Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
425 commits 1 branch 0 tags 4 MiB
Commit graph

175 commits

Author SHA1 Message Date
Kuen-Han Tsai
01658d880d Merge "Set SEPolicy for the disable_contaminant_detection script" into main 2024-02-06 08:34:52 +00:00
Wiwit Rifa'i
bf3e95edb1 Allow binder call from servicemanager to composer 
This will fix below avc denial:

type=1400 audit(0.0:4): avc:  denied  { call } for
comm="servicemanager" scontext=u:r:servicemanager:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0

Bug: 323761837
Bug: 315497129
Test: verify this avc denial doesn't appear
Change-Id: I76d7ea9e52e7140a715e375142abd904be8fa6ce
 2024-02-05 15:40:17 +08:00
Treehugger Robot
ad3761f873 Merge changes from topic "threadbt_se_policy" into main 
* changes:
  Grant Thread HAL service to access BT HAL folder
  Grant BT HAL to access socket file
 2024-02-05 03:31:48 +00:00
shihchienc
ed3ca1e266 Grant Thread HAL service to access BT HAL folder 
02-02 14:36:00.660  2378  2378 I android.hardwar: type=1400 audit(0.0:15): avc:  denied  { read } for  name="bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
02-02 14:36:00.660  2378  2378 I android.hardwar: type=1400 audit(0.0:16): avc:  denied  { watch } for  path="/data/vendor/bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
02-02 14:36:02.664  2378  2378 I android.hardwar: type=1400 audit(0.0:17): avc:  denied  { search } for  name="bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:30): avc:  denied  { getattr } for  path="/data/vendor/bluetooth/thread_dispatcher_socket" dev="dm-53" ino=46090 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=sock_file permissive=1
02-02 14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:31): avc:  denied  { write } for  name="thread_dispatcher_socket" dev="dm-53" ino=46090 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=sock_file permissive=1
02-02 14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:32): avc:  denied  { connectto } for  path="/data/vendor/bluetooth/thread_dispatcher_socket" scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=unix_stream_socket permissive=1

Bug: 318594282
Test: reboot and open bluetooth
Change-Id: Ia63ed27b732eafa2e0aa3311fc7cea9c77e7b50c
 2024-02-04 23:00:54 +00:00
Kuen-Han Tsai
25748e9d93 Set SEPolicy for the disable_contaminant_detection script 
This patch ports Zuma project SEPolicy and corrects the platform device
name.

init    : Command 'exec /vendor/bin/hw/disable_contaminant_detection.sh'
action=vendor.usb.contaminantdisable=true (/vendor/etc/init/hw/
init.zumapro.usb.rc:288) took 5ms and failed: Could not start exec
service: File /vendor/bin/hw/disable_contaminant_detection.sh(labeled
"u:object_r:vendor_file:s0") has incorrect label or no domain transition
from u:r:init:s0 to another SELinux domain defined. Have you configured
your service correctly?
https://source.android.com/security/selinux/device-policy#
label_new_services_and_address_denials. Note: this error shows up even
in permissive mode in order to make auditing denials possible.

Bug: 295127978
Test: manual test
Change-Id: I4269127f0101250615aad9218a9e2684579a653b
Signed-off-by: Kuen-Han Tsai <khtsai@google.com>
 2024-02-02 18:07:36 +08:00
Wiwit Rifa'i
24ad0c2d7f Allow binder calls between composer and powerstats 
This will fix some avc denials:

* SELinux : avc:  denied  { find } for pid=508 uid=1000
name=power.stats-vendor scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_power_stats_vendor_service:s0
tclass=service_manager permissive=0

* binder:501_1: type=1400 audit(0.0:30): avc:  denied  { call } for
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0

* android.hardwar: type=1400 audit(0.0:10): avc:  denied  { call }
for  scontext=u:r:hal_power_stats_default:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0

Bug: 315497129
Test: check no avc denied between composer & powerstats
Change-Id: I6033e088d5706a0d2a6f942f983a05e6148764a9
 2024-02-01 09:13:27 +08:00
Wiwit Rifa'i
19a720dbe0 Move hal_graphics_composer_default from legacy to vendor 
Bug: 315497129
Test: boot to home
Change-Id: I7408333a5a43a49045b66d697c71bdc89af25ff0
 2024-02-01 09:06:57 +08:00
Treehugger Robot
a886395f0e Merge "sepolicy: allow hal_power_stats to read sysfs_display" into main 2024-01-24 06:03:41 +00:00
shihchienc
a94e372811 Grant BT HAL to access socket file 
Bug: 318594713
Test: manual
Change-Id: Iba93dcd9543366e89c40bc8d0ca58dfdd69ee141
 2024-01-24 02:47:36 +00:00
Chungro Lee
76d4aef727 google_battery: support BC79 firmware update 
Bug: 319306735
Test: override flags via turboapp
Change-Id: I7f81574e09534052f870f0bedd1cd412485211f0
Signed-off-by: Chungro Lee <chungro@google.com>
 2024-01-23 18:48:23 +00:00
Darren Hsu
16453defb3 sepolicy: allow hal_power_stats to read sysfs_display 
avc:  denied  { read } for  name="available_disp_stats"
dev="sysfs" ino=76162 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 321871433
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I84e3a561f60bec7f75c14359dc0a31216590a335
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2024-01-23 17:42:11 +08:00
Treehugger Robot
52ef38dcf1 Merge "fingerprint: fix SELinux denials" into main 2024-01-18 17:31:31 +00:00
chenkris
e01b41b519 fingerprint: fix SELinux denials 
Fix following AVC denials:
1. SELinux : avc:  denied  { find } for interface=vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon sid=u:r:hal_fingerprint_default:s0 pid=2948 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 315737323
Test: boot with no relevant error
Change-Id: I9f32e2bc771c5bfd8ebf26344342b8813f0b4930
 2024-01-18 02:12:10 +00:00
yixuanjiang
86b073086f aoc: add sysfs file entry 
Test: Local
Bug: 314719343
Change-Id: I31e08e4f86b075f52b1483c17405074928b26f70
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
 2024-01-17 18:12:27 +08:00
Angela Wu
365355875e Merge "Set up zumapro selinux policy for /dev/video12 access for hardware JPG encoder. (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea768217f5f8f2ab32a3f76b4329378c5731aa24)" into main 2024-01-15 03:20:02 +00:00
Angela Wu
0b7ef4e53b Set up zumapro selinux policy for /dev/video12 access for hardware JPG encoder. 
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea768217f5f8f2ab32a3f76b4329378c5731aa24)

Bug: b/296330134
Test: https://android-build.corp.google.com/builds/abtd/run/L22000030001255046

Change-Id: I03d99401f5444e5a42e570a039c4838f1141bec9
 2024-01-15 02:27:34 +00:00
Allen Xu
3bfc494565 Merge "Update sepolicy for ConnectivityMonitor" into main 2024-01-12 18:52:11 +00:00
Wilson Sung
c9400f0dbb Add wakeup node 
Bug: 319737316
Test: make sepolicy
Change-Id: I4ca5aa9a5ff7b9b58e220fba01cfcbf283cc25c5
 2024-01-12 03:22:31 +00:00
Allen Xu
1e31efbc3a Update sepolicy for ConnectivityMonitor 
Bug: 307468771
Test: v2/pixel-health-guard/device-boot-health-check-extra
Change-Id: I08caf6a8e48118151df72ad883490551af0c464c
 2024-01-11 20:18:20 +00:00
Ken Yang
3bbde83710 selinux: label wakeup for BMS I2C 0x36, 0x69 
Bug: 319035561
Change-Id: Id82f3fd351190102c87ff2a8c16d56a581a6e45d
Signed-off-by: Ken Yang <yangken@google.com>
 2024-01-10 07:30:15 +00:00
Treehugger Robot
e15179f322 Merge "Label and sort wakeup nodes" into main 2024-01-10 06:45:17 +00:00
Mahesh Kallelil
e51f8b7f0e Merge "Allow dump_modem to read logbuffer and wakeup events" into main 2024-01-09 03:03:24 +00:00
Wilson Sung
337ca68313 Label and sort wakeup nodes 
Bug: 318032188
Test: make sepolicy
Change-Id: I8dfa35034657ff98957373818e98b5bf836e7a4b
 2024-01-08 17:33:12 +08:00
Mahesh Kallelil
6285ad387d Allow dump_modem to read logbuffer and wakeup events 
Updating sepolicy for dump_modem to read /dev/logbuffer_cpif. This is
required as part of bugreport.

Test: Tested bugreport on device
Bug: 318949647
Change-Id: Ica70258200432633681b8d222a56c21aac427d86
Signed-off-by: Mahesh Kallelil <kallelil@google.com>
 2024-01-06 09:59:26 -08:00
guibing
e417775b17 zumapro: sepolicy: remove power hal denial tracker. 
Remove the power hal denial tracker.
Add the missing devfreq related configuration.

Bug: 307468758
Test: Power hal works without related avc errors.
Change-Id: I038bc7701deeada4d70ef2ed17d5db64ba5b4d03
 2024-01-05 21:58:20 +00:00
Hung-Yeh Lee
5a8206a8e4 sepolicy: add persist.vendor.primarydisplay. to vendor_display_prop 
Copy sepolicy from zuma to fix the following avc denied:
auditd  : type=1107 audit(0.0:11): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied  { set } for
property=persist.vendor.primarydisplay.op.peak_refresh_rate pid=510
uid=1000 gid=1003 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:vendor_default_prop:s0
tclass=property_service permissive=0'

Bug: 286063708
Bug: 286063029
Bug: 317754250
Test: Run VtsHalGraphicsComposer3_TargetTest
Change-Id: Ib5e83927ebebf05a640d127d9d11e94df101f224
 2024-01-03 11:58:04 +08:00
Wilson Sung
df88fd4e1c Add dc-main wakeup node 
Bug: 308381292
Test: boot-to-home
Change-Id: I0165b4afab3b62bf4fec4ce6864cc1e8c6fc841a
 2023-12-27 16:42:52 +08:00
Wilson Sung
8345799166 Add kernel vendor_fw_file dir read permission 
Fix: 288049349
Change-Id: I76751deb04e5b6a4362917c76764cddc74d0f76d
 2023-12-27 10:41:21 +08:00
Wilson Sung
2b70f82f1d Move kernel from legacy to vendor 
Bug: 312143882
Test: make sepolicy
Change-Id: I01b192c7d60cda8e52f6a3fffd5e0dec7a660172
 2023-12-27 10:40:47 +08:00
Treehugger Robot
594a751d77 Merge "label Extcon files" into main 2023-12-26 23:17:40 +00:00
Wilson Sung
744d309e44 Add wakeup node 
Fix: 308381292
Test: make sepolicy
Change-Id: I32a45a3b862ffbe9f53f88ca97bdad52e5678931
 2023-12-26 17:38:34 +00:00
Wilson Sung
d6744d5856 label Extcon files 
Fix: 317753346
Test: Boot with target files labeled correctly
Change-Id: I9941ec615c21a16f2235b6abfd8b3e62a0d913b2
 2023-12-26 18:26:15 +08:00
Lei Ju
df72029b33 [zumapro] Remove duplicated file context settings for chre HAL 
Bug: 248615564
Test: compilation
Change-Id: If21138ee1f85e1832ff3bf9a6d8dc16206f3b0ed
 2023-12-20 16:46:33 -08:00
Treehugger Robot
e7795ba5ad Merge "hal_usb_impl: allow fwk_stats_service" into main 2023-12-20 06:05:25 +00:00
Chien Kun Niu
14ca9862d2 hal_usb_impl: allow fwk_stats_service 
12-18 11:12:58.401   443   443 I auditd  : avc:  denied  { find } for
pid=865 uid=1000 name=android.frameworks.stats.IStats/default
scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:fwk_stats_service:s0
tclass=service_manager permissive=0

Bug: 316989074
Change-Id: I74867901f513926379cd2ba35140a5ccb582467f
Signed-off-by: Chien Kun Niu <rickyniu@google.com>
 2023-12-20 11:22:42 +08:00
Zheng Pan
65e8b1c4df Merge "Revert "Move kernel from legacy to vendor"" into main 2023-12-20 02:44:25 +00:00
Zheng Pan
58f2081f97 Revert "Move kernel from legacy to vendor" 
This reverts commit cbfa33fd92.

Reason for revert: b/317131577

Change-Id: Iafd9dc574c59f627b049ad7a955173d562d1444e
 2023-12-20 02:32:04 +00:00
Treehugger Robot
ab36ea0ced Merge "Move kernel from legacy to vendor" into main 2023-12-18 23:22:26 +00:00
Treehugger Robot
b5908f969a Merge "sepolicy: allow hal_power_stats to read sysfs_edgetpu" into main 2023-12-18 10:41:05 +00:00
Darren Hsu
38c42d88ac sepolicy: allow hal_power_stats to read sysfs_edgetpu 
Bug: 316238807
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I5b146cf8bf6fc7b6d135a38a568b016d1e125f2a
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2023-12-18 18:00:06 +08:00
Wilson Sung
cbfa33fd92 Move kernel from legacy to vendor 
Bug: 312143882
Test: make sepolicy
Change-Id: I2ceb675b124aeeca2d94dd9c6095f0026df5a4bf
 2023-12-18 07:56:26 +00:00
Wilson Sung
3d57d2da26 Enforce vendor_init and allow tee and display access 
Fix: 307468733
Fix: 308381748
Fix: 312372803
Test: make selinux_policy
Change-Id: Ic9c987e34bf8337e9a743371a00fd910442fab10
 2023-12-18 04:42:33 +00:00
KRIS CHEN
7d98399d40 Merge "fingerprint: fix SELinux denials" into main 2023-12-18 03:27:57 +00:00
chenkris
a7c90de740 fingerprint: fix SELinux denials 
Fix following AVC denials:
1. Could not enable service: File /vendor/bin/hw/android.hardware.biometrics.fingerprint-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined
2. Could not start service 'vendor.fps_hal' as part of class 'late_start': File /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.
3. avc:  denied  { ioctl } for  path="/dev/goodix_fp" dev="tmpfs" ino=1499 ioctlcmd=0x6701 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Bug: 315737323
Test: boot with no relevant error
Change-Id: Ideeac108b8470232a258254437086451550fcc8d
 2023-12-15 07:58:49 +00:00
Wilson Sung
8f63998c24 Merge "Move dump_gsa to vendor" into main 2023-12-14 03:57:13 +00:00
Treehugger Robot
c4e14e8ffa Merge "Add insmod-sh policy" into main 2023-12-08 01:09:35 +00:00
Treehugger Robot
3b47e80f3a Merge "Suppress avc error log on debugfs's usb folder." into main 2023-12-07 06:46:35 +00:00
Wilson Sung
bf85d96523 Add insmod-sh policy 
Fix: 307468923
Fix: 312372936
Test: make selinux_policy
Change-Id: Icd42c4a74b44b7e593dc7c0598f3d23c3f251a2c
 2023-12-07 04:52:04 +00:00
Treehugger Robot
9c9376de63 Merge "Remove dump_wlan" into main 2023-12-06 23:09:15 +00:00
David Drysdale
ff861c8ab7 Merge "Add Secretkeeper HAL" into main 2023-12-06 10:21:03 +00:00