Wilson Sung
d0105abe01
Add sensor boot-to-home required policy
...
Test: boot-to-home
Fix: 261105336
Change-Id: I772ff7a294cc5d2448361c164d4e671a41c92c8d
2023-03-02 02:39:15 +00:00
Richard Chang
3c52a9ab3b
Merge "sepolicy: update init.te for zram device" into udc-dev
2023-03-01 04:28:58 +00:00
Richard Chang
ee8c7c2df2
sepolicy: update init.te for zram device
...
Bug: 269221861
Bug: 270633329
Test: Boot
Change-Id: I050e9a72006dcd0b71ba1232e38e5f96bce4c967
2023-03-01 02:04:24 +00:00
TreeHugger Robot
627e6c1648
Merge "Update bug_map" into udc-dev
2023-02-28 23:56:31 +00:00
Xu Han
fe5bb58212
Update bug_map
...
Bug: 264483024
Test: Build.
Change-Id: I9a1574b5997d9ac5d26100254c7e20b81930df50
2023-02-28 09:34:58 -08:00
Wilson Sung
546b787a40
Add SSR property access and remove obsolete denials
...
Bug: 268572164
Change-Id: I5756510b2eb2696aade93dd6b15a111f5dca58ef
2023-02-24 10:33:45 +00:00
Amy Hsu
ae4c77ebda
Merge "Revise sepolicy because of refactor HbmSvManager" into udc-dev
2023-02-24 08:14:49 +00:00
Amy Hsu
c186dbd6db
Revise sepolicy because of refactor HbmSvManager
...
1. Set sepolicy correctly, make it the same as gs201.
2. Rename hbmsvmanager to pixeldisplayservice due to refactor.
3. Add arm_mali_platform_service for pixeldisplayservcice
Bug: 241498235
Bug: 262794939
Bug: 263185136
Bug: 264489797
Test: Verify LBE and shadow compensation functions.
Make sure there is no avc denied.
Change-Id: I2a4bb5d6b863edc00b789fd6df8d46f90164d9f2
2023-02-24 02:06:35 +00:00
sukiliu
362a8ac82c
Update SELinux error
...
Test: SELinuxUncheckedDenialBootTest
Bug: 270633329
Change-Id: Ia7af3ec3ee9c8b80e22a8eb55fd61d58b6c73980
2023-02-24 09:59:58 +08:00
TreeHugger Robot
3d1d5e0b15
Merge "Partially revert commit e70b98af09
." into udc-dev
2023-02-23 16:13:11 +00:00
Richard Chang
d207b85ab3
Merge "sepolicy: clean up tracking_denials for zram" into udc-dev
2023-02-23 07:37:28 +00:00
Ian Kasprzak
1b1fe4d3cc
Partially revert commit e70b98af09
.
...
Remove twoshay references, with commit 9019c55645
reverted it references a non-existent file.
Bug: b/270434708
Test: Verified with go/abtd build
Reason for revert: b/270434708 - Breaks git_udc-d1-dev-plus-aosp-without-vendor builds.
Change-Id: I5705d214218107226ae3dd4959406f3ec05afa90
2023-02-23 05:45:07 +00:00
Richard Chang
e6f6cca02a
sepolicy: clean up tracking_denials for zram
...
The zram SELinux errors didn't exist in recent build
(9633105, 9642683).
Remove the record in tracking_denials/init.te.
Bug: 269221861
Test: Check log
Change-Id: I4057aaf960aef885d4d894ae5dc51f93e71afd83
2023-02-23 03:57:57 +00:00
Wilson Sung
fb2e376d26
Add chre policy
...
Bug: 260522435
Bug: 261105224
Test: boot-to-home
Change-Id: Icd8f1ad497357bbbcb9e34509c736f3976ff0ac7
2023-02-23 11:05:15 +08:00
Wilson Sung
6f141a6526
Remove camera dontaudit
...
Bug: 267843409
Bug: 268226491
Change-Id: Idce5518072fc266b45c2fbc5269915b19ceb19e8
2023-02-23 11:04:47 +08:00
Wilson Sung
328cbaaa41
Remove touch_context_service to avoid compile error
...
Bug: 270157082
Change-Id: I1d5d573ddb1d7323e7c66386928074fd06cfc484
2023-02-22 11:16:15 +08:00
Wilson Sung
bab5b72f86
Add hal_bootctl related policy
...
Bug: 260522436
Bug: 264489609
Bug: 264483787
Change-Id: Iaa22899bb21ff41c1fa259830e5f49623ff8429b
2023-02-21 19:59:04 +08:00
Wilson Sung
da09093d88
Enforce kernel domain
...
Bug: 264490052
Test: boot-to-home
Change-Id: I383b689b5c26c08d66307b677e36b28f2ab6f7dd
2023-02-21 19:29:15 +08:00
Wilson Sung
9457e5260e
Temporary allow kernel access same_process_hal
...
Add the access to unblock user build boot-to-home
Bug: 260522245
Change-Id: I98f77b2de4961120be9c6073afc18e12e2637e81
2023-02-21 19:28:25 +08:00
Wilson Sung
86931fb2ea
Remove vendor_fw_file related dontaudit
...
Bug: 262794429
Bug: 261933155
Change-Id: I62b4037835a462b46b82df4059cdebf679c295b2
2023-02-21 15:00:58 +08:00
leochuang
6747816919
Update SELinux error
...
Test: SELinuxUncheckedDenialBootTest
Bug: 269964558
Bug: 267714573
Bug: 269964574
Bug: 269812912
Change-Id: I61a274c01c6921b9b7e3df8814cf83f43bba342a
2023-02-21 02:16:40 +00:00
Wilson Sung
e70b98af09
Revert "Revert "Update error on ROM 9624328""
...
This reverts commit d8572861e3
.
Remove hal_googlebattery related denied
Bug: 269813282
Bug: 269813059
Bug: 268566481
Bug: 269812912
Merged-In: I25b0f417af3e741719f959aed79e7e330687e117
Change-Id: I25b0f417af3e741719f959aed79e7e330687e117
2023-02-20 11:06:17 +00:00
Ken Yang
58a6a1e772
WLC: cleanup the unused hal_wlc policies
...
Bug: 264489562
Bug: 262455719
Bug: 260366297
Bug: 260363384
Signed-off-by: Ken Yang <yangken@google.com>
(cherry picked from commit 6f9844d137
)
Merged-In: I90b9e442082b8e03e76ce63aaee56e5882933449
Change-Id: I90b9e442082b8e03e76ce63aaee56e5882933449
2023-02-20 11:05:53 +00:00
Ken Yang
670b22c2c7
WLC: cleanup WLC trakcing_denials
...
Bug: 268566583
Signed-off-by: Ken Yang <yangken@google.com>
(cherry picked from commit da69d2a494
)
Merged-In: I2b3fda7b1b84ff4407eee4017df351f9f1d3bb51
Change-Id: I2b3fda7b1b84ff4407eee4017df351f9f1d3bb51
2023-02-20 11:05:25 +00:00
Wilson Sung
931ea0d342
allow bootctl to read devinfo
...
Bug: 260522436
(cherry picked from commit 967da5da4f
)
Merged-In: I41d2763ffe40d7465a11cc86612fed9f92905eff
Change-Id: I41d2763ffe40d7465a11cc86612fed9f92905eff
2023-02-20 11:02:28 +00:00
Wilson Sung
676c7a674c
Remove proc_vendor_sched obsolete denials
...
Bug: 264490054
(cherry picked from commit 6545bc156a
)
Change-Id: I308df50eefe611a0a87afc9a21387465487cc6ea
Merged-In: I308df50eefe611a0a87afc9a21387465487cc6ea
2023-02-20 11:01:42 +00:00
Nicole Lee
7706be6c71
logger_app: don't audit default_prop and fix errors
...
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
Bug: 264489961
Bug: 269383459
Test: Make sure no avc denied for logger_app when using Pixel Logger
(cherry picked from commit ef1d13d86d
)
Change-Id: I8999372d243286586eb53602e167fa111d39a00f
Merged-In: I8999372d243286586eb53602e167fa111d39a00f
2023-02-20 11:00:59 +00:00
Sean.JS Tsai
d8572861e3
Revert "Update error on ROM 9624328"
...
This reverts commit cf747f40d6
.
Reason for revert: <b/269976373>
Change-Id: I1bee9c1da2571ab753c2193491ebc71b288b66b2
2023-02-20 04:29:33 +00:00
sukiliu
cf747f40d6
Update error on ROM 9624328
...
Bug: 269813282
Bug: 269813059
Bug: 268566481
Bug: 269812912
Test: SELinuxUncheckedDenialBootTest
Change-Id: Id8cbfb7c55f2acdc3102b20cdbd2702b594992ba
2023-02-20 10:28:33 +08:00
Kuen-Han Tsai
d0ac5bffa3
SEPolicy: remove tracking denials for hal_usb
...
Remove tracking denials since there is no avc denials related to hal_usb
found in the bug report.
Bug: 264483531
Bug: 264483531
Bug: 264482981
Bug: 264600052
Bug: 264482981
Bug: 264600052
Bug: 261651112
Test: Capture bugreport and check any denials related to hal_usb
Change-Id: I535c94c1112fc51f80b80c99562b43afee32ddd6
2023-02-18 02:41:51 +00:00
Wilson Sung
3432cc6b0b
Enforce system_server and remove obsolete denials
...
Bug: 261519050
Bug: 262455682
Bug: 264489786
Test: boot to home and avc gone
Change-Id: I0a51e029a85af0a77faebfdcfe0b4dc26b71cca6
2023-02-16 05:35:19 +00:00
Wilson Sung
c43a6186bf
Add app_domain to con_monitor_app
...
Bug: 261782930
Bug: 264490077
Test: boot to home and avc gone
Change-Id: I86a0793c93549172ee60397b9735ddcfe0d20bac
2023-02-16 13:00:39 +08:00
Wilson Sung
ae2403dca7
Remove shell related denied
...
Bug: 260366321
Bug: 264489784
Change-Id: I21c5011358862ea911a3240aa0ff650d503514e9
2023-02-16 02:21:56 +00:00
Wilson Sung
4ea1dcff3a
Fix zram avc denied
...
Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
2023-02-15 08:23:49 +00:00
TreeHugger Robot
386ec7e920
Merge "Remove logger_app in bug_map"
2023-02-15 07:05:52 +00:00
Welly Hsu
5a441a9ca3
Merge "Remove unnecessary dontaudit for context euiccpixel_app"
2023-02-15 05:27:41 +00:00
Wilson Sung
c1a0ef2fe6
Enforce bootanim and platform_app
...
Bug: 264489606
Bug: 264490036
Change-Id: I16ed01bbb93ae2b5d5d6609ffd1f2bc0e3dc39ca
2023-02-15 10:36:08 +08:00
Shashank Sharma
7cd2e4b765
Merge "arm_mali_platform_service: register gpu selinux service"
2023-02-15 02:11:19 +00:00
Welly Hsu
0b3bc92066
Remove unnecessary dontaudit for context euiccpixel_app
...
bug: 260522203
bug: 260922442
bug: 262455954
bug: 260522040
bug: 260768358
bug: 261933311
Test:
1. m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
2. eSIM OS version check & OS upgrade successfully without avc error
Change-Id: I6e0771a5794a42af5e187e35881e6de06e01fff0
2023-02-15 02:08:27 +00:00
George Chang
378fc6f5cf
Merge "Remove dontaudit for secure_element"
2023-02-15 00:33:49 +00:00
Shashank Sharma
7cbda60f3e
arm_mali_platform_service: register gpu selinux service
...
Fix avc denied issues.
Bug: 261105374
Bug: 260768402
Bug: 260922162
Bug: 261105092
Bug: 264483754
Test: No AVC denied logs after reboot.
Change-Id: I6448b3e0df9b5deeb953498fa623810eadb3ff67
2023-02-14 23:34:14 +00:00
TreeHugger Robot
996a7ad4ff
Merge "storage: remove init tracking_denials rule"
2023-02-14 22:51:57 +00:00
Dinesh Yadav
dec248fa9a
Merge "Remove b/264321380 from bug map"
2023-02-14 11:33:11 +00:00
Nicole Lee
95bf6d4b20
Remove logger_app in bug_map
...
Bug: 264600084
Bug: 264600053
Change-Id: I5aa4dc83806c001e2cd3808cb998c39e4e3bd524
2023-02-14 09:29:29 +00:00
Randall Huang
eafa9d0fbe
Merge "storage: remove dumpstate tracking_denial rule"
2023-02-14 08:35:13 +00:00
TreeHugger Robot
dd28add0e4
Merge "Revert "Revert "update error on ROM 9588633"""
2023-02-14 08:06:21 +00:00
Randall Huang
f6600b7f72
storage: remove init tracking_denials rule
...
Bug: 262794360
Test: boot to home
Change-Id: Iaea58cc0a1a572a651f7cb01d9b4ba19ff515269
Signed-off-by: Randall Huang <huangrandall@google.com>
2023-02-14 15:51:57 +08:00
Randall Huang
da5df9cd20
storage: remove dumpstate tracking_denial rule
...
Bug: 261933169
Test: no scsi avc denial when generating bugreport
Change-Id: Iecf98c248a2ad28d05095b7c91b8695dd92486be
Signed-off-by: Randall Huang <huangrandall@google.com>
2023-02-14 07:13:54 +00:00
Wilson Sung
cc76d0f05b
Revert "Revert "update error on ROM 9588633""
...
This reverts commit 9290d7c45b
.
Add hal_googlebattery related denied to bug_map
Bug: 268566583
Bug: 268572197
Bug: 268572164
Change-Id: Iabfcfb28f69c118707fb64c34e2882ea0a49a776
2023-02-14 15:05:12 +08:00
Ken Yang
8893d42439
Remove hal_vibrator_default in bug_map
...
Remove hal_vibrator_default in bug_map due to my incorrect rebase
Bug: 264483356
Change-Id: I25310ad9f6d2c16d90f20969cbfc792f34584c93
Signed-off-by: Ken Yang <yangken@google.com>
2023-02-14 06:56:52 +00:00