Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
988 commits 1 branch 0 tags 18 MiB
Commit graph

988 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
a8b6a0ffa6 Merge "Update SELinux error" into udc-d1-dev am: 344c7f46c1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23667878

Change-Id: I2f57c78df9524faa34ebc8c52b4a25a4847f2864
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-17 06:55:59 +00:00
Treehugger Robot
344c7f46c1 Merge "Update SELinux error" into udc-d1-dev 2023-06-17 06:10:56 +00:00
Dinesh Yadav
a95fa016e1 Add sepolicy for gxp_logging service to report metrics [RESTRICT AUTOMERGE] am: 100dd2387d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23468178

Change-Id: Ic93c5c244e98865bfd567238fcc916ac04d9811d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-15 03:53:35 +00:00
Wilson Sung
5fb350f09f Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 286508419
Test: scanBugreport
Bug: 286508419
Test: scanAvcDeniedLogRightAfterReboot
Bug: 286508419
Change-Id: I1ba324133f5f4e14c5a7d43cfea25d98bda9faa9
 2023-06-14 15:30:08 +08:00
Dinesh Yadav
100dd2387d Add sepolicy for gxp_logging service to report metrics [RESTRICT AUTOMERGE] 
gxp_logging service will periodically check the sysfs files exposed by
the gxp kernel driver and report stats to Suez framework.
These policies are needed to report the metrics.

Tested:
Found no violation with these policies on a P23 device

Bug: 278514198
Change-Id: I8c3e57dfe4e9a6caab425f2424d07e83f5e7b9c6
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-06-13 03:37:56 +00:00
Ruofei Ma
a0f664f798 Merge "mediacodec_google: add hal_power" into udc-d1-dev am: abd1dee381 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23618633

Change-Id: Icc85ce19bc59035553f2902a493cb7681ace2b6e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-12 15:50:45 +00:00
Ruofei Ma
abd1dee381 Merge "mediacodec_google: add hal_power" into udc-d1-dev 2023-06-12 15:17:42 +00:00
TreeHugger Robot
0450d548a2 Merge changes from topic "283841311" into udc-d1-dev am: 032d9942de 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23629344

Change-Id: I214bf272f8cd35697063ffd39501cd65a2fb9c3f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-12 07:14:00 +00:00
TreeHugger Robot
032d9942de Merge changes from topic "283841311" into udc-d1-dev 
* changes:
  Allow systemui_app access statsmanager_service
  Move systemui_app to system_ext
 2023-06-12 06:30:36 +00:00
Wilson Sung
5ac528406e Allow systemui_app access statsmanager_service 
Bug: 283841311
Change-Id: Id3c2838179736b42070959b3dad7c2ecd5580f22
 2023-06-12 10:26:46 +08:00
Wilson Sung
7b19701919 Move systemui_app to system_ext 
Bug: 283841311
Bug: 264266705
Change-Id: I6c2f167cda9a52da4698f3732c9fdbb13674bea8
 2023-06-12 10:26:31 +08:00
Krzysztof Kosiński
e27ecde5d5 Remove Google Camera access to GXP firmware. am: 35910a3e8b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23612126

Change-Id: Ie4e1237fa5e8f18fb54bbe9733342d6cd4b83767
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-12 01:59:21 +00:00
Ruofei Ma
3346e879e6 mediacodec_google: add hal_power 
Add mediacodec_google as a client to hal_power for it to
do power hint.

Bug: 274736629

Change-Id: Ib07001be6ae4aaeaebf2e97439b9af0766640dc9
Signed-off-by: Ruofei Ma <ruofeim@google.com>
 2023-06-08 18:28:50 +00:00
Krzysztof Kosiński
35910a3e8b Remove Google Camera access to GXP firmware. 
This was originally a workaround and is not needed on Zuma.

Bug: 264489778
Test: gca_smoke.py on zuma device
Change-Id: I35d168a2f832a430ec1b782b12fb642bcea4bfd1
 2023-06-08 10:19:18 +00:00
Treehugger Robot
8d8f96f8d9 Merge "Add sepolicies for gcma_camera heaps" into udc-d1-dev am: 8733772e74 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22298464

Change-Id: Ieb5077bdd5fc38b9eed1283a31a80c4f7c0b93d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 07:21:08 +00:00
Treehugger Robot
8733772e74 Merge "Add sepolicies for gcma_camera heaps" into udc-d1-dev 2023-06-08 06:25:44 +00:00
Wei Wang
75529f8437 Merge "SELinux: allow to access GPU dvfs period change" into udc-d1-dev am: 55020988a0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22480582

Change-Id: I5a14e15ddee07150b3489e9ab6502229d0508eea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-06 22:53:01 +00:00
Wei Wang
55020988a0 Merge "SELinux: allow to access GPU dvfs period change" into udc-d1-dev 2023-06-06 22:25:11 +00:00
Zixuan Lan
d98d82581c Merge "remove 280706211 from bug map" into udc-d1-dev am: bdee55bb57 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23575516

Change-Id: Ie5aa4533851dfe43e9826640be2123409f51c987
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-06 13:36:37 +00:00
Zixuan Lan
bdee55bb57 Merge "remove 280706211 from bug map" into udc-d1-dev 2023-06-06 13:02:17 +00:00
Allen Xu
ef2e13dcd1 Add sepolicy for ConnectivityMonitor am: 78b62802e4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23575448

Change-Id: I02dc07acc680587081f8c19883984d95dc9f6602
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-06 06:33:49 +00:00
Allen Xu
78b62802e4 Add sepolicy for ConnectivityMonitor 
Bug: 264489520
Test: v2/pixel-pts/base
Change-Id: I669a538fe3d0a03422638d7d19fc62a793246f6b
 2023-06-06 02:01:38 +00:00
Zixuan Lan
76b53940a9 remove 280706211 from bug map 
Bug: 280706211
Test: adb log
Change-Id: I167041363a27c294a3c8d2d2fb145ce751a34db7
 2023-06-06 08:30:25 +08:00
Leo Hsieh
d702116b8e Merge "Allow hal_fingerprint_default to access sysfs_aoc_udfps [DO NOT MERGE]" into udc-d1-dev am: 72577756e2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23482807

Change-Id: I6f02745df01d808135acef08fc3f4f1a8de8f99d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 13:26:04 +00:00
leohsieh
70ba8a58fc Allow hal_fingerprint_default to access sysfs_aoc_udfps [DO NOT MERGE] am: 458b60e5c9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23482807

Change-Id: Ib549e910bb1c844153ff692edbc7d6608f9a0d6f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 13:26:02 +00:00
Leo Hsieh
72577756e2 Merge "Allow hal_fingerprint_default to access sysfs_aoc_udfps [DO NOT MERGE]" into udc-d1-dev 2023-06-01 12:40:24 +00:00
Mark su
cbc15223d5 Add video12 as hw_jpg_device and enable it for debug_camera_app am: 51c91e5bdf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23053881

Change-Id: I760c9c39cf1b99340a60ccb36261dff889ce97cd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 07:30:39 +00:00
TreeHugger Robot
ae82081798 Merge "Remove old secure_element HIDL permission" into udc-d1-dev am: 23440aa9df 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23466920

Change-Id: Ice441b75eb029e6fe3940d3d9dd0d28eee5556b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-31 06:23:08 +00:00
Mark su
51c91e5bdf Add video12 as hw_jpg_device and enable it for debug_camera_app 
Test: 05-05 05:07:06.652  4616  4616 W FinishThread: type=1400 audit(0.0:24): avc:  denied  { read write } for  name="video12" dev="tmpfs" ino=646 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 app=com.google.android.GoogleCameraEng
05-08 22:00:59.000  7323  7323 I FinishThread: type=1400 audit(0.0:36): avc:  denied  { read } for  name="lib_jpg_encoder.so"
 dev="dm-45" ino=25639 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_camera_data_file:s0 tcl
ass=file permissive=1 app=com.google.android.GoogleCameraEng

05-08 22:00:59.000  7323  7323 I FinishThread: type=1400 audit(0.0:37): avc:  denied  { open } for  path="/vendor/lib64/lib_j
pg_encoder.so" dev="dm-45" ino=25639 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_camera_da
ta_file:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng

05-08 22:46:00.260  4784  4784 I FinishThread: type=1400 audit(0.0:29): avc:  denied  { execute } for  path="/vendor/lib64/
libhwjpeg.so" dev="dm-50" ino=55596 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_camera_d
ata_file:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng

05-08 22:33:30.504  7436  7436 I FinishThread: type=1400 audit(0.0:36): avc:  denied  { getattr } for  path="/vendor/lib64/
lib_jpg_encoder.so" dev="dm-50" ino=53765 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_ca
mera_data_file:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng

05-08 22:33:30.504  7436  7436 I FinishThread: type=1400 audit(0.0:37): avc:  denied  { map } for  path="/vendor/lib64/lib_
jpg_encoder.so" dev="dm-50" ino=53765 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_camera
_data_file:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng

binder:7312_2: type=1400 audit(0.0:18): avc:  denied  { read write } for  name="video12" dev="tmpfs" ino=680 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:hw_jpg_device:s0 tclass=chr_file permissive=1
05-08 22:28:37.692  7312  7312 I binder:7312_2: type=1400 audit(0.0:19): avc:  denied  { open } for  path="/dev/video12" dev="tmpfs" ino=680 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:hw_jpg_device:s0 tclass=chr_file permissive=1

05-08 22:28:37.692  7312  7312 I binder:7312_2: type=1400 audit(0.0:20): avc:  denied  { ioctl } for  path="/dev/video12" dev="tmpfs" ino=680 ioctlcmd=0x5600 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:hw_jpg_device:s0 tclass=chr_file permissive=1

05-08 22:28:37.700  7312  7312 I binder:7312_2: type=1400 audit(0.0:21): avc:  denied  { read } for  name="u:object_r:default_prop:s0" dev="tmpfs" ino=167 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1

Bug: 267820687
Change-Id: I69f502d721f683d3532038d618f5fafc83f38b6b
 2023-05-31 06:08:46 +00:00
TreeHugger Robot
23440aa9df Merge "Remove old secure_element HIDL permission" into udc-d1-dev 2023-05-31 05:27:32 +00:00
leohsieh
458b60e5c9 Allow hal_fingerprint_default to access sysfs_aoc_udfps [DO NOT MERGE] 
Fix the following avc denial:
avc: denied { search } for name="17000000.aoc" dev="sysfs" ino=22035 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=0
avc: denied { write } for name="udfps_set_clock_source" dev="sysfs" ino=106891 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0
avc: denied { read } for name="udfps_get_disp_freq" dev="sysfs" ino=106893 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0

Bug: 267271482
Test: Verify fingerprint HAL process can read/write to the sysfs node.
Change-Id: I39a2e69b1c314d52944bb16ada61e7e6761561cf
 2023-05-31 13:16:43 +08:00
Dinesh Yadav
489a7de117 Merge "Add SEPolicy for gxp_metrics_logger.so logging to stats service" into udc-d1-dev am: 15f5afcfab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23265297

Change-Id: Iee24750f7f5471c2489375db47cf018799ea62b8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-31 03:18:05 +00:00
Hyungjun Park
6de0a33f0a Remove old secure_element HIDL permission 
AIDL HAL is used in the new project and remove the old HIDL part.

Bug: 280530945
Test: VTS pass

Change-Id: Idd38fc59d7e89e2cafab5f4693d00abd6d4fb138
Signed-off-by: Hyungjun Park <hjun78.park@samsung.com>
 2023-05-31 03:12:02 +00:00
Dinesh Yadav
15f5afcfab Merge "Add SEPolicy for gxp_metrics_logger.so logging to stats service" into udc-d1-dev 2023-05-31 02:22:42 +00:00
Chung-Kai (Michael) Mei
3a43eaaad6 Merge "sepolicy: ignore avc denial" into udc-d1-dev am: ca068bf60b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23445936

Change-Id: I5db4cd7aac7ebd2f34c1dae48914a5f97a9babff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-29 06:20:01 +00:00
Chung-Kai (Michael) Mei
ca068bf60b Merge "sepolicy: ignore avc denial" into udc-d1-dev 2023-05-29 05:47:43 +00:00
Chungkai Mei
e97101a6e8 sepolicy: ignore avc denial 
ignore avc denial since it's debugfs

Bug: 271931921
Test: device-boot-health-check-extra test show passed https://android-build.googleplex.com/builds/abtd/run/L74000000960917226
Change-Id: I5f491f02c99776251cf3893de6224fb0f02cb320
Signed-off-by: Chungkai Mei <chungkai@google.com>
 2023-05-29 03:11:41 +00:00
Donnie Pollitz
5bf2864bf3 Merge "Allow vendor_init to fix permissions of TEE data file" into udc-d1-dev am: 9fc92bdb28 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23413076

Change-Id: I16f8ebe09908fb8f648e903a2f052783f5eb4040
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-26 07:49:59 +00:00
Donnie Pollitz
9fc92bdb28 Merge "Allow vendor_init to fix permissions of TEE data file" into udc-d1-dev 2023-05-26 07:17:41 +00:00
Dinesh Yadav
e6d2f01a89 Add SEPolicy for gxp_metrics_logger.so logging to stats service 
In order to access the gxp metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses.
This CL adds the same_process_hal_file tag to allow this exception.

Bug: 278516358
Change-Id: I42d41243d3ee47ebff4f766cd769b5387fd20852
 2023-05-26 04:01:09 +00:00
TreeHugger Robot
40efb336ad Merge "thermal: thermal_metrics: Update selinux to reset stats" into udc-d1-dev am: df113325a5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23078038

Change-Id: Ia4b73e0c54bf9972682b169ce5e79b42f3ed4596
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-25 06:18:56 +00:00
TreeHugger Robot
df113325a5 Merge "thermal: thermal_metrics: Update selinux to reset stats" into udc-d1-dev 2023-05-25 05:28:46 +00:00
Donnie Pollitz
16440338de Allow vendor_init to fix permissions of TEE data file 
Background:
* vendor_init needs to be able to possibly fix ownership of
  tee_data_file

Bug: 280325952
Test: Changed permissions and confirmed user transitions
Change-Id: I2363f9ff695209bbf7b6661c8e9eb3b376b84ace
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-05-24 16:45:28 +02:00
Jimmy Hu
9279426af4 Merge "Set sepolicy for shell script of disabling contaminant detection" into udc-d1-dev am: 86cb19bb2f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23341842

Change-Id: I6a938dee1103a1b2b445669a5258f7470729248c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-24 08:25:48 +00:00
Jimmy Hu
86cb19bb2f Merge "Set sepolicy for shell script of disabling contaminant detection" into udc-d1-dev 2023-05-24 08:14:01 +00:00
Jin Jeong
b4bac68874 Merge "Revert "[Zuma] Fix SeLinux error"" into udc-d1-dev am: f77e90366d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23167570

Change-Id: I88f2266fdc8cf1f50fb3bcc6391d8b7f55715f62
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-24 01:42:02 +00:00
Jin Jeong
f77e90366d Merge "Revert "[Zuma] Fix SeLinux error"" into udc-d1-dev 2023-05-24 01:07:12 +00:00
Wilson Sung
f2042a36ab Update SELinux error am: d73217d81f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23364725

Change-Id: I022bd1a22194279f776490d8af53452d92f3ce09
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-23 09:44:10 +00:00
Wilson Sung
d73217d81f Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 283725554
Test: scanBugreport
Bug: 283725554
Bug: 283725302
Test: scanAvcDeniedLogRightAfterReboot
Bug: 283725554
Change-Id: Ie482a46311c1dc1153ef04889e82971a09361e49
 2023-05-22 15:01:49 +08:00
Kenny Root
b1e5122f5b Merge "Add GSA logs policy" into udc-d1-dev am: 107d3314a4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23268925

Change-Id: Ib9c3b04f95760982a04b3b545115cc13786985ef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-22 05:39:41 +00:00