Commit graph

415 commits

Author SHA1 Message Date
Adam Shih
2f2b04a36e review modem_svc_sit
Bug: 254378739
Test: boot with modem_svc_sit running
Change-Id: Iee1a831f12ca5c2df54181f0807f1d284072cf7f
2022-10-28 11:12:56 +08:00
Adam Shih
92aa199be5 label all wakeup nodes
Bug: 254378739
Test: boot with no system_suspend error on sysfs
Change-Id: I03b663678f543967e70089e3513cfec9335a1a40
2022-10-27 14:12:09 +08:00
Adam Shih
1889b6d85f review modem_diagnostic_app
Bug: 254378739
Test: build pass
Change-Id: Ia2a07987a0e60e882074df1b8514139bdd6cd95c
2022-10-27 13:46:20 +08:00
TreeHugger Robot
6f44317b90 Merge changes I3402c89b,Ia0e63e7f,I28581c15
* changes:
  review dmd and modem_logging_control
  review cbrs_setup_app
  review ssr_detector_app
2022-10-27 02:32:55 +00:00
Gabriel Biren
9c7e1c9f63 Update zuma sepolicy to allow the wifi_ext AIDL service.
Changes should be similar to aosp/2262723.

Bug: 205044134
Test: m + Pre-submit tests
Change-Id: I458896f8e82be51dde466d7970a2f307d8f9c94d
2022-10-26 23:20:45 +00:00
Salmax Chang
3d7deb5028 cbd, rfsd: remove the super permissions
Remove the setuid, chown and setgid rules.

Bug: 255494528
Change-Id: I47d4295d2f95ec45d9566ce9badd345dc34c80ac
2022-10-25 17:14:45 +08:00
Adam Shih
f652d07d61 review dmd and modem_logging_control
Bug: 254378739
Test: boot with both of them launched
Change-Id: I3402c89be55bb8258d0ceb8475cef9fb913d2604
2022-10-24 14:30:52 +08:00
Adam Shih
0fb88a6e5c review cbrs_setup_app
Bug: 254378739
Test: boot with the app correctly labeled

Change-Id: Ia0e63e7fc1a6b68ad1a7012e65b063f08f05470d
2022-10-24 14:14:12 +08:00
Adam Shih
aff9f380d3 review ssr_detector_app
Bug: 254378739
Test: boot with ssr app correctly labeled
Change-Id: I28581c15cf0f7ecb01cbd11c747ad338b157e1c8
2022-10-24 14:12:27 +08:00
Adam Shih
cbbbe57599 review rfsd
Bug: 254378739
Test: boot with rfsd launched
Change-Id: I15446c8fb84de588ba09325414a1cbabbdaa9c58
2022-10-24 11:54:10 +08:00
Adam Shih
9c81dc8d56 isolate legacy sepolicy to start reviewing while letting others work
Bug: 254378739
Test: boot, camera, google map, play youtube
Change-Id: If8ee7c64c0f7534a7e918f36a0e785b0ee9cd11f
2022-10-24 11:40:47 +08:00
Adam Shih
522689438e remove obsolete entry
Bug: 254378739
Test: build pass
Change-Id: I53d82c4e3eb0b2b33b5bbb6448b787599611e0ae
2022-10-21 10:16:22 +08:00
Adam Shih
7c2d42f608 move aoc settings to gs-common
Bug: 248426917
Test: boot with aoc launched
Change-Id: Ifde50720cd8144bdc484b138d85bcf40575fe0ac
2022-10-20 11:25:09 +08:00
Adam Shih
2078e51ece Merge "remove reused code" 2022-10-19 11:22:26 +00:00
Adam Shih
db9cb6f731 remove reused code
Bug: 244504232
Test: adb bugreport
Change-Id: Ia310bbbb166c2b3f281153bb81c1240908529cc5
2022-10-19 14:55:17 +08:00
Krzysztof Kosiński
efcbb14f05 Use generic wildcard for vendor libprotobuf.
The suffix changes on each upgrade and the newest release uses
a two-part version number instead of a three-part one. Use a regex
that will match any suffix.

Bug: 203713560
Test: presubmit, log check
Change-Id: I12409ae179ec939a2c1f6e7342378abc4c27c207
2022-10-14 13:58:51 +00:00
timmyli
b4c703e375 Add main camera. Add hal_camera_default
hal_camera_default was missing from sepolicy.
Also add main camera to se policy.

Bug: 253469536, 253261569, 248108864
Test: Compiles, manual test to see no access denied logs
Change-Id: Ia68dd6d883413e5510b8ba79cff24204d70efb84
2022-10-13 20:11:26 +00:00
weichinweng
ef2333ceef Add acd-com.google.usf.non_wake_up file to AoC file context.
Bug: 195077076
Bug: 253178766
Test: ls -lZ dev/acd-com.google.usf.non_wake_up
Change-Id: I01e26cca3300eb284b22106367bc651ee3815581
2022-10-12 08:56:15 +00:00
Roger Fang
b6ee86eeed sepolicy: add permission for AMS rate of pixelstats-vend
pixelstats-vend: type=1400 audit(0.0:524): avc: denied { open } for
    path="/sys/devices/platform/audiometrics/ams_rate_read_once" dev="sysfs"
    ino=87602 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0
    tclass=file permissive=1
    pixelstats-vend: type=1400 audit(0.0:525): avc: denied { getattr }
    for path="/sys/devices/platform/audiometrics/ams_rate_read_once"
    dev="sysfs" ino=87602 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:
    sysfs:s0 tclass=file permissive=1

Bug: 245057559
Test: maually test passed.

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: I6cb477b3eecbb04fe1259f94e18e033cc152a671
2022-10-03 17:56:01 +08:00
Vova Sharaienko
cf1387dd92 Merge "hal_health_default: updated sepolicy" 2022-09-30 04:42:40 +00:00
Vova Sharaienko
f6826e0904 hal_health_default: updated sepolicy
This allows the android.hardware.health service to access
AIDL Stats service

Bug: 249827340
Test: Build, flash, boot & and logcat | grep "avc"
Change-Id: I45512225f11a0e3b06721f40e2355924188f703f
2022-09-29 23:34:29 +00:00
Denny cylee
c59e2b8aa0 sepolicy: add files to power_supply label
avc: denied { read } for name="resistance_id"
dev="sysfs" ino=57006 scontext=u:r:hardware_info_app:s0:c512,c768
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
app=com.google.android.hardwareinfo

avc: denied { open } for
path="/sys/devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/resistance_id"
dev="sysfs" ino=57006 scontext=u:r:hardware_info_app:s0:c512,c768
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
app=com.google.android.hardwareinfo

avc: denied { read } for name="serial_number"
dev="sysfs" ino=69725 scontext=u:r:hardware_info_app:s0:c512,c768
tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
app=com.google.android.hardwareinfo

Bug: 248391895
Test: check log

Signed-off-by: Denny cylee <dennycylee@google.com>
Change-Id: I1044cde13e11f85dbf57255edc462be1010f93e4
2022-09-28 08:11:01 +00:00
TreeHugger Robot
8bc677159f Merge "update display path" 2022-09-21 08:58:10 +00:00
JJ Lee
192b97cad9 dumpstate: corrected sysfs paths for aoc
Bug: 247448885
Test: build pass
Change-Id: I793f5964820ff4b945abf5dcd04216e7c60b18ca
Signed-off-by: JJ Lee <leejj@google.com>
2022-09-19 14:37:02 +00:00
JJ Lee
25a5093c9b sepolicy: add nodes for aoc memory votes stats
Bug: 247024476
Test: build pass, not blocking bugreport
Change-Id: Id4bba34927e730a62187b85d045e2872f57fdd04
Signed-off-by: JJ Lee <leejj@google.com>
2022-09-19 15:13:13 +08:00
Ted Lin
3b708f64fd Remove the tracking denials code.
Bug: 213817227
Test: Check the bugreport
Signed-off-by: Ted Lin <tedlin@google.com>
Change-Id: Iad27cc07585b12455c9bc3b1f01de61c0ce92e3e
2022-09-16 15:45:45 +08:00
Shiyong Li
2d80a80b22 update display path
Bug: 246809481
Signed-off-by: Shiyong Li <shiyongli@google.com>
Change-Id: I34a13a88abc4324ac0738948d4270e8a535cd918
2022-09-14 19:06:35 +00:00
Dinesh Yadav
ff460182ee Merge "Add SEPolicy for gxp_logging" 2022-09-13 05:04:27 +00:00
Dinesh Yadav
bab8aa16e8 Add SEPolicy for gxp_logging
This commit adds the SEPolicy for gxp_logging service

Bug: 245903377
Change-Id: I1b9bde7327b131c768ea8a91bc6bfb52f219044b
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
2022-09-13 03:13:15 +00:00
Adam Shih
4c3622d25a Merge "use gs-common insert module script" 2022-09-12 05:40:56 +00:00
Jeffrey Carlyle
55c282ab71 Merge "dck: allow st54spi devivce to be accessed by recovery and fastbootd" 2022-09-08 21:58:56 +00:00
Adam Shih
0ddf6e577f use gs-common insert module script
Bug: 243763292
Test: boot to home
Change-Id: Idbac83716d0eaca0b9806db901aea68bffd32f4b
2022-09-08 09:57:29 +08:00
TreeHugger Robot
5a314cab17 Merge "Add SE policies for HWC logs" 2022-09-07 12:28:32 +00:00
Jeffrey Carlyle
48422cd1ff dck: allow st54spi devivce to be accessed by recovery and fastbootd
This is needed so that Digital Car Keys can be cleared from the ST54
during a user data wipe.

Bug: 203234558
Test: data wipe in Android recovery mode on raven
Test: data wipe in Android recovery mode on c10
Test: data wipe in user mode fastbootd mode on raven
Test: data wipe in user mode fastbootd mode on c10
Signed-off-by: Jeffrey Carlyle <jcarlyle@google.com>
Change-Id: I5e1e8248ba188a68dd3c97795958e74e233701b9
2022-09-01 22:49:44 -07:00
Adam Shih
d13d0aaf56 Move dauntless settings to gs-common
Bug: 242479757
Test: build pass on all Gchip devices
Change-Id: I4b6c011015f6b94b5329650eb82ec5b95bbe2040
2022-08-30 13:32:02 +08:00
Taehwan Kim
8d9dc3aa30 sepolicy: supports Codec2 HIDL 1.2
Bug: 238360304
Test: Build PASS
Signed-off-by: Taehwan Kim <t_h.kim@samsung.com>
Change-Id: Id02e834bc4c19b09fac6c71199e2b0d62ddb4fd6
2022-08-22 05:31:08 +00:00
Wiwit Rifa'i
dee1f2e57d Add SE policies for HWC logs
Bug: 230361290
Change-Id: Ibca7f791bc4950bb6c1e4fd7ed5cbe5a98b48a5e
2022-08-16 14:02:21 +08:00
TreeHugger Robot
d8b62a3663 Merge "fix avc error for fg_model/registers" 2022-08-06 02:30:14 +00:00
TreeHugger Robot
4ba5c9ddf4 Merge "sepolicy:allow tof driver to communicate with lwis" 2022-08-03 06:56:32 +00:00
TreeHugger Robot
1d57ee38c7 Merge "HwInfo: Move hardware info sepolicy to pixel common" 2022-08-03 02:57:30 +00:00
Bruce Po
de8bc09743 Allow aocd to access acd-offload nodes
For T6 3-ch hotword feature, aocd daemon will access two new file nodes
(b/235648212), which will be used for transmitting audio to/from AOC.

BUG: 240744178
Change-Id: I98500d03e88052824af91c81ddeb9ed20f616969
2022-07-30 00:24:30 +00:00
Denny cy Lee
e286313bbd HwInfo: Move hardware info sepolicy to pixel common
Bug: 215271971
Test: no sepolicy for hardware info
Change-Id: If1b556c07a9a908b1a3edd8a551ff80cbc290b18
Signed-off-by: Denny cy Lee <dennycylee@google.com>
2022-07-29 02:56:01 +00:00
Tri Vo
82967d3579 Merge "tee: Remove tracking_denials/tee.te" 2022-07-27 17:24:21 +00:00
TreeHugger Robot
9be3188259 Merge "Remove vendor_service." 2022-07-27 11:12:43 +00:00
Jenny Ho
782f4952ff fix avc error for fg_model/registers
remove tracking with fix http://ag/19446314

Bug: 226271913
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: I745654dea17f87df0956f3a326d0c0346fd59ec6
2022-07-27 06:16:43 +00:00
Nick Chung
1b68580017 sepolicy:allow tof driver to communicate with lwis
Bug: 236828170
Test: build pass
Change-Id: I4300e025d987795e8fab3f0c1a3cb604e066b44c
2022-07-27 04:52:06 +00:00
Steven Moreland
5d26e2ecc1 Remove vendor_service.
We want to avoid associating types with where they can be used.

Bug: 237115222
Test: build
Change-Id: I6795d960aa2a3b3832be8e0f6a11cb0fc3337982
2022-07-27 00:01:46 +00:00
Tri Vo
6aa0b46766 tee: Remove tracking_denials/tee.te
Bug: 215649571
Bug: 205904330
Test: n/a
Change-Id: I8bdc6448420bb6a01093b315e99d420b4e5e040f
2022-07-26 13:26:00 -07:00
George Chang
e53e44b561 Update nfc from hidl to aidl service
Bug: 240125555
Test: build pass
Change-Id: Icfe2d117e0058d3dd8552defc27d5d20baaf9910
2022-07-26 06:39:49 +00:00
Cheng Chang
38e5c8d796 gps: change SEPolicy for sysfs node
Test: gps group has r/w permission
Bug: 238583504
Signed-off-by: Cheng Chang <chengcha@google.com>
Change-Id: I679999bdbb3cbcb0ffe9b49f4aa00d8714674da9
2022-07-20 06:51:48 +00:00