Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2005 commits 1 branch 0 tags 18 MiB
Commit graph

741 commits

Author SHA1 Message Date
Darren Hsu
1934546586 sepolicy: label required wakeup nodes for system suspend 
Bug: 260366031
Bug: 264204215
Test: run singleCommand pts -m PtsSELinuxTestCases
Change-Id: Icf8c4669156a0017655981fda8619ce0a75dce4d
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-02-07 10:12:30 +08:00
Timmy Li
5533264ba9 Merge "Add UW cornerfolk to file_contexts" 2023-02-07 02:09:54 +00:00
timmyli
d784c55c20 Add UW cornerfolk to file_contexts 
Device needs access to cornerfolk. Evidence log in comments.

Bug: 267696227
Test: log check
Change-Id: If6bd49b76038673ad12fc6a1e7abd10b4cd3407e
 2023-02-07 02:09:46 +00:00
TreeHugger Robot
cdc2d14883 Merge "sepolicy: label ODPM device nodes for hal_power_stats" 2023-02-07 02:05:46 +00:00
Darren Hsu
9964fd2901 sepolicy: label ODPM device nodes for hal_power_stats 
Bug: 268002261
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I1dfd7760c4a958e0b31258a8379f3c68eb054f35
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-02-06 21:44:17 +08:00
Donnie Pollitz
1fd0c782b4 sepolicy: Fix trusty_metricsd avc denials 
* Suez data collection missing

Bug: 264489526
Test: ran com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I667e35c68139a3368655cab4ea40acb529bb65ef
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-02-06 08:57:31 +00:00
Donnie Pollitz
1df4e2dde8 sepolicy: Fix trusty_apploader avc denials 
* File permissions missing

Bug: 263305034
Test: ran com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot

Change-Id: I5d0a56a4c31c66610414341118c4089d2c11f3e9
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-02-06 08:57:22 +00:00
Jenny Ho
6f15645932 Merge "Add permission for logbuffer_bd" 2023-02-06 03:53:19 +00:00
Jenny Ho
4e6cfb143d Add permission for logbuffer_bd 
Bug: 242679204
Change-Id: I7376f10dc183bac805c89d6905e70a7b92694471
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2023-02-05 14:06:06 +08:00
Jenny Ho
31f750da2b sepolicy: add sepolicy for disable.battery.defender 
[    7.536208] type=1107 audit(1671575809.144:22): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.battery.defender.disable pid=381 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=property_service permissive=1'

Bug: 263305106
Change-Id: Ia7adfe7f128c6390128447b9363ecd3615694fb1
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2023-02-05 13:09:28 +08:00
Ken Yang
af9057e7fb WLC: Add required sysfs_wlc sepolicies 
The sysfs_wlc is still required for certain services like
hal_health_default. Add these sepolicies to pass the tests.

Bug: 267171670
Change-Id: If2b5b007f4a24e91b2be83bb20676eb449b9415f
Signed-off-by: Ken Yang <yangken@google.com>
 2023-02-05 01:00:01 +00:00
Cyan_Hsieh
79bd040d55 Add gcf partition to OTA domain 
This allows the OTA mechanism to write to the bootloader slot to
perform the actual OTA

Bug: 263218204
Change-Id: Iec3f3aa73344f4e9a305bc3c1c3f2db7624aca93
 2023-02-02 18:08:51 +08:00
TreeHugger Robot
075f213ece Merge "hal_graphics_composer_default: fix sepolicy denials" 2023-02-02 06:11:49 +00:00
TreeHugger Robot
e9d7a18f5d Merge "selinux: fix mitigation_vendor_file access" 2023-02-02 04:40:09 +00:00
George Lee
574ebbacf8 selinux: fix mitigation_vendor_file access 
Bug: 266118091
Test: Local test to confirm error doesn't show up
Change-Id: Ie9e55230211f20efc7bba448bfc335799d0e1d56
Signed-off-by: George Lee <geolee@google.com>
 2023-02-01 17:55:12 +00:00
Doug Zobel
b0394ebf56 Merge "Add sepolicy for PCIe link statistics" 2023-02-01 15:04:04 +00:00
Safayat Ullah
7ce9680b98 hal_graphics_composer_default: fix sepolicy denials 
Bug: 263184738
Bug: 264489746
Test: There is no AVC denied log after reboot
Change-Id: I3c5bbc55f0a676d8906ec061e3c999995d02dd3f
 2023-02-01 14:34:36 +00:00
Doug Zobel
7ea927f332 Add sepolicy for PCIe link statistics 
PCIe link statistics collected by dumpstate and pixelstats.

Test: adb logcat "pixelstats-vendor:D *:S"
Bug: 266689144
Change-Id: I9b7eef9a9e14c1be9e9e9feb3c608f7067e6fade
Signed-off-by: Doug Zobel <zobel@google.com>
 2023-02-01 07:23:15 -06:00
Donnie Pollitz
eea50ca2bc Merge "sepolicy: Fix tee avc denials" 2023-02-01 09:46:16 +00:00
Long Ling
9f67cbb03b Merge "Set context for sysfs file refresh_rate" 2023-02-01 02:37:48 +00:00
Long Ling
ab6c98702b Set context for sysfs file refresh_rate 
Bug: 263821118
Change-Id: Id8865c4499b6af103a7acd1fbbe6da0724cb83b3
 2023-01-26 18:51:53 -08:00
TreeHugger Robot
1746a6cc59 Merge "Add rule for secure_element AIDL" 2023-01-27 02:00:45 +00:00
Donnie Pollitz
34fe057526 sepolicy: Fix tee avc denials 
tee policies were missing

Bug: 263304957
Bug: 263429986
Bug: 264489524
Test: boot and scanAvcDeniedLogRightAfterReboot passed

Change-Id: Ia3191496be005dbbbe331a14f7d45adace34b3fc
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-01-24 15:22:57 +01:00
Grace Chen
82ae431064 Merge "Fix selinux denials on hal_secure_element_uicc" 2023-01-24 02:10:51 +00:00
Grace Chen
e881d9d401 Fix selinux denials on hal_secure_element_uicc 
Bug: 264489780
Test: Confirm no more selinux denials
Change-Id: Ib159acaf8701d0ac7e3325addd7baca6a41f0cee
 2023-01-23 15:36:04 -08:00
Grace Chen
c93ba80fc4 Add rule for secure_element AIDL 
Add secureelement aidl

b/261565407

Change-Id: I79f35e8231d9eae81b90528269410c169bb1a035
 2023-01-23 18:46:01 +00:00
Dinesh Yadav
3de9d17052 Merge "Allow camera HAL and GCA to access GXP device." 2023-01-18 07:33:32 +00:00
TreeHugger Robot
30fe55378d Merge "Fix avc denied and remove tracking_denials for hal_usb_gadget_impl" 2023-01-17 06:07:41 +00:00
Chung-Kai (Michael) Mei
ee6c28322a Merge "sepolicy: fix avc denial" 2023-01-17 04:53:35 +00:00
Chungkai Mei
cc0f6a604d sepolicy: fix avc denial 
fix avc denial

Test: boot passed and no avc log after boot
Bug: 264483355
Change-Id: Idd9ef9ca7c988141bffd2d9d7e561efe8066cba4
Signed-off-by: Chungkai Mei <chungkai@google.com>
 2023-01-17 04:53:13 +00:00
Ray Chi
6baa4fa226 Fix avc denied and remove tracking_denials for hal_usb_gadget_impl 
Bug: 264946043
Test: no avc denied for hal_usb_gadget_impl
Change-Id: Ib52e6d089a0e3e73c619f35849af0aed478c1f65
 2023-01-17 04:37:49 +00:00
Dinesh Yadav
b068bb3f64 Allow camera HAL and GCA to access GXP device. 
The camera HAL and Google Camera App
need selinux permission to run workloads on Aurora DSP. This
change adds the selinux rules too allow these clients to
access the GXP device in order to execute workloads on DSP.

Bug: 264321380
Test: Verified that the camera HAL service and GCA app is able to access the GXP device.
Change-Id: I125650b4841b4cbdc50077a0d80b113b02699de8
 2023-01-17 03:21:04 +00:00
TreeHugger Robot
ef4c754dc4 Merge "Fix avc denied and remove tracking_denials for hal_usb_impl" 2023-01-16 09:55:32 +00:00
Dinesh Yadav
1ac5ca8485 Merge "Add SEPolicy settings for android logging/tracing service for GXP" 2023-01-16 08:05:51 +00:00
Ray Chi
0801e5e421 Fix avc denied and remove tracking_denials for hal_usb_impl 
Fix avc denial for hal_usb_impl.

Bug: 263048760
Test: no avc denied for hal_usb_impl
Change-Id: Iaeea9d1f99f715c0f856a3a9f9fcd2e8d371f3d3
 2023-01-16 15:40:48 +08:00
Chungkai Mei
171bfb004b sepolicy: fix avc denial 
fix avc denial

Test: bott passed and no avc log after boot
Bug: 260769063
Bug: 261105028
Bug: 260366126
Bug: 261650934
Bug: 262178497
Bug: 262315567
Bug: 262633072
Change-Id: I926d535fe6871726b5cd0602e436f6b5a3a9e736
Signed-off-by: Chungkai Mei <chungkai@google.com>
 2023-01-16 02:55:37 +00:00
Ken Yang
c4d610a86b Merge "WLC: Cleanup the sysfs_wlc policies" 2023-01-13 14:41:32 +00:00
Welly Hsu
1f350465ce Merge "Fix euiccpixel_app SELinux error for eSIM firmware upgrade" 2023-01-13 07:46:40 +00:00
Leo Liou
af6131d348 Merge "zuma: add sepolicy for ufs_firmware_update process" 2023-01-13 03:21:07 +00:00
Leo Liou
30f3c17252 zuma: add sepolicy for ufs_firmware_update process 
Allow the script to access the specified partition and sysfs.

Bug: 224464892
Test: full build and test ffu flow
Change-Id: I27f0d4d97f15a7c108e6ae1b8c12fda2c69c303a
Signed-off-by: Leo Liou <leoliou@google.com>
 2023-01-13 08:19:27 +08:00
Jaegeuk Kim
0cf7210eb1 Allow mkfs/fsck for vendor partitons 
Change-Id: I425c56edf9b12f1b86994f58100ecc9a8e1b58b2
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
 2023-01-12 09:42:16 -08:00
Welly Hsu
48ef4308be Fix euiccpixel_app SELinux error for eSIM firmware upgrade 
bug: 265286368

Test: generate test build and confirm no avc error happens
Change-Id: I2f457157d92cb48dfe328ba1520c3e598bd6d6b6
 2023-01-13 01:17:19 +08:00
TreeHugger Robot
7544c3c104 Merge "Wifi: Add sepolicy files for wifi_sniffer service" 2023-01-12 05:55:41 +00:00
kensun
fb69c41387 Wifi: Add sepolicy files for wifi_sniffer service 
Bug: 237465412
Test: Manual Test
Change-Id: I558b7f401c8d0da0f7f5b376165b42e1073a7900
 2023-01-12 05:47:03 +00:00
Xu Han
e8f6804674 Merge "Fix permission regarding camera HAL, raidoExt and rlsservice" 2023-01-11 23:06:17 +00:00
Dinesh Yadav
7056027e71 Add SEPolicy settings for android logging/tracing service for GXP 
Test:
Checked that no "avc" violations were caused by gxp_logging after selinux has been enforced.

Bug: 264489388
Change-Id: I967b7b6d57c70804bed5c4ae94ff7b62ece23de3
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-01-11 13:54:47 +00:00
Hasini Gunasinghe
ab3f430aae Merge "[Port ag/20645453] Map Rust KeyMint to same SELinux policy as C++" 2023-01-10 19:52:48 +00:00
Ken Yang
2dda40afef WLC: Cleanup the sysfs_wlc policies 
The sepolicy must be self-contained without including wirelss_charger to
avoid build break in AOSP

Bug: 263830018
Change-Id: Iff235b0c006474b59af853a19d01ba57c3dfe451
Signed-off-by: Ken Yang <yangken@google.com>
 2023-01-10 16:03:22 +00:00
TreeHugger Robot
029f002a34 Merge "Allow dmabuf heap access to graphics allocator" 2023-01-10 01:52:35 +00:00
Hasini Gunasinghe
76c4f20434 [Port ag/20645453] Map Rust KeyMint to same SELinux policy as C++ 
Allow the Rust and C++ implementations of the KeyMint HAL service to be
toggled easily, by mapping them to the same SELinux policy.

Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic43985f32aaabb2560ef0b02573a1e587e24fc6a
 2023-01-10 01:19:17 +00:00