Nicole Lee
ef1d13d86d
logger_app: don't audit default_prop and fix errors
...
avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger
avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger
Bug: 264489961
Bug: 269383459
Test: Make sure no avc denied for logger_app when using Pixel Logger
Change-Id: I8999372d243286586eb53602e167fa111d39a00f
2023-02-16 10:59:51 +00:00
Wilson Sung
3432cc6b0b
Enforce system_server and remove obsolete denials
...
Bug: 261519050
Bug: 262455682
Bug: 264489786
Test: boot to home and avc gone
Change-Id: I0a51e029a85af0a77faebfdcfe0b4dc26b71cca6
2023-02-16 05:35:19 +00:00
Wilson Sung
c43a6186bf
Add app_domain to con_monitor_app
...
Bug: 261782930
Bug: 264490077
Test: boot to home and avc gone
Change-Id: I86a0793c93549172ee60397b9735ddcfe0d20bac
2023-02-16 13:00:39 +08:00
TreeHugger Robot
061a2d7f82
Merge "Remove shell related denied"
2023-02-16 04:01:25 +00:00
Jayachandran C
b85f29bb54
Merge "Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets.""
2023-02-16 02:59:18 +00:00
Jayachandran C
75fc4f2051
Merge "Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding"
2023-02-16 02:59:18 +00:00
Wilson Sung
ae2403dca7
Remove shell related denied
...
Bug: 260366321
Bug: 264489784
Change-Id: I21c5011358862ea911a3240aa0ff650d503514e9
2023-02-16 02:21:56 +00:00
Neo Yu
a5eb63a4ca
Merge "Fix avc denied for hal_radioext_default"
2023-02-16 00:34:33 +00:00
Jayachandran C
f54ab444ac
Allow radio to access IMS stack's socket for sending/receiving RTP packets and aoc_device for codec encoding/decoding
...
This fixes the follow denials
Vendor ImsStack denials
================
type=1400 audit(0.0:9): avc: denied { read write } for comm="pool-28-thread-" path="socket:[109431]" dev="sockfs" ino=109431 scontext=u:r:radio:s0 tcontext=u:r:vendor_ims_app:s0:c7,c257,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice
AOC denials
===========
type=1400 audit(0.0:11): avc: denied { write } for name="acd-audio_rtp_tx" dev="tmpfs" ino=1185 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
type=1400 audit(0.0:12): avc: denied { read } for name="acd-audio_rtp_rx" dev="tmpfs" ino=1186 scontext=u:r:radio:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
Bug: 259178236
Test: Manually verified on the device with AOC
Change-Id: I000c0c72d8a37ab5680caddd499977db66939bfa
2023-02-15 22:20:56 +00:00
Jayachandran C
8a51382598
Revert "Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets."
...
This reverts commit ebe77e31f4
2023-02-15 21:31:26 +00:00
neoyu
8a9b4fde21
Fix avc denied for hal_radioext_default
...
avc: denied { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_radioext_default:s0 pid=792 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=0
Bug: 269048898
Bug: 269045233
Test: manual
Change-Id: Ie5c926a8c22859d1ca2655b1bd91f36201f48285
2023-02-15 17:58:39 +08:00
Wilson Sung
4ea1dcff3a
Fix zram avc denied
...
Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
2023-02-15 08:23:49 +00:00
TreeHugger Robot
386ec7e920
Merge "Remove logger_app in bug_map"
2023-02-15 07:05:52 +00:00
Adam Shih
650b20d27f
Merge "create cma dump"
2023-02-15 06:28:52 +00:00
Welly Hsu
5a441a9ca3
Merge "Remove unnecessary dontaudit for context euiccpixel_app"
2023-02-15 05:27:41 +00:00
Wilson Sung
83151d7383
Merge "Enforce bootanim and platform_app"
2023-02-15 05:19:59 +00:00
Adam Shih
c80283456e
Merge "move devfreq dump to gs-common"
2023-02-15 04:54:22 +00:00
Adam Shih
a438fce84f
create cma dump
...
Bug: 240530709
Test: adb bugreport
Change-Id: I1a97098d73106a16c0be675a5d8f58183d5f9531
2023-02-15 12:41:31 +08:00
Adam Shih
efa506d012
move devfreq dump to gs-common
...
Bug: 240530709
Test: adb bugreport
Change-Id: Ica18fa60ed1da44eb587ffe59370e87b393e69fb
2023-02-15 11:11:44 +08:00
Wilson Sung
c1a0ef2fe6
Enforce bootanim and platform_app
...
Bug: 264489606
Bug: 264490036
Change-Id: I16ed01bbb93ae2b5d5d6609ffd1f2bc0e3dc39ca
2023-02-15 10:36:08 +08:00
Shashank Sharma
7cd2e4b765
Merge "arm_mali_platform_service: register gpu selinux service"
2023-02-15 02:11:19 +00:00
Welly Hsu
0b3bc92066
Remove unnecessary dontaudit for context euiccpixel_app
...
bug: 260522203
bug: 260922442
bug: 262455954
bug: 260522040
bug: 260768358
bug: 261933311
Test:
1. m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
2. eSIM OS version check & OS upgrade successfully without avc error
Change-Id: I6e0771a5794a42af5e187e35881e6de06e01fff0
2023-02-15 02:08:27 +00:00
George Chang
378fc6f5cf
Merge "Remove dontaudit for secure_element"
2023-02-15 00:33:49 +00:00
Shashank Sharma
7cbda60f3e
arm_mali_platform_service: register gpu selinux service
...
Fix avc denied issues.
Bug: 261105374
Bug: 260768402
Bug: 260922162
Bug: 261105092
Bug: 264483754
Test: No AVC denied logs after reboot.
Change-Id: I6448b3e0df9b5deeb953498fa623810eadb3ff67
2023-02-14 23:34:14 +00:00
TreeHugger Robot
996a7ad4ff
Merge "storage: remove init tracking_denials rule"
2023-02-14 22:51:57 +00:00
TreeHugger Robot
bf60294e77
Merge "Map AIDL Gatekeeper to same policy as HIDL version"
2023-02-14 18:55:51 +00:00
Dinesh Yadav
dec248fa9a
Merge "Remove b/264321380 from bug map"
2023-02-14 11:33:11 +00:00
Nicole Lee
95bf6d4b20
Remove logger_app in bug_map
...
Bug: 264600084
Bug: 264600053
Change-Id: I5aa4dc83806c001e2cd3808cb998c39e4e3bd524
2023-02-14 09:29:29 +00:00
Randall Huang
eafa9d0fbe
Merge "storage: remove dumpstate tracking_denial rule"
2023-02-14 08:35:13 +00:00
TreeHugger Robot
dd28add0e4
Merge "Revert "Revert "update error on ROM 9588633"""
2023-02-14 08:06:21 +00:00
Ken Yang
a99d9c1150
Merge "Remove hal_vibrator_default in bug_map"
2023-02-14 08:02:14 +00:00
Randall Huang
f6600b7f72
storage: remove init tracking_denials rule
...
Bug: 262794360
Test: boot to home
Change-Id: Iaea58cc0a1a572a651f7cb01d9b4ba19ff515269
Signed-off-by: Randall Huang <huangrandall@google.com>
2023-02-14 15:51:57 +08:00
Adam Shih
ce1a20ee01
Merge "Move memory dump to gs-common"
2023-02-14 07:22:11 +00:00
Randall Huang
da5df9cd20
storage: remove dumpstate tracking_denial rule
...
Bug: 261933169
Test: no scsi avc denial when generating bugreport
Change-Id: Iecf98c248a2ad28d05095b7c91b8695dd92486be
Signed-off-by: Randall Huang <huangrandall@google.com>
2023-02-14 07:13:54 +00:00
Wilson Sung
cc76d0f05b
Revert "Revert "update error on ROM 9588633""
...
This reverts commit 9290d7c45b
2023-02-14 15:05:12 +08:00
Ken Yang
8893d42439
Remove hal_vibrator_default in bug_map
...
Remove hal_vibrator_default in bug_map due to my incorrect rebase
Bug: 264483356
Change-Id: I25310ad9f6d2c16d90f20969cbfc792f34584c93
Signed-off-by: Ken Yang <yangken@google.com>
2023-02-14 06:56:52 +00:00
Dinesh Yadav
1dbaa50d8c
Remove b/264321380 from bug map
...
This bug was created to track the selinux violations caused when
camera hal tried to access gxp. This has been resolved by ag/21003929
Bug: 264321380
Change-Id: I33458cb7a1a657aba8be62362b62be52d881420f
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
2023-02-14 05:49:34 +00:00
TreeHugger Robot
439199228b
Merge "Storage: remove hal_health_storage tracking denials rules"
2023-02-14 04:14:24 +00:00
Randall Huang
ccd8416356
Merge changes from topic "264483567"
...
* changes:
storage: fix idle-maint avc denials.
storage: remove vold tracking_denials rules
2023-02-14 03:07:06 +00:00
Randall Huang
938e0732dd
storage: fix idle-maint avc denials.
...
Bug: 264483567
Test: run idle-maint run
Change-Id: If4e67ce574de8be2709ebdf9ed2d09ad952ac206
Signed-off-by: Randall Huang <huangrandall@google.com>
2023-02-14 09:29:59 +08:00
Doug Zobel
b844ec7548
Merge "Move sysfs_pcie type definition to gs-common"
2023-02-13 16:15:21 +00:00
George
39733f8622
Remove dontaudit for secure_element
...
SELinuxUncheckedDenialBootTest
scanAvcDeniedLogRightAfterReboot
no avc denials for secure_element
Bug: 264490093
Bug: 262794969
Bug: 261651095
Bug: 260922187
Bug: 260768672
Test: manually check dumpsys secure_element
Test: run cts -m CtsOmapiTestCases
Test: m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: Ic06f9d0bf61bc8f30e0f285403a99e2c73384418
2023-02-13 12:36:51 +00:00
Randall Huang
eb3e643acd
Storage: remove hal_health_storage tracking denials rules
...
Bug: 264490032
Test: boot to home
Change-Id: I825b33ba513e135754a969a108d13096a326745a
Signed-off-by: Randall Huang <huangrandall@google.com>
2023-02-13 17:14:36 +08:00
Ray Chi
cf818217df
Fix avc denied for USB property
...
Bug: 268572164
Test: reboot device and no related logs
Change-Id: I473d0ee022e9a9edc076ef479e2343d11b9ef63d
2023-02-13 17:03:02 +08:00
Randall Huang
2c859d0485
storage: remove vold tracking_denials rules
...
Bug: 264483567
Test: boot to home
Change-Id: Iad702bf293ea374174034239c81ea3499c837cf0
Signed-off-by: Randall Huang <huangrandall@google.com>
2023-02-13 16:58:39 +08:00
Ken Yang
c6bd3ad477
Merge "WLC: Add hal_wireless_charger policies for systemui"
2023-02-13 08:13:26 +00:00
Adam Shih
176bdd647d
Move memory dump to gs-common
...
Bug: 240530709
Test: adb bugreport
Change-Id: Ie860adb97d7bcebf87cd4280e1d5601163d06074
2023-02-13 14:58:08 +08:00
George Chang
806fda64ba
Merge "Update sepolicy for streset and stpreprocess"
2023-02-13 04:05:57 +00:00
Andrew Chant
f861570a64
Merge "Revert "update error on ROM 9588633""
2023-02-11 01:33:03 +00:00
Andrew Chant
9290d7c45b
Revert "update error on ROM 9588633"
...
This reverts commit 8c2f12f39d
2023-02-11 01:27:19 +00:00
