Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2005 commits 1 branch 0 tags 18 MiB
Commit graph

741 commits

Author SHA1 Message Date
TreeHugger Robot
48b6856587 Merge "sepolicy: label odpm paths for system suspend" into udc-d1-dev am: b76a3b6257 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22189946

Change-Id: I16131bd8b5cde5325378a6f22bca3042dd1fdf05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 07:46:35 +00:00
Andy Hsu
88d801e092 Merge "Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL." into udc-d1-dev am: 93e86449e5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22215364

Change-Id: Ic14bcd44370d4dc064537b2ac888677985d5cf12
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 07:43:50 +00:00
TreeHugger Robot
b76a3b6257 Merge "sepolicy: label odpm paths for system suspend" into udc-d1-dev 2023-03-23 07:19:55 +00:00
Andy Hsu
93e86449e5 Merge "Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL." into udc-d1-dev 2023-03-23 07:01:32 +00:00
Andy Hsu
9c91ba1a2f Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL. 
Note that this only adds permission to GCARelease and GCADogfood, while GCANext and GCAEng are still untrusted app on zuma now and after this change GCANext and GCAEng will still be denied.

Bug: 264490031

Test: Portrait processing in GCARelease didn't get denial message when accessing PowerHAL after this change  (https://cnsviewer-static.corp.google.com/cns/md-d/home/pixel-camera-data-readers/acat/hwandy/ag/22215364?user=pixel-camera-data-readers).

Change-Id: Ia4a4c2f24215b9da9db7985cf67112997df355fa
 2023-03-23 06:41:13 +00:00
Darren Hsu
8e028f0a03 sepolicy: label odpm paths for system suspend 
Bug: 272166423
Test: run singleCommand pts -m PtsSELinuxTestCases
Change-Id: I0295cc09cd8eb46b19edcec0d74440e497440423
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-23 14:13:43 +08:00
Wilson Sung
3e68836e43 Revert "Move pixel dumpstate to gs-common" 
Revert submission 22188471-dumpstate aidl

Reason for revert: Build break

Reverted changes: /q/submissionid:22188471-dumpstate+aidl
Bug: 274858145

Change-Id: I757111541257eecd4936572376fe42a4c866a1d6
 2023-03-23 05:58:12 +00:00
Adam Shih
cad969da74 Merge "Move pixel dumpstate to gs-common" into udc-dev am: 0c17644417 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22188471

Change-Id: I58ded180038a8aa507095d31a069547b7f02efea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 05:52:55 +00:00
Miranda Kephart
04ac3ce7f5 Fix screenshot shutter sound on P23 devices am: 8cc50336c8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22200827

Change-Id: I1bc148a562bc22bdab4be3984f1394ecf0da364f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 04:13:55 +00:00
Miranda Kephart
8cc50336c8 Fix screenshot shutter sound on P23 devices 
SystemUI didn't have permission to access media server or the audio
server. Looks like both are required (and sufficient).

Bug: 273688513
Bug: 272628174
Fix: 273688513
Test: manual; take a screenshot with ringer on and verify it
makes a sound

Change-Id: Ibbe54db8cbf78ed199cb329804221709a2822242
 2023-03-22 18:40:47 +00:00
Mark Chang
9e2ce3d5c0 Add IScreenProtectorDetectorService policy for systemui_app. 
Bug: 260302317
Test: system ui app successfully started.
Change-Id: Ibbeab03e738fbbd4103bb5bf4e9f6bbd2998cd29
Signed-off-by: Mark Chang <changmark@google.com>
 2023-03-22 11:53:18 +00:00
Adam Shih
ee45cfea78 Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-22 05:06:27 +00:00
Adam Shih
9844033c0a Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-22 13:05:44 +08:00
TreeHugger Robot
7cd8b7fd2f Merge "change device type for /dev/stmvl53l1_ranging" into udc-d1-dev am: 03d439f0e1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22167058

Change-Id: I40aab624c447d94be30d25ea2b256f289c576f7e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 03:09:42 +00:00
TreeHugger Robot
03d439f0e1 Merge "change device type for /dev/stmvl53l1_ranging" into udc-d1-dev 2023-03-22 02:36:37 +00:00
Joerg Wagner
6351914802 Merge "Update Mali DDK to r40 : Additional SELinux settings" into udc-d1-dev 2023-03-21 14:36:16 +00:00
Kris Chen
0ea531896c Allow fingerprint hal to read sysfs_leds 
Fix the following avc denials:
avc: denied { search } for name="backlight" dev="sysfs" ino=79316
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=dir permissive=1

avc: denied { read } for name="state" dev="sysfs" ino=79365
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=file permissive=1

Bug: 271072126
Test: Authenticate fingerprint.
Change-Id: Ibefbcefc005ab2cec7c417f197fd134b154ed9a1
 2023-03-21 12:18:59 +00:00
JimiChen
ee1df407be change device type for /dev/stmvl53l1_ranging 
It was a rls_device. Move to lwis_device now.

Bug: 274552433
Test: launch GCA
Change-Id: Id920583cc06b09063de85b160c12a5c3a5468c11
 2023-03-21 20:00:00 +08:00
TreeHugger Robot
d5ac6d9962 Merge "Allow regmap debugfs permission" into udc-d1-dev am: 504b4cc2eb 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22133445

Change-Id: I483874eb28c4db9377ce3d7b616262d81d4e70ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-21 08:27:11 +00:00
TreeHugger Robot
504b4cc2eb Merge "Allow regmap debugfs permission" into udc-d1-dev 2023-03-21 08:00:49 +00:00
Robert Lee
78603ddb7e Allow regmap debugfs permission 
auditd  : type=1400 audit(0.0:7): avc: denied { search } for comm="kworker/u18:1" name="regmap" dev="debugfs" ino=1049 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_regmap_debugfs:s0 tclass=dir permissive=0

Bug: 273891639
Test: builds
Change-Id: I9700d34e4d8a9d96d904fe5119a8bf4601bf8ea6
Signed-off-by: Robert Lee <lerobert@google.com>
 2023-03-21 14:17:00 +08:00
TreeHugger Robot
2ecbb84226 Merge "Allow systemui find radio_service" into udc-d1-dev am: 7ca4d7ceb7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22161791

Change-Id: I281b02bfe57536093f3fd1821ad6b2d31e2a7ba0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-21 03:35:10 +00:00
TreeHugger Robot
7ca4d7ceb7 Merge "Allow systemui find radio_service" into udc-d1-dev 2023-03-21 03:19:59 +00:00
Chung-Kai (Michael) Mei
4766cf456b Merge "genfs_contexts: fix path for i2c peripheral device [DO NOT MERGE]" into udc-d1-dev 2023-03-21 02:31:55 +00:00
Darren Hsu
ba74fadb54 dumpstate: Suppress avc denial for power stats am: 0198a5224a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22119720

Change-Id: Ic216d075f84190d5d2c66cd2c7e46efc65d40989
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-21 02:20:37 +00:00
Wilson Sung
aa45dde84e Allow systemui find radio_service 
avc:  denied  { find } for pid=1810 uid=10231 name=phone scontext=u:r:systemui_app:s0:c231,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0

Bug: 272628174
Bug: 272628396
Bug: 273674238
Test: boot-to-home and sim icon showed up
Change-Id: Ia7f84f53f131d868d356fd6d358188748c723757
 2023-03-21 02:13:46 +00:00
Chungkai Mei
5bedd6391a genfs_contexts: fix path for i2c peripheral device [DO NOT MERGE] 
correct path for i2c devices

Test: without avc denial when booting
Bug: 240641235
Change-Id: Iabb7bdac51c2877a9b254bb287361c58f16a353f
Signed-off-by: Chungkai Mei <chungkai@google.com>
 2023-03-21 01:17:40 +00:00
Darren Hsu
0198a5224a dumpstate: Suppress avc denial for power stats 
Bug: 273639264
Test: presubmit test
Change-Id: I0b1d8b7516dc9bdfae6b8bca644b6ab52b971615
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-20 15:09:41 +08:00
Welly Hsu
7d03b1841e Move euiccpixel_app dontaudit items out of tracking_denials am: 97b397fc5e am: a8df97fe32 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22133463

Change-Id: I6992f0c4bb70f9e3044fa80f8aed487fcfc1ae89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-20 05:03:13 +00:00
Welly Hsu
a8df97fe32 Move euiccpixel_app dontaudit items out of tracking_denials am: 97b397fc5e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22133463

Change-Id: I1e3fdf46b8d29354b2b231457edd9b2e90126474
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-20 04:30:27 +00:00
Welly Hsu
97b397fc5e Move euiccpixel_app dontaudit items out of tracking_denials 
bug: 265286368
bug: 269218505
Change-Id: I7dec7ad23ee48cf719d6e7442e60ddcc13c02a8f
 2023-03-20 10:13:05 +08:00
TreeHugger Robot
eccb7ad20b Merge "allow vendor init to set vendor_camera_prop" into udc-d1-dev am: 1605d7979d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22113945

Change-Id: Ibdab8601f0d98e2b11640b5434ff49c87953d05b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-16 12:26:53 +00:00
TreeHugger Robot
1605d7979d Merge "allow vendor init to set vendor_camera_prop" into udc-d1-dev 2023-03-16 11:57:14 +00:00
Speth Chang
3add5fbcec allow vendor init to set vendor_camera_prop 
03-16 10:29:21.324     1     1 W /system/bin/init:
type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295
subj=u:r:init:s0 msg='avc: denied { set } for
property=vendor.camera.multicam.enable_p23_multicam pid=1
uid=0 gid=0 scontext=u:r:vendor_init:s0
tcontext=u:object_r:vendor_camera_prop:s0
tclass=property_service permissive=0' bug=b/267714573

Bug: 273854225
Test: check log, GCA
Change-Id: I1c5fdff3b9978c494be9f513e1770f26804ca132
 2023-03-16 13:18:17 +08:00
TreeHugger Robot
18acd8cd02 Merge changes I7b641636,Iecbf6ff7 into udc-d1-dev am: 320064782b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22085771

Change-Id: I211dc0a0b0fcd8031d68d833b751cbad21eef8b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-16 03:16:52 +00:00
Alice Sheng
c3288bb774 Merge "Add sepolicy for RA9530 nodes." 2023-03-15 17:57:24 +00:00
Chien Kun Niu
28cc58257f usb: allow hal_usb_gadget_impl sysfs_batteryinfo permission 
Allow hal_usb_gadget_imple sysfs_batteryinfo r_dir_perms and rw_file_perms

[    8.237410] [  T379] type=1400 audit(1678784127.396:4): avc: denied { search } for comm="HwBinder:762_1" name="power_supply" dev="sysfs" ino=73783 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
[    8.237556] [  T379] type=1400 audit(1678784127.396:5): avc: denied { read } for comm="HwBinder:762_1" name="usb_type" dev="sysfs" ino=73797 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
[    8.237584] [  T379] type=1400 audit(1678784127.396:6): avc: denied { open } for comm="HwBinder:762_1" path="/sys/devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/usb_type" dev="sysfs" ino=73797 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
[    8.237603] [  T379] type=1400 audit(1678784127.396:7): avc: denied { getattr } for comm="HwBinder:762_1" path="/sys/devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/usb_type" dev="sysfs" ino=73797 scontext=u:r:hal_usb_gadget_impl:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1

Bug: 272166827
Test: Check avc denied log
Change-Id: Iecbf6ff712924b60ce186b75a76cf25f3b48e72d
 2023-03-15 19:17:14 +08:00
TreeHugger Robot
e83033d9f1 Merge "sepolicy: label dsu and bci" into udc-d1-dev am: 35b10634bf 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21981985

Change-Id: I0eb26b8dc03fdef37e8ff4e80d4024ce0485dfab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-15 03:15:50 +00:00
Quinn Yan
542f3553c7 Merge "Remove the tracking_denials for edgetpu project. Fix the wrong sysfs directory for edgetpu." into udc-dev am: fe4ffed5de am: b1ebacbd43 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22082013

Change-Id: I17f0e8c9a9d98a0b67a2c3dbdd4fa9c7be427626
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-15 03:02:33 +00:00
TreeHugger Robot
35b10634bf Merge "sepolicy: label dsu and bci" into udc-d1-dev 2023-03-15 02:28:38 +00:00
Quinn Yan
e825edbf28 Merge "Remove the tracking_denials for edgetpu project. Fix the wrong sysfs directory for edgetpu." into udc-dev am: fe4ffed5de 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22082013

Change-Id: I3a6e12bb4e7f9e81deb4b0cf9c1d59102370efef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-15 01:42:42 +00:00
Quinn Yan
fe4ffed5de Merge "Remove the tracking_denials for edgetpu project. Fix the wrong sysfs directory for edgetpu." into udc-dev 2023-03-15 01:26:24 +00:00
Dai Li
518a025694 Merge "dma-heap: add dsp heap" into udc-dev am: b66e27f987 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21914488

Change-Id: I32b240372f25f8ae7546daa98acadd09b96562c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-15 01:22:27 +00:00
Dai Li
878380aba8 Merge "dma-heap: add dsp heap" into udc-dev am: b66e27f987 am: 679670bfbc 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21914488

Change-Id: Iaaea913a24b30a69160c62d0fb400c6a2a3a1eeb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-15 00:57:38 +00:00
qinyiyan
1f30d7d1f9 Remove the tracking_denials for edgetpu project. 
Fix the wrong sysfs directory for edgetpu.

Test: No avc denails seen with the selinx=enforcing
Bug: 264489387,264489676
Change-Id: I5d4d249a0b906e3e5d765ed8830fd915db8aa66e
 2023-03-14 17:01:19 -07:00
Dai Li
b66e27f987 Merge "dma-heap: add dsp heap" into udc-dev 2023-03-14 23:31:53 +00:00
TreeHugger Robot
163c2ece35 Merge "Enforce pixel_stats" into udc-d1-dev am: 15a45ce32f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21989811

Change-Id: Ic9d353fb5e10ff41a3a6d1bdebb88ff6618b7748
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-14 07:45:19 +00:00
Wilson Sung
95eea9a04b Enforce pixel_stats 
Fix: 264483357
Fix: 264483319
Fix: 264483568
Fix: 264489783
Test: boot-to-home and no pixel_stats avc error
Change-Id: I0b68fa3853c65056d7da78a436a3d38888af8f19
 2023-03-14 13:40:49 +08:00
TreeHugger Robot
a828092dcc Merge "label systemui sub apps" into udc-dev am: 27c8c4c1e0 am: d5554312e8 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21988006

Change-Id: I8edf39c4bec2c95ad532d074066303e80935086f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-14 05:24:35 +00:00
TreeHugger Robot
d5554312e8 Merge "label systemui sub apps" into udc-dev am: 27c8c4c1e0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21988006

Change-Id: I61bb2409787130b12d75e539f369bb73a5690ea6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-14 04:48:12 +00:00