Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
5072 commits 1 branch 0 tags 18 MiB
Commit graph

5072 commits

This branch
This branch
All branches
Author SHA1 Message Date
TreeHugger Robot
c012a8a10a Merge "hal_health_default: allow to access persist.vendor.shutdown.*" into udc-dev 2023-02-18 13:46:15 +00:00
Kuen-Han Tsai
f939579c6e SEPolicy: remove tracking denials for hal_usb am: d0ac5bffa3 am: e4af4e0824 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21486210

Change-Id: I3d48ca424b1490004894b0809d6b9c03f3a17532
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 06:04:38 +00:00
Kuen-Han Tsai
e4af4e0824 SEPolicy: remove tracking denials for hal_usb am: d0ac5bffa3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21486210

Change-Id: I639171077e99d6e17698e7a1905712ab7d4446a6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 04:54:12 +00:00
Kuen-Han Tsai
f0173dff8a SEPolicy: remove tracking denials for hal_usb am: d0ac5bffa3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21486210

Change-Id: I949f460625696b1de5b5a89caeef9b59869b9e1d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 04:48:21 +00:00
neoyu
9ae44843ad Fix avc denied for hal_radioext_default am: c0da946f48 am: 4ff3dbefcd 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475628

Change-Id: Ia082d38a7ea7079fd0f7d2cd86b3d7c3d847d10d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 03:27:40 +00:00
Kuen-Han Tsai
d0ac5bffa3 SEPolicy: remove tracking denials for hal_usb 
Remove tracking denials since there is no avc denials related to hal_usb
found in the bug report.

Bug: 264483531
Bug: 264483531
Bug: 264482981
Bug: 264600052
Bug: 264482981
Bug: 264600052
Bug: 261651112
Test: Capture bugreport and check any denials related to hal_usb
Change-Id: I535c94c1112fc51f80b80c99562b43afee32ddd6
 2023-02-18 02:41:51 +00:00
neoyu
4ff3dbefcd Fix avc denied for hal_radioext_default am: c0da946f48 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475628

Change-Id: I1cbdf50e1f0dc138076cf70b8229885f60482c60
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 02:23:12 +00:00
neoyu
e4e8a1df0f Fix avc denied for hal_radioext_default am: c0da946f48 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21475628

Change-Id: Id91591d00b8ba8a606dfc9938d82a89fb861756a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 02:21:37 +00:00
Nathan Huckleberry
d4aea9089b Enable HCTR2 for filenames encryption 
Fix prefix-correlation weakness in filenames encryption by switching to
AES-256-HCTR2.  Enabling HCTR2 fixes a longstanding known weakness in
filenames encryption.

Also enable HCTR2 for adoptable storage.  Pixel phones don't have an SD
card slot.  So they can only have adoptable storage through the "Virtual
SD Card", which is for testing only.

Bug: 265046004
Test: Equivalent changes were tested on P21 since I don't have a P23.
Will be tested with storage-qa.

Change-Id: I0666eb07c4b93b1bab4da41e3b4f5019ac38c213
 2023-02-18 02:03:15 +00:00
neoyu
c0da946f48 Fix avc denied for hal_radioext_default 
avc: denied { call } for comm="HwBinder:782_1" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=binder permissive=0

Bug: 269684065
Test: manual
Change-Id: I5ebf280feafabf4688718197c79bd6c4cac6e8fe
 2023-02-17 08:39:47 +00:00
Ken Tsou
10e84d8327 hal_health_default: allow to access persist.vendor.shutdown.* 
msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 266181615
Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4
Signed-off-by: Ken Tsou <kentsou@google.com>
 2023-02-17 07:00:37 +00:00
Jayachandran C
c97337e9f8 Do not compile AoC audio for aosp and factory builds 
Fix: 265179406
Fix: 269273333

Test: make
Change-Id: I07a78748ff18fb8dd772bdc83e072974f12c70ac
 2023-02-17 06:55:50 +00:00
Kah Xuan Lim
77ce224141 modem_svc_sit: grant modem property access 
Log message gotten before adding the policy:
avc: denied { connectto } for comm="modem_svc_sit" path="/dev/socket/property_service" scontext=u:r:modem_svc_sit:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1

Bug: 247669574
Change-Id: Id5e66d94eb14c6979d3b93d54fd73634444cdea1
 2023-02-17 06:24:53 +00:00
Wilson Sung
967da5da4f allow bootctl to read devinfo 
Bug: 260522436
Change-Id: I41d2763ffe40d7465a11cc86612fed9f92905eff
 2023-02-17 03:06:49 +00:00
Wilson Sung
6545bc156a Remove proc_vendor_sched obsolete denials 
Bug: 264490054
Change-Id: I308df50eefe611a0a87afc9a21387465487cc6ea
 2023-02-17 03:06:26 +00:00
Xiang Wang
c87d7f0b40 Merge "Move thermal utils to hardware/interfaces" 2023-02-17 01:09:04 +00:00
Xiang Wang
e2a6eb58b2 Move thermal utils to hardware/interfaces 
Bug: b/269370789
Test: m
Change-Id: Id813adc99746b171693f983230f9193431f25693
 2023-02-16 19:46:27 +00:00
Nicole Lee
ef1d13d86d logger_app: don't audit default_prop and fix errors 
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger

Bug: 264489961
Bug: 269383459
Test: Make sure no avc denied for logger_app when using Pixel Logger
Change-Id: I8999372d243286586eb53602e167fa111d39a00f
 2023-02-16 10:59:51 +00:00
Wilson Sung
3432cc6b0b Enforce system_server and remove obsolete denials 
Bug: 261519050
Bug: 262455682
Bug: 264489786
Test: boot to home and avc gone
Change-Id: I0a51e029a85af0a77faebfdcfe0b4dc26b71cca6
 2023-02-16 05:35:19 +00:00
Wilson Sung
c43a6186bf Add app_domain to con_monitor_app 
Bug: 261782930
Bug: 264490077
Test: boot to home and avc gone
Change-Id: I86a0793c93549172ee60397b9735ddcfe0d20bac
 2023-02-16 13:00:39 +08:00
Adam Shih
3d012b65dd dumpstate should not be restricted to phones only 
Bug: 240530709
Test: adb bugreport
Change-Id: I77d9bc3e75879293802b8d1956bfffee1513e3d7
 2023-02-16 12:39:03 +08:00
TreeHugger Robot
061a2d7f82 Merge "Remove shell related denied" 2023-02-16 04:01:25 +00:00
Jayachandran C
b85f29bb54 Merge "Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets."" 2023-02-16 02:59:18 +00:00
Jayachandran C
75fc4f2051 Merge "Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding" 2023-02-16 02:59:18 +00:00
Wilson Sung
ae2403dca7 Remove shell related denied 
Bug: 260366321
Bug: 264489784
Change-Id: I21c5011358862ea911a3240aa0ff650d503514e9
 2023-02-16 02:21:56 +00:00
Neo Yu
a5eb63a4ca Merge "Fix avc denied for hal_radioext_default" 2023-02-16 00:34:33 +00:00
Jayachandran C
f54ab444ac Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding 
This fixes the follow denials

Vendor ImsStack denials
================
type=1400 audit(0.0:9): avc: denied { read write } for comm="pool-28-thread-" path="socket:[109431]" dev="sockfs" ino=109431 scontext=u:r:radio:s0 tcontext=u:r:vendor_ims_app:s0:c7,c257,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice

AOC denials
===========
type=1400 audit(0.0:11): avc: denied { write } for name="acd-audio_rtp_tx" dev="tmpfs" ino=1185 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
type=1400 audit(0.0:12): avc: denied { read } for name="acd-audio_rtp_rx" dev="tmpfs" ino=1186 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 259178236
Test: Manually verified on the device with AOC

Change-Id: I000c0c72d8a37ab5680caddd499977db66939bfa
 2023-02-15 22:20:56 +00:00
Jayachandran C
8a51382598 Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets." 
This reverts commit ebe77e31f4.

Reason for revert: Re-worked as part of ag/21259162
Bug: 259178236

Change-Id: I0494e71339c335b2efc2f23d4087f19184cfd1b5
 2023-02-15 21:31:26 +00:00
Jörg Wagner
6834d6f59f Update Mali DDK to r40 : Additional SELinux settings 
Expose DDK's dynamic configuration options through the Android Sysprop
interface, following recommendations from Arm's Android Integration
Manual.

Bug: 261718474
Change-Id: I785106b6d2d05e21bf60fcd6da3d716b32e1bc1d
 2023-02-15 14:19:50 +00:00
neoyu
8a9b4fde21 Fix avc denied for hal_radioext_default 
avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 269048898
Bug: 269045233
Test: manual
Change-Id: Ie5c926a8c22859d1ca2655b1bd91f36201f48285
 2023-02-15 17:58:39 +08:00
Wilson Sung
4ea1dcff3a Fix zram avc denied 
Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
 2023-02-15 08:23:49 +00:00
TreeHugger Robot
386ec7e920 Merge "Remove logger_app in bug_map" 2023-02-15 07:05:52 +00:00
Adam Shih
650b20d27f Merge "create cma dump" 2023-02-15 06:28:52 +00:00
Welly Hsu
5a441a9ca3 Merge "Remove unnecessary dontaudit for context euiccpixel_app" 2023-02-15 05:27:41 +00:00
Wilson Sung
83151d7383 Merge "Enforce bootanim and platform_app" 2023-02-15 05:19:59 +00:00
Adam Shih
5f802b7e13 create cma dump 
Bug: 240530709
Test: adb bugreport
Change-Id: Iadac309611bc6dd27615b087f159234d6f1b655c
 2023-02-15 12:55:50 +08:00
Adam Shih
c80283456e Merge "move devfreq dump to gs-common" 2023-02-15 04:54:22 +00:00
Adam Shih
a438fce84f create cma dump 
Bug: 240530709
Test: adb bugreport
Change-Id: I1a97098d73106a16c0be675a5d8f58183d5f9531
 2023-02-15 12:41:31 +08:00
Adam Shih
efa506d012 move devfreq dump to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: Ica18fa60ed1da44eb587ffe59370e87b393e69fb
 2023-02-15 11:11:44 +08:00
Adam Shih
8eb00e662f move devfreq dump to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: Ia5faaf0891a91fad1120358f38f40f6227d88d45
 2023-02-15 11:11:00 +08:00
Wilson Sung
c1a0ef2fe6 Enforce bootanim and platform_app 
Bug: 264489606
Bug: 264490036
Change-Id: I16ed01bbb93ae2b5d5d6609ffd1f2bc0e3dc39ca
 2023-02-15 10:36:08 +08:00
Shashank Sharma
7cd2e4b765 Merge "arm_mali_platform_service: register gpu selinux service" 2023-02-15 02:11:19 +00:00
Welly Hsu
0b3bc92066 Remove unnecessary dontaudit for context euiccpixel_app 
bug: 260522203
bug: 260922442
bug: 262455954
bug: 260522040
bug: 260768358
bug: 261933311

Test:
1. m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
2. eSIM OS version check & OS upgrade successfully without avc error

Change-Id: I6e0771a5794a42af5e187e35881e6de06e01fff0
 2023-02-15 02:08:27 +00:00
Florian Mayer
538441d7cd Merge "[Zuma] set mte_tcf_preferred to sync for little and mid cores" 2023-02-15 00:47:02 +00:00
George Chang
378fc6f5cf Merge "Remove dontaudit for secure_element" 2023-02-15 00:33:49 +00:00
Shashank Sharma
7cbda60f3e arm_mali_platform_service: register gpu selinux service 
Fix avc denied issues.

Bug: 261105374
Bug: 260768402
Bug: 260922162
Bug: 261105092
Bug: 264483754
Test: No AVC denied logs after reboot.
Change-Id: I6448b3e0df9b5deeb953498fa623810eadb3ff67
 2023-02-14 23:34:14 +00:00
TreeHugger Robot
996a7ad4ff Merge "storage: remove init tracking_denials rule" 2023-02-14 22:51:57 +00:00
Xiang Wang
38e184a6f0 Merge "Update USB HAL clients to use Thermal stable AIDL" 2023-02-14 22:24:31 +00:00
TreeHugger Robot
bf60294e77 Merge "Map AIDL Gatekeeper to same policy as HIDL version" 2023-02-14 18:55:51 +00:00
Enzo Liao
4df0d58596 SSRestarDetector: modify the SELinux policy to allow access files owned by system for Zuma. 
It needs to access a file pushed by hosts of test suites (details: http://go/pd-client-for-lab#heading=h.wtp07hbqvwgx)

Bug: 234359369
Design: http://go/pd-client-for-lab
Test: Manual
Change-Id: Ib82aec1b6eeacbf1b1595009f68827cb9b5c22ba
 2023-02-14 22:08:30 +08:00