Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
794 commits 1 branch 0 tags 18 MiB
Commit graph

794 commits

This branch
This branch
All branches
Author SHA1 Message Date
Wilson Sung
98c7894070 Merge "Move OTA context out of legacy folder" into udc-d1-dev 2023-03-27 14:27:28 +00:00
Alan
afafafd8a4 Add permissions to connect radioext to twoshay. 
Connection through grilantennatuningservice binder call.

Test: manual
Bug: 258970389
Change-Id: I419b40042cce363428f72fa723adf89bcf269ef4
 2023-03-27 17:07:16 +08:00
TreeHugger Robot
84aab225cf Merge "comply with VTS requirements" into udc-dev am: c83e5be8d9 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22286084

Change-Id: I0b9cf28cdfb549e2c3571e144f73f59d0004bc02
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 06:27:52 +00:00
TreeHugger Robot
c83e5be8d9 Merge "comply with VTS requirements" into udc-dev 2023-03-27 06:05:51 +00:00
Gina Ko
5821d671f3 Merge "Allow systemui to find cameraserver_service" into udc-d1-dev 2023-03-27 05:32:14 +00:00
Neo Yu
e9aabf7e9e Merge "Remove the bug of hal_radioext_default because the fix is merged." into udc-d1-dev 2023-03-27 04:17:02 +00:00
Adam Shih
e124d5aea9 comply with VTS requirements 
Bug: 275036679
Bug: 275034315
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default

Change-Id: I1c89d7662351ffae5409c3f81b4360579fdc00ae
 2023-03-27 12:07:24 +08:00
Wilson Sung
6acea9d647 Move OTA context out of legacy folder 
Bug: 275143841
Test: OTA
Change-Id: I4774b7c48c075afc1b02d8c34fded212cd0efffb
 2023-03-27 11:44:51 +08:00
Dinesh Yadav
4a01ae23ad Merge "Add certificate & label for GCA-ENG & GCA-Next" into udc-d1-dev 2023-03-27 03:13:24 +00:00
Neo Yu
58ff635b67 Remove the bug of hal_radioext_default because the fix is merged. 
Bug: 274374768
Test: verify by test rom
Change-Id: Ia9665e5223997cf498f9320dfd0b1dbdacaae0b2
 2023-03-27 11:08:25 +08:00
Neo Yu
70749d1b96 Merge "sepolicy: allow hal_radioext_default binder call with servicemanager" into udc-dev am: 5b1689534f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22222570

Change-Id: I2d2a07056322f6971050e9299e17201b95773eaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 03:07:31 +00:00
Neo Yu
5b1689534f Merge "sepolicy: allow hal_radioext_default binder call with servicemanager" into udc-dev 2023-03-27 02:36:56 +00:00
Gina Ko
ce85639700 Allow systemui to find cameraserver_service 
avc:  denied  { find } for pid=2435 uid=10235 name=media.camera
scontext=u:r:systemui_app:s0:c235,c256,c512,c768
tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=0

Bug: 272628174
Bug: 269964574
Bug: 274734888
Test: Manual. Able to turn on/off flashlight from QS.
Change-Id: Icedf70b06bd06eb5b819a00c9157b4f475e9a126
 2023-03-25 00:18:23 -07:00
feiyuchen
f0dc7907b0 Allow camera HAL to access edgetpu_app_service 
Today the EdgeTpu metrics logging library (used by EdgeTpu library used by camera HAL) has a dependency on edgetpu_app_service, in order to call its UserIsAuthorized API to know whether to log the metrics (We don't want to log metrics for 3P apps), see b/275016466.

This is not ideal, because strictly speaking, camera HAL doesn't need such dependency.

Still, this is fine and there is no security risk, because today even untrusted apps can call edgetpu_app_service: http://cs/android-internal/device/google/gs-common/edgetpu/sepolicy/untrusted_app_all.te;l=2;rcl=f4b62d12c171d4e294d8251e34197ab555c40673

Bug: 266084950
Test: Just mm
Change-Id: I6c0e4411370e4b300b9ceb3ad804688d873371cd
 2023-03-24 17:01:49 +00:00
Dinesh Yadav
84aa699ac8 Add certificate & label for GCA-ENG & GCA-Next 
This commit makes following changes:
- Add selinux policies for GCA-Eng & GCA-Next to access GXP device &
edgetpu services.
- Refactor code to push policies for Google Camera app from
legacy/whitechapel_pro/* to vendor/*

Tested:
- flashed both GCA-Eng & GCA-Next apps and observed no crashes due to gxp or edgetpu.
- scontext changed from "untrusted_app_32" to "debug_camera_app" in both cases.

Bug: 264490031
Change-Id: I51f69168eebd6c7e54e512b7abde8dd6bbe7c443
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-03-24 12:56:53 +00:00
Adam Shih
ebc5ee8dab [automerger skipped] Merge "Move pixel dumpstate to gs-common" into udc-dev am: 2b921528f1 -s ours 
am skip reason: Merged-In I4c46a2495ea07b9e44f56c4c6be726621e0ebf65 with SHA-1 ee45cfea78 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22236029

Change-Id: I6d02ee84161d92b4b2723cf6b08ccc76bc51ab81
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 06:23:08 +00:00
Adam Shih
79ea18119e [automerger skipped] Move pixel dumpstate to gs-common am: 8538fd33da -s ours 
am skip reason: Merged-In I4c46a2495ea07b9e44f56c4c6be726621e0ebf65 with SHA-1 ee45cfea78 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22236029

Change-Id: Ia5202a87a85fa610fc08f0b9ec8be23592c98585
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 06:23:07 +00:00
Adam Shih
2b921528f1 Merge "Move pixel dumpstate to gs-common" into udc-dev 2023-03-24 05:54:52 +00:00
TreeHugger Robot
b5a5ffb5e7 Merge "Update SELinux error" into udc-d1-dev 2023-03-24 05:07:42 +00:00
Darren Hsu
2965ba405c sepolicy: remove power stats from bug map 
Bug: 272166847
Test: N/A
Change-Id: If920d18418f87f14a1826dbe061cef4632a9646f
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-24 11:43:42 +08:00
Wilson Sung
599f4f5382 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 275001641
Test: scanBugreport
Bug: 268566481
Test: scanAvcDeniedLogRightAfterReboot
Bug: 268566481
Change-Id: I5a7ea66483985b6ca99162666d155fef69d65360
 2023-03-24 11:11:17 +08:00
Adam Shih
8538fd33da Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-24 02:55:51 +00:00
KRIS CHEN
4f15bf412d Merge "Allow fingerprint hal to read sysfs_leds" into udc-dev am: dba88b81d3 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22178643

Change-Id: Ic8a12d3e5a4d79ef5edbe17fc340c54760cf8998
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 02:41:26 +00:00
KRIS CHEN
dba88b81d3 Merge "Allow fingerprint hal to read sysfs_leds" into udc-dev 2023-03-24 02:06:37 +00:00
Darren Hsu
128550da69 Merge "Revert "Enforce system ui app"" into udc-d1-dev 2023-03-24 00:48:36 +00:00
Dave Mankoff
eeeae0265a Revert "Enforce system ui app" 
This reverts commit ba953cdb9a.

Reason for revert: http://b/274366326#comment22. We can check this back in once we know what's going on.

Bug: 274366326
Bug: 264266705

Change-Id: I879cdec377e71af9142c82078bd3c022295c98c5
 2023-03-23 19:44:22 +00:00
neoyu
44ee5a2fb2 sepolicy: allow hal_radioext_default binder call with servicemanager 
avc: denied { call } for comm="binder:795_2" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

Bug: 274374768
Test: verify by test rom
Change-Id: I31cfbd234756fdc41663cec766f6b3bf23063bc7
 2023-03-24 02:30:44 +08:00
Mark Chang
3c027fdc6e Merge "Add IScreenProtectorDetectorService policy for systemui_app." into udc-d1-dev 2023-03-23 08:30:24 +00:00
TreeHugger Robot
24536aa24c Merge "Revert "Move pixel dumpstate to gs-common"" into udc-dev am: 3fae47e04b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22215371

Change-Id: I3b6ed885d80985c85846b1ec6627c093ba94431f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 08:07:36 +00:00
TreeHugger Robot
3fae47e04b Merge "Revert "Move pixel dumpstate to gs-common"" into udc-dev 2023-03-23 07:24:01 +00:00
TreeHugger Robot
b76a3b6257 Merge "sepolicy: label odpm paths for system suspend" into udc-d1-dev 2023-03-23 07:19:55 +00:00
Andy Hsu
93e86449e5 Merge "Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL." into udc-d1-dev 2023-03-23 07:01:32 +00:00
Andy Hsu
9c91ba1a2f Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL. 
Note that this only adds permission to GCARelease and GCADogfood, while GCANext and GCAEng are still untrusted app on zuma now and after this change GCANext and GCAEng will still be denied.

Bug: 264490031

Test: Portrait processing in GCARelease didn't get denial message when accessing PowerHAL after this change  (https://cnsviewer-static.corp.google.com/cns/md-d/home/pixel-camera-data-readers/acat/hwandy/ag/22215364?user=pixel-camera-data-readers).

Change-Id: Ia4a4c2f24215b9da9db7985cf67112997df355fa
 2023-03-23 06:41:13 +00:00
Darren Hsu
8e028f0a03 sepolicy: label odpm paths for system suspend 
Bug: 272166423
Test: run singleCommand pts -m PtsSELinuxTestCases
Change-Id: I0295cc09cd8eb46b19edcec0d74440e497440423
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-03-23 14:13:43 +08:00
Wilson Sung
3e68836e43 Revert "Move pixel dumpstate to gs-common" 
Revert submission 22188471-dumpstate aidl

Reason for revert: Build break

Reverted changes: /q/submissionid:22188471-dumpstate+aidl
Bug: 274858145

Change-Id: I757111541257eecd4936572376fe42a4c866a1d6
 2023-03-23 05:58:12 +00:00
Adam Shih
cad969da74 Merge "Move pixel dumpstate to gs-common" into udc-dev am: 0c17644417 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22188471

Change-Id: I58ded180038a8aa507095d31a069547b7f02efea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 05:52:55 +00:00
Adam Shih
0c17644417 Merge "Move pixel dumpstate to gs-common" into udc-dev 2023-03-23 04:39:46 +00:00
TreeHugger Robot
0b1499354d Merge "Enforce bootdevice_sysdev" into udc-d1-dev 2023-03-23 03:36:47 +00:00
TreeHugger Robot
75b82f7092 Merge "Enforce systesm_app" into udc-d1-dev 2023-03-23 03:32:48 +00:00
TreeHugger Robot
a8dfe1fd3c Merge "Update SELinux error" into udc-d1-dev 2023-03-23 03:27:12 +00:00
Miranda Kephart
8cc50336c8 Fix screenshot shutter sound on P23 devices 
SystemUI didn't have permission to access media server or the audio
server. Looks like both are required (and sufficient).

Bug: 273688513
Bug: 272628174
Fix: 273688513
Test: manual; take a screenshot with ringer on and verify it
makes a sound

Change-Id: Ibbe54db8cbf78ed199cb329804221709a2822242
 2023-03-22 18:40:47 +00:00
Welly Hsu
e0adad9eb0 Remove euiccpixel_app dontaudit from gmscore_app am: a133586e4e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22188469

Change-Id: I48f0e1eb633c44a4c6445c6423d10e500be6f6c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 14:41:23 +00:00
Mark Chang
9e2ce3d5c0 Add IScreenProtectorDetectorService policy for systemui_app. 
Bug: 260302317
Test: system ui app successfully started.
Change-Id: Ibbeab03e738fbbd4103bb5bf4e9f6bbd2998cd29
Signed-off-by: Mark Chang <changmark@google.com>
 2023-03-22 11:53:18 +00:00
Wilson Sung
6bf3029916 Enforce systesm_app 
Fix: 260768379
Fix: 260922048
Fix: 264490076
Test: boot-to-home, no related avc error
Change-Id: If9ead09340f5d810ec549f4c83015f3301f1113c
 2023-03-22 16:01:09 +08:00
Wilson Sung
a1739828f2 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 274727372
Bug: 274727542
Test: scanBugreport
Bug: 274727542
Bug: 268566481
Test: scanAvcDeniedLogRightAfterReboot
Bug: 274727542
Bug: 268566481
Change-Id: Ie846f2f7146e52c4e094d9fd7cfa1fa68e3e21df
 2023-03-22 15:38:52 +08:00
Wilson Sung
503ae703df Enforce bootdevice_sysdev 
Fix: 264489743
Test: boot-to-home and no avc errors
Change-Id: I14648c8d7b1b334c3d02971ffbf20b1f9b5a9354
 2023-03-22 15:35:45 +08:00
TreeHugger Robot
a112b65748 Merge "[SELinux] remove uwb remaining tracking denials" into udc-d1-dev 2023-03-22 05:30:57 +00:00
Welly Hsu
a133586e4e Remove euiccpixel_app dontaudit from gmscore_app 
bug: 265383359
Change-Id: I6ee7d37187725408e0f443a40affe4c4e50dac91
 2023-03-22 13:27:32 +08:00
Adam Shih
ee45cfea78 Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-22 05:06:27 +00:00
Rex Lin
e95656d6fc [SELinux] remove uwb remaining tracking denials 
- hal_uwb_vendor_default
- uwb_vendor_app

Bug: 264489190
Bug: 264489787
Test: remove denials and no avc lob observed and ranging works
Change-Id: I5fd7f5b6bed8f819b2d5812c882ac596f1f1871b
Signed-off-by: Rex Lin <rexcylin@google.com>
 2023-03-22 11:07:51 +08:00