Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2005 commits 1 branch 0 tags 18 MiB
Commit graph

741 commits

Author SHA1 Message Date
Ankit Goyal
344fb91207 Allow dmabuf heap access to graphics allocator 
There is no change in dmabuf heaps from pro, so these use the exact same
SEpolicy rules

Fix: 264489636
Test: Boots to home (with SELinux enforced)
Test: VtsHalGraphicsMapperV4_0TargetTest
Change-Id: I58ec8d9558fa76b805c0882cbbb20bfd08aead13
 2023-01-09 16:16:28 -08:00
George Lee
394b28b7b1 selinux: Enable lpf_power for sys_odpm 
Bug: 264929465
Test: Confirm selinux error no longer exist
Change-Id: Ibd7bfccac0d942507f3f1a9e2bf667ed1a54a9e6
Signed-off-by: George Lee <geolee@google.com>
 2023-01-09 14:54:57 -08:00
Miller Liang
89bdcc93cc Merge "audio:fix AAudio API access denial" 2023-01-09 12:36:34 +00:00
millerliang
8889eb6496 audio:fix AAudio API access denial 
This commit adds the sepolicy file for AAudio API

I auditd  : type=1400 audit(0.0:113):
avc: denied { map } for comm="binder:900_7" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=1191 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=1

Bug: 264484544
Test: test_steal_exclusive -c0
Test: Check no avc_deny on audioserver
Change-Id: I9efde74c74722b1b32c1d800a4cbceea8a850bfa
 2023-01-09 14:55:32 +08:00
Cheng Chang
67ff25f88c Merge "allow system_server binder call gpsd" 2023-01-09 06:04:41 +00:00
Cheng Chang
e83f8dcee8 allow system_server binder call gpsd 
01-05 17:56:17.416 hidl_ssvc_poll: type=1400 audit(0.0:467): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:gpsd:s0 tclass=binder permissive=1

Bug: 264508279
Test: flash test build and check avc denied logs are goned
Change-Id: I6f3f27de7466cb594c192cd8339009ca6633ec6d
 2023-01-09 03:19:43 +00:00
TreeHugger Robot
09ba144bc6 Merge "sepolicy: remove tracking denials for hal_power_stats" 2023-01-09 01:58:14 +00:00
TreeHugger Robot
f4841acd83 Merge "Wifi: Add sepolicy files for hal_wifi_ext service" 2023-01-07 07:38:08 +00:00
Darren Hsu
8eed3af1eb sepolicy: remove tracking denials for hal_power_stats 
Bug: 264489189
Test: Captured bugreport and make sure there is no any avc denails
Test: related to hal_power_stats
Change-Id: Id83022ebaca5a507873bee57363a54baf4a27310
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-01-07 15:04:35 +08:00
Xu Han
b8ab0fed91 Fix permission regarding camera HAL, raidoExt and rlsservice 
Bug: 264483024
Bug: 264489641
Bug: 263185565
Test: selinux log
Change-Id: Ieb174aef18c218efdcb357245c7d5ac4953a949c
 2023-01-06 11:56:55 -08:00
kensun
0f5b5efdd1 Wifi: Add sepolicy files for hal_wifi_ext service 
This commit adds the sepolicy related files for hal_wifi_ext service.

[   27.714476] type=1400 audit(1670979557.360:29): avc: denied { call } for comm="binder:942_1" scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1
12-14 08:59:17.360   942   942 I binder:942_1: type=1400 audit(0.0:29): avc: denied { call } for scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1

Bug: 262455388
Test: Check no avc_deny on hal_wifi_ext
Change-Id: Ibc48225845b0cd10bbe88527449016daa9ef9eff
 2023-01-06 08:06:57 +00:00
Xu Han
525acba924 Allow camera HAL to call radioExt HAL for desense 
Bug: 264204392
Test: selinux log
Change-Id: Iee7f45a649444cc6c95b8094f001645e85eb83ba
 2023-01-05 18:54:59 +00:00
Adam Shih
92f2edf487 label GPU as same_process_hal 
Bug: 261933250
Bug: 261933249
Bug: 261933226
Bug: 261933097
Bug: 261933428
Bug: 261933227
Bug: 260768740
Bug: 260922185
Test: boot to home under enforcing mode
Change-Id: Ied95ce0c1f851785e0848f7af788969f27e45101
 2023-01-04 12:10:27 +08:00
Adam Shih
97748d82a9 set necessary domains to permissive 
Bug: 254378739
Test: enforce and boot to home
Change-Id: I1dc8f400971e0926dbb2c5c0ac6f0ef99250e067
 2023-01-04 11:57:28 +08:00
TreeHugger Robot
bd992ad2b4 Merge "Sepolicy: Pixelstats: Battery history sepolicy" 2023-01-04 02:19:54 +00:00
Wasb Liu
cefb0a621f hal_health_default: updated sepolicy 
Add necessary sepolicy.

Bug: 260366438
Bug: 261933135
Bug: 262178574
Bug: 262794970
Test: no avc denied for hal_health_default
Change-Id: I47043f64931c191063a0b3d5807ef814fa8b787f
Signed-off-by: Wasb Liu <wasbliu@google.com>
 2022-12-29 09:47:23 +00:00
Darren Hsu
3ea4ff4944 sepolicy: Allow hal_power_stats to access required sysfs 
Bug: 260366519
Bug: 260768935
Bug: 260922184
Bug: 261105152
Bug: 261363958
Bug: 261519183
Bug: 261651283
Bug: 261783107
Test: Captured bugreport and make sure there is no any avc denails
Test: related to hal_power_stats
Change-Id: Ic214dc1d8ea920b1bb8f700cd8b75918af3ab046
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-12-29 14:33:17 +08:00
Kris Chen
4963317cad zuma: fingerprint: fix SELinux denails 
Bug: 261105164
Test: boot with no relevant error on p23 device
Change-Id: I8d897693685591a042c5febfeca0121375749b8e
 2022-12-23 17:43:50 +08:00
Timmy Li
a6fd3e2122 Merge "Add hal_camera_default se linux file for zuma" 2022-12-23 03:47:09 +00:00
Chia-Ching Yu
0dfdbed76e Move the sepolicy setting of als_table to the new file. 
Bug: 261111968
Test: There is no als_table avc denied log after reboot.

Change-Id: I41f9472e6a17dd7fce021d916e3e626a81fe79cf
 2022-12-23 07:05:57 +08:00
timmyli
8d061f7ebc Add hal_camera_default se linux file for zuma 
Add hal_camera_default.te for zuma. Move referenced contexts and
settings to new zuma-sepolicy folders. Add hal_camera_default type declaration
to file.te

Bug: 261651093, 260366029, 263185135
Test: Build and test for hal_camera_default denials
Change-Id: Id0246f9ca8fd399853894e9e41548976ab44ccd0
 2022-12-22 21:41:11 +00:00
Dennycy
79210088c5 Sepolicy: Pixelstats: Battery history sepolicy 
avc: denied { read } for comm="pixelstats-vend" name="battery_history"
dev="tmpfs" ino=845 scontext=u:r:pixelstats_vendor:s0 tcontext=u
:object_r:battery_history_device:s0 tclass=chr_file permissive=1

Bug: 260366322
Test: No more battery_history sepolicy found
Change-Id: Ic5d351ed0e42d08b24b5fd0af2d9ebd155086bc9
Signed-off-by: Dennycy <dennycylee@google.com>
 2022-12-22 09:21:56 +00:00
Ernie Hsu
0faf3d2c7b Merge "mediacodec_samsung: add sepolicy for mfc codec" 2022-12-22 05:25:29 +00:00
Ernie Hsu
bb7586ac03 mediacodec_samsung: add sepolicy for mfc codec 
Add necessary sepolicy. Log and reason are added in review comment
move sysfs out from legacy setting

Bug: 262633502
Bug: 263049105
Bug: 262794577
Bug: 262794578
Bug: 262794634
Test: video playback
      SELinuxTest#scanBugreport
      SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I240f3fc4672a0d3133699f76a808573e172d23f2
 2022-12-22 03:46:04 +00:00
Chung-Kai (Michael) Mei
839546d2e3 Merge "Revert "Fix avc denials for powerhal"" 2022-12-21 08:39:31 +00:00
Chung-Kai (Michael) Mei
21426ea726 Revert "Fix avc denials for powerhal" 
This reverts commit 92e550d83f.

Reason for revert: here's duplicated setting

Change-Id: I4188deee0010c5dd10501fd9b36ae3876c412322
 2022-12-21 08:37:50 +00:00
TreeHugger Robot
aed7870cb2 Merge "Fix avc denials for powerhal" 2022-12-21 07:20:07 +00:00
TreeHugger Robot
e9868935cf Merge "mediacodec_google: updated sepolicy" 2022-12-21 04:58:31 +00:00
Chungkai Mei
92e550d83f Fix avc denials for powerhal 
Test: bott passed and no avc log after boot
Bug: 260769063
Bug: 261105028
Bug: 260366126
Bug: 261650934
Bug: 262178497
Bug: 262315567
Bug: 262633072
Change-Id: I84e5cdaeb8016bd3f5506a242ee8e3a58052ab07
Signed-off-by: Chungkai Mei <chungkai@google.com>
 2022-12-21 02:46:39 +00:00
Taylor Nelms
9f72e56d46 Merge "Modify permissions to allow dumpstate process to access decon_counters node" 2022-12-21 01:41:40 +00:00
Ruofei Ma
fd79c76365 mediacodec_google: updated sepolicy 
Add necessary sepolicy.

Bug: 262633230
Test: no avc denied for mediacodec_google

Change-Id: I0b2a8a12d9d9a6484cf899fabdf213b8c9a279e9
Signed-off-by: Ruofei Ma <ruofeim@google.com>
 2022-12-19 19:37:52 -08:00
Adam Shih
169b9143fb restart domains 
Bug: 254378739
Test: boot to home
Change-Id: I7d077b7c5edfb3bee07a05fda05e5076e515c7bf
 2022-12-20 08:50:43 +08:00
Adam Shih
be72019a1c restart domains 
Bug: 254378739
Test: boot to home
Change-Id: I6faa55132d52896c5138eb4dcff2bde3557dcf90
 2022-12-19 11:01:25 +08:00
Taylor Nelms
e7f915c920 Modify permissions to allow dumpstate process to access decon_counters node 
Bug: 240346564
Test: Build for P23 device with "user" build, check bugreport for decon_counters content
Change-Id: Iac569b53880f903aa6496cb24bdadc6e38975171
Signed-off-by: Taylor Nelms <tknelms@google.com>
 2022-12-16 16:50:49 +00:00
TreeHugger Robot
3406af9012 Merge "Add BrownoutDetected Events - zuma sepolicy" 2022-12-15 05:29:35 +00:00
Adam Shih
dc479f78a5 Merge "restart domains" 2022-12-15 03:15:49 +00:00
Adam Shih
419fa5774c create an empty dump file for wlan 
Bug: 261784587
Test: adb bugreport
Change-Id: I6a0e65e4624348f5f34cb618150a6978996dcdc9
 2022-12-14 13:33:33 +08:00
Adam Shih
ce44423468 restart domains 
Bug: 254378739
Test: boot to home
Change-Id: I427f1647d5a0a95e750fd59419575cdb7553111e
 2022-12-14 11:27:03 +08:00
Adam Shih
4b9a4886f1 restart domains 
Bug: 254378739
Test: boot to home
Change-Id: Ie67dbbdad041d84cddbabf62e98b0a8f2b1eadf2
 2022-12-14 09:19:54 +08:00
Adam Shih
126d6a4771 restart domains 
Bug: 254378739
Test: boot to home
Change-Id: Ib6b0d9415b286fc7025df009a3bf7f1105ae4860
 2022-12-13 13:38:35 +08:00
George Lee
b17a5fc383 Add BrownoutDetected Events - zuma sepolicy 
Brownout Detection is detected during the boot sequence.  If the
previous shutdown resulted in a reboot reason that has *ocp* or *uvlo*
in it, the shutdown was due to brownout.  Mitigation Logger should have
logged the device state during the brownout.  This event metric is to
surface the logged data.

Bug: 250009365
Test: Confirm triggering of events
Ignore-AOSP-First: to detect brownout.
Change-Id: I54e354372935e339f685fc8f5541a0568053ae08
Signed-off-by: George Lee <geolee@google.com>
 2022-12-12 21:20:58 -08:00
Lopy Cheng
7b281b63f2 hal_graphics_composer_default: add sepolicy for display 
Fix avc denied issues.

Bug: 260769163
Bug: 261105029
Bug: 261933075
Bug: 261933169
Bug: 262178623
Test:
There is no AVC denied log after reboot

Change-Id: I291877a0f70f25a43f49a96a2b280be925bb98c5
 2022-12-12 16:12:18 +08:00
George Chang
b5887a9853 Update permissions for st54spi and st33spi 
Remove st33spi and update st54spi rules

Bug: 261519145
Bug: 261519169
Test: m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I37736275204ad7bea98ce225121e71545260187c
 2022-12-08 15:08:17 +00:00
Adam Shih
1774ec056b restart domain 
Bug: 254378739
Test: boot to home
Change-Id: I776bf6fa66605a4c3a888f2362b79fa1e0ec122a
 2022-12-08 09:55:57 +08:00
Cyan Hsieh
fe97b2df7a Revert "restart domain" 
This reverts commit be714f6fa3.

Reason for revert: build breakage

Change-Id: I02a16de23cd657bc0cc9494b03f840d0060ac9d1
 2022-12-07 04:41:58 +00:00
Adam Shih
be714f6fa3 restart domain 
Bug: 254378739
Test: boot to home
Change-Id: I63a3e22ccbee16dd3f186e76fa698d2e7454c057
 2022-12-07 09:48:15 +08:00
TreeHugger Robot
8ddedfa7fa Merge "restart domains" 2022-12-06 08:35:59 +00:00
Jenny Ho
ed45434f01 add permission for dump logbuffer 
Bug: 260756283
Change-Id: If4d885cc53bbb2a4796d638c5f23fbf17a494436
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2022-12-06 10:50:21 +08:00
Adam Shih
21f4111616 restart domains 
Bug: 254378739
Test: boot to home
Change-Id: If7264f1a5cdaace0558dbeda986d9c899dd6ac08
 2022-12-06 10:34:32 +08:00
TreeHugger Robot
7c94c8c83f Merge "restart deomains" 2022-12-05 06:02:58 +00:00