12e5c8679
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 20:43:22 +00:00
Sayanna Chandula
34ff37262f Merge "thermal: enable pixelstats access to thermal metrics" into udc-d1-dev 2023-04-13 20:26:31 +00:00
Yixuan Wang
98bffc0a44 Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev am: 2c0e44805a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22613725

Change-Id: Ia79eb1e60a6fe53a2155874be0f83be644c1d9f6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 20:18:36 +00:00
Yixuan Wang
2c0e44805a Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev 2023-04-13 19:38:38 +00:00
Joner Lin
44155e103e Merge "allow bthal to access vendor bluetooth folder" into udc-d1-dev am: edd47032af 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22271813

Change-Id: Ic8fa74d729ca69d7c051c19848b9a0113e23bac3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 14:26:11 +00:00
Joner Lin
edd47032af Merge "allow bthal to access vendor bluetooth folder" into udc-d1-dev 2023-04-13 13:57:32 +00:00
George
95d0a4b76f Update rules for android.hardware.secure_element-service.thales 
A new domain hal_secure_element_st54spi_aidl for AIDL HAL

Bug: 261566299
Test: run cts -m CtsOmapiTestCases
Test: atest VtsAidlHalNfcTargetTest
Change-Id: Id76a3f3337e2ee72031b39975eb010178855f36f
 2023-04-13 11:02:49 +00:00
Lily Lin
6f41705151 Remove ofl_app selinux policy 
OFLAgent is deprecated in ag/22504130. This CL is to remove ofl_app
selinux policy.

Bug: 224611871
Test: adb bugreport
Change-Id: I2264d79b8fe4084c3acd65db8f5384bb08216c5f
(cherry picked from commit 0fed5cc2b6cae6aebb411a58319474798d2fb25a)
 2023-04-13 10:49:13 +00:00
Yixuan Wang
1095231e38 Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for 
chre

[ 7.760870] type=1400 audit(1669944054.440:61): avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1099 scontext=u:r:hal_contexthub_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
[ 12.519414] type=1400 audit(1669944059.196:138): avc: denied {connectto } for comm="android.hardwar" path="/dev/socket/chre"scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1

Bug: 264489794
Bug: 261105224
Test: atest scanAvcDeniedLogRightAfterReboot
Change-Id: I7bf13913188deedc987f82e54626a18357ab84c5
 2023-04-13 06:43:41 +00:00
Wilson Sung
3df3008917 Suppress bootanim behavior meant for Android Wear devices 
Fix: 260522279
Test: boot-to-home and no bootanim avc error
Change-Id: I29d4168720887bc2f90d5f7ad20367887f9cae51
 2023-04-13 00:00:38 +00:00
Minchan Kim
a382f85f96 move vendor_cma_debugfs into gs-common 
The CMA dump is common feature for pixel devices so move
it to gs-common.

Bug: 276901078
Test: dumpstate_board.txt on adb bugreport includes the info
Change-Id: I46be7899939da3ae7e9323a0d3ee92f4b3759acf
Signed-off-by: Minchan Kim <minchan@google.com>
(cherry picked from commit afb8d91c5dd0df836c6c8a53963b44e23005efb7)
 2023-04-12 13:25:46 +00:00
Minchan Kim
11e5da54ef Merge "remove dump_cma" 2023-04-12 03:25:58 +00:00
Wilson Sung
bf1baa3448 Merge "Add recovery related policy" into udc-d1-dev am: 5bee37db26 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22574699

Change-Id: Iafa23558e51dbc2608ff3158cd7b1259253f25cf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 01:55:36 +00:00
Wilson Sung
5bee37db26 Merge "Add recovery related policy" into udc-d1-dev 2023-04-12 01:44:17 +00:00
Treehugger Robot
eefef62f70 Merge "Add btbcm wakelock node context" into udc-d1-dev am: bc7379022a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22572817

Change-Id: Ie49fcc84a41c924558050f7d4a283a915bc68b84
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 01:40:12 +00:00
Minchan Kim
1b4fae5ce3 remove dump_cma 
We will introduce it into gs-common

Bug: 276901078
Change-Id: I56a0c67fb09563baacbabf738625bf748ab80378
Signed-off-by: Minchan Kim <minchan@google.com>
 2023-04-12 01:22:08 +00:00
Treehugger Robot
bc7379022a Merge "Add btbcm wakelock node context" into udc-d1-dev 2023-04-12 00:32:46 +00:00
Wilson Sung
c2eedff70c Add recovery related policy 
Fix: 275143841
Fix: 264490092
Test: adb sideload and no avc error
Change-Id: I52003c9417560a6c5dab815a6929681710f0b0a4
 2023-04-12 03:46:54 +08:00
Wei Wang
87214b4c2c Merge "sepolicy: label bci and dsu max frequency" into udc-d1-dev am: 4cd8d2fef9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22497095

Change-Id: I27ceda44c1a2baeb2450c56cbfed0762b68274ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-11 17:05:18 +00:00
jonerlin
940b51e1e4 allow bthal to access vendor bluetooth folder 
Bug: 240636731
Test: enable vendor btsnoop property and check the vendor snoop log
Change-Id: Ib7c36e7398bdbe7abc2f3b2dba684f95a4ce90a8
 2023-04-11 17:01:40 +00:00
Wei Wang
4cd8d2fef9 Merge "sepolicy: label bci and dsu max frequency" into udc-d1-dev 2023-04-11 16:14:29 +00:00
Wilson Sung
2e19e54fe5 Add btbcm wakelock node context 
avc: denied { read } for name="wakeup178" dev="sysfs" ino=119871 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0

Bug: 277717252
Test: boot-to-home and no avc error
Change-Id: I82ed45ff6bf28c0cf2237098c54b6ead59c6c284
 2023-04-11 11:02:26 +00:00
Wilson Sung
9e250f4a12 Allow update_engine to change slot am: 79b4b329f0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22563758

Change-Id: I38ef79ff33c61540b5240e31a5b2309973c41185
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-11 04:36:20 +00:00
Wilson Sung
79b4b329f0 Allow update_engine to change slot 
Bug: 275143841
Change-Id: Id9e19ae74a32521ab083eff87e4e3e583f881bbb
 2023-04-11 11:03:12 +08:00