Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
561 commits 1 branch 0 tags 18 MiB
Commit graph

561 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ken Yang
670b22c2c7 WLC: cleanup WLC trakcing_denials 
Bug: 268566583
Signed-off-by: Ken Yang <yangken@google.com>
(cherry picked from commit da69d2a494)
Merged-In: I2b3fda7b1b84ff4407eee4017df351f9f1d3bb51
Change-Id: I2b3fda7b1b84ff4407eee4017df351f9f1d3bb51
 2023-02-20 11:05:25 +00:00
Kah Xuan Lim
4e270f1615 modem_svc_sit: grant modem property access 
Log message gotten before adding the policy:
avc: denied { connectto } for comm="modem_svc_sit" path="/dev/socket/property_service" scontext=u:r:modem_svc_sit:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1

Bug: 247669574
(cherry picked from commit 77ce224141)
Merged-In: Id5e66d94eb14c6979d3b93d54fd73634444cdea1
Change-Id: Id5e66d94eb14c6979d3b93d54fd73634444cdea1
 2023-02-20 11:04:11 +00:00
Wilson Sung
931ea0d342 allow bootctl to read devinfo 
Bug: 260522436
(cherry picked from commit 967da5da4f)
Merged-In: I41d2763ffe40d7465a11cc86612fed9f92905eff
Change-Id: I41d2763ffe40d7465a11cc86612fed9f92905eff
 2023-02-20 11:02:28 +00:00
Wilson Sung
676c7a674c Remove proc_vendor_sched obsolete denials 
Bug: 264490054
(cherry picked from commit 6545bc156a)
Change-Id: I308df50eefe611a0a87afc9a21387465487cc6ea
Merged-In: I308df50eefe611a0a87afc9a21387465487cc6ea
 2023-02-20 11:01:42 +00:00
Nicole Lee
7706be6c71 logger_app: don't audit default_prop and fix errors 
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger

Bug: 264489961
Bug: 269383459
Test: Make sure no avc denied for logger_app when using Pixel Logger
(cherry picked from commit ef1d13d86d)
Change-Id: I8999372d243286586eb53602e167fa111d39a00f
Merged-In: I8999372d243286586eb53602e167fa111d39a00f
 2023-02-20 11:00:59 +00:00
Sean.JS Tsai
8838f4e286 Merge "Revert "Update error on ROM 9624328"" into udc-dev 2023-02-20 05:59:29 +00:00
Sean.JS Tsai
d8572861e3 Revert "Update error on ROM 9624328" 
This reverts commit cf747f40d6.

Reason for revert: <b/269976373>

Change-Id: I1bee9c1da2571ab753c2193491ebc71b288b66b2
 2023-02-20 04:29:33 +00:00
TreeHugger Robot
ea203448fd Merge "Update error on ROM 9624328" into udc-dev 2023-02-20 03:28:27 +00:00
sukiliu
cf747f40d6 Update error on ROM 9624328 
Bug: 269813282
Bug: 269813059
Bug: 268566481
Bug: 269812912
Test: SELinuxUncheckedDenialBootTest
Change-Id: Id8cbfb7c55f2acdc3102b20cdbd2702b594992ba
 2023-02-20 10:28:33 +08:00
TreeHugger Robot
c012a8a10a Merge "hal_health_default: allow to access persist.vendor.shutdown.*" into udc-dev 2023-02-18 13:46:15 +00:00
Kuen-Han Tsai
d0ac5bffa3 SEPolicy: remove tracking denials for hal_usb 
Remove tracking denials since there is no avc denials related to hal_usb
found in the bug report.

Bug: 264483531
Bug: 264483531
Bug: 264482981
Bug: 264600052
Bug: 264482981
Bug: 264600052
Bug: 261651112
Test: Capture bugreport and check any denials related to hal_usb
Change-Id: I535c94c1112fc51f80b80c99562b43afee32ddd6
 2023-02-18 02:41:51 +00:00
neoyu
c0da946f48 Fix avc denied for hal_radioext_default 
avc: denied { call } for comm="HwBinder:782_1" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=binder permissive=0

Bug: 269684065
Test: manual
Change-Id: I5ebf280feafabf4688718197c79bd6c4cac6e8fe
 2023-02-17 08:39:47 +00:00
Ken Tsou
10e84d8327 hal_health_default: allow to access persist.vendor.shutdown.* 
msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 266181615
Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4
Signed-off-by: Ken Tsou <kentsou@google.com>
 2023-02-17 07:00:37 +00:00
Wilson Sung
3432cc6b0b Enforce system_server and remove obsolete denials 
Bug: 261519050
Bug: 262455682
Bug: 264489786
Test: boot to home and avc gone
Change-Id: I0a51e029a85af0a77faebfdcfe0b4dc26b71cca6
 2023-02-16 05:35:19 +00:00
Wilson Sung
c43a6186bf Add app_domain to con_monitor_app 
Bug: 261782930
Bug: 264490077
Test: boot to home and avc gone
Change-Id: I86a0793c93549172ee60397b9735ddcfe0d20bac
 2023-02-16 13:00:39 +08:00
TreeHugger Robot
061a2d7f82 Merge "Remove shell related denied" 2023-02-16 04:01:25 +00:00
Jayachandran C
b85f29bb54 Merge "Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets."" 2023-02-16 02:59:18 +00:00
Jayachandran C
75fc4f2051 Merge "Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding" 2023-02-16 02:59:18 +00:00
Wilson Sung
ae2403dca7 Remove shell related denied 
Bug: 260366321
Bug: 264489784
Change-Id: I21c5011358862ea911a3240aa0ff650d503514e9
 2023-02-16 02:21:56 +00:00
Neo Yu
a5eb63a4ca Merge "Fix avc denied for hal_radioext_default" 2023-02-16 00:34:33 +00:00
Jayachandran C
f54ab444ac Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding 
This fixes the follow denials

Vendor ImsStack denials
================
type=1400 audit(0.0:9): avc: denied { read write } for comm="pool-28-thread-" path="socket:[109431]" dev="sockfs" ino=109431 scontext=u:r:radio:s0 tcontext=u:r:vendor_ims_app:s0:c7,c257,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice

AOC denials
===========
type=1400 audit(0.0:11): avc: denied { write } for name="acd-audio_rtp_tx" dev="tmpfs" ino=1185 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
type=1400 audit(0.0:12): avc: denied { read } for name="acd-audio_rtp_rx" dev="tmpfs" ino=1186 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 259178236
Test: Manually verified on the device with AOC

Change-Id: I000c0c72d8a37ab5680caddd499977db66939bfa
 2023-02-15 22:20:56 +00:00
Jayachandran C
8a51382598 Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets." 
This reverts commit ebe77e31f4.

Reason for revert: Re-worked as part of ag/21259162
Bug: 259178236

Change-Id: I0494e71339c335b2efc2f23d4087f19184cfd1b5
 2023-02-15 21:31:26 +00:00
neoyu
8a9b4fde21 Fix avc denied for hal_radioext_default 
avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 269048898
Bug: 269045233
Test: manual
Change-Id: Ie5c926a8c22859d1ca2655b1bd91f36201f48285
 2023-02-15 17:58:39 +08:00
Wilson Sung
4ea1dcff3a Fix zram avc denied 
Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
 2023-02-15 08:23:49 +00:00
TreeHugger Robot
386ec7e920 Merge "Remove logger_app in bug_map" 2023-02-15 07:05:52 +00:00
Adam Shih
650b20d27f Merge "create cma dump" 2023-02-15 06:28:52 +00:00
Welly Hsu
5a441a9ca3 Merge "Remove unnecessary dontaudit for context euiccpixel_app" 2023-02-15 05:27:41 +00:00
Wilson Sung
83151d7383 Merge "Enforce bootanim and platform_app" 2023-02-15 05:19:59 +00:00
Adam Shih
c80283456e Merge "move devfreq dump to gs-common" 2023-02-15 04:54:22 +00:00
Adam Shih
a438fce84f create cma dump 
Bug: 240530709
Test: adb bugreport
Change-Id: I1a97098d73106a16c0be675a5d8f58183d5f9531
 2023-02-15 12:41:31 +08:00
Adam Shih
efa506d012 move devfreq dump to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: Ica18fa60ed1da44eb587ffe59370e87b393e69fb
 2023-02-15 11:11:44 +08:00
Wilson Sung
c1a0ef2fe6 Enforce bootanim and platform_app 
Bug: 264489606
Bug: 264490036
Change-Id: I16ed01bbb93ae2b5d5d6609ffd1f2bc0e3dc39ca
 2023-02-15 10:36:08 +08:00
Shashank Sharma
7cd2e4b765 Merge "arm_mali_platform_service: register gpu selinux service" 2023-02-15 02:11:19 +00:00
Welly Hsu
0b3bc92066 Remove unnecessary dontaudit for context euiccpixel_app 
bug: 260522203
bug: 260922442
bug: 262455954
bug: 260522040
bug: 260768358
bug: 261933311

Test:
1. m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
2. eSIM OS version check & OS upgrade successfully without avc error

Change-Id: I6e0771a5794a42af5e187e35881e6de06e01fff0
 2023-02-15 02:08:27 +00:00
George Chang
378fc6f5cf Merge "Remove dontaudit for secure_element" 2023-02-15 00:33:49 +00:00
Shashank Sharma
7cbda60f3e arm_mali_platform_service: register gpu selinux service 
Fix avc denied issues.

Bug: 261105374
Bug: 260768402
Bug: 260922162
Bug: 261105092
Bug: 264483754
Test: No AVC denied logs after reboot.
Change-Id: I6448b3e0df9b5deeb953498fa623810eadb3ff67
 2023-02-14 23:34:14 +00:00
TreeHugger Robot
996a7ad4ff Merge "storage: remove init tracking_denials rule" 2023-02-14 22:51:57 +00:00
TreeHugger Robot
bf60294e77 Merge "Map AIDL Gatekeeper to same policy as HIDL version" 2023-02-14 18:55:51 +00:00
Dinesh Yadav
dec248fa9a Merge "Remove b/264321380 from bug map" 2023-02-14 11:33:11 +00:00
Nicole Lee
95bf6d4b20 Remove logger_app in bug_map 
Bug: 264600084
Bug: 264600053
Change-Id: I5aa4dc83806c001e2cd3808cb998c39e4e3bd524
 2023-02-14 09:29:29 +00:00
Randall Huang
eafa9d0fbe Merge "storage: remove dumpstate tracking_denial rule" 2023-02-14 08:35:13 +00:00
TreeHugger Robot
dd28add0e4 Merge "Revert "Revert "update error on ROM 9588633""" 2023-02-14 08:06:21 +00:00
Ken Yang
a99d9c1150 Merge "Remove hal_vibrator_default in bug_map" 2023-02-14 08:02:14 +00:00
Randall Huang
f6600b7f72 storage: remove init tracking_denials rule 
Bug: 262794360
Test: boot to home
Change-Id: Iaea58cc0a1a572a651f7cb01d9b4ba19ff515269
Signed-off-by: Randall Huang <huangrandall@google.com>
 2023-02-14 15:51:57 +08:00
Adam Shih
ce1a20ee01 Merge "Move memory dump to gs-common" 2023-02-14 07:22:11 +00:00
Randall Huang
da5df9cd20 storage: remove dumpstate tracking_denial rule 
Bug: 261933169
Test: no scsi avc denial when generating bugreport
Change-Id: Iecf98c248a2ad28d05095b7c91b8695dd92486be
Signed-off-by: Randall Huang <huangrandall@google.com>
 2023-02-14 07:13:54 +00:00
Wilson Sung
cc76d0f05b Revert "Revert "update error on ROM 9588633"" 
This reverts commit 9290d7c45b.
Add hal_googlebattery related denied to bug_map

Bug: 268566583
Bug: 268572197
Bug: 268572164
Change-Id: Iabfcfb28f69c118707fb64c34e2882ea0a49a776
 2023-02-14 15:05:12 +08:00
Ken Yang
8893d42439 Remove hal_vibrator_default in bug_map 
Remove hal_vibrator_default in bug_map due to my incorrect rebase

Bug: 264483356
Change-Id: I25310ad9f6d2c16d90f20969cbfc792f34584c93
Signed-off-by: Ken Yang <yangken@google.com>
 2023-02-14 06:56:52 +00:00
Dinesh Yadav
1dbaa50d8c Remove b/264321380 from bug map 
This bug was created to track the selinux violations caused when
camera hal tried to access gxp. This has been resolved by ag/21003929

Bug: 264321380
Change-Id: I33458cb7a1a657aba8be62362b62be52d881420f
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-02-14 05:49:34 +00:00
TreeHugger Robot
439199228b Merge "Storage: remove hal_health_storage tracking denials rules" 2023-02-14 04:14:24 +00:00