Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
539 commits 1 branch 0 tags 18 MiB
Commit graph

52 commits

Author SHA1 Message Date
Adam Shih
ee45cfea78 Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-22 05:06:27 +00:00
Nicole Lee
aa4b374120 Move logger_app dontaudit items out of tracking_denials 
Bug: 269383459
Test: Open Pixel Logger and check logs
Change-Id: Id5b89a7eeaa5b06539113d4c86c64d6022080949
 2023-03-21 10:11:58 +00:00
Jayachandran C
8d1a560bf9 Allow radio to find and invoke Audio HAL for updating the network info during improved WiFi calling 
This CL fixes the following denials
auditd  : avc:  denied  { find } for interface=vendor.google.whitechapel.audio.audioext::IAudioExt sid=u:r:radio:s0 pid=2676 scontext=u:r:radio:s0 tcontext=u:object_r:hal_audio_ext_hwservice:s0 tclass=hwservice_manager permissive=0
auditd  : type=1400 audit(0.0:2983): avc: denied { call } for comm="binder:2617_3" scontext=u:r:radio:s0 tcontext=u:r:hal_audio_default:s0 tclass=binder permissive=0

Bug: 267802258
Test: Live network testing and verified the AudioExt HAL message

Change-Id: Iffa2bcc9b8fa56c383cb765b7cbdf1ff667376c5
 2023-03-15 08:22:09 +00:00
Enzo Liao
3f905ee1d0 SSRestarDetector: modify the SELinux policy to allow access files owned by system for Zuma. 
It needs to access a file pushed by hosts of test suites (details: http://go/pd-client-for-lab#heading=h.wtp07hbqvwgx)

Bug: 234359369
Design: http://go/pd-client-for-lab
Test: manual (http://b/271555983#comment3)
Change-Id: Id97d9c2d07197478ab8d6fcd1e9370dc794ff7d1
 2023-03-10 15:37:15 +08:00
Jasmine Cha
d4de162a4f audio: move sepolicy about audio to gs-common 
Bug: 259161622
Test: build pass and check with audio ext hidl/aidl

Change-Id: I5f537f18b33c84f30dae349880f8d00a22883b0b
Signed-off-by: Jasmine Cha <chajasmine@google.com>
 2023-03-09 10:09:29 +08:00
Kah Xuan Lim
4e270f1615 modem_svc_sit: grant modem property access 
Log message gotten before adding the policy:
avc: denied { connectto } for comm="modem_svc_sit" path="/dev/socket/property_service" scontext=u:r:modem_svc_sit:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1

Bug: 247669574
(cherry picked from commit 77ce224141)
Merged-In: Id5e66d94eb14c6979d3b93d54fd73634444cdea1
Change-Id: Id5e66d94eb14c6979d3b93d54fd73634444cdea1
 2023-02-20 11:04:11 +00:00
Nicole Lee
7706be6c71 logger_app: don't audit default_prop and fix errors 
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger

Bug: 264489961
Bug: 269383459
Test: Make sure no avc denied for logger_app when using Pixel Logger
(cherry picked from commit ef1d13d86d)
Change-Id: I8999372d243286586eb53602e167fa111d39a00f
Merged-In: I8999372d243286586eb53602e167fa111d39a00f
 2023-02-20 11:00:59 +00:00
neoyu
c0da946f48 Fix avc denied for hal_radioext_default 
avc: denied { call } for comm="HwBinder:782_1" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=binder permissive=0

Bug: 269684065
Test: manual
Change-Id: I5ebf280feafabf4688718197c79bd6c4cac6e8fe
 2023-02-17 08:39:47 +00:00
Jayachandran C
b85f29bb54 Merge "Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets."" 2023-02-16 02:59:18 +00:00
Jayachandran C
75fc4f2051 Merge "Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding" 2023-02-16 02:59:18 +00:00
Neo Yu
a5eb63a4ca Merge "Fix avc denied for hal_radioext_default" 2023-02-16 00:34:33 +00:00
Jayachandran C
f54ab444ac Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding 
This fixes the follow denials

Vendor ImsStack denials
================
type=1400 audit(0.0:9): avc: denied { read write } for comm="pool-28-thread-" path="socket:[109431]" dev="sockfs" ino=109431 scontext=u:r:radio:s0 tcontext=u:r:vendor_ims_app:s0:c7,c257,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice

AOC denials
===========
type=1400 audit(0.0:11): avc: denied { write } for name="acd-audio_rtp_tx" dev="tmpfs" ino=1185 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
type=1400 audit(0.0:12): avc: denied { read } for name="acd-audio_rtp_rx" dev="tmpfs" ino=1186 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 259178236
Test: Manually verified on the device with AOC

Change-Id: I000c0c72d8a37ab5680caddd499977db66939bfa
 2023-02-15 22:20:56 +00:00
Jayachandran C
8a51382598 Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets." 
This reverts commit ebe77e31f4.

Reason for revert: Re-worked as part of ag/21259162
Bug: 259178236

Change-Id: I0494e71339c335b2efc2f23d4087f19184cfd1b5
 2023-02-15 21:31:26 +00:00
neoyu
8a9b4fde21 Fix avc denied for hal_radioext_default 
avc:  denied  { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 269048898
Bug: 269045233
Test: manual
Change-Id: Ie5c926a8c22859d1ca2655b1bd91f36201f48285
 2023-02-15 17:58:39 +08:00
Randall Huang
938e0732dd storage: fix idle-maint avc denials. 
Bug: 264483567
Test: run idle-maint run
Change-Id: If4e67ce574de8be2709ebdf9ed2d09ad952ac206
Signed-off-by: Randall Huang <huangrandall@google.com>
 2023-02-14 09:29:59 +08:00
Wilson Sung
da49f90167 Allow vendor_init to set slog properties 
Bug: 267843409
Change-Id: Ib98b7127bb4381ce5dfb5522b3652637a533f593
 2023-02-08 15:32:26 +08:00
Wilson Sung
adfddd8d3b Allow vendor_init to set modem vendor_logger_prop 
Bug: 267843409
Change-Id: I47d1e4aec04dfcf1223e4e4d828d7da5af243e9c
 2023-02-08 15:31:54 +08:00
Hongbo Zeng
a82ea96b40 Fix denials for radio service to access files under /data/venodr/radio 
Bug: 263792405
Test: get PASS result with go/ril-config-service-test and the original
      denial logs in https://b/263792405#comment17 are gone
Change-Id: Id6d64bb3e159b083e1a1b4c8e728e992fb9b1502
 2023-02-06 03:47:01 +00:00
Nicole Lee
9c413c12e7 logger_app: allow logger_app to access vendor_slog_file 
Bug: 264489961
Test: Confirm no selinux denial for vendor_slog_file
Change-Id: Idc5386336a196f39703f6d33e3a7a8491e860ea0
 2023-01-31 16:38:48 +00:00
Nicole Lee
98e068e135 logger_app: allow logger_app to access vendor_rild_prop 
Bug: 264489961
Test: Confirm no selinux denial for vendor_rild_prop
Change-Id: I07bb59cba17f11a6cfdaf40e92f6cd663d8ad903
 2023-01-31 16:38:39 +00:00
Nicole Lee
e396b80465 logger_app: allow logger_app to access sysfs_sscoredump_level and vendor_ramdump_prop 
Bug: 264489961
Test: Confirm no selinux denial for sysfs_sscoredump_level and vendor_ramdump_prop
Change-Id: I6c7e87d15505dd9cd80f571ab67925b7ec722ef6
 2023-01-31 16:38:31 +00:00
Nicole Lee
cbb6754e58 logger_app: allow logger_app to access logd_prop 
Bug: 264489961
Test: Confirm no selinux denial for logd_prop
Change-Id: I6db7b19dd9cf864768ba2442d39d9fcde16a71fe
 2023-01-31 16:38:23 +00:00
Nicole Lee
bed125ec04 logger_app: allow logger_app to access logpersistd_logging_prop 
Bug: 264489961
Test: Confirm no selinux denial for logpersistd_logging_prop
Change-Id: Ia8836e058bb3e471d388f9055252e6c3c42227ac
 2023-01-31 16:38:14 +00:00
Nicole Lee
998e7618b9 logger_app: allow logger_app to access vendor_audio_prop 
Bug: 264489961
Test: Confirm no selinux denial for vendor_audio_prop
Change-Id: I02b53cf4d39adf1bc69004502a21b130c925d6bc
 2023-01-31 16:38:05 +00:00
Nicole Lee
64a8ed9b7b logger_app: allow logger_app to access vendor_wifi_sniffer_prop 
Bug: 264489961
Test: Confirm no selinux denial for vendor_wifi_sniffer_prop
Change-Id: Id6a5afed299c3ac869897015629d190640f40d8f
 2023-01-31 16:37:54 +00:00
Nicole Lee
eb05f7d02f logger_app: allow logger_app to access vendor_tcpdump_log_prop 
Bug: 264489961
Test: Confirm no selinux denial for vendor_tcpdump_log_prop
Change-Id: I2c4e7e0d395f570f93a26dd0328982487426ac84
 2023-01-31 16:36:24 +00:00
Nicole Lee
cddb6ad619 logger_app: allow access vendor_gps_file, vendor_gps_prop, vendor_logger_prop 
Bug: 261519049
Bug: 261783031
Bug: 261933367

Test: Confirm no selinux denial for these 3 tcontexts
Change-Id: I6f919e193693f7521778321f677214ea9f3b4d84
 2023-01-31 16:32:41 +00:00
Nicole Lee
b713236048 logger_app: allow logger_app access vendor_modem_prop 
Bug: 260522268
Bug: 264600053

Test: Confirm no selinux denial for tcontext vendor_modem_prop
Change-Id: Ic4ed0cdd7fa33c1dd4c812528b26b4a19cf6537b
 2023-01-31 16:32:32 +00:00
Nicole Lee
e6975cb6e5 logger_app: allow logger_app to access vendor_ssrdump_prop 
Bug: 260366439

Test: Confirm no selinux denial for tcontext vendor_ssrdump_prop
Change-Id: I74009bdd3d8b0fa691a2d0132655dc08fcd50977
 2023-01-31 16:32:24 +00:00
Nicole Lee
30e96b25ce logger_app: allow logger_app to access radio files 
Bug: 260366439
Bug: 260522268
Bug: 260769144
Bug: 261519049
Bug: 264600084

Test: Confirm no selinux denial for tcontext radio_vendor_data_file
Change-Id: I2a917d78e685aad5608e64f4d076cc50cdb064cc
 2023-01-31 16:32:16 +00:00
Aaron Tsai
93dd7a2935 Fix avc denied for rild 
original log: [  158.669951] type=1400 audit(1671200951.308:888): avc: denied { write } for comm="dumpstate" path="pipe:[227853]" dev="pipefs" ino=227853 scontext=u:r:rild:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=1
original log: [  174.593792] type=1400 audit(1671063328.232:1003): avc: denied { use } for comm="dumpstate" path="pipe:[235312]" dev="pipefs" ino=235312 scontext=u:r:rild:s0 tcontext=u:r:dumpstate:s0 tclass=fd permissive=1

Bug: 263049190
Bug: 262633094
Test: manual test and check log
Change-Id: I56b26c8dc820e00ef659844cceff45edded4d677
 2023-01-07 14:05:10 +00:00
Kadyr Narmamatov
3fc1ab6583 modem_svc_sit: Grant permission to read vendor_fw_file 
Bug: 260371849
Change-Id: Ia1bb3483c0d1dfcc1fc34b625f8b0eddf099cafb
 2022-12-23 04:11:01 +00:00
Kah Xuan Lim
77becc2a8f Merge "Modem ML: create selinux rules" 2022-12-21 10:04:58 +00:00
Kah Xuan Lim
6ea5e4634a Modem ML: create selinux rules 
Bug: 262338662
Change-Id: I899a03a36b542bbf6b9e4b936f279f2d6b4a4c7b
 2022-12-20 08:39:35 +00:00
Sateshk Kumar Chinnappan
ebe77e31f4 Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets. 
This addresses the following SE policy denial
11-11 20:51:49.388000  2167  2167 I auditd  : type=1400 audit(0.0:11): avc: denied { read write } for comm="nnon.imsservice" path="socket:[111836]" dev="sockfs" ino=111836 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:vendor_ims_app:s0:c228,c256,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice

Bug: 262320328
Test: Manual
Change-Id: I450f1faebd6c6a67e9f904c880360e75bad3cb40
 2022-12-19 19:26:14 +00:00
Cheng Chang
426a96bf54 gps: nstandby path depend on platform 
Bug: 259353063
Test: no avc denied about nstandby
Change-Id: I9713139d425be50a689130f735b37f04eb573107
 2022-11-24 02:21:37 +00:00
Adam Shih
8cc9ed0404 review partitions 
Bug: 254378739
Test: boot with relevant files labled correctly
Change-Id: Ic5954b5de7976e1864dc77254b547d6c97f9e564
 2022-11-21 10:31:06 +08:00
Adam Shih
c37b0484af review fsck and relevant partitions 
Bug: 254378739
Test: boot with no relevant error
Change-Id: Ibdcea873e830c534101aaea0f12a1717748dcb48
 2022-11-21 10:16:19 +08:00
Adam Shih
381ae2dddb restart device dependent HALs 
Bug: 254378739
Test: build pass
Change-Id: I06061867773dd20989923b3ce81b58a457f8a929
 2022-11-18 11:19:34 +08:00
Salmax Chang
f87c27197c radio: Add new radio device 
Add "/dev/oem_test" into radio device label list.

Bug: 258744063
Change-Id: If5e7d555f4b0584f87956c9354ebf1d3efd9f73f
 2022-11-17 14:37:02 +08:00
Adam Shih
ac48178051 Merge "review cat_engine_service_app" 2022-11-17 02:59:15 +00:00
Adam Shih
1b9d3e9092 review cat_engine_service_app 
Bug: 254378739
Test: build pass
Change-Id: I98710837319528a577af205b51de710baa742e1d
 2022-11-16 14:15:33 +08:00
TreeHugger Robot
cebbeb21ac Merge "improve dumpstate performance to 72 seconds" 2022-11-16 05:26:48 +00:00
TreeHugger Robot
649a0e22b9 Merge changes I1317f3ec,I5c727517 
* changes:
  remove obsolete code
  review radio
 2022-11-16 04:37:05 +00:00
Adam Shih
5adddd397a improve dumpstate performance to 72 seconds 
Bug: 259302023
Test: adb bugreport
Change-Id: I6e777e532ab09a54cec59fdb4f51c451db6f85de
 2022-11-16 11:45:43 +08:00
Adam Shih
76cecacbe3 review radio 
Bug: 254378739
Test: boot to home
Change-Id: I5c7275170840cb58eb44373d2737bd7914514761
 2022-11-16 10:24:25 +08:00
Adam Shih
433f95cd25 catch up gs201's setting 
Bug: 254378739
Test: build pass
Change-Id: I12248518b5d30730f09bd5e7da2e47e1dd819889
 2022-11-11 05:45:20 +00:00
Adam Shih
d8e8b3899c review hal_radioext_default 
Bug: 254378739
Test: boot with hal_radioext_default launched
Change-Id: Idd913e9418cc5ffbe0ade236639608c2bd313599
 2022-11-10 14:29:03 +08:00
Adam Shih
90dff9f56d review init.radio.sh 
Bug: 254378739
Test: boot with the script running
Change-Id: I76d58d9d15e5275a45a37292a1db2598e5e24e52
 2022-11-10 11:46:42 +08:00
Adam Shih
9db49d02d4 review bipchmgr 
Bug: 254378739
Test: boot with bipchmgr launched
Change-Id: I3d09a8dad088815c60aefc349e7a2d8b178e61fd
 2022-11-10 11:44:00 +08:00