Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
429 commits 1 branch 0 tags 4 MiB
Commit graph

429 commits

This branch
This branch
All branches
Author SHA1 Message Date
Peter Lin
f88ffce8c7 add dsim wakeup labels 
Bug: 321733124
test: ls sys/devices/platform/19440000.drmdsim/19440000.drmdsim.0/wakeup -Z
Change-Id: I28bc16f23478131dfecf2ad61b306ce9ae1e2767
 2024-02-27 12:59:04 +00:00
Imo Umoren
a8ad4fb402 Merge "Add CHRE SELinux Permissions for Twoshay [Zuma Pro]" into main 2024-02-13 21:09:09 +00:00
Imo Richard Umoren
52fe3a2703 Add CHRE SELinux Permissions for Twoshay [Zuma Pro] 
Adds permissions for chre socket to SELinux policy.
Used for the Wallaby nanoapp.

Bug: b/324278826
Test: Manually tested on zuma pro devices
Change-Id: Ied113002ec0650607f657cc47d183635916ae83e
 2024-02-08 02:09:58 +00:00
Roy Luo
0e115d4d15 hal_usb_impl: Grant read permission to usb overheat files 
Carried over from WHI PRO setting.

Bug: 307583011
Test: no audit logs
Change-Id: Icdcf36ee739f009a1e87ecd346b6178d096079b9
 2024-02-07 05:19:37 +00:00
Kuen-Han Tsai
01658d880d Merge "Set SEPolicy for the disable_contaminant_detection script" into main 2024-02-06 08:34:52 +00:00
Wiwit Rifa'i
bf3e95edb1 Allow binder call from servicemanager to composer 
This will fix below avc denial:

type=1400 audit(0.0:4): avc:  denied  { call } for
comm="servicemanager" scontext=u:r:servicemanager:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0

Bug: 323761837
Bug: 315497129
Test: verify this avc denial doesn't appear
Change-Id: I76d7ea9e52e7140a715e375142abd904be8fa6ce
 2024-02-05 15:40:17 +08:00
Treehugger Robot
ad3761f873 Merge changes from topic "threadbt_se_policy" into main 
* changes:
  Grant Thread HAL service to access BT HAL folder
  Grant BT HAL to access socket file
 2024-02-05 03:31:48 +00:00
shihchienc
ed3ca1e266 Grant Thread HAL service to access BT HAL folder 
02-02 14:36:00.660  2378  2378 I android.hardwar: type=1400 audit(0.0:15): avc:  denied  { read } for  name="bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
02-02 14:36:00.660  2378  2378 I android.hardwar: type=1400 audit(0.0:16): avc:  denied  { watch } for  path="/data/vendor/bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
02-02 14:36:02.664  2378  2378 I android.hardwar: type=1400 audit(0.0:17): avc:  denied  { search } for  name="bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:30): avc:  denied  { getattr } for  path="/data/vendor/bluetooth/thread_dispatcher_socket" dev="dm-53" ino=46090 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=sock_file permissive=1
02-02 14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:31): avc:  denied  { write } for  name="thread_dispatcher_socket" dev="dm-53" ino=46090 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=sock_file permissive=1
02-02 14:36:29.076  7627  7627 I android.hardwar: type=1400 audit(0.0:32): avc:  denied  { connectto } for  path="/data/vendor/bluetooth/thread_dispatcher_socket" scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=unix_stream_socket permissive=1

Bug: 318594282
Test: reboot and open bluetooth
Change-Id: Ia63ed27b732eafa2e0aa3311fc7cea9c77e7b50c
 2024-02-04 23:00:54 +00:00
Kuen-Han Tsai
25748e9d93 Set SEPolicy for the disable_contaminant_detection script 
This patch ports Zuma project SEPolicy and corrects the platform device
name.

init    : Command 'exec /vendor/bin/hw/disable_contaminant_detection.sh'
action=vendor.usb.contaminantdisable=true (/vendor/etc/init/hw/
init.zumapro.usb.rc:288) took 5ms and failed: Could not start exec
service: File /vendor/bin/hw/disable_contaminant_detection.sh(labeled
"u:object_r:vendor_file:s0") has incorrect label or no domain transition
from u:r:init:s0 to another SELinux domain defined. Have you configured
your service correctly?
https://source.android.com/security/selinux/device-policy#
label_new_services_and_address_denials. Note: this error shows up even
in permissive mode in order to make auditing denials possible.

Bug: 295127978
Test: manual test
Change-Id: I4269127f0101250615aad9218a9e2684579a653b
Signed-off-by: Kuen-Han Tsai <khtsai@google.com>
 2024-02-02 18:07:36 +08:00
Wiwit Rifa'i
24ad0c2d7f Allow binder calls between composer and powerstats 
This will fix some avc denials:

* SELinux : avc:  denied  { find } for pid=508 uid=1000
name=power.stats-vendor scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_power_stats_vendor_service:s0
tclass=service_manager permissive=0

* binder:501_1: type=1400 audit(0.0:30): avc:  denied  { call } for
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0

* android.hardwar: type=1400 audit(0.0:10): avc:  denied  { call }
for  scontext=u:r:hal_power_stats_default:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0

Bug: 315497129
Test: check no avc denied between composer & powerstats
Change-Id: I6033e088d5706a0d2a6f942f983a05e6148764a9
 2024-02-01 09:13:27 +08:00
Wiwit Rifa'i
19a720dbe0 Move hal_graphics_composer_default from legacy to vendor 
Bug: 315497129
Test: boot to home
Change-Id: I7408333a5a43a49045b66d697c71bdc89af25ff0
 2024-02-01 09:06:57 +08:00
Wilson Sung
39a0baed3c Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 318310869
Test: scanBugreport
Bug: 322917055
Bug: 322916328
Bug: 322916246
Bug: 322917075
Test: scanAvcDeniedLogRightAfterReboot
Bug: 318310869
Change-Id: I63c0cc342af0407fab6b188e982a3ea6699f3618
 2024-01-30 07:17:49 +00:00
Wayne Lin
35176423de Merge "gps: refine iGNSS build system - sepolicy" into main 2024-01-30 05:45:58 +00:00
Kieran Cyphus
98fe007a31 Merge "liboemservice_proxy: Add sepolicy" into main 2024-01-29 05:58:46 +00:00
Wayne Lin
b89210063c gps: refine iGNSS build system - sepolicy 
Bug: 318310869
Bug: 315915958
Test: build pass, GPS works and no GPS avc denied error
Change-Id: I64d2e8971abb44d604082deaed6e90a13cac203d
 2024-01-29 05:52:15 +00:00
Treehugger Robot
d951f7cb22 Merge "gps: remove hal_gnss_default.te from tracking_denials." into main 2024-01-25 14:06:08 +00:00
kierancyphus
2fbd1edf60 liboemservice_proxy: Add sepolicy 
This was previously only configured to run on zuma devices, but should
be expanded to this device as well. Since this service should only be
present on these two devices, it's fine to just copy this here instead
of placing it in gs-common.

Test: atest vts_treble_vintf_vendor_test:DeviceManifest/SingleAidlTest
Bug: 321867236
Change-Id: I9f086df735c866ed037307574b38458434a9c486
 2024-01-25 17:53:23 +08:00
James Huang
80e9176588 gps: remove hal_gnss_default.te from tracking_denials. 
Bug: b/309551158
Test: confirm no hal_gnss_default avc denied.
Change-Id: I58a1d0712abfca4686a39626de8f566a5026455c
 2024-01-25 15:58:39 +08:00
Mark Chang
45f43f3af2 Merge "Allow systemui_app to set property." into main 2024-01-25 05:37:35 +00:00
Treehugger Robot
a886395f0e Merge "sepolicy: allow hal_power_stats to read sysfs_display" into main 2024-01-24 06:03:41 +00:00
shihchienc
a94e372811 Grant BT HAL to access socket file 
Bug: 318594713
Test: manual
Change-Id: Iba93dcd9543366e89c40bc8d0ca58dfdd69ee141
 2024-01-24 02:47:36 +00:00
Ted Wang
a446b6d3ae Merge "Allow GrilService to access bluetooth extension HAL" into main 2024-01-24 02:38:02 +00:00
Mark Chang
b434a0ecf2 Allow systemui_app to set property. 
This is to fix the denied log.
01-23 15:58:26.896     1     1 W /system/bin/init: type=1107 audit(0.0:17): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=debug.touch_sensitivity_mode pid=2123 uid=10237 gid=10237 scontext=u:r:systemui_app:s0:c237,c256,c512,c768 tcontext=u:object_r:debug_prop:s0 tclass=property_service permissive=0'

Bug: 309912697
Test: Setting property was successful.
Change-Id: Id841d2d45de8d8d57366faf71f5ee60da74ce111
Signed-off-by: Mark Chang <changmark@google.com>
 2024-01-24 02:09:07 +00:00
Wilson Sung
5ce22b53f3 Update error on ROM 11347994 
Bug: 322035750
Test: SELinuxUncheckedDenialBootTest
Change-Id: I204fd486291b663c1fa06090225dc3890027498b
 2024-01-23 22:22:49 +00:00
Chungro Lee
76d4aef727 google_battery: support BC79 firmware update 
Bug: 319306735
Test: override flags via turboapp
Change-Id: I7f81574e09534052f870f0bedd1cd412485211f0
Signed-off-by: Chungro Lee <chungro@google.com>
 2024-01-23 18:48:23 +00:00
Megha Patil
3b48faef9c Merge "Add System Property to Specify NTN Demo Mode Enabled" into main 2024-01-23 10:35:10 +00:00
Megha Patil
ab78d95fb8 Add System Property to Specify NTN Demo Mode Enabled 
"telephony.ril.ntn_demo_mode" Property is added which specifies
RIL about NTN Demo Mode.

BUG: b/321178074
Test: Set the property in the service.
Change-Id: I8baca9ceaf364b579293679cabe26c33e0a4ec1e
 2024-01-23 10:34:57 +00:00
Darren Hsu
16453defb3 sepolicy: allow hal_power_stats to read sysfs_display 
avc:  denied  { read } for  name="available_disp_stats"
dev="sysfs" ino=76162 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 321871433
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I84e3a561f60bec7f75c14359dc0a31216590a335
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2024-01-23 17:42:11 +08:00
Wilson Sung
e52dfde528 Update error on ROM 11340999 
Bug: 321733124
Test: SELinuxUncheckedDenialBootTest
Change-Id: I1eca905eea9854be71926750b5d898c84c4794bd
 2024-01-22 17:45:51 +00:00
Ted Wang
4f5d6c7812 Allow GrilService to access bluetooth extension HAL 
Bug: 320403892
Test: Manual
Change-Id: I83834154563f9e77aaaf5ed786259a331497a378
 2024-01-19 08:11:41 +00:00
Treehugger Robot
52ef38dcf1 Merge "fingerprint: fix SELinux denials" into main 2024-01-18 17:31:31 +00:00
Kadi Narmamatov
d9634912a6 Merge "rfsd: add new property to sepolicy" into main 2024-01-18 10:01:47 +00:00
kadirpili
8f0acd4186 rfsd: add new property to sepolicy 
Avoid Access denied finding property "vendor.cbd.modem_bin_type" error message and give access for rfsd to access the property

Bug: 307481296
Bug: 317735109

Change-Id: Icd287f863fd6d309297ce984f4ce387fb5d3ae24
 2024-01-18 08:30:02 +00:00
Treehugger Robot
5a084bb6ba Merge "aoc: add sysfs file entry" into main 2024-01-18 04:00:25 +00:00
chenkris
e01b41b519 fingerprint: fix SELinux denials 
Fix following AVC denials:
1. SELinux : avc:  denied  { find } for interface=vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon sid=u:r:hal_fingerprint_default:s0 pid=2948 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 315737323
Test: boot with no relevant error
Change-Id: I9f32e2bc771c5bfd8ebf26344342b8813f0b4930
 2024-01-18 02:12:10 +00:00
mikeyuewang
ebdc5d769b Remove this tracking as the denial has been fixed by b/287683516 
Bug: 287683516

Change-Id: I9a9c7ac6d226fb6a859b69f0c4eca4857f65cf84
 2024-01-17 21:22:06 +00:00
yixuanjiang
86b073086f aoc: add sysfs file entry 
Test: Local
Bug: 314719343
Change-Id: I31e08e4f86b075f52b1483c17405074928b26f70
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
 2024-01-17 18:12:27 +08:00
Angela Wu
365355875e Merge "Set up zumapro selinux policy for /dev/video12 access for hardware JPG encoder. (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea768217f5f8f2ab32a3f76b4329378c5731aa24)" into main 2024-01-15 03:20:02 +00:00
Angela Wu
0b7ef4e53b Set up zumapro selinux policy for /dev/video12 access for hardware JPG encoder. 
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea768217f5f8f2ab32a3f76b4329378c5731aa24)

Bug: b/296330134
Test: https://android-build.corp.google.com/builds/abtd/run/L22000030001255046

Change-Id: I03d99401f5444e5a42e570a039c4838f1141bec9
 2024-01-15 02:27:34 +00:00
Allen Xu
3bfc494565 Merge "Update sepolicy for ConnectivityMonitor" into main 2024-01-12 18:52:11 +00:00
Treehugger Robot
a4450e572f Merge "Add wakeup node" into main 2024-01-12 07:13:24 +00:00
Wilson Sung
c9400f0dbb Add wakeup node 
Bug: 319737316
Test: make sepolicy
Change-Id: I4ca5aa9a5ff7b9b58e220fba01cfcbf283cc25c5
 2024-01-12 03:22:31 +00:00
Treehugger Robot
f391978522 Merge "sepolicy: enable enforcing for hal_power_stats" into main 2024-01-11 20:56:49 +00:00
Allen Xu
1e31efbc3a Update sepolicy for ConnectivityMonitor 
Bug: 307468771
Test: v2/pixel-health-guard/device-boot-health-check-extra
Change-Id: I08caf6a8e48118151df72ad883490551af0c464c
 2024-01-11 20:18:20 +00:00
Treehugger Robot
aaaf45379c Merge "Remove system_suspend dontaudit" into main 2024-01-11 01:40:29 +00:00
Darren Hsu
31a27225de sepolicy: enable enforcing for hal_power_stats 
Bug: 307468729
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I2522e317542e441fe9cede3e314081478f8b6158
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2024-01-10 21:13:10 +08:00
Wilson Sung
84b93cfb16 Remove system_suspend dontaudit 
Fix: 318032188
Test: make sepolicy
Change-Id: I216fb901e5cc2ffdb3906da2d88e830e29d0e476
 2024-01-10 19:08:42 +08:00
Wilson Sung
b376cb8cd1 Update error on ROM 11294806 
Bug: 319399862
Test: SELinuxUncheckedDenialBootTest
Change-Id: I99331843251adb8f994170714e6f2c7cc28f2b2b
 2024-01-10 10:49:19 +00:00
Ken Yang
3bbde83710 selinux: label wakeup for BMS I2C 0x36, 0x69 
Bug: 319035561
Change-Id: Id82f3fd351190102c87ff2a8c16d56a581a6e45d
Signed-off-by: Ken Yang <yangken@google.com>
 2024-01-10 07:30:15 +00:00
Treehugger Robot
e15179f322 Merge "Label and sort wakeup nodes" into main 2024-01-10 06:45:17 +00:00