Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1026 commits 1 branch 0 tags 18 MiB
Commit graph

105 commits

Author SHA1 Message Date
Treehugger Robot
8733772e74 Merge "Add sepolicies for gcma_camera heaps" into udc-d1-dev 2023-06-08 06:25:44 +00:00
Mark su
51c91e5bdf Add video12 as hw_jpg_device and enable it for debug_camera_app 
Test: 05-05 05:07:06.652  4616  4616 W FinishThread: type=1400 audit(0.0:24): avc:  denied  { read write } for  name="video12" dev="tmpfs" ino=646 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 app=com.google.android.GoogleCameraEng
05-08 22:00:59.000  7323  7323 I FinishThread: type=1400 audit(0.0:36): avc:  denied  { read } for  name="lib_jpg_encoder.so"
 dev="dm-45" ino=25639 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_camera_data_file:s0 tcl
ass=file permissive=1 app=com.google.android.GoogleCameraEng

05-08 22:00:59.000  7323  7323 I FinishThread: type=1400 audit(0.0:37): avc:  denied  { open } for  path="/vendor/lib64/lib_j
pg_encoder.so" dev="dm-45" ino=25639 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_camera_da
ta_file:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng

05-08 22:46:00.260  4784  4784 I FinishThread: type=1400 audit(0.0:29): avc:  denied  { execute } for  path="/vendor/lib64/
libhwjpeg.so" dev="dm-50" ino=55596 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_camera_d
ata_file:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng

05-08 22:33:30.504  7436  7436 I FinishThread: type=1400 audit(0.0:36): avc:  denied  { getattr } for  path="/vendor/lib64/
lib_jpg_encoder.so" dev="dm-50" ino=53765 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_ca
mera_data_file:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng

05-08 22:33:30.504  7436  7436 I FinishThread: type=1400 audit(0.0:37): avc:  denied  { map } for  path="/vendor/lib64/lib_
jpg_encoder.so" dev="dm-50" ino=53765 scontext=u:r:debug_camera_app:s0:c32,c257,c512,c768 tcontext=u:object_r:vendor_camera
_data_file:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng

binder:7312_2: type=1400 audit(0.0:18): avc:  denied  { read write } for  name="video12" dev="tmpfs" ino=680 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:hw_jpg_device:s0 tclass=chr_file permissive=1
05-08 22:28:37.692  7312  7312 I binder:7312_2: type=1400 audit(0.0:19): avc:  denied  { open } for  path="/dev/video12" dev="tmpfs" ino=680 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:hw_jpg_device:s0 tclass=chr_file permissive=1

05-08 22:28:37.692  7312  7312 I binder:7312_2: type=1400 audit(0.0:20): avc:  denied  { ioctl } for  path="/dev/video12" dev="tmpfs" ino=680 ioctlcmd=0x5600 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:hw_jpg_device:s0 tclass=chr_file permissive=1

05-08 22:28:37.700  7312  7312 I binder:7312_2: type=1400 audit(0.0:21): avc:  denied  { read } for  name="u:object_r:default_prop:s0" dev="tmpfs" ino=167 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1

Bug: 267820687
Change-Id: I69f502d721f683d3532038d618f5fafc83f38b6b
 2023-05-31 06:08:46 +00:00
TreeHugger Robot
23440aa9df Merge "Remove old secure_element HIDL permission" into udc-d1-dev 2023-05-31 05:27:32 +00:00
Hyungjun Park
6de0a33f0a Remove old secure_element HIDL permission 
AIDL HAL is used in the new project and remove the old HIDL part.

Bug: 280530945
Test: VTS pass

Change-Id: Idd38fc59d7e89e2cafab5f4693d00abd6d4fb138
Signed-off-by: Hyungjun Park <hjun78.park@samsung.com>
 2023-05-31 03:12:02 +00:00
Dinesh Yadav
e6d2f01a89 Add SEPolicy for gxp_metrics_logger.so logging to stats service 
In order to access the gxp metrics library from the google camera
app (product partition), we need to create an SELinux exception for
the related shared library (in vendor) it uses.
This CL adds the same_process_hal_file tag to allow this exception.

Bug: 278516358
Change-Id: I42d41243d3ee47ebff4f766cd769b5387fd20852
 2023-05-26 04:01:09 +00:00
Jimmy Hu
86cb19bb2f Merge "Set sepolicy for shell script of disabling contaminant detection" into udc-d1-dev 2023-05-24 08:14:01 +00:00
Kenny Root
107d3314a4 Merge "Add GSA logs policy" into udc-d1-dev 2023-05-22 05:14:11 +00:00
Jimmy Hu
70e6dd395b Set sepolicy for shell script of disabling contaminant detection 
(ported from Ib2e3cf498851c0c9e5e74aacc9bf391549c0ad1a)

Bug: 263916675
Bug: 264231895
Test: setprop vendor.usb.contaminantdisable true
Change-Id: Ia451a6abc4a3c872c002efa323d06e9179bd656b
Signed-off-by: Jimmy Hu <hhhuuu@google.com>
 2023-05-19 09:54:23 +00:00
Prasanna Prapancham
9138d3d1de add 8411 to logbuffer 
Test: Flash local build and collect bugreport
Bug: 277799048
Change-Id: I877a91999a2f17df5ea90d3d2257b93bfd67e8e6
Signed-off-by: Prasanna Prapancham <prapancham@google.com>
(cherry picked from commit c1715483d1)
 2023-05-17 22:52:57 +00:00
Kenny Root
7be3a71942 Add GSA logs policy 
This adds a label to the sysfs files for GSA logs to allow dumpstate to
read them during a bugreport.

(cherry picked from commit 076591d107)

Bug: 271125313
Test: adb shell dumpstate
Change-Id: I8842c0bec972c4cfad15ca689f8e4ae7fa99e179
Merged-In: I8842c0bec972c4cfad15ca689f8e4ae7fa99e179
 2023-05-17 17:36:35 +00:00
Xu Han
639d91fb93 Merge "Add permission for nautilus devices" into udc-d1-dev 2023-05-17 16:48:55 +00:00
Xu Han
bdc91f6477 Add permission for nautilus devices 
Bug: 283015605
Test: Build
Change-Id: I986a2798a4a5ca927a1a2aaea61edca9fa59b2c5
 2023-05-17 03:59:43 +00:00
Treehugger Robot
05abdf9f26 Merge "uwb: add permissions for factory uwb calib file" into udc-d1-dev 2023-05-15 16:54:11 +00:00
Mahesh Kallelil
1f885d0bcd Allow dump_modem to read logbuffer and wakeup events 
Updating sepolicy for dump_modem to read /dev/logbuffer_cpif. This is
required as part of bugreport.

Test: Tested bugreport on P23
Bug: 278501642
Change-Id: I102583e37ec2e3852fd901a75bbb06de9ac6f77c
Signed-off-by: Mahesh Kallelil <kallelil@google.com>
 2023-05-09 00:20:07 -07:00
Hasan Awais
14b2c135bb uwb: add permissions for factory uwb calib file 
needed for copying the factory calib file from persist to
/data/vendor/uwb, along with converting the file to a valid format
for uwb HAL

Bug: 274513871
Bug: 279820265
Test: local build passed
Change-Id: I4c4286cd5c200475cac3b9d58a81724d631c49e0
Signed-off-by: Hasan Awais <hasanawais@google.com>
 2023-05-09 00:27:47 +00:00
Martin Liu
e4e930185a Add sepolicies for gcma_camera heaps 
Bug: 275481134
Test: launch camera
Change-Id: I2efe897826d3c32bb85c815207865c0db557ea9f
Signed-off-by: Martin Liu <liumartin@google.com>
 2023-05-08 23:54:55 +08:00
TreeHugger Robot
b417627fb8 Merge "Add tele sensor sepolicy permission" into udc-d1-dev 2023-05-08 02:00:59 +00:00
Kamal Shafi
e1464f8e53 Add tele sensor sepolicy permission 
Bug: 280370254
Test: build pass
Change-Id: If76c157e272f40159bcd6aac08d4b3bc88991338
 2023-05-04 09:18:55 +00:00
horngchuang
5e6e5b568b Add sepolicy permission of new camera components 
Bug: 279885244
Bug: 280392819
Test: Build and test for sensor denials
Change-Id: Ib29b0287bc52f9c0fe6e3c18c272e6593507371b
 2023-05-04 07:38:46 +00:00
Treehugger Robot
cdb62d5474 Merge "Correct sepolicy permission for new UW cam EEPROM" into udc-d1-dev 2023-05-03 08:20:05 +00:00
Horng Chuang
5a2189a5ae Merge "Add sepolicy permission for new svarog sensor" into udc-d1-dev 2023-05-03 03:26:50 +00:00
Tom Huang
dd5df5791f Merge "Add hidraw device sepolicy for headtracking" into udc-d1-dev 2023-05-02 04:07:15 +00:00
horngchuang
a6d7203408 Add sepolicy permission for new svarog sensor 
Bug: 278473644
Test: Build and test for sensor denials
Change-Id: I2816a2ada49d4369b975ac22693994cff5cd6aec
 2023-05-01 15:34:33 +00:00
Kamal Shafi
47f407fa8d Correct sepolicy permission for new UW cam EEPROM 
change imentet camera sensor EEPROM naming to its codename.

Bug: 279547216
Test: build pass
Change-Id: Ib831119318a0b4467f81f93c009a28831cebac25
 2023-04-28 02:56:30 +00:00
Andrew Chant
6641141f91 Merge "Use tof sensor codenames" into udc-d1-dev 2023-04-27 02:07:29 +00:00
Kamal Shafi
eb22b7d648 Add sepolicy permission for new UW camera 
sepolicy including imentet camera sensor and gt24p64e EEPROM

Bug: 277988592
Bug: 279547216
Test: build pass
Change-Id: I01e2bc558eba7cf03c11818d9c806e6053808fd1
 2023-04-26 11:32:33 +00:00
kuanyuhuang
477d58d695 Add hidraw device sepolicy for headtracking 
Test: make and incoming HID data from Pixel Buds Pro
Bug: 276163506
Change-Id: I10833e215962ad007ad32a0d713e9b37ae888fdb
 2023-04-26 09:20:11 +00:00
Treehugger Robot
dd9d69e132 Merge "Add sepolicy permission for new project" into udc-d1-dev 2023-04-26 02:34:56 +00:00
TreeHugger Robot
d1c31b785d Merge "Add memtrack" into udc-d1-dev 2023-04-25 21:44:08 +00:00
horngchuang
4c3cd890be Add sepolicy permission for new project 
Bug: 279542096
Test: Build and test for sensor denials
Change-Id: I3d6b7ce33e101bd9eeacefae128239af3512b67f
 2023-04-25 08:09:29 +00:00
Ankit Goyal
5e4db7517c Add memtrack 
Bug: 279108265
Test: dumpsys meminfo
Change-Id: Ib46c89811aa3aa1a5573076f9dc69e7222f56ea4
 2023-04-20 23:18:56 -07:00
Ankit Goyal
ded9266dd4 Mark video secure devices as default dmabuf heaps 
Mali driver (and codec HAL as well) require direct access to video
secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly
write blanket rules for all the scontext. So, we piggyback on
dmabuf_system_secure_heap_device to allow all scontext to be able to use
these device nodes.

This is just as secure as dmabuf_system_secure_heap_device in that case.
There is no additional security impact. An app can still use gralloc to
allocate buffers from these heaps and disallowing access to these heaps
to the intended users.

Fix: 278823239
Fix: 278513588
Fix: 275646321
Test: dEQP-VK.memory.allocation
Change-Id: I01a2730fc222efe94d4e48e7ee4c317aa65f0064
 2023-04-19 19:48:38 +00:00
Treehugger Robot
fde5823b6f Merge "Update rules for android.hardware.secure_element-service.thales" into udc-d1-dev 2023-04-14 01:21:56 +00:00
Ankit Goyal
9576cfaca7 Add sepolicy for framebuffer-secure heap 
Bug: 245053092
Test: Secure video playback
Change-Id: I715ea5a4e9ee70ec2a022351b9e722a25bfb9f93
 2023-04-13 13:47:11 -07:00
Yixuan Wang
2c0e44805a Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev 2023-04-13 19:38:38 +00:00
Joner Lin
edd47032af Merge "allow bthal to access vendor bluetooth folder" into udc-d1-dev 2023-04-13 13:57:32 +00:00
George
95d0a4b76f Update rules for android.hardware.secure_element-service.thales 
A new domain hal_secure_element_st54spi_aidl for AIDL HAL

Bug: 261566299
Test: run cts -m CtsOmapiTestCases
Test: atest VtsAidlHalNfcTargetTest
Change-Id: Id76a3f3337e2ee72031b39975eb010178855f36f
 2023-04-13 11:02:49 +00:00
Yixuan Wang
1095231e38 Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for 
chre

[ 7.760870] type=1400 audit(1669944054.440:61): avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1099 scontext=u:r:hal_contexthub_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
[ 12.519414] type=1400 audit(1669944059.196:138): avc: denied {connectto } for comm="android.hardwar" path="/dev/socket/chre"scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1

Bug: 264489794
Bug: 261105224
Test: atest scanAvcDeniedLogRightAfterReboot
Change-Id: I7bf13913188deedc987f82e54626a18357ab84c5
 2023-04-13 06:43:41 +00:00
Wilson Sung
c2eedff70c Add recovery related policy 
Fix: 275143841
Fix: 264490092
Test: adb sideload and no avc error
Change-Id: I52003c9417560a6c5dab815a6929681710f0b0a4
 2023-04-12 03:46:54 +08:00
jonerlin
940b51e1e4 allow bthal to access vendor bluetooth folder 
Bug: 240636731
Test: enable vendor btsnoop property and check the vendor snoop log
Change-Id: Ib7c36e7398bdbe7abc2f3b2dba684f95a4ce90a8
 2023-04-11 17:01:40 +00:00
TreeHugger Robot
6cbdc36e1b Merge "Move pixel dumpstate to gs-common" into udc-d1-dev 2023-03-29 16:06:45 +00:00
Jerry Huang
912984c964 Keep name "dmabuf_system_secure_heap_device" for secure playback 
Fixes the following denials:

03-13 14:31:22.796 W CodecLooper: type=1400 audit(0.0:284): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo

03-13 14:31:22.796 I auditd  : type=1400 audit(0.0:281): avc: denied { read } for comm="CodecLooper" name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo

03-14 15:01:48.069  1429  1429 W CodecLooper: type=1400 audit(0.0:1469): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=807 scontext=u:r:untrusted_app_32:s0:c65,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.disney.disneyplus

Bug: 268197530
Test: secure playback
Change-Id: I09a24fcf03f1f66b4c85d3b3949f33ad0d0f8dac
 2023-03-28 15:04:43 +08:00
Boon Jun Soh
0a1cba518a Use tof sensor codenames 
Bug: 272224875
Test: Camera CTS + PTS + unittests
Change-Id: Iedd90e285364b28add7298bae7662efbac31474c
 2023-03-28 13:00:09 +08:00
Adam Shih
036fb44a5d Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I10f98673ea507f841d9d3f33d737c4e73c1b5b19
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
(cherry picked from commit 8538fd33da)
 2023-03-27 17:57:22 +00:00
TreeHugger Robot
24536aa24c Merge "Revert "Move pixel dumpstate to gs-common"" into udc-dev am: 3fae47e04b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22215371

Change-Id: I3b6ed885d80985c85846b1ec6627c093ba94431f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 08:07:36 +00:00
Wilson Sung
3e68836e43 Revert "Move pixel dumpstate to gs-common" 
Revert submission 22188471-dumpstate aidl

Reason for revert: Build break

Reverted changes: /q/submissionid:22188471-dumpstate+aidl
Bug: 274858145

Change-Id: I757111541257eecd4936572376fe42a4c866a1d6
 2023-03-23 05:58:12 +00:00
Adam Shih
cad969da74 Merge "Move pixel dumpstate to gs-common" into udc-dev am: 0c17644417 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22188471

Change-Id: I58ded180038a8aa507095d31a069547b7f02efea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 05:52:55 +00:00
Adam Shih
ee45cfea78 Move pixel dumpstate to gs-common 
Bug: 240530709
Test: adb bugreport
Change-Id: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
Merged-In: I4c46a2495ea07b9e44f56c4c6be726621e0ebf65
 2023-03-22 05:06:27 +00:00
JimiChen
ee1df407be change device type for /dev/stmvl53l1_ranging 
It was a rls_device. Move to lwis_device now.

Bug: 274552433
Test: launch GCA
Change-Id: Id920583cc06b09063de85b160c12a5c3a5468c11
 2023-03-21 20:00:00 +08:00
Dai Li
518a025694 Merge "dma-heap: add dsp heap" into udc-dev am: b66e27f987 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21914488

Change-Id: I32b240372f25f8ae7546daa98acadd09b96562c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-15 01:22:27 +00:00