Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
483 commits 1 branch 0 tags 4 MiB
Commit graph

207 commits

Author SHA1 Message Date
Martin Liu
8c4445390a allow vendor init to access percpu_pagelist_high_fraction 
Bug: 333838316
Test: boot
Change-Id: I4b29278c4a7be10609e0aaafe99603d4762f64b6
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-11 15:03:58 +00:00
Martin Liu
1270b7766d allow vendor init to access compaction_proactiveness 
Bug: 332916849
Test: boot
Change-Id: Id640b5ae489e003e9b3bad6054f415f3742832c5
Merged-In: Id640b5ae489e003e9b3bad6054f415f3742832c5
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-11 02:56:26 +00:00
Cheng Chang
a1d7364f1f Merge "sepolicy: sysfs to gnssif/wakeup node" into 24D1-dev 2024-04-10 03:28:56 +00:00
Treehugger Robot
8804ef12db Merge "display: low-light blocking zone support" into 24D1-dev 2024-04-04 02:46:42 +00:00
cweichun
0b6fd93f3e display: low-light blocking zone support 
Bug: 315876417
Test: verify the functionality works
Change-Id: I8de35ac0685c9b5b07385001479906a84901b347
 2024-04-02 15:25:43 +00:00
Cheng Chang
cdd424134a sepolicy: sysfs to gnssif/wakeup node 
avc:  denied  { read } for  comm="binder:459_2" name="wakeup2" dev="sysfs" ino=54040 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

Bug: 329334328
Test: abtd under b/329334328 device-boot-health-check-extra.
Test: boot and check logcat avc.
Change-Id: If0e95efee521d15928648d1042f87d02fd41c637
 2024-04-02 09:07:26 +00:00
Spade Lee
aac2240ca4 sepolicy: allow kernel to search vendor debugfs 
audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: Ib25cc13a329b40bebe87fab43e955e2e4395de9e
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-04-02 07:35:39 +00:00
Shiyong Li
a06f6749c8 Merge "Label te2_rate_hz and te2_option as sysfs_display" into 24D1-dev 2024-03-28 21:10:16 +00:00
Priyanka Advani
3f268ee8a9 Merge "Revert "sepolicy: Allow PixelGnss to connect to Chre HAL"" into 24D1-dev 2024-03-28 20:01:53 +00:00
Priyanka Advani
7299abaa81 Revert "sepolicy: Allow PixelGnss to connect to Chre HAL" 
Revert submission 26593083-lassen_pps

Reason for revert: Culprit for test breakages in b/331680556. Will be verifying through ABTD for confirmation and before submitting the revert.

Bug: b/331680556

Reverted changes: /q/submissionid:26593083-lassen_pps

Change-Id: I64487bc049ac7aa53b5bff461a033f70428ab6a9
 2024-03-28 19:54:08 +00:00
Chris Lu
2c3dc0c668 Label te2_rate_hz and te2_option as sysfs_display 
Bug: 307787644
Test: Check the files label: adb shell ls -Z
Change-Id: Iab036b86b6d0c28191212a3ac10be6ddb5dcbd2b
 2024-03-28 00:31:25 +00:00
WeiChungChang
c46f6cf333 display: create entity_name property 
HWC should designate the entity name 'Inner-Display'
for the primary display in cases of dual panels.

Bug: 329370514
Test: verify powerstats for dual panel devices
Change-Id: I284ff460709da6a8cb48a35bf2b805ea3d09c990
 2024-03-26 22:40:54 +00:00
Cheng Chang
3d57c4ee96 Merge "sepolicy: Allow PixelGnss to connect to Chre HAL" into 24D1-dev 2024-03-25 12:51:10 +00:00
Cheng Chang
79e12fe426 sepolicy: Allow PixelGnss to connect to Chre HAL 
avc:  denied  { call } for  scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0

Bug: 316227249
Test: Verify PixelGnss HAL can connect to Chre HAL.
Test: Function test verification b/330120749 without disable selinux.
Test: No avc error log in logcat.
Change-Id: I7f6a45cd80c7ccbba2af1a0d3f3d89f30267db00
 2024-03-25 06:59:51 +00:00
samou
8ff89c21d0 sepolicy: fix odpm scale value path 
Extend odpm sysfs path to cover the
different startup sequence.

Bug: 330815850
Change-Id: Ifd346f379b71c790e175e08e74398bae0c0417df
Signed-off-by: samou <samou@google.com>
 2024-03-22 10:38:08 +00:00
Zheng Pan
e29dd9a08b Merge "Move display properties from tracking_denials to vendor" into 24D1-dev 2024-03-11 21:04:14 +00:00
John Chang
46d2322311 Move display properties from tracking_denials to vendor 
Bug: 328001545
Test: Test MRR Version 2 is properly configured
Change-Id: Ib586398670b21bb88cd122647880149daa628d0d
 2024-03-08 16:32:30 +00:00
Yabin Cui
af6b895528 Add SOC specific ETE sysfs paths 
Bug: 321061072
Test: run profcollectd on device
Change-Id: I7eb39a5e9f586e36edd11679b0988af2ff6b986b
 2024-03-06 11:06:13 -08:00
Treehugger Robot
4d305706a5 Merge "add dsim wakeup labels" into main 2024-02-28 03:59:20 +00:00
Peter Lin
f88ffce8c7 add dsim wakeup labels 
Bug: 321733124
test: ls sys/devices/platform/19440000.drmdsim/19440000.drmdsim.0/wakeup -Z
Change-Id: I28bc16f23478131dfecf2ad61b306ce9ae1e2767
 2024-02-27 12:59:04 +00:00
Jack Wu
85aa1cb4b1 dontaudit on dir search for vendor_charger_debugfs 
Bug: 326869335
Test: make selinux_policy
Change-Id: I22623dd1c47a431233eb6666dbe37fa2d9aa73a3
Signed-off-by: Jack Wu <wjack@google.com>
 2024-02-26 21:10:51 +08:00
Treehugger Robot
4f275afd4e Merge "moving charger nodes to user build" into main 2024-02-21 02:01:55 +00:00
Treehugger Robot
35907c0769 Merge "dontaudit on dir search for vendor_votable_debugfs" into main 2024-02-21 01:55:49 +00:00
Darren Hsu
7b65b7fb2b sepolicy: allow hal_power_stats to read GPS files 
avc:  denied  { search } for  name="gps" dev="dm-49" ino=381
scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:vendor_gps_file:s0 tclass=dir permissive=0

Bug: 309876364
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I577443effaf8c3072e05c24025ec2c9ba63639b8
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2024-02-19 16:37:21 +08:00
Wilson Sung
0ae4d6f09e dontaudit on dir search for vendor_votable_debugfs 
Bug: 305880925
Bug: 310539058
Bug: 318033504
Test: make selinux_policy
Change-Id: I5e13370fe5430f3dfbf73ccff787986fbe80f9ea
 2024-02-19 14:58:56 +08:00
Ken Yang
7da489c7ad SELinux: fix SELinux denials 
devices/platform/108d0000.hsi2c/i2c-6/6-0066/max77779-pmic-irq.2.auto/wakeup/wakeup69

Bug: 325680852
Change-Id: I974c65bab46f3de3bdcacb42c67257d91a3ecf8a
Signed-off-by: Ken Yang <yangken@google.com>
 2024-02-19 04:21:12 +00:00
Treehugger Robot
bb48ecd1e2 Merge "Allow CccDkTimeSyncService to access bluetooth extension HAL" into main 2024-02-17 08:49:51 +00:00
Daniel Okazaki
7d46482f86 moving charger nodes to user build 
Bug: 323415060
Test: adb bugreport
Change-Id: I2f613d513b2c8a1eb5f52dbd6ba9f8381486a150
Signed-off-by: Daniel Okazaki <dtokazaki@google.com>
 2024-02-15 23:09:32 +00:00
Imo Umoren
a8ad4fb402 Merge "Add CHRE SELinux Permissions for Twoshay [Zuma Pro]" into main 2024-02-13 21:09:09 +00:00
Imo Richard Umoren
52fe3a2703 Add CHRE SELinux Permissions for Twoshay [Zuma Pro] 
Adds permissions for chre socket to SELinux policy.
Used for the Wallaby nanoapp.

Bug: b/324278826
Test: Manually tested on zuma pro devices
Change-Id: Ied113002ec0650607f657cc47d183635916ae83e
 2024-02-08 02:09:58 +00:00
Roy Luo
0e115d4d15 hal_usb_impl: Grant read permission to usb overheat files 
Carried over from WHI PRO setting.

Bug: 307583011
Test: no audit logs
Change-Id: Icdcf36ee739f009a1e87ecd346b6178d096079b9
 2024-02-07 05:19:37 +00:00
Kuen-Han Tsai
01658d880d Merge "Set SEPolicy for the disable_contaminant_detection script" into main 2024-02-06 08:34:52 +00:00
Wiwit Rifa'i
bf3e95edb1 Allow binder call from servicemanager to composer 
This will fix below avc denial:

type=1400 audit(0.0:4): avc:  denied  { call } for
comm="servicemanager" scontext=u:r:servicemanager:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0

Bug: 323761837
Bug: 315497129
Test: verify this avc denial doesn't appear
Change-Id: I76d7ea9e52e7140a715e375142abd904be8fa6ce
 2024-02-05 15:40:17 +08:00
Treehugger Robot
ad3761f873 Merge changes from topic "threadbt_se_policy" into main 
* changes:
  Grant Thread HAL service to access BT HAL folder
  Grant BT HAL to access socket file
 2024-02-05 03:31:48 +00:00
shihchienc
ed3ca1e266 Grant Thread HAL service to access BT HAL folder 
02-02 14:36:00.660  2378  2378 I android.hardwar: type=1400 audit(0.0:15): avc:  denied  { read } for  name="bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
02-02 14:36:00.660  2378  2378 I android.hardwar: type=1400 audit(0.0:16): avc:  denied  { watch } for  path="/data/vendor/bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
02-02 14:36:02.664  2378  2378 I android.hardwar: type=1400 audit(0.0:17): avc:  denied  { search } for  name="bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:30): avc:  denied  { getattr } for  path="/data/vendor/bluetooth/thread_dispatcher_socket" dev="dm-53" ino=46090 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=sock_file permissive=1
02-02 14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:31): avc:  denied  { write } for  name="thread_dispatcher_socket" dev="dm-53" ino=46090 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=sock_file permissive=1
02-02 14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:32): avc:  denied  { connectto } for  path="/data/vendor/bluetooth/thread_dispatcher_socket" scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=unix_stream_socket permissive=1

Bug: 318594282
Test: reboot and open bluetooth
Change-Id: Ia63ed27b732eafa2e0aa3311fc7cea9c77e7b50c
 2024-02-04 23:00:54 +00:00
Kuen-Han Tsai
25748e9d93 Set SEPolicy for the disable_contaminant_detection script 
This patch ports Zuma project SEPolicy and corrects the platform device
name.

init    : Command 'exec /vendor/bin/hw/disable_contaminant_detection.sh'
action=vendor.usb.contaminantdisable=true (/vendor/etc/init/hw/
init.zumapro.usb.rc:288) took 5ms and failed: Could not start exec
service: File /vendor/bin/hw/disable_contaminant_detection.sh(labeled
"u:object_r:vendor_file:s0") has incorrect label or no domain transition
from u:r:init:s0 to another SELinux domain defined. Have you configured
your service correctly?
https://source.android.com/security/selinux/device-policy#
label_new_services_and_address_denials. Note: this error shows up even
in permissive mode in order to make auditing denials possible.

Bug: 295127978
Test: manual test
Change-Id: I4269127f0101250615aad9218a9e2684579a653b
Signed-off-by: Kuen-Han Tsai <khtsai@google.com>
 2024-02-02 18:07:36 +08:00
Wiwit Rifa'i
24ad0c2d7f Allow binder calls between composer and powerstats 
This will fix some avc denials:

* SELinux : avc:  denied  { find } for pid=508 uid=1000
name=power.stats-vendor scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_power_stats_vendor_service:s0
tclass=service_manager permissive=0

* binder:501_1: type=1400 audit(0.0:30): avc:  denied  { call } for
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0

* android.hardwar: type=1400 audit(0.0:10): avc:  denied  { call }
for  scontext=u:r:hal_power_stats_default:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0

Bug: 315497129
Test: check no avc denied between composer & powerstats
Change-Id: I6033e088d5706a0d2a6f942f983a05e6148764a9
 2024-02-01 09:13:27 +08:00
Wiwit Rifa'i
19a720dbe0 Move hal_graphics_composer_default from legacy to vendor 
Bug: 315497129
Test: boot to home
Change-Id: I7408333a5a43a49045b66d697c71bdc89af25ff0
 2024-02-01 09:06:57 +08:00
Ted Wang
b867cabc87 Allow CccDkTimeSyncService to access bluetooth extension HAL 
Bug: 308381394
Test: build and check for avc denied
Change-Id: Ic602d3caf0b0cdfb1041d339e48d4671e7150d85
 2024-01-31 02:37:19 +00:00
Treehugger Robot
a886395f0e Merge "sepolicy: allow hal_power_stats to read sysfs_display" into main 2024-01-24 06:03:41 +00:00
shihchienc
a94e372811 Grant BT HAL to access socket file 
Bug: 318594713
Test: manual
Change-Id: Iba93dcd9543366e89c40bc8d0ca58dfdd69ee141
 2024-01-24 02:47:36 +00:00
Chungro Lee
76d4aef727 google_battery: support BC79 firmware update 
Bug: 319306735
Test: override flags via turboapp
Change-Id: I7f81574e09534052f870f0bedd1cd412485211f0
Signed-off-by: Chungro Lee <chungro@google.com>
 2024-01-23 18:48:23 +00:00
Darren Hsu
16453defb3 sepolicy: allow hal_power_stats to read sysfs_display 
avc:  denied  { read } for  name="available_disp_stats"
dev="sysfs" ino=76162 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 321871433
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I84e3a561f60bec7f75c14359dc0a31216590a335
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2024-01-23 17:42:11 +08:00
Treehugger Robot
52ef38dcf1 Merge "fingerprint: fix SELinux denials" into main 2024-01-18 17:31:31 +00:00
chenkris
e01b41b519 fingerprint: fix SELinux denials 
Fix following AVC denials:
1. SELinux : avc:  denied  { find } for interface=vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon sid=u:r:hal_fingerprint_default:s0 pid=2948 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 315737323
Test: boot with no relevant error
Change-Id: I9f32e2bc771c5bfd8ebf26344342b8813f0b4930
 2024-01-18 02:12:10 +00:00
yixuanjiang
86b073086f aoc: add sysfs file entry 
Test: Local
Bug: 314719343
Change-Id: I31e08e4f86b075f52b1483c17405074928b26f70
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
 2024-01-17 18:12:27 +08:00
Angela Wu
365355875e Merge "Set up zumapro selinux policy for /dev/video12 access for hardware JPG encoder. (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea768217f5f8f2ab32a3f76b4329378c5731aa24)" into main 2024-01-15 03:20:02 +00:00
Angela Wu
0b7ef4e53b Set up zumapro selinux policy for /dev/video12 access for hardware JPG encoder. 
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea768217f5f8f2ab32a3f76b4329378c5731aa24)

Bug: b/296330134
Test: https://android-build.corp.google.com/builds/abtd/run/L22000030001255046

Change-Id: I03d99401f5444e5a42e570a039c4838f1141bec9
 2024-01-15 02:27:34 +00:00
Allen Xu
3bfc494565 Merge "Update sepolicy for ConnectivityMonitor" into main 2024-01-12 18:52:11 +00:00
Wilson Sung
c9400f0dbb Add wakeup node 
Bug: 319737316
Test: make sepolicy
Change-Id: I4ca5aa9a5ff7b9b58e220fba01cfcbf283cc25c5
 2024-01-12 03:22:31 +00:00