device_google_zuma

Author	SHA1	Message	Date
Lawrence Huang	e979543b99	Add net_domain for GCA on zuma devices Bug: 277097939 Change-Id: Iadfc1be5f9e6830693aed9d9b619815c7d1f9caf	2023-04-26 01:41:33 +00:00
TreeHugger Robot	0c8288d278	Merge "Add memtrack" into udc-d1-dev am: `d1c31b785d` am: `e23db371db` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22780494 Change-Id: Ida509a8cc023577b896d3df8f60e15f61421cf13 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-26 00:37:20 +00:00
timmyli	3a79d36619	Allow camera hal to access aoc device am: `c09931ad38` am: `783a1cf431` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22735036 Change-Id: I707edf37cdecaf85e95cf459a83d97fbc583edcb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-26 00:10:16 +00:00
TreeHugger Robot	e23db371db	Merge "Add memtrack" into udc-d1-dev am: `d1c31b785d` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22780494 Change-Id: Ide9394cba29e3efa76453ae917a8446d638c9922 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-25 22:25:02 +00:00
TreeHugger Robot	d1c31b785d	Merge "Add memtrack" into udc-d1-dev	2023-04-25 21:44:08 +00:00
timmyli	783a1cf431	Allow camera hal to access aoc device am: `c09931ad38` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22735036 Change-Id: I4d2ea0de7bbb0867859fad4a0bd8715fa437cdd6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-25 19:32:37 +00:00
Prasanna Prapancham	43abed40a0	Merge "add 8411 to logbuffer"	2023-04-25 18:06:51 +00:00
timmyli	c09931ad38	Allow camera hal to access aoc device Camera team needs to talk to aoc device in order to use libusf. It will do this instead of talking to rlsservice. Soon, we can remove rlsservice from the se policy for camera hal. Bug: 277959222 Test: manual test, logs provided in comments Change-Id: I7453fd94891dcc0c1c587bccb3bb6cff80f46e8b	2023-04-24 20:05:57 +00:00
Chung-Kai (Michael) Mei	4a631e2fff	Merge "Remove dontaudit since read early_wakeup completed"	2023-04-24 11:31:53 +00:00
Chungkai Mei	1d966a0db9	Remove dontaudit since read early_wakeup completed The display file node, early_wakeup, just for trigger the worker for display and it doesn't have meaningful read function. But PowerHAL read all nodes and try to dump their valuesi while triggering bugreport. As the read operation has been completed, so we can remove the clause. 07-02 00:53:56.888 522 522 W android.hardwar: type=1400 audit(0.0:8): avc: denied { dac_read_search } for capability=2 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 07-02 00:53:56.888 522 522 W android.hardwar: type=1400 audit(0.0:9): avc: denied { dac_override } for capability=1 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 Bug: 267261305 Test: Boot to home Change-Id: I6c058a1a85ada7e5d6eb1f8acafaac8231ae5329 Signed-off-by: Chungkai Mei <chungkai@google.com> (cherry picked from commit 55d41f1a3e89b1f4d2525d9925e3319ef59e2705)	2023-04-24 09:05:55 +00:00
Bruno BELANYI	d389b4a4f6	Remove 'hal_neuralnetworks_armnn' permissive rule Not needed after fixing the various violations that were raised in the past. Bug: b/264489188 Test: manual - reboot device and check the absence of AVC denials Change-Id: I9a5b5f916e3e188ea98646b23a43e5dec0cd8501	2023-04-21 14:09:58 +00:00
Bruno BELANYI	1e587e4afe	Merge "Remove 'hal_neuralnetworks_armnn' '/data' access exception"	2023-04-21 08:13:01 +00:00
Ankit Goyal	5e4db7517c	Add memtrack Bug: 279108265 Test: dumpsys meminfo Change-Id: Ib46c89811aa3aa1a5573076f9dc69e7222f56ea4	2023-04-20 23:18:56 -07:00
Treehugger Robot	e08f641871	Merge "Add Ims process label" into udc-d1-dev am: `d90ebc1fdb` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22779319 Change-Id: I52dc0e8d8de887bf66cb999e70603f8d28f274dc Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-21 05:20:34 +00:00
Treehugger Robot	d90ebc1fdb	Merge "Add Ims process label" into udc-d1-dev	2023-04-21 04:40:24 +00:00
Treehugger Robot	dcede81999	Merge changes from topic "260522202" into udc-d1-dev am: `c84559a813` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22730572 Change-Id: Ibf95c8f590e37aa14370269a219ace06de9a8e82 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-21 04:17:54 +00:00
Treehugger Robot	c84559a813	Merge changes from topic "260522202" into udc-d1-dev * changes: Remove untraceable rules Enforce installd	2023-04-21 03:45:54 +00:00
Treehugger Robot	e91e9f18e0	Merge "Remove hal_uwb_default bug from bug_map" into udc-d1-dev am: `a8fe91bc3c` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22736521 Change-Id: Ibf78ae7f2c2d499f2f7a1a538dee1bfd856bd87c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-21 03:42:59 +00:00
Treehugger Robot	e2411c21e5	Merge "zuma: Allow GRIL Service to access radio_vendor_data_file" into udc-d1-dev am: `c3a5e6769c` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22756016 Change-Id: I3380b64ba2698e35632dabfa74ca15c9e3d1f8ad Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-21 03:38:54 +00:00
Wilson Sung	e4e854fcd9	Add Ims process label Bug: 260522282 Test: boot-to-home, no avc error Change-Id: I8f3c7c64ecace4ca7ddd69275a093606a8492204	2023-04-21 03:38:17 +00:00
Treehugger Robot	a8fe91bc3c	Merge "Remove hal_uwb_default bug from bug_map" into udc-d1-dev	2023-04-21 03:08:00 +00:00
Treehugger Robot	c3a5e6769c	Merge "zuma: Allow GRIL Service to access radio_vendor_data_file" into udc-d1-dev	2023-04-21 02:43:46 +00:00
Treehugger Robot	b9844f4b7b	Merge "ril: dump radio hal from user build." into udc-d1-dev am: `0f96c2225e` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22756017 Change-Id: I6beb5198003d07bad5be793dd314b22e318c9ae8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-21 02:34:19 +00:00
Treehugger Robot	0f96c2225e	Merge "ril: dump radio hal from user build." into udc-d1-dev	2023-04-21 01:49:54 +00:00
Ankit Goyal	33999737a0	Merge "Mark video secure devices as default dmabuf heaps" into udc-d1-dev am: `2f30e8ca85` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22743596 Change-Id: Iae3c3b2e55eb6dd245beb941d2a935d695a0939c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-20 17:44:04 +00:00
Prasanna Prapancham	c1715483d1	add 8411 to logbuffer Test: Flash local build and collect bugreport Bug: 277799048 Change-Id: I877a91999a2f17df5ea90d3d2257b93bfd67e8e6 Signed-off-by: Prasanna Prapancham <prapancham@google.com>	2023-04-20 17:43:30 +00:00
Chung-Kai (Michael) Mei	508f8b54a9	Merge "Remove hal_power_default bug from bug_map"	2023-04-20 17:25:23 +00:00
Ankit Goyal	2f30e8ca85	Merge "Mark video secure devices as default dmabuf heaps" into udc-d1-dev	2023-04-20 17:03:32 +00:00
Bruno BELANYI	deec8fec9d	Remove 'hal_neuralnetworks_armnn' '/data' access exception The mali driver has been configured not to look there anymore. Bug: b/205779871 Test: manual - reboot device and check the absence of AVC denials Change-Id: I7bf68036522553a2919076fc6243a577086ffb3a	2023-04-20 09:15:44 +00:00
Bruno BELANYI	2278f4d99c	Merge changes from topic "armnn-sysprops" * changes: Remove 'hal_neuralnetworks_armnn' sysprop exceptions Add ArmNN config sysprops SELinux rules	2023-04-20 08:14:04 +00:00
Chungkai Mei	8051a8759a	Remove hal_power_default bug from bug_map SELinux errors are fixed and hence removing from bug map Bug: 273638876 Test: Build and boot on device Change-Id: I4ca6180ad286970d36ce204cd4c44e75962b26e0 Signed-off-by: Chungkai Mei <chungkai@google.com>	2023-04-20 07:47:15 +00:00
Wilson Sung	6669da5b31	Merge "Enforce odrefresh" into udc-d1-dev am: `40c682640f` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22699043 Change-Id: Ib318c133136aa341627fc39da98a78d104c15578 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-20 04:49:40 +00:00
Wilson Sung	40c682640f	Merge "Enforce odrefresh" into udc-d1-dev	2023-04-20 04:06:05 +00:00
Tim Lin	54bb68984a	ril: dump radio hal from user build. Sync from ag/17155484 To get radio hal debug info on user build as we do on previous Pixels. Bug: 278477468 Test: Trigger bugreport on USERDEBUG with dumpstate.unroot set to true and check IRadio log Change-Id: Ic9dd8357eb326d5c5f03b16408b7ba0a5e5f5818 (cherry picked from commit e08be6ab76327511002ebd343bda13a2fcc1434d)	2023-04-20 03:40:59 +00:00
kadirpili	92636953cf	zuma: Allow GRIL Service to access radio_vendor_data_file Bug: 274737512 Change-Id: I90c008172af7bd0d8b7bf2b214f422c4165f3769 (cherry picked from commit 5c31a6f55ac18dd941e50b455c38a37efa12354f)	2023-04-20 03:37:22 +00:00
Wilson Sung	0d1a725348	Merge changes from topic "260522282" into udc-d1-dev am: `f4a5867e2a` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22746525 Change-Id: I8e0630c0d343ad857d7f67d7a743ef41708ecbcf Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-20 03:26:37 +00:00
Wilson Sung	f4a5867e2a	Merge changes from topic "260522282" into udc-d1-dev * changes: Revert^2 "Enforce priv_app" Label ims_remote_app and rcs_service_app	2023-04-20 02:46:06 +00:00
Treehugger Robot	6dba4fa8b3	Merge "Camera: Allow rw access to TEE devices" into udc-d1-dev am: `b51385226b` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22743594 Change-Id: I0529653e75ab3bbe0815a7b9eeef4f0a5db0849f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-19 21:12:32 +00:00
Treehugger Robot	b51385226b	Merge "Camera: Allow rw access to TEE devices" into udc-d1-dev	2023-04-19 20:02:33 +00:00
Ankit Goyal	ded9266dd4	Mark video secure devices as default dmabuf heaps Mali driver (and codec HAL as well) require direct access to video secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly write blanket rules for all the scontext. So, we piggyback on dmabuf_system_secure_heap_device to allow all scontext to be able to use these device nodes. This is just as secure as dmabuf_system_secure_heap_device in that case. There is no additional security impact. An app can still use gralloc to allocate buffers from these heaps and disallowing access to these heaps to the intended users. Fix: 278823239 Fix: 278513588 Fix: 275646321 Test: dEQP-VK.memory.allocation Change-Id: I01a2730fc222efe94d4e48e7ee4c317aa65f0064	2023-04-19 19:48:38 +00:00
Edmond Chung	57d920f582	Camera: Allow rw access to TEE devices This is to enable face authentication on P23 devices. Bug: 278898746 Test: Build, face authentication Change-Id: I75311770a9780e0d97a9240b589e4e4cd9e2dc56	2023-04-19 11:18:14 -07:00
Wilson Sung	dc75da30a1	Revert^2 "Enforce priv_app" This reverts commit `61a95fc71a`. Fix: 260522282 Change-Id: I0d5dd994d3acacfee854ae27669358cfc2c249fc	2023-04-20 00:14:18 +08:00
Wilson Sung	ab9b7f7609	Label ims_remote_app and rcs_service_app Bug: 260522282 Change-Id: I4bf27e30eda51794d2047da9ca17044632ec3786	2023-04-20 00:13:52 +08:00
Wilson Sung	5394ad595e	Remove untraceable rules avc: denied { quotaget } for comm="binder:1312_1" scontext=u:r:installd:s0 tcontext=u:object_r:modem_img_file:s0 tclass=filesystem permissive=0 Test: boot to home Bug: 196916111 Bug: 264490035 Change-Id: Iec3dd7161bb788d81fe8034f3471ece0dfde7e0d	2023-04-19 23:53:54 +08:00
Bruno BELANYI	ee5198a28b	Remove 'hal_neuralnetworks_armnn' sysprop exceptions Bug: b/205202540 Test: manual - reboot device and check the absence of AVC denials Change-Id: I8d85820cf4534b3e7d93eae6f16c750c49929c4a	2023-04-19 11:32:52 +00:00
Bruno BELANYI	aac79fd4d9	Add ArmNN config sysprops SELinux rules Bug: b/205202540 Test: manual - reboot device and check the absence of AVC denials Change-Id: I77b29468258520265e5f660452794aff068ca07d	2023-04-19 11:32:48 +00:00
Rex Lin	814652dc6d	Remove hal_uwb_default bug from bug_map SELinux errors are fixed and hence removing from bug map Bug: 273639365 Test: Build and boot on device Change-Id: I3a1ad3066840b507553b9365239673f6126b8ec6 Signed-off-by: Rex Lin <rexcylin@google.com>	2023-04-19 14:54:11 +08:00
Wilson Sung	7ebc1ab0d5	Enforce installd Fix: 260522202 Fix: 264490035 Test: Boot-to-home, no avc error Change-Id: I2ec5a2771c53dcc520a2ea229f093d354b5c80fd	2023-04-19 12:41:35 +08:00
Alan Chen	37bbafbe50	Merge "Remove dontaudit for hal_radioext_default to service_manager." into udc-d1-dev am: `c1f8b7a872` Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22694673 Change-Id: I884961bf28e23827172fc99f0a7801069339041d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-04-19 03:38:33 +00:00
Alan Chen	c1f8b7a872	Merge "Remove dontaudit for hal_radioext_default to service_manager." into udc-d1-dev	2023-04-19 03:04:57 +00:00

1 2 3 4 5 ...

1184 commits