TreeHugger Robot
03d439f0e1
Merge "change device type for /dev/stmvl53l1_ranging" into udc-d1-dev
2023-03-22 02:36:37 +00:00
Nicole Lee
f23893994b
Move logger_app dontaudit items out of tracking_denials am: aa4b374120
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22173747
Change-Id: If3e54f3595eac5942175b29250ca6888471876ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-22 00:17:23 +00:00
Wilson Sung
e85dc12d69
Enforce untrusted_app
...
Fix: 264489681
Test: boot-to-home and no untrusted_app avc error
Change-Id: Ic7a0fac4893265b4abde55d0a65372419fc09392
2023-03-22 01:38:31 +08:00
Joerg Wagner
6351914802
Merge "Update Mali DDK to r40 : Additional SELinux settings" into udc-d1-dev
2023-03-21 14:36:16 +00:00
Kris Chen
0ea531896c
Allow fingerprint hal to read sysfs_leds
...
Fix the following avc denials:
avc: denied { search } for name="backlight" dev="sysfs" ino=79316
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=dir permissive=1
avc: denied { read } for name="state" dev="sysfs" ino=79365
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=file permissive=1
Bug: 271072126
Test: Authenticate fingerprint.
Change-Id: Ibefbcefc005ab2cec7c417f197fd134b154ed9a1
2023-03-21 12:18:59 +00:00
JimiChen
ee1df407be
change device type for /dev/stmvl53l1_ranging
...
It was a rls_device. Move to lwis_device now.
Bug: 274552433
Test: launch GCA
Change-Id: Id920583cc06b09063de85b160c12a5c3a5468c11
2023-03-21 20:00:00 +08:00
Nicole Lee
aa4b374120
Move logger_app dontaudit items out of tracking_denials
...
Bug: 269383459
Test: Open Pixel Logger and check logs
Change-Id: Id5b89a7eeaa5b06539113d4c86c64d6022080949
2023-03-21 10:11:58 +00:00
TreeHugger Robot
504b4cc2eb
Merge "Allow regmap debugfs permission" into udc-d1-dev
2023-03-21 08:00:49 +00:00
Donnie Pollitz
4ce51ebfba
Merge "Removing audit for system_suspend tee" into udc-d1-dev
2023-03-21 07:55:13 +00:00
Robert Lee
78603ddb7e
Allow regmap debugfs permission
...
auditd : type=1400 audit(0.0:7): avc: denied { search } for comm="kworker/u18:1" name="regmap" dev="debugfs" ino=1049 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_regmap_debugfs:s0 tclass=dir permissive=0
Bug: 273891639
Test: builds
Change-Id: I9700d34e4d8a9d96d904fe5119a8bf4601bf8ea6
Signed-off-by: Robert Lee <lerobert@google.com>
2023-03-21 14:17:00 +08:00
TreeHugger Robot
7ca4d7ceb7
Merge "Allow systemui find radio_service" into udc-d1-dev
2023-03-21 03:19:59 +00:00
Chung-Kai (Michael) Mei
4766cf456b
Merge "genfs_contexts: fix path for i2c peripheral device [DO NOT MERGE]" into udc-d1-dev
2023-03-21 02:31:55 +00:00
Wilson Sung
aa45dde84e
Allow systemui find radio_service
...
avc: denied { find } for pid=1810 uid=10231 name=phone scontext=u:r:systemui_app:s0:c231,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0
Bug: 272628174
Bug: 272628396
Bug: 273674238
Test: boot-to-home and sim icon showed up
Change-Id: Ia7f84f53f131d868d356fd6d358188748c723757
2023-03-21 02:13:46 +00:00
Chungkai Mei
5bedd6391a
genfs_contexts: fix path for i2c peripheral device [DO NOT MERGE]
...
correct path for i2c devices
Test: without avc denial when booting
Bug: 240641235
Change-Id: Iabb7bdac51c2877a9b254bb287361c58f16a353f
Signed-off-by: Chungkai Mei <chungkai@google.com>
2023-03-21 01:17:40 +00:00
Donnie Pollitz
8034369bdd
Removing audit for system_suspend tee
...
Background:
* wakelock_use(tee) was added in previous CL: http://go/ag/21082565
Bug: 263305203
Test: Ran SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I6e8a6796ef5a7156b89ba89c74430f368727e2b8
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
2023-03-20 11:26:10 +01:00
Darren Hsu
0198a5224a
dumpstate: Suppress avc denial for power stats
...
Bug: 273639264
Test: presubmit test
Change-Id: I0b1d8b7516dc9bdfae6b8bca644b6ab52b971615
Signed-off-by: Darren Hsu <darrenhsu@google.com>
2023-03-20 15:09:41 +08:00
TreeHugger Robot
d5ec3f993f
Merge "Update SELinux error" into udc-d1-dev
2023-03-20 06:34:25 +00:00
TreeHugger Robot
155e0a8f36
Merge "Remove insmod obsolete denials" into udc-d1-dev
2023-03-20 05:25:02 +00:00
Welly Hsu
a8df97fe32
Move euiccpixel_app dontaudit items out of tracking_denials am: 97b397fc5e
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22133463
Change-Id: I1e3fdf46b8d29354b2b231457edd9b2e90126474
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-20 04:30:27 +00:00
Wilson Sung
f19431da02
Remove insmod obsolete denials
...
Fix: 260522378
Fix: 272166723
Change-Id: I70956498f66643d0abc2496d3bdcd140e7ab8f7e
2023-03-20 12:07:21 +08:00
Wilson Sung
2eed10acc4
Update SELinux error
...
Test: SELinuxUncheckedDenialBootTest
Bug: 274374768
Bug: 274374722
Test: scanBugreport
Bug: 274374769
Bug: 274374768
Bug: 274374992
Bug: 274374722
Bug: 268566481
Bug: 273639264
Test: scanAvcDeniedLogRightAfterReboot
Bug: 274374768
Bug: 274374722
Bug: 268566481
Change-Id: I4ebac8c48937557b8d8544ecfe4da3ac71ecf64e
2023-03-20 12:05:59 +08:00
Welly Hsu
97b397fc5e
Move euiccpixel_app dontaudit items out of tracking_denials
...
bug: 265286368
bug: 269218505
Change-Id: I7dec7ad23ee48cf719d6e7442e60ddcc13c02a8f
2023-03-20 10:13:05 +08:00
TreeHugger Robot
14c05d48e9
Merge "[SELinux] remove hal_uwb_default tracking denials" into udc-d1-dev
2023-03-20 01:41:49 +00:00
Mahesh Kallelil
6636bd227b
Merge "Update selinux-policy for ModemService." into udc-d1-dev
2023-03-16 22:43:34 +00:00
Jayachandran C
a7ec5ac379
Merge "Allow radio to find and invoke Audio HAL for updating the network info during improved WiFi calling" into udc-dev am: 3cda1dd51b
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22067882
Change-Id: I676634d568c0de4a029dc4609ceda2c38f56fce9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-16 20:20:07 +00:00
Jayachandran C
3cda1dd51b
Merge "Allow radio to find and invoke Audio HAL for updating the network info during improved WiFi calling" into udc-dev
2023-03-16 19:51:49 +00:00
Donnie Pollitz
e8682690b2
Merge "Remove hal_bootctl_default audits" into udc-d1-dev
2023-03-16 12:03:04 +00:00
TreeHugger Robot
1605d7979d
Merge "allow vendor init to set vendor_camera_prop" into udc-d1-dev
2023-03-16 11:57:14 +00:00
Rex Lin
a41dd62c1b
[SELinux] remove hal_uwb_default tracking denials
...
Bug: 267260951
Bug: 264489750
Bug: 273639365
Test: http://ab/I19700010140844408
Change-Id: Ife918a080a4b0c716a46c78730965b5d7eb3f757
Signed-off-by: Rex Lin <rexcylin@google.com>
2023-03-16 14:51:12 +08:00
Mahesh Kallelil
df7ece2441
Update selinux-policy for ModemService.
...
Allowing the ModemService write access to the sysfs attribute
cp_temp which is used to update the thermal zones.
Test: Verified sysfs attribute security labels
Bug: 267485434
Change-Id: I8361e53f4e6aa82e6dc78e94af71ee26c06fb2f5
Signed-off-by: Mahesh Kallelil <kallelil@google.com>
2023-03-16 05:35:51 +00:00
Speth Chang
3add5fbcec
allow vendor init to set vendor_camera_prop
...
03-16 10:29:21.324 1 1 W /system/bin/init:
type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295
subj=u:r:init:s0 msg='avc: denied { set } for
property=vendor.camera.multicam.enable_p23_multicam pid=1
uid=0 gid=0 scontext=u:r:vendor_init:s0
tcontext=u:object_r:vendor_camera_prop:s0
tclass=property_service permissive=0' bug=b/267714573
Bug: 273854225
Test: check log, GCA
Change-Id: I1c5fdff3b9978c494be9f513e1770f26804ca132
2023-03-16 13:18:17 +08:00
Ken Yang
7c2b9b482e
Merge "SELinux: Remove charger_vendor.te" into udc-dev am: d9d0c0e471
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22099358
Change-Id: If63f0cc156d98db3ec2eb5ca4749a60e0b76a32c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-16 03:54:38 +00:00
Wilson Sung
1efd7ed479
Merge "Remove obsolete denials" into udc-d1-dev
2023-03-16 03:25:49 +00:00
Wilson Sung
7eaf780e42
Remove obsolete denials
...
Bug: 261933310
Test: take the bugreport and no incidentd avc error
Change-Id: I84274ed4c3b8c3d373a353f879cd7001b26c1703
2023-03-16 03:25:22 +00:00
Ken Yang
d9d0c0e471
Merge "SELinux: Remove charger_vendor.te" into udc-dev
2023-03-16 03:11:31 +00:00
TreeHugger Robot
320064782b
Merge changes I7b641636,Iecbf6ff7 into udc-d1-dev
...
* changes:
usb: remove bug number in bug_map
usb: allow hal_usb_gadget_impl sysfs_batteryinfo permission
2023-03-16 03:07:04 +00:00
Kris Chen
b8419230f2
enforce trusty_apploader am: b2f238ff01
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22096222
Change-Id: I8f4e7f64b44b4c98a3ba8f75cd254f87548325da
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-16 02:41:47 +00:00
Kris Chen
b2f238ff01
enforce trusty_apploader
...
Bug: 264489569
Test: Boot
Change-Id: I75f73d76f535a5755a164725c606872561461487
2023-03-16 02:06:43 +00:00
Neo Yu
c3675e5a3d
Merge "remove tracking_denials for hal_radioext_default.te" into udc-dev am: ba6c42df00
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22096224
Change-Id: Ib4ef07b70d69f11f1389da85176d10d791ef5929
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-16 01:26:55 +00:00
Tom Huang
a926b7b0f0
Merge "BT: remove tracking denials hal_bluetooth_btlinux" into udc-dev am: c200250bfb
...
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22085790
Change-Id: Id18125fdfeff9c271c7b0f9a67463b4da103367f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-16 01:26:39 +00:00
Neo Yu
ba6c42df00
Merge "remove tracking_denials for hal_radioext_default.te" into udc-dev
2023-03-16 01:25:37 +00:00
Tom Huang
c200250bfb
Merge "BT: remove tracking denials hal_bluetooth_btlinux" into udc-dev
2023-03-16 00:56:49 +00:00
TreeHugger Robot
793698a58d
Merge "Remove hal_cas_default dontaudit" into udc-d1-dev
2023-03-16 00:55:54 +00:00
TreeHugger Robot
8570030518
Merge "Enforce vendor_init" into udc-d1-dev
2023-03-16 00:55:17 +00:00
Wilson Sung
9781434612
Enforce vendor_init
...
Fix: 264490095
Test: boot-to-home
Change-Id: I612896a0da7e9e2fd60772cbbd4b439e4824d7bc
2023-03-16 00:23:53 +08:00
Wilson Sung
c0c4ee3a9b
Enforce init
...
Fix: 264489678
Test: boot-to-home and no init avc error
Change-Id: I580f6d9af0874a1165c43a77008b43fab5d0091f
2023-03-16 00:06:35 +08:00
Ken Yang
8ff0eed309
SELinux: Remove charger_vendor.te
...
Bug: 264489675
Change-Id: I9ed521778291ea712ec4ef7f312ae890be3402e7
Signed-off-by: Ken Yang <yangken@google.com>
2023-03-15 15:34:23 +00:00
neoyu
4701e96275
remove tracking_denials for hal_radioext_default.te
...
The SELinux error has been fixed and this file could be removed.
Bug: 269813076
Test: build pass
Change-Id: I2dfcc00575a277ed7f020a9df8193a5f069d2ed9
2023-03-15 21:30:53 +08:00
Donnie Pollitz
bef163efd5
Remove hal_bootctl_default audits
...
* As of ToT, this denial is no longer occurring, removing don't audit.
Bug: 267843310
Test: Ran `adb shell dmesg | grep avc ; adb logcat -d | grep avc`
Change-Id: Id40709e436b9b21ad664148e25bed4eab1aff4ff
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
2023-03-15 12:44:11 +00:00
Chien Kun Niu
8783417f2f
usb: remove bug number in bug_map
...
Bug: 272166827
Test: Presubmit build Pass
Change-Id: I7b641636d52995dc9c098af6e7397702f0dcf4ab
2023-03-15 19:19:44 +08:00
