Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
761 commits 1 branch 0 tags 4 MiB
Commit graph

761 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nina Chen
1ded01dd86 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 369475712
Flag: EXEMPT NDK
Change-Id: Ib2752c70f24cd0ea35b13836556dc634d2721413
 2024-09-25 06:30:45 +00:00
Tej Singh
0507349a4b Make android.framework.stats-v2-ndk app reachable 
For libedgetpu

Test: TH
Bug: 354763040
Flag: EXEMPT bugfix
Change-Id: Id4f43ba150bd476426ace22c7d866ee87d5777a0
 2024-09-20 21:41:23 -07:00
Treehugger Robot
a1a07140ce Merge "Update SELinux error" into main 2024-09-20 10:12:17 +00:00
chenkris
ab3bd433f8 Allow fingerprint to access /dev/fth_fd 
Fix the following avc denial:
avc:  denied  { open } for  path="/dev/fth_fd" dev="tmpfs" ino=1575 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Bug: 368517769
Test: enroll and authenticate fingerprint.
Change-Id: I46e59d0fb4526586ce6e95e1d715b22e08b4347d
 2024-09-20 09:15:44 +00:00
Nina Chen
2a4cb7b0a3 Update SELinux error 
Test: scanBugreport
Bug: 368188020
Test: scanAvcDeniedLogRightAfterReboot
Bug: 368187536
Flag: EXEMPT NDK
Change-Id: I0cb8cf650332bf2d518871f87c2175a4f3a20678
 2024-09-19 04:07:52 +00:00
Prochin Wang
90453768c7 Change vendor_fingerprint_prop to vendor_restricted_prop 
This is to allow the fingerprint HAL to access the property.

Bug: 366105474
Flag: build.RELEASE_PIXEL_BOOST_DATALAYER_PSA_ENABLED
Test: mm
Change-Id: Iba81a714af741edabdb587d8e5f9d6060dd133c5
 2024-09-16 02:12:26 +00:00
Nina Chen
2c4cebf4d5 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 366116096
Change-Id: I202f9031b89dbfbbce9d7fda6f8f50120df1698f
 2024-09-12 14:24:29 +08:00
Neo Yu
696b8a5777 Merge "Move sepolicy about hal_radioext_default to gs-common" into main 2024-09-06 01:41:13 +00:00
Wilson Sung
42fee8809a Move euiccpixel_app to vendor 
Bug: 312143882
Test: make selinux_policy
Flag: EXEMPT sepolicy refactor
Change-Id: I0f6ac76860c90b8022a85cafb80350a708d278c1
 2024-09-04 15:10:03 +00:00
Treehugger Robot
c5a02b45d4 Merge "Allow systemui_app to set 'debug.tracing.desktop_mode_visible_tasks' system property" into main 2024-09-04 12:20:22 +00:00
Ben Murdoch
88ed5f562f Allow systemui_app to set 'debug.tracing.desktop_mode_visible_tasks' system property 
See also: Iad8dc7a66765856ee7affb707f2dba6c1bbfbf49

Bug: 363893429
Flag: EXEMPT, SEPolicy
Test: Verified on device.
Change-Id: I6c68f97a7d42e635cadd2380cce7c64e812c1ffd
 2024-09-04 09:39:13 +00:00
Randall Huang
21194d2dc3 storage: move storage related device type to common folder 
Bug: 364225000
Test: forrest build
Change-Id: I3fb2a9a46d00ac27931ee8c1ad7b3ceef0920cdb
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-04 10:44:29 +08:00
Attis Chen
2f8ab31157 Merge "Label sysfs node power_mode as sysfs_display." into main 2024-09-02 04:54:18 +00:00
Neo Yu
d5626145f3 Move sepolicy about hal_radioext_default to gs-common 
Bug: 363665676
Test: verify with test roms
Flag: EXEMPT sepolicy refactor
Change-Id: I618742012138123329ae47c05c958e77f5573956
 2024-09-01 14:25:00 +08:00
Nattharat Jariyanuntanaet
11c0bf5839 Merge "Update sepolicy for nfc antenna selftest values" into main 2024-08-30 05:06:06 +00:00
KRIS CHEN
e1c773a1e5 Merge "Allow fingerprint to access sysfs_lhbm" into main 2024-08-29 08:40:44 +00:00
chenkris
dbc540c147 Allow fingerprint to access sysfs_lhbm 
Fix following avc denail:
android.hardwar: type=1400 audit(0.0:17): avc:  denied  { write } for  name="local_hbm_delay_frames" dev="sysfs" ino=83619 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=0

Bug: 362149568
Test: enroll and authenticate fingerprint
Change-Id: I8c4b18b39fa5c391e9773c7780afe9e0de16e2a9
 2024-08-29 05:08:49 +00:00
Wilson Sung
b5d284c3b5 Update SELinux error 
Test: scanBugreport
Bug: 361726331
Flag: EXEMPT bugFix
Change-Id: Ib42816834dbb8258d5528a1c885a9a0945fe82d1
 2024-08-23 09:49:29 +00:00
Nattharat Jariyanuntanaet
4599e2be44 Update sepolicy for nfc antenna selftest values 
Allow persist.vendor.nfc.antenna. to be vendor public values for the NFC
companion app to access

avc:  denied  { read } for  name="u:object_r:vendor_nfc_antenna_prop:s0" dev="tmpfs" ino=414 scontext=u:r:untrusted_app:s0:c79,c257,c512,c768 tcontext=u:object_r:vendor_nfc_antenna_prop:s0 tclass=file permissive=0 app=com.google.android.apps.internal.nfcassistancetool

Bug: 361050657
Test: m selinux_policy
Flag: NONE add permission
Change-Id: I0e7c3580e4df332fa3d14c939eb5e588f7600601
 2024-08-23 02:42:23 +00:00
Joen Chen
e584e43da5 Merge "Label frame_interval and expected_present_time as sysfs_display" into main 2024-08-19 04:53:58 +00:00
Xiaofan Jiang
69e2169248 Merge "Revert^2 "modem_svc: update sepolicy for UMI"" into main 2024-08-15 20:44:27 +00:00
Xiaofan Jiang
5e80ce8f29 Revert^2 "modem_svc: update sepolicy for UMI" 
4cc3948d52

Change-Id: I54b2b463cc98b900eb3c82d8af65efb4e3b43365
 2024-08-15 19:26:21 +00:00
Priyanka Advani (xWF)
e8c57a7c6a Merge "Revert "modem_svc: update sepolicy for UMI"" into main 2024-08-15 18:30:35 +00:00
Priyanka Advani (xWF)
4cc3948d52 Revert "modem_svc: update sepolicy for UMI" 
Revert submission 28762313

Reason for revert: Droidmonitor created revert due to b/360059249.

Reverted changes: /q/submissionid:28762313

Change-Id: I6f4407caef36b9d86f9f5246900eb30b45504da3
 2024-08-15 16:16:12 +00:00
Wilson Sung
36d0a8ffc8 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 360060705
Test: scanBugreport
Bug: 360060680
Test: scanAvcDeniedLogRightAfterReboot
Bug: 360060705
Flag: EXEMPT bugFix
Change-Id: Ia71aabae1c8bb6ad8b6d9cbeb925821c2612e116
 2024-08-15 09:25:37 +00:00
Xiaofan Jiang
cf6aa47742 Merge "modem_svc: update sepolicy for UMI" into main 2024-08-15 04:01:13 +00:00
Xiaofan Jiang
c765607120 modem_svc: update sepolicy for UMI 
Bug: 357139752

[   68.189198] type=1400 audit(1722986580.568:59): avc:  denied  { unlink } for  comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { create } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1

Flag: EXEMPT sepolicy

Change-Id: Ifb8acf20628b5c4c72c1c429216dcfac9d0eda27
 2024-08-15 03:52:58 +00:00
Treehugger Robot
1e60b2a664 Merge "fix bipchmgr sepolicy" into main 2024-08-14 02:28:12 +00:00
Tim Lin
89db879e0a fix bipchmgr sepolicy 
08-13 17:12:29.544   410   410 I auditd  : type=1400 audit(0.0:4): avc:  denied  { call } for  comm="servicemanager" scontext=u:r:servicemanager:s0 tcontext=u:r:bipchmgr:s0 tclass=binder permissive=0

Bug: 359428163
Change-Id: I49d9b02b0913b36a1cea7cf05ff2b61bee1d551f
Test: SELinuxUncheckedDenialBootTest
Flag: EXEMPT bugfix
 2024-08-13 14:27:46 +00:00
attis
99c09bbbba Label sysfs node power_mode as sysfs_display. 
Label power_mode to sysfs_panel to let it be allowed in dumpstate.

avc log:
08-07 18:44:42.192 21635 21635 W dump_display: type=1400 audit(0.0:30): avc:  denied  { read } for  name="power_mode" dev="sysfs" ino=83607 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/322917055

Test: ls -Z, adb bugreport.
Flag: EXEMPT bugfix
Bug: 358505990
Change-Id: I4aa8c13e7fb875e67457a15ea32caaf2ce422039
Signed-off-by: attis <attis@google.com>
 2024-08-12 10:53:54 +00:00
Joen Chen
e8d646b5e6 Label frame_interval and expected_present_time as sysfs_display 
Bug: 330392550
Flag: EXEMPT bugfix
Test: Check the files label by "adb shell ls -Z"
Change-Id: Iaf8a32671bce035f5c82bd1b34b81c433638ac39
 2024-08-12 06:37:33 +00:00
mikeyuewang
2ce93afc02 Grant the MDS assess the OemRil service AIDL interface. 
avc deny:
avc:  denied  { find } for pid=12125 uid=10269 name=vendor.samsung_slsi.telephony.hardware.radioExternal.IOemSlsiRadioExternal/default scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:hal_vendor_radio_external_service:s0 tclass=service_manager permissive=0
2024-08-09 19:48:22.634 12125-12138 ServiceManager          com.google.mds                       E

Bug: 357488411
Change-Id: I0d1381a7f63679880cdeffe5fe982007691d86fe
 2024-08-09 19:49:15 +00:00
Donnie Pollitz
cb18bb48d5 trusty: Allow linking/read tdp and td 
Background:
* storageproxyd needs to be able to create and read symlinks associated
  with TDP and TD.

08-07 08:13:44.868   750   750 W binder:750_2: type=1400 audit(0.0:18): avc:  denied  { create } for  name="0" scontext=u:r:tee:s0 tcontext=u:object_r:persist_ss_file:s0 tclass=lnk_file permissive=0
08-07 07:35:19.396   755   755 W binder:755_2: type=1400 audit(0.0:7): avc:  denied  { read } for  name="0" dev="sda1" ino=15 scontext=u:r:tee:s0 tcontext=u:object_r:persist_ss_file:s0 tclass=lnk_file permissive=0
08-07 08:34:24.956   742   742 W binder:742_2: type=1400 audit(0.0:8): avc:  denied  { read } for  name="persist" dev="dm-52" ino=406 scontext=u:r:tee:s0 tcontext=u:object_r:tee_data_file:s0 tclass=lnk_file permissive=0

Flag: EXEMPT resource only update
Bug: 357815590
Test: Tested by purging device and verifying fresh device
Change-Id: Ib239534bfb28d05de14095e84961ff0f84cde68d
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
 2024-08-07 08:41:32 +00:00
Treehugger Robot
cae1a2aba4 Merge "allow power hal to access vendor_mm files" into main 2024-08-05 02:55:04 +00:00
Gil Liu
b356ac167e Merge "add hal_graphics_composer to access thermal temperature" into main 2024-07-29 06:10:28 +00:00
Manali Bhutiyani
156e14bb70 Merge "DisplayPort Stats: add sysfs access permission on Zumapro devices" into main 2024-07-26 03:45:52 +00:00
Mike Wang
4bd4705847 Merge "Add the selinux policy to allow the gril get/set vendor log properties." into main 2024-07-26 01:15:34 +00:00
Carlos Rodriguez
dd5b70f378 DisplayPort Stats: add sysfs access permission on Zumapro devices 
07-25 14:13:16.736  5784  5784 W pixelstats-vend: type=1400 audit(0.0:21): avc:  denied  { read } for  name="fec_dsc_supported" dev="sysfs" ino=82516 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
07-25 14:13:16.736  5784  5784 W pixelstats-vend: type=1400 audit(0.0:22): avc:  denied  { read } for  name="fec_dsc_not_supported" dev="sysfs" ino=82517 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
07-25 14:13:16.736  5784  5784 W pixelstats-vend: type=1400 audit(0.0:23): avc:  denied  { read } for  name="max_res_other" dev="sysfs" ino=82515 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
07-25 14:13:16.736  5784  5784 W pixelstats-vend: type=1400 audit(0.0:24): avc:  denied  { read } for  name="max_res_1366_768" dev="sysfs" ino=82505 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 343602691
Bug: 317486088

Flag: EXEMPT bugfix
Test: Android built and flashed and error is gone
Change-Id: I594536581ea468d40c9153bdc1bdd6b1ab7282fd
 2024-07-25 21:14:55 +00:00
Daniel Chapin
fa8775c3d7 Merge "Revert "trusty: storageproxy: add fs_ready_rw property context"" into main 2024-07-24 21:48:56 +00:00
Daniel Chapin
c4ee95638e Revert "trusty: storageproxy: add fs_ready_rw property context" 
Revert submission 28318041-rw_storage

Reason for revert: Droidfood blocking bug b/355163562

Reverted changes: /q/submissionid:28318041-rw_storage

Change-Id: I288409c06c81b9e4be8f5af40f0afdc37e7f091e
 2024-07-24 20:17:39 +00:00
Mike McTernan
b03ccb29e1 Merge "trusty: storageproxy: add fs_ready_rw property context" into main 2024-07-23 10:02:28 +00:00
Spade Lee
1e8d564ca2 Merge "sepolicy: removes dump_power tracking denial" into main 2024-07-23 03:18:19 +00:00
gilliu
4c189644a9 add hal_graphics_composer to access thermal temperature 
type=1400 audit(0.0:77): avc:  denied  { search } for  name="thermal"
dev="tmpfs" ino=1618 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=0

type=1400 audit(0.0:74): avc:  denied  { search } for  name="thermal"
dev="sysfs" ino=21594 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0

type=1400 audit(0.0:74): avc:  denied  { read } for  name="temp"
dev="sysfs" ino=73536 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0

type=1400 audit(0.0:74): avc:  denied  { getattr } for
path="/sys/devices/virtual/thermal/thermal_zone12/temp" dev="sysfs"
ino=73537 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0

Bug: 340846691
Test: check no avc pattern on logcat from test image
Flag: NONE add permission
Change-Id: I0f327b98e32627e00be4cc0d0a99be39d1ec3bf2
 2024-07-22 12:18:58 +00:00
Spade Lee
8d61b53a50 sepolicy: removes dump_power tracking denial 
avc:  denied  { read } for  name="maxfg_history" dev="tmpfs" ino=1144 scontext=u:r:dump_power:s0 tcontext=u:object_r:battery_history_device:s0 tclass=chr_file permissive=0

Bug: 353418158
Test: atest-dev com.google.android.selinux.pts.SELinuxTest#scanBugreport => PASS
Flag: EXEMPT bugfix
Change-Id: Ie71eb273915eca6b38281a5f7a8a2b8a6bdcf4c8
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-07-18 10:19:43 +00:00
mikeyuewang
27b55923fb Add the selinux policy to allow the gril get/set vendor log properties. 
avc logs:
2024-07-17 06:00:41.024 8674-8674 binder:8674_1 com.google.android.grilservice W type=1400 audit(0.0:96): avc: denied { read } for name="u:object_r:vendor_logger_prop:s0" dev="tmpfs" ino=416 scontext=u:r:grilservice_app:s0:c238,c256,c512,c768 tcontext=u:object_r:vendor_logger_prop:s0 tclass=file permissive=0 app=com.google.android.grilservice
2024-07-17 06:00:41.024 8674-8674 binder:8674_1 com.google.android.grilservice W type=1400 audit(0.0:97): avc: denied { read } for name="u:object_r:vendor_modem_prop:s0" dev="tmpfs" ino=418 scontext=u:r:grilservice_app:s0:c238,c256,c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=file permissive=0 app=com.google.android.grilservice
2024-07-17 06:00:49.592 8674-8674 binder:8674_1 com.google.android.grilservice W type=1400 audit(0.0:99): avc: denied { write } for name="property_service" dev="tmpfs" ino=861 scontext=u:r:grilservice_app:s0:c238,c256,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 app=com.google.android.grilservice

2024-07-17 16:46:54.748 1-1 /system/bin/init init I type=1107 audit(0.0:103): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.verbose_logging_enabled pid=2152 uid=10238 gid=10238 scontext=u:r:grilservice_app:s0:c238,c256,c512,c768 tcontext=u:object_r:vendor_logger_prop:s0 tclass=property_service permissive=1'
2024-07-17 16:49:33.256 1-1 /system/bin/init init I type=1107 audit(0.0:116): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.modem.extensive_logging_enabled pid=2152 uid=10238 gid=10238 scontext=u:r:grilservice_app:s0:c238,c256,c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=property_service permissive=1'

Bug: 293947661

Change-Id: I4c7076c9b948c8bf99a71445b4632dcd0bcb3b0b
 2024-07-17 20:24:56 +00:00
Munikrishna J
05fdf378c0 Merge "sepolicy: add rules for using aidl from GRIL Service" into main 2024-07-17 10:33:57 +00:00
Munikrishna
5ca93e9b6c sepolicy: add rules for using aidl from GRIL Service 
allow to find hal_vendor_radio_external_service

Enable AIDL for V requirement

AVC log in b/352465089#comment1

Flag: EXEMPT HAL interface change
Bug: 341750446
Test: Physical device with atest GoogleRilServiceUnitTests
Test: Physical device VoLTE,VoWiFi Call with handover verification on HIDL and AIDL.
Test: Physical device RIL crash, modem crash HIDL/AIDL VoLTE,VoWiFi verification.
Change-Id: I800a69d9fed026c340c2b3b935feac0e0eb38c1d
 2024-07-17 05:54:45 +00:00
Wilson Sung
19c65ba48e Merge "Update SELinux error" into main 2024-07-17 04:31:22 +00:00
Roy Luo
71d51ce40a Merge "Add xhci-hcd-exynos.7 wakeup paths for suspend service" into main 2024-07-17 01:23:23 +00:00
Roy Luo
d1ad140faf Add xhci-hcd-exynos.7 wakeup paths for suspend service 
Bug: 334189230
Test: verified on device
Change-Id: I0adcbe0bb1aff8ff4442c16bb733603ad8c012cf
Signed-off-by: Roy Luo <royluo@google.com>
 2024-07-16 19:49:52 +00:00