Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
469 commits 1 branch 0 tags 18 MiB
Commit graph

469 commits

This branch
This branch
All branches
Author SHA1 Message Date
Adam Shih
90d9b97221 Move HWC dump to gs-common 
Bug: 269212897
Test: adb bugreport
Change-Id: I616f0af4d9ba466d62d87e7fc912c8c3201f7f65
 2023-02-22 13:55:50 +08:00
Wilson Sung
bab5b72f86 Add hal_bootctl related policy 
Bug: 260522436
Bug: 264489609
Bug: 264483787
Change-Id: Iaa22899bb21ff41c1fa259830e5f49623ff8429b
 2023-02-21 19:59:04 +08:00
Wilson Sung
da09093d88 Enforce kernel domain 
Bug: 264490052
Test: boot-to-home
Change-Id: I383b689b5c26c08d66307b677e36b28f2ab6f7dd
 2023-02-21 19:29:15 +08:00
Wilson Sung
9457e5260e Temporary allow kernel access same_process_hal 
Add the access to unblock user build boot-to-home

Bug: 260522245
Change-Id: I98f77b2de4961120be9c6073afc18e12e2637e81
 2023-02-21 19:28:25 +08:00
Wilson Sung
86931fb2ea Remove vendor_fw_file related dontaudit 
Bug: 262794429
Bug: 261933155
Change-Id: I62b4037835a462b46b82df4059cdebf679c295b2
 2023-02-21 15:00:58 +08:00
leochuang
6747816919 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 269964558
Bug: 267714573
Bug: 269964574
Bug: 269812912
Change-Id: I61a274c01c6921b9b7e3df8814cf83f43bba342a
 2023-02-21 02:16:40 +00:00
Wilson Sung
e70b98af09 Revert "Revert "Update error on ROM 9624328"" 
This reverts commit d8572861e3.

Remove hal_googlebattery related denied

Bug: 269813282
Bug: 269813059
Bug: 268566481
Bug: 269812912
Merged-In: I25b0f417af3e741719f959aed79e7e330687e117
Change-Id: I25b0f417af3e741719f959aed79e7e330687e117
 2023-02-20 11:06:17 +00:00
Ken Yang
58a6a1e772 WLC: cleanup the unused hal_wlc policies 
Bug: 264489562
Bug: 262455719
Bug: 260366297
Bug: 260363384
Signed-off-by: Ken Yang <yangken@google.com>
(cherry picked from commit 6f9844d137)
Merged-In: I90b9e442082b8e03e76ce63aaee56e5882933449
Change-Id: I90b9e442082b8e03e76ce63aaee56e5882933449
 2023-02-20 11:05:53 +00:00
Ken Yang
670b22c2c7 WLC: cleanup WLC trakcing_denials 
Bug: 268566583
Signed-off-by: Ken Yang <yangken@google.com>
(cherry picked from commit da69d2a494)
Merged-In: I2b3fda7b1b84ff4407eee4017df351f9f1d3bb51
Change-Id: I2b3fda7b1b84ff4407eee4017df351f9f1d3bb51
 2023-02-20 11:05:25 +00:00
Kah Xuan Lim
4e270f1615 modem_svc_sit: grant modem property access 
Log message gotten before adding the policy:
avc: denied { connectto } for comm="modem_svc_sit" path="/dev/socket/property_service" scontext=u:r:modem_svc_sit:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1

Bug: 247669574
(cherry picked from commit 77ce224141)
Merged-In: Id5e66d94eb14c6979d3b93d54fd73634444cdea1
Change-Id: Id5e66d94eb14c6979d3b93d54fd73634444cdea1
 2023-02-20 11:04:11 +00:00
Wilson Sung
931ea0d342 allow bootctl to read devinfo 
Bug: 260522436
(cherry picked from commit 967da5da4f)
Merged-In: I41d2763ffe40d7465a11cc86612fed9f92905eff
Change-Id: I41d2763ffe40d7465a11cc86612fed9f92905eff
 2023-02-20 11:02:28 +00:00
Wilson Sung
676c7a674c Remove proc_vendor_sched obsolete denials 
Bug: 264490054
(cherry picked from commit 6545bc156a)
Change-Id: I308df50eefe611a0a87afc9a21387465487cc6ea
Merged-In: I308df50eefe611a0a87afc9a21387465487cc6ea
 2023-02-20 11:01:42 +00:00
Nicole Lee
7706be6c71 logger_app: don't audit default_prop and fix errors 
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger

Bug: 264489961
Bug: 269383459
Test: Make sure no avc denied for logger_app when using Pixel Logger
(cherry picked from commit ef1d13d86d)
Change-Id: I8999372d243286586eb53602e167fa111d39a00f
Merged-In: I8999372d243286586eb53602e167fa111d39a00f
 2023-02-20 11:00:59 +00:00
Sean.JS Tsai
8838f4e286 Merge "Revert "Update error on ROM 9624328"" into udc-dev 2023-02-20 05:59:29 +00:00
Sean.JS Tsai
d8572861e3 Revert "Update error on ROM 9624328" 
This reverts commit cf747f40d6.

Reason for revert: <b/269976373>

Change-Id: I1bee9c1da2571ab753c2193491ebc71b288b66b2
 2023-02-20 04:29:33 +00:00
TreeHugger Robot
ea203448fd Merge "Update error on ROM 9624328" into udc-dev 2023-02-20 03:28:27 +00:00
sukiliu
cf747f40d6 Update error on ROM 9624328 
Bug: 269813282
Bug: 269813059
Bug: 268566481
Bug: 269812912
Test: SELinuxUncheckedDenialBootTest
Change-Id: Id8cbfb7c55f2acdc3102b20cdbd2702b594992ba
 2023-02-20 10:28:33 +08:00
TreeHugger Robot
c012a8a10a Merge "hal_health_default: allow to access persist.vendor.shutdown.*" into udc-dev 2023-02-18 13:46:15 +00:00
Kuen-Han Tsai
d0ac5bffa3 SEPolicy: remove tracking denials for hal_usb 
Remove tracking denials since there is no avc denials related to hal_usb
found in the bug report.

Bug: 264483531
Bug: 264483531
Bug: 264482981
Bug: 264600052
Bug: 264482981
Bug: 264600052
Bug: 261651112
Test: Capture bugreport and check any denials related to hal_usb
Change-Id: I535c94c1112fc51f80b80c99562b43afee32ddd6
 2023-02-18 02:41:51 +00:00
neoyu
c0da946f48 Fix avc denied for hal_radioext_default 
avc: denied { call } for comm="HwBinder:782_1" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=binder permissive=0

Bug: 269684065
Test: manual
Change-Id: I5ebf280feafabf4688718197c79bd6c4cac6e8fe
 2023-02-17 08:39:47 +00:00
Ken Tsou
10e84d8327 hal_health_default: allow to access persist.vendor.shutdown.* 
msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 266181615
Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4
Signed-off-by: Ken Tsou <kentsou@google.com>
 2023-02-17 07:00:37 +00:00
Wilson Sung
3432cc6b0b Enforce system_server and remove obsolete denials 
Bug: 261519050
Bug: 262455682
Bug: 264489786
Test: boot to home and avc gone
Change-Id: I0a51e029a85af0a77faebfdcfe0b4dc26b71cca6
 2023-02-16 05:35:19 +00:00
Wilson Sung
c43a6186bf Add app_domain to con_monitor_app 
Bug: 261782930
Bug: 264490077
Test: boot to home and avc gone
Change-Id: I86a0793c93549172ee60397b9735ddcfe0d20bac
 2023-02-16 13:00:39 +08:00
TreeHugger Robot
061a2d7f82 Merge "Remove shell related denied" 2023-02-16 04:01:25 +00:00
Jayachandran C
b85f29bb54 Merge "Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets."" 2023-02-16 02:59:18 +00:00
Jayachandran C
75fc4f2051 Merge "Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding" 2023-02-16 02:59:18 +00:00
Wilson Sung
ae2403dca7 Remove shell related denied 
Bug: 260366321
Bug: 264489784
Change-Id: I21c5011358862ea911a3240aa0ff650d503514e9
 2023-02-16 02:21:56 +00:00
Neo Yu
a5eb63a4ca Merge "Fix avc denied for hal_radioext_default" 2023-02-16 00:34:33 +00:00
Jayachandran C
f54ab444ac Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding 
This fixes the follow denials

Vendor ImsStack denials
================
type=1400 audit(0.0:9): avc: denied { read write } for comm="pool-28-thread-" path="socket:[109431]" dev="sockfs" ino=109431 scontext=u:r:radio:s0 tcontext=u:r:vendor_ims_app:s0:c7,c257,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice

AOC denials
===========
type=1400 audit(0.0:11): avc: denied { write } for name="acd-audio_rtp_tx" dev="tmpfs" ino=1185 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
type=1400 audit(0.0:12): avc: denied { read } for name="acd-audio_rtp_rx" dev="tmpfs" ino=1186 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 259178236
Test: Manually verified on the device with AOC

Change-Id: I000c0c72d8a37ab5680caddd499977db66939bfa
 2023-02-15 22:20:56 +00:00
Jayachandran C
8a51382598 Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets." 
This reverts commit ebe77e31f4.

Reason for revert: Re-worked as part of ag/21259162
Bug: 259178236

Change-Id: I0494e71339c335b2efc2f23d4087f19184cfd1b5
 2023-02-15 21:31:26 +00:00
neoyu
8a9b4fde21 Fix avc denied for hal_radioext_default 
avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 269048898
Bug: 269045233
Test: manual
Change-Id: Ie5c926a8c22859d1ca2655b1bd91f36201f48285
 2023-02-15 17:58:39 +08:00
Wilson Sung
4ea1dcff3a Fix zram avc denied 
Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
 2023-02-15 08:23:49 +00:00
TreeHugger Robot
386ec7e920 Merge "Remove logger_app in bug_map" 2023-02-15 07:05:52 +00:00
Adam Shih
650b20d27f Merge "create cma dump" 2023-02-15 06:28:52 +00:00
Welly Hsu
5a441a9ca3 Merge "Remove unnecessary dontaudit for context euiccpixel_app" 2023-02-15 05:27:41 +00:00
Wilson Sung
83151d7383 Merge "Enforce bootanim and platform_app" 2023-02-15 05:19:59 +00:00
Adam Shih
c80283456e Merge "move devfreq dump to gs-common" 2023-02-15 04:54:22 +00:00
Adam Shih
a438fce84f create cma dump 
Bug: 240530709
Test: adb bugreport
Change-Id: I1a97098d73106a16c0be675a5d8f58183d5f9531
 2023-02-15 12:41:31 +08:00
Adam Shih
efa506d012 move devfreq dump to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: Ica18fa60ed1da44eb587ffe59370e87b393e69fb
 2023-02-15 11:11:44 +08:00
Wilson Sung
c1a0ef2fe6 Enforce bootanim and platform_app 
Bug: 264489606
Bug: 264490036
Change-Id: I16ed01bbb93ae2b5d5d6609ffd1f2bc0e3dc39ca
 2023-02-15 10:36:08 +08:00
Shashank Sharma
7cd2e4b765 Merge "arm_mali_platform_service: register gpu selinux service" 2023-02-15 02:11:19 +00:00
Welly Hsu
0b3bc92066 Remove unnecessary dontaudit for context euiccpixel_app 
bug: 260522203
bug: 260922442
bug: 262455954
bug: 260522040
bug: 260768358
bug: 261933311

Test:
1. m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
2. eSIM OS version check & OS upgrade successfully without avc error

Change-Id: I6e0771a5794a42af5e187e35881e6de06e01fff0
 2023-02-15 02:08:27 +00:00
George Chang
378fc6f5cf Merge "Remove dontaudit for secure_element" 2023-02-15 00:33:49 +00:00
Shashank Sharma
7cbda60f3e arm_mali_platform_service: register gpu selinux service 
Fix avc denied issues.

Bug: 261105374
Bug: 260768402
Bug: 260922162
Bug: 261105092
Bug: 264483754
Test: No AVC denied logs after reboot.
Change-Id: I6448b3e0df9b5deeb953498fa623810eadb3ff67
 2023-02-14 23:34:14 +00:00
TreeHugger Robot
996a7ad4ff Merge "storage: remove init tracking_denials rule" 2023-02-14 22:51:57 +00:00
TreeHugger Robot
bf60294e77 Merge "Map AIDL Gatekeeper to same policy as HIDL version" 2023-02-14 18:55:51 +00:00
Dinesh Yadav
dec248fa9a Merge "Remove b/264321380 from bug map" 2023-02-14 11:33:11 +00:00
Nicole Lee
95bf6d4b20 Remove logger_app in bug_map 
Bug: 264600084
Bug: 264600053
Change-Id: I5aa4dc83806c001e2cd3808cb998c39e4e3bd524
 2023-02-14 09:29:29 +00:00
Randall Huang
eafa9d0fbe Merge "storage: remove dumpstate tracking_denial rule" 2023-02-14 08:35:13 +00:00
TreeHugger Robot
dd28add0e4 Merge "Revert "Revert "update error on ROM 9588633""" 2023-02-14 08:06:21 +00:00