Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
954 commits 1 branch 0 tags 18 MiB
Commit graph

471 commits

Author SHA1 Message Date
Donnie Pollitz
8958b2e84b sepolicy: Fix hal_confirmationui_default avc denials am: e31ad0b306 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21504841

Change-Id: I55b973823df7b0ad935ab38c0c22c63c0c1674cd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-03 17:27:10 +00:00
Jörg Wagner
d8c6712f5b Update Mali DDK to r40 : Additional SELinux settings 
Expose DDK's dynamic configuration options through the Android Sysprop
interface, following recommendations from Arm's Android Integration
Manual.

Bug: 261718474

(cherry picked from commit 6834d6f59f)
Merged-In: I785106b6d2d05e21bf60fcd6da3d716b32e1bc1d
Change-Id: I0469e2f24abe7a9458305d5752ae655cf4f42547
 2023-03-03 15:23:39 +00:00
TreeHugger Robot
4eab0326df Merge "Allow hal_thermal_default to read iio/odpm sysfs nodes" into udc-dev 2023-03-03 12:01:40 +00:00
Dinesh Yadav
85829f2265 Merge "Make gxp_device an mlstrustedobject" into udc-d1-dev 2023-03-03 03:12:15 +00:00
Dinesh Yadav
01c5409eb8 Make gxp_device an mlstrustedobject 
This is needed as google_camera_app needs write access to gxp.

Test: Tested with private build "P51261040" with Tot google3 gca-dogfood app & found no selinux violations.

Bug: 264139000
Change-Id: Ic1a262cc40578ebd2305efe851e54cf857bd02c1
 2023-03-02 15:41:37 +00:00
Ernie Hsu
fbbc198801 Merge "move mediacodec_samsung build config and sepolicy to gs-common" into udc-dev am: 899ad9c1ab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21553180

Change-Id: I90171c56ccbb152a1cf7fbca77bb1d56311bebaa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-02 09:19:35 +00:00
Donnie Pollitz
e31ad0b306 sepolicy: Fix hal_confirmationui_default avc denials 
* Allow for dumpstate

Bug: 261933368
Bug: 264489634
Test: Ran com.google.android.selinux.pts.SELinuxTest#scanBugreport
Change-Id: Id70d2a920172e649e4497f4ea1a4ecad33963edc
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-03-02 09:08:16 +00:00
Ernie Hsu
899ad9c1ab Merge "move mediacodec_samsung build config and sepolicy to gs-common" into udc-dev 2023-03-02 08:38:54 +00:00
Hiroshi Akiyama
c0587fbf36 Update sepolicy for BCL IRQ durations to dumpstate 
Bug: 269752322
Test: adb bugreport
Change-Id: Icd524bd32ed41c3de72f0e1b13428d76e871d203
Signed-off-by: Hiroshi Akiyama <hiroshiakiyama@google.com>
Merged-In: Icd524bd32ed41c3de72f0e1b13428d76e871d203
 2023-03-02 06:03:23 +00:00
Wilson Sung
8fa2055112 Add sensor boot-to-home required policy am: d0105abe01 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21552482

Change-Id: I95c23468276681b97969e2fe6376e914aed2fe1f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-02 04:30:49 +00:00
Wilson Sung
d0105abe01 Add sensor boot-to-home required policy 
Test: boot-to-home
Fix: 261105336
Change-Id: I772ff7a294cc5d2448361c164d4e671a41c92c8d
 2023-03-02 02:39:15 +00:00
Wilson Sung
fc8f4f8f24 Allow hal_thermal_default to read iio/odpm sysfs nodes 
Bug: 260366399
Bug: 261651187
Bug: 264204525
Change-Id: I7358b7740f6c30bd7b05e29e931a4c11226c6253
 2023-03-01 16:21:33 +00:00
Ernie Hsu
4d90089d25 move mediacodec_samsung build config and sepolicy to gs-common 
Bug: 263444717
Test: build pass, camera record, youtube
Change-Id: I8fa4d79495b3971429b977a63aed811ef8d62ddb
 2023-03-01 10:12:22 +00:00
Richard Chang
92ec39e932 Merge "sepolicy: update init.te for zram device" into udc-dev am: 3c52a9ab3b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21578379

Change-Id: I066aaa3efd492aea906ac778be9ff8c3e696850d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-01 04:40:53 +00:00
Armelle Laine
39a9021703 Merge "Define selinux properties for /dev/block/by-name/trusty_persist" into udc-dev am: d38c507ef6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21617065

Change-Id: I7774f4fba285cd3a8b65c9c78245da5ee39d9c61
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-01 04:40:29 +00:00
Richard Chang
3c52a9ab3b Merge "sepolicy: update init.te for zram device" into udc-dev 2023-03-01 04:28:58 +00:00
Richard Chang
ee8c7c2df2 sepolicy: update init.te for zram device 
Bug: 269221861
Bug: 270633329
Test: Boot
Change-Id: I050e9a72006dcd0b71ba1232e38e5f96bce4c967
 2023-03-01 02:04:24 +00:00
Jonglin Lee
167eba3ad9 Add perfmon policies 
Add perfmon policies to fix hotplug issues.

Bug: 271024526
Bug: 271007431
Change-Id: I974bd99224b983454c6af47f4a08a4fe20699834
Signed-off-by: Jonglin Lee <jonglin@google.com>
 2023-02-28 10:19:26 -08:00
Armelle Laine
d27961dc1b Define selinux properties for /dev/block/by-name/trusty_persist 
Bug: 247013568
Test: - Verify that this change is a NOP for devices with TDP already
        created on top of the legacy f2fs partition /mnt/vendor/persist/ss
      - Verify that this change creates a valid symlink on a manually
        migrated block device
Change-Id: I226f365c6afbb5fa91ec1c9c1943f8dddac8183a
 2023-02-27 22:42:08 +00:00
Cody Heiner
dc0b4fc9e9 Allow twoshay → systemui_app binder call for zuma devices (2) 
Splitting system_app (b/264266705) caused the avc denial below,
causing b/269981541. This change allows the denied binder call
and fixes the bug.

Denial message:
avc: denied { call } for scontext=u:r:twoshay:s0 tcontext=u:r:systemui_app:s0:c230,c256,c512,c768 tclass=binder permissive=0

Note: this is a re-submit of ag/21529713, after sorting out the
SEPolicy issues described in b/270444888.

Test: flash P23 and Bluejay devices with this change plus ag/21591673,
  run `adb shell device_config put twoshay_native test_flag_name test_flag_value`,
  → TouchContextService.java logs corresponding property changed message.

Bug: 270444888

Change-Id: I40d70cf19930eb334ba3250d58a0cbc39b50764b
 2023-02-24 18:19:09 -08:00
Wilson Sung
546b787a40 Add SSR property access and remove obsolete denials 
Bug: 268572164
Change-Id: I5756510b2eb2696aade93dd6b15a111f5dca58ef
 2023-02-24 10:33:45 +00:00
Amy Hsu
ae4c77ebda Merge "Revise sepolicy because of refactor HbmSvManager" into udc-dev 2023-02-24 08:14:49 +00:00
Amy Hsu
c186dbd6db Revise sepolicy because of refactor HbmSvManager 
1. Set sepolicy correctly, make it the same as gs201.
2. Rename hbmsvmanager to pixeldisplayservice due to refactor.
3. Add arm_mali_platform_service for pixeldisplayservcice

Bug: 241498235
Bug: 262794939
Bug: 263185136
Bug: 264489797
Test: Verify LBE and shadow compensation functions.
      Make sure there is no avc denied.
Change-Id: I2a4bb5d6b863edc00b789fd6df8d46f90164d9f2
 2023-02-24 02:06:35 +00:00
Wilson Sung
fb2e376d26 Add chre policy 
Bug: 260522435
Bug: 261105224
Test: boot-to-home
Change-Id: Icd8f1ad497357bbbcb9e34509c736f3976ff0ac7
 2023-02-23 11:05:15 +08:00
Ian Kasprzak
e3af6770ab Merge "Revert "Allow twoshay → systemui_app binder call for zuma devices"" into udc-dev 2023-02-22 22:28:43 +00:00
Ian Kasprzak
cbf2b3fdb2 Revert "Allow twoshay → systemui_app binder call for zuma devices" 
This reverts commit 9019c55645.

Reason for revert: b/270434708 - Breaks git_udc-d1-dev-plus-aosp-without-vendor builds.

Change-Id: Iab5bf42754760dedbe26dd684c373ba9ec3af70b
 2023-02-22 22:28:33 +00:00
Wilson Sung
ca241fa76c Add hal_bootctl_default write permission to devinfo_block_device 
Bug: 270236357
Change-Id: I40219dbd726ddebb277e592353bd9f0b249dd01f
 2023-02-22 11:23:32 +08:00
Cody Heiner
9019c55645 Allow twoshay → systemui_app binder call for zuma devices 
Splitting system_app (b/264266705) caused the avc denial below,
causing b/269981541. This change allows the denied binder call
and fixes the bug.

Denial message:
avc: denied { call } for scontext=u:r:twoshay:s0 tcontext=u:r:systemui_app:s0:c230,c256,c512,c768 tclass=binder permissive=0

Test: flash P23 device with ag/21526491 along with this change
  → twoshay runs normally.

Fixes: 269981541
Change-Id: Ib3cf6f44b6288ed5c7c773e2ad670d2fd0aeee96
 2023-02-21 23:58:05 +00:00
Wilson Sung
bab5b72f86 Add hal_bootctl related policy 
Bug: 260522436
Bug: 264489609
Bug: 264483787
Change-Id: Iaa22899bb21ff41c1fa259830e5f49623ff8429b
 2023-02-21 19:59:04 +08:00
Ken Yang
58a6a1e772 WLC: cleanup the unused hal_wlc policies 
Bug: 264489562
Bug: 262455719
Bug: 260366297
Bug: 260363384
Signed-off-by: Ken Yang <yangken@google.com>
(cherry picked from commit 6f9844d137)
Merged-In: I90b9e442082b8e03e76ce63aaee56e5882933449
Change-Id: I90b9e442082b8e03e76ce63aaee56e5882933449
 2023-02-20 11:05:53 +00:00
Wilson Sung
931ea0d342 allow bootctl to read devinfo 
Bug: 260522436
(cherry picked from commit 967da5da4f)
Merged-In: I41d2763ffe40d7465a11cc86612fed9f92905eff
Change-Id: I41d2763ffe40d7465a11cc86612fed9f92905eff
 2023-02-20 11:02:28 +00:00
Ken Tsou
10e84d8327 hal_health_default: allow to access persist.vendor.shutdown.* 
msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 266181615
Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4
Signed-off-by: Ken Tsou <kentsou@google.com>
 2023-02-17 07:00:37 +00:00
Wilson Sung
c43a6186bf Add app_domain to con_monitor_app 
Bug: 261782930
Bug: 264490077
Test: boot to home and avc gone
Change-Id: I86a0793c93549172ee60397b9735ddcfe0d20bac
 2023-02-16 13:00:39 +08:00
Wilson Sung
4ea1dcff3a Fix zram avc denied 
Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
 2023-02-15 08:23:49 +00:00
Adam Shih
650b20d27f Merge "create cma dump" 2023-02-15 06:28:52 +00:00
Adam Shih
c80283456e Merge "move devfreq dump to gs-common" 2023-02-15 04:54:22 +00:00
Adam Shih
a438fce84f create cma dump 
Bug: 240530709
Test: adb bugreport
Change-Id: I1a97098d73106a16c0be675a5d8f58183d5f9531
 2023-02-15 12:41:31 +08:00
Adam Shih
efa506d012 move devfreq dump to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: Ica18fa60ed1da44eb587ffe59370e87b393e69fb
 2023-02-15 11:11:44 +08:00
Shashank Sharma
7cbda60f3e arm_mali_platform_service: register gpu selinux service 
Fix avc denied issues.

Bug: 261105374
Bug: 260768402
Bug: 260922162
Bug: 261105092
Bug: 264483754
Test: No AVC denied logs after reboot.
Change-Id: I6448b3e0df9b5deeb953498fa623810eadb3ff67
 2023-02-14 23:34:14 +00:00
Doug Zobel
b844ec7548 Merge "Move sysfs_pcie type definition to gs-common" 2023-02-13 16:15:21 +00:00
Ray Chi
cf818217df Fix avc denied for USB property 
Bug: 268572164
Test: reboot device and no related logs
Change-Id: I473d0ee022e9a9edc076ef479e2343d11b9ef63d
 2023-02-13 17:03:02 +08:00
Ken Yang
c6bd3ad477 Merge "WLC: Add hal_wireless_charger policies for systemui" 2023-02-13 08:13:26 +00:00
Doug Zobel
bfd738a84d Move sysfs_pcie type definition to gs-common 
SELinux type declaration 'sysfs_pcie' moved to gs-common
for the PCIe dumpstate script.

Test: adb logcat "pixelstats-vendor:D *:S"
Bug: 266561593
Change-Id: Ieae65d9d3f5dbf80f60c1787a384f1aa3adef77c
Signed-off-by: Doug Zobel <zobel@google.com>
 2023-02-10 07:37:32 -06:00
George
baa51816de Update sepolicy for streset and stpreprocess 
Allow hal_secure_element_st54spi to access nfc device
Allow hal_nfc_default to set se property
Allow vendor_init to set nfc/se property

Bug: 267838462
Test: manually trigger eSE reset without avc error
Change-Id: I0ad6a0432f4fb158186874b318b5832dddce47e6
 2023-02-10 21:01:20 +08:00
Wilson Sung
e338667584 vendor_init: Add getattr to sg 
Bug: 260522244
Change-Id: I9f447ecb635280048ca0d785f00b6c851a9dedf3
 2023-02-10 18:35:47 +08:00
Wilson Sung
6cf7ce5cc0 Allow vendor_init chown gvotables 
Bug: 267736435
Bug: 260366195
Change-Id: I0a27a7fb3719d57449fb3d7f4c4d746d09419a75
 2023-02-10 18:34:51 +08:00
Wilson Sung
594dee4dc4 Allow vendor_init create link for bootdevice_sysdev 
Bug: 263185566
Change-Id: I3a041c8dbd33c538d3971b793c64e4ea7c310190
 2023-02-10 16:24:06 +08:00
Ken Yang
b2585e3a2e WLC: Add hal_wireless_charger policies for systemui 
Bug: 268457480
Change-Id: Iadb44efc736cd6bb3c3dfe5283d5fd2a7ce3cf34
Signed-off-by: Ken Yang <yangken@google.com>
 2023-02-10 04:40:44 +00:00
Tom Huang
dfe1f3799b Merge "Add BT hal sepolicy for allowing accessing AoC device node" 2023-02-10 02:23:42 +00:00
Wilson Sung
3c27af4e58 Fix avc error from systemui 
Bug: 264266705
Change-Id: Iabc41ea7901ea99646147b133b96dd0297fd376d
 2023-02-10 02:40:36 +08:00