Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2005 commits 1 branch 0 tags 18 MiB
Commit graph

741 commits

Author SHA1 Message Date
Wilson Sung
2e19e54fe5 Add btbcm wakelock node context 
avc: denied { read } for name="wakeup178" dev="sysfs" ino=119871 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0

Bug: 277717252
Test: boot-to-home and no avc error
Change-Id: I82ed45ff6bf28c0cf2237098c54b6ead59c6c284
 2023-04-11 11:02:26 +00:00
Wilson Sung
9e250f4a12 Allow update_engine to change slot am: 79b4b329f0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22563758

Change-Id: I38ef79ff33c61540b5240e31a5b2309973c41185
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-11 04:36:20 +00:00
Wilson Sung
79b4b329f0 Allow update_engine to change slot 
Bug: 275143841
Change-Id: Id9e19ae74a32521ab083eff87e4e3e583f881bbb
 2023-04-11 11:03:12 +08:00
Ali K. Zadeh
1f56ec32b6 sepolicy: label bci and dsu max frequency 
Bug: 274005880
Test: powerhint is able to change the bci/dsu max frequency
Change-Id: I8d59450878ba8e349d7f797cc74f0f1cc00c6187
 2023-04-10 23:24:55 +00:00
Sayanna Chandula
0df51526da thermal: enable pixelstats access to thermal metrics 
Allow pixelstats daemon to access thermal metric nodes

Bug: 277625975
Test: Build and boot on device. Check DFS stats

Change-Id: I50d71d12f4f9d3a1b83a606ba6a7159c46ebec14
Signed-off-by: Sayanna Chandula <sayanna@google.com>
 2023-04-10 13:55:26 -07:00
Adam Shih
e3c88c1277 comply with VTS requirements am: 22e1c0756a am: 46fd63b761 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22344148

Change-Id: Ia94e551d31f068ed18f3e0bbc626eb544074e000
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 03:20:40 +00:00
Adam Shih
46fd63b761 comply with VTS requirements am: 22e1c0756a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22344148

Change-Id: I02d1e5a2af5bb6d3009d2b7687dff6080f56724f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 03:08:17 +00:00
Dinesh Yadav
0829947959 Merge "Allow google_camera_app to access edgetpu" into udc-d1-dev am: d9a75c1639 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22286148

Change-Id: I46aa0db686e57dfcf9daaf7d302ec6754c86d630
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 03:06:08 +00:00
Dinesh Yadav
478b11708f Allow google_camera_app to access edgetpu 
These permissions are needed by GCA-release & GCA-dogfood to access
edgetpu.

Bug: 264490031
Change-Id: Idd9dff906c86f9e83f1dc67698c23387e174d99c
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-04-04 06:11:47 +00:00
TreeHugger Robot
b99f943900 Merge "Add logd selinux allow permissions" into udc-d1-dev am: 4bb2e02b1c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22307864

Change-Id: I7f9a2c6d4af714625fb4d347c0988052d8f77852
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:17:02 +00:00
Adam Shih
22e1c0756a comply with VTS requirements 
Bug: 275142299
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default
Built pass on target-userdebug and aosp_target-userdebug

Change-Id: I6a114aa2aa92f7b06cfd5bbd1f73d34b5477b109
 2023-03-30 13:28:43 +08:00
TreeHugger Robot
8041addc24 Merge "sepolicy: fix VTS failure for system suspend [RESTRICT AUTOMERGE]" into udc-d1-dev 2023-03-30 01:52:41 +00:00
TreeHugger Robot
4bb2e02b1c Merge "Add logd selinux allow permissions" into udc-d1-dev 2023-03-30 01:44:29 +00:00
TreeHugger Robot
6cbdc36e1b Merge "Move pixel dumpstate to gs-common" into udc-d1-dev 2023-03-29 16:06:45 +00:00
Darren Hsu
bc15f1c8ee sepolicy: fix VTS failure for system suspend [RESTRICT AUTOMERGE] 
Bug: 275143652
Test: run vts -m SuspendSepolicyTests
Change-Id: I7cb5fdb18e7b16d98961bfed11da21496e8fa026
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-29 18:46:56 +08:00
Donnie Pollitz
885a790f2d Add logd selinux allow permissions 
Bug: 261105354
Bug: 264489639
Test: Ran atest SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I377dbb3bbdecd6780c1bdfb3aab53ee3c754c163
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-03-29 09:24:47 +02:00
TreeHugger Robot
b8afba5124 Merge "Keep name "dmabuf_system_secure_heap_device" for secure playback" into udc-d1-dev am: 83588e636f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22185170

Change-Id: I8ae4c6a6f1c4e63adddc3fcdea47143e0e5e22d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 03:27:57 +00:00
TreeHugger Robot
83588e636f Merge "Keep name "dmabuf_system_secure_heap_device" for secure playback" into udc-d1-dev 2023-03-29 02:56:22 +00:00
TreeHugger Robot
a0beb1cf16 Merge "Allow bootctl to access trusty device" into udc-d1-dev am: 5d6157b523 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22307863

Change-Id: Icab0b0b06400d4b7c362813726b878d59a7d7f7c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 00:56:36 +00:00
TreeHugger Robot
5d6157b523 Merge "Allow bootctl to access trusty device" into udc-d1-dev 2023-03-29 00:00:55 +00:00
Mingguang Xu
afdff68774 Merge "Add permissions to connect radioext to twoshay." into udc-dev am: 57e322c17c am: e283627fac 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21956466

Change-Id: Id3525c06cc58f816eee7797145fbb301c4208ac7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 23:34:30 +00:00
Mingguang Xu
e283627fac Merge "Add permissions to connect radioext to twoshay." into udc-dev am: 57e322c17c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21956466

Change-Id: Iac8bc11118a1c8f6f401f938039899f03bdeea95
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 23:16:41 +00:00
Mingguang Xu
203dd313e7 Merge "Add permissions to connect radioext to twoshay." into udc-dev am: 57e322c17c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21956466

Change-Id: Ib70d523bc36e1a789b003374207094f2eaf722d5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 23:09:15 +00:00
Mingguang Xu
57e322c17c Merge "Add permissions to connect radioext to twoshay." into udc-dev 2023-03-28 23:03:46 +00:00
Feiyu Chen
67f06b0a3d Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev am: 2d34b0b1f6 am: 02cc06b4ab 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22248613

Change-Id: I7cd7a542c4d855dac45e34b698303e18847057f9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 09:47:10 +00:00
Feiyu Chen
02cc06b4ab Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev am: 2d34b0b1f6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22248613

Change-Id: Icf1b60bc90121ad358639abe52ea15b4b69bb652
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 09:19:09 +00:00
Feiyu Chen
719b7aae1f Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev am: 2d34b0b1f6 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22248613

Change-Id: Ia56751b481fd666dedec73f11ee2ee5ff7e4d088
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 09:18:37 +00:00
Feiyu Chen
2d34b0b1f6 Merge "Allow camera HAL to access edgetpu_app_service" into udc-dev 2023-03-28 08:43:23 +00:00
Donnie Pollitz
74e0bf60c2 Allow bootctl to access trusty device 
Background:
* Boot Control needs to be able to blow AR fuses, which requires access
  to the OTP port on trusty.

Bug: 267714941
Test: AVC denial doesn't show up in log
Change-Id: I5635f2358b379ae0ffe882ca9ee162a455f554f0
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2023-03-28 09:58:16 +02:00
Jerry Huang
912984c964 Keep name "dmabuf_system_secure_heap_device" for secure playback 
Fixes the following denials:

03-13 14:31:22.796 W CodecLooper: type=1400 audit(0.0:284): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo

03-13 14:31:22.796 I auditd  : type=1400 audit(0.0:281): avc: denied { read } for comm="CodecLooper" name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo

03-14 15:01:48.069  1429  1429 W CodecLooper: type=1400 audit(0.0:1469): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=807 scontext=u:r:untrusted_app_32:s0:c65,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.disney.disneyplus

Bug: 268197530
Test: secure playback
Change-Id: I09a24fcf03f1f66b4c85d3b3949f33ad0d0f8dac
 2023-03-28 15:04:43 +08:00
Boon Jun Soh
0a1cba518a Use tof sensor codenames 
Bug: 272224875
Test: Camera CTS + PTS + unittests
Change-Id: Iedd90e285364b28add7298bae7662efbac31474c
 2023-03-28 13:00:09 +08:00
Adam Shih
036fb44a5d Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
(cherry picked from commit 8538fd33da)
 2023-03-27 17:57:22 +00:00
Wilson Sung
98c7894070 Merge "Move OTA context out of legacy folder" into udc-d1-dev 2023-03-27 14:27:28 +00:00
Wilson Sung
21226c4c24 Merge changes from topic "275143841" 
* changes:
  Merge "Move OTA context out of legacy folder" to master
  Move OTA context out of legacy folder
 2023-03-27 14:27:28 +00:00
Alan
afafafd8a4 Add permissions to connect radioext to twoshay. 
Connection through grilantennatuningservice binder call.

Test: manual
Bug: 258970389
Change-Id: I419b40042cce363428f72fa723adf89bcf269ef4
 2023-03-27 17:07:16 +08:00
Gina Ko
7a32ef8f12 Merge "Allow systemui to find cameraserver_service" into udc-d1-dev am: 5821d671f3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22270826

Change-Id: Id6c48fa93ffdf03e50925cec717fe971e6b63cb6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 05:57:43 +00:00
Gina Ko
5821d671f3 Merge "Allow systemui to find cameraserver_service" into udc-d1-dev 2023-03-27 05:32:14 +00:00
Wilson Sung
c705e81227 Merge "Move OTA context out of legacy folder" to master 
Bug: 275143841
Test: OTA
Change-Id: I4774b7c48c075afc1b02d8c34fded212cd0efffb
 2023-03-27 11:46:05 +08:00
Wilson Sung
6acea9d647 Move OTA context out of legacy folder 
Bug: 275143841
Test: OTA
Change-Id: I4774b7c48c075afc1b02d8c34fded212cd0efffb
 2023-03-27 11:44:51 +08:00
Dinesh Yadav
81ad90854c Merge "Add certificate & label for GCA-ENG & GCA-Next" into udc-d1-dev am: 4a01ae23ad 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22246482

Change-Id: Iee99f93a8a15d9f723d849f22565ce30ac552885
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 03:34:15 +00:00
Gina Ko
ce85639700 Allow systemui to find cameraserver_service 
avc:  denied  { find } for pid=2435 uid=10235 name=media.camera
scontext=u:r:systemui_app:s0:c235,c256,c512,c768
tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=0

Bug: 272628174
Bug: 269964574
Bug: 274734888
Test: Manual. Able to turn on/off flashlight from QS.
Change-Id: Icedf70b06bd06eb5b819a00c9157b4f475e9a126
 2023-03-25 00:18:23 -07:00
feiyuchen
f0dc7907b0 Allow camera HAL to access edgetpu_app_service 
Today the EdgeTpu metrics logging library (used by EdgeTpu library used by camera HAL) has a dependency on edgetpu_app_service, in order to call its UserIsAuthorized API to know whether to log the metrics (We don't want to log metrics for 3P apps), see b/275016466.

This is not ideal, because strictly speaking, camera HAL doesn't need such dependency.

Still, this is fine and there is no security risk, because today even untrusted apps can call edgetpu_app_service: http://cs/android-internal/device/google/gs-common/edgetpu/sepolicy/untrusted_app_all.te;l=2;rcl=f4b62d12c171d4e294d8251e34197ab555c40673

Bug: 266084950
Test: Just mm
Change-Id: I6c0e4411370e4b300b9ceb3ad804688d873371cd
 2023-03-24 17:01:49 +00:00
Dinesh Yadav
84aa699ac8 Add certificate & label for GCA-ENG & GCA-Next 
This commit makes following changes:
- Add selinux policies for GCA-Eng & GCA-Next to access GXP device &
edgetpu services.
- Refactor code to push policies for Google Camera app from
legacy/whitechapel_pro/* to vendor/*

Tested:
- flashed both GCA-Eng & GCA-Next apps and observed no crashes due to gxp or edgetpu.
- scontext changed from "untrusted_app_32" to "debug_camera_app" in both cases.

Bug: 264490031
Change-Id: I51f69168eebd6c7e54e512b7abde8dd6bbe7c443
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-03-24 12:56:53 +00:00
Adam Shih
2b921528f1 Merge "Move pixel dumpstate to gs-common" into udc-dev 2023-03-24 05:54:52 +00:00
KRIS CHEN
355457bf9d Merge "Allow fingerprint hal to read sysfs_leds" into udc-dev am: dba88b81d3 am: 24b32ddd4c 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22178643

Change-Id: I0b1312780a03417859f9203ee8e1d34bca1ec2a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 03:09:02 +00:00
Adam Shih
8538fd33da Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-24 02:55:51 +00:00
KRIS CHEN
4f15bf412d Merge "Allow fingerprint hal to read sysfs_leds" into udc-dev am: dba88b81d3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22178643

Change-Id: Ic8a12d3e5a4d79ef5edbe17fc340c54760cf8998
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 02:41:26 +00:00
Mark Chang
75f77b7bc6 Merge "Add IScreenProtectorDetectorService policy for systemui_app." into udc-d1-dev am: 3c027fdc6e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22197842

Change-Id: I084554e9af7107be6c13aace51cab06c4bf614b0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 09:00:24 +00:00
Mark Chang
3c027fdc6e Merge "Add IScreenProtectorDetectorService policy for systemui_app." into udc-d1-dev 2023-03-23 08:30:24 +00:00
TreeHugger Robot
24536aa24c Merge "Revert "Move pixel dumpstate to gs-common"" into udc-dev am: 3fae47e04b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22215371

Change-Id: I3b6ed885d80985c85846b1ec6627c093ba94431f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 08:07:36 +00:00