This patch ports Zuma project SEPolicy and corrects the platform device
name.
init : Command 'exec /vendor/bin/hw/disable_contaminant_detection.sh'
action=vendor.usb.contaminantdisable=true (/vendor/etc/init/hw/
init.zumapro.usb.rc:288) took 5ms and failed: Could not start exec
service: File /vendor/bin/hw/disable_contaminant_detection.sh(labeled
"u:object_r:vendor_file:s0") has incorrect label or no domain transition
from u:r:init:s0 to another SELinux domain defined. Have you configured
your service correctly?
https://source.android.com/security/selinux/device-policy#
label_new_services_and_address_denials. Note: this error shows up even
in permissive mode in order to make auditing denials possible.
Bug: 295127978
Test: manual test
Change-Id: I4269127f0101250615aad9218a9e2684579a653b
Signed-off-by: Kuen-Han Tsai <khtsai@google.com>
Updating sepolicy for dump_modem to read /dev/logbuffer_cpif. This is
required as part of bugreport.
Test: Tested bugreport on device
Bug: 318949647
Change-Id: Ica70258200432633681b8d222a56c21aac427d86
Signed-off-by: Mahesh Kallelil <kallelil@google.com>
Fix following AVC denials:
1. Could not enable service: File /vendor/bin/hw/android.hardware.biometrics.fingerprint-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined
2. Could not start service 'vendor.fps_hal' as part of class 'late_start': File /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.
3. avc: denied { ioctl } for path="/dev/goodix_fp" dev="tmpfs" ino=1499 ioctlcmd=0x6701 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
Bug: 315737323
Test: boot with no relevant error
Change-Id: Ideeac108b8470232a258254437086451550fcc8d
Move hal_usb_impl and hal_usb_gadget_impl to right space
Bug: 310816620
Change-Id: I04d3710dd7f4e52b204f537de73d18a1351a6836
Signed-off-by: Chien Kun Niu <rickyniu@google.com>
needed for copying the factory calib file from persist to
/data/vendor/uwb, along with converting the file to a valid format
for uwb HAL
Equivalent CL: ag/22980180
Bug: 296108382
Bug: 296108391
Test: local build passed
Change-Id: I576d21433e2d0b958ef876bd42c382dd2061796e
Signed-off-by: Hasan Awais <hasanawais@google.com>
Duplicate from zuma-sepolicy 7f3e2b9
Test: make selinux_policy
Bug: 296187211
Change-Id: If686fbdcf058849479019e8b37bb1d57a0215ed6
Signed-off-by: Wilson Sung <wilsonsung@google.com>
Add selinux rule to allow new V2 interface file alongside of V1 used up to r43p0.
The V1 entry will be removed once the r44p0 UMD update completes.
This decouples small changes from large, potentially intrusive ones in
other repositories.
Bug: 284254900
Change-Id: Ia928f871d8ea1fdbfb963cecb8fc4a99947e443e
fix build breakage:
device/google/zumapro-sepolicy/legacy/whitechapel_pro/file.te:4:ERROR 'Duplicate declaration of type' at token ';' on line 104436:
type tcpdump_vendor_data_file, file_type, data_file_type;
type updated_wifi_firmware_data_file, file_type, data_file_type;
Bug: 272725898
Change-Id: Ic17d18409c28760d172a4ee7a5beb6c90016a381
Mali driver (and codec HAL as well) require direct access to video
secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly
write blanket rules for all the scontext. So, we piggyback on
dmabuf_system_secure_heap_device to allow all scontext to be able to use
these device nodes.
This is just as secure as dmabuf_system_secure_heap_device in that case.
There is no additional security impact. An app can still use gralloc to
allocate buffers from these heaps and disallowing access to these heaps
to the intended users.
Bug: 278513588
Test: Trusting result of ag/22743596 (no zumapro device yet)
Change-Id: I2fd77e6694cdd4d1e51c9f01f4ae2b9f9670cea0
We will introduce it into gs-common
Bug: 276901078
Change-Id: I395e3ca45a3ad4aa346e56fd8746ffc70ae94107
Signed-off-by: Minchan Kim <minchan@google.com>
