Evolution-x-devices/device_google_gs201
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_gs201 synced 2026-02-01 05:38:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,561 Commits 3 Branches 0 Tags
4e4effcd1759fac802e40b56ec643b7409477ccd
Commit Graph

25 Commits

Author SHA1 Message Date
Randall Huang
b67284dc2f storage: move storage related device type to common folder 
Bug: 364225000
Test: forrest build
Change-Id: Iaed5b07a1d9823ebf3c7210921784d81bf6207a5
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-04 10:44:13 +08:00
Randall Huang
5e8b0722d0 Storage: label ufs firmware upgrade script 
Bug: 361093041
Test: local build
Change-Id: I312d071ecaaedb09b54976e6b3bfe05e7bc6cdea
Signed-off-by: Randall Huang <huangrandall@google.com>
 2024-09-02 22:22:44 +00:00
Jason Chiu
e2d9795558 gs201: move sepolicy related to bootctrl hal to gs-common 
Bug: 265063384
Change-Id: I30a71900c2a305b05ae6e17d658df32d95097d14
Signed-off-by: Jason Chiu <jasoncschiu@google.com>
 2023-12-05 01:21:53 +08:00
Randall Huang
2bd12254f4 Move sg_device related policy 
Bug: 312582937
Test: make selinux_policy
Change-Id: I18617643e66d6d2fe5ff19e440dea204206b3035
Signed-off-by: Randall Huang <huangrandall@google.com>
 2023-11-22 14:16:38 +08:00
Daniel Norman
b204558a73 Removes duplicate hidraw_device type definition. 
This type is now defined by the platform.

Bug: 303522222
Change-Id: Ia2f817ce99548c30f39a5164c8f6ec323db66155
Test: ls -z /dev/hidraw0
 2023-11-10 22:52:26 +00:00
Dinesh Yadav
b29cf7645a [Cleanup]: Move gxp sepolicies to gs-common for P22 
These policies are moved to gs-common as part of ag/24002524

Bug: 288368306
Change-Id: If7466983009021c642db998e1c30071ee548846e
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
 2023-07-14 04:00:23 +00:00
Leo Liou
5adecc7433 gs201: add sepolicy for ufs_firmware_update process 
Allow the script to access the specified partition and sysfs.

Bug: 273305212
Test: full build and test ffu flow
Change-Id: Iefeacea2d4c07e7a5b39713c9575e86bd25ce008
Signed-off-by: Leo Liou <leoliou@google.com>
 2023-04-17 09:58:11 +00:00
Adam Shih
7c683d8496 move brcm gps solution to gs-common 
Bug: 254758553
Test: google map can locate on pixel
Change-Id: I2c97ac6c327a0c32dbc9223597758bbceb72d2a3
 2022-10-28 05:33:37 +00:00
Denny cy Lee
d64d7fa852 HwInfo: Move hardware info sepolicy to pixel common 
Bug: 215271971
Test: no sepolicy for hardware info
Change-Id: Ic887e59878352fa5784a172af0453f3bb881e1f2
Signed-off-by: Denny cy Lee <dennycylee@google.com>
 2022-08-03 02:57:28 +00:00
xiaofanj
b3576ef751 modem_svc_sit: create oem test iodev 
- Create radio_test_device for oem_test iodev.
- Grant modem_svc_sit to access radio_test_device.

Bug: 231380480

Signed-off-by: Xiaofan Jiang <xiaofanj@google.com>
Change-Id: Id06deedadf04c70b57e405a05533ed85764bdd1d
 2022-06-13 22:31:46 +00:00
Omer Osman
e5cc5f7937 Add hidraw device and Dynamic Sensor SE Linux policy 
Test: Incoming HID data from Pixel Buds

Change-Id: I77489100e13d892fb7d3a7cee9734de044795dec
 2022-03-27 23:26:29 +00:00
Denny cy Lee
38c2803c54 Sepolicy: add pixelstats/HardwareInfo sepolicy 
avc denials to fix (after apply ag/17120763)
[   50.171564] type=1400 audit(1647222380.884:28): avc: denied { read } for comm="pixelstats-vend" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
[   54.519375] type=1400 audit(1647222385.228:29): avc: denied { read } for comm="id.hardwareinfo" name="battery_history" dev="tmpfs" ino=639 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 app=com.google.android.hardwareinfo

Bug: 222019890
Test: manually check debug logcat
Change-Id: I0e4f3f3a66783383b0d1327cec4dcd145ae9a7af
 2022-03-15 03:09:18 +00:00
Nishok Kumar S
e95f5edafe Allow camera HAL and GCA to access Aurora GXP device. 
The camera HAL and Google Camera App
need selinux permission to run workloads on Aurora DSP. This
change adds the selinux rules too allow these clients to
access the GXP device and load firmware onto DSP cores
in order to execute workloads on DSP.

Bug: 220086991
Test: Verified that the camera HAL service and GCA app is able to access the GXP device and load GXP firmware.
Change-Id: I1bd327cfbe5b37c88154acda54bf6c396e939289
 2022-03-03 04:02:33 +00:00
davidycchen
bfda745e26 Remove touch_offload_device declaration 
touch_offload_device is already declare in
hardware/google/pixel-sepolicy/input.

device/google/gs201-sepolicy/whitechapel_pro/device.te:14:ERROR
'Duplicate declaration of type' at token ';' on line 76173:
type rls_device, dev_type;
type touch_offload_device, dev_type;

Bug: 199104528
Test: build pass

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: I3cedb25473d8327eb42d3b65cf714cf5dc22712f
 2022-02-11 02:36:29 +00:00
Kris Chen
8d3c4a7b4e fingerprint: Fix avc errors 
Bug: 207062260
Test: boot with no relevant error on C10
Change-Id: I6d3b74c34d2344c4e889afaf8bb99278785e5416
 2021-11-25 07:09:31 +00:00
George Chang
d15185b2d7 Fix SELinux error coming from hal_secure_element_gto and gto_ese2 
update hal_secure_element_st54spi/st33spi form gto/gto_ese2

hal_secure_element_gto.te => hal_secure_element_st54spi.te
[   10.846098] type=1400 audit(1637296724.408:40): avc: denied { map } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:40): avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:39): avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:38): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:37): avc: denied { read } for name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846033] type=1400 audit(1637296724.408:37): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846072] type=1400 audit(1637296724.408:38): avc: denied { open } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846086] type=1400 audit(1637296724.408:39): avc: denied { getattr } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:100): avc: denied { write } for name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:101): avc: denied { connectto } for path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593472] type=1400 audit(1636594739.132:101): avc: denied { connectto } for comm="secure_element@" path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593175] type=1400 audit(1636594739.132:100): avc: denied { write } for comm="secure_element@" name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:135): avc: denied { open } for path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.142141] type=1400 audit(1636430648.620:135): avc: denied { open } for comm="secure_element@" path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.141947] type=1400 audit(1636430648.620:134): avc: denied { read write } for comm="secure_element@" name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:134): avc: denied { read write } for name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-04 13:27:24.564     1     1 I /system/bin/init: type=1107 audit(0.0:52): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.se.reset pid=772 uid=1068 gid=1068 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=property_service permissive=1'
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:49): avc: denied { read write } for name="st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:50): avc: denied { open } for path="/dev/st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1

hal_secure_element_gto_ese2 =>  hal_secure_element_st33spi.te
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:137): avc: denied { open } for path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660987] type=1400 audit(1636430649.140:137): avc: denied { open } for comm="secure_element@" path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660845] type=1400 audit(1636430649.140:136): avc: denied { read write } for comm="secure_element@" name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:136): avc: denied { read write } for name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1

Bug: 207062261
Bug: 205073164
Bug: 205656951
Bug: 205657039
Bug: 205904452
Test: check avc without secure_element
Change-Id: I312299deb6d6bfa353e7936d41a723e75d3ea06b
 2021-11-22 02:59:34 +00:00
Adam Shih
37e4973df6 review file declaration 
Bug: 203025336
Test: build pass
Change-Id: I8cfec54ac035f41ccafc58f1ec0b125613e0742b
 2021-10-18 10:31:31 +08:00
Bart Van Assche
c6a7058dc3 Stop using the bdev_type SELinux attribute 
The bdev_type is being removed from all SELinux policy files. Hence this
patch.

Bug: 202520796
Test: Treehugger
Change-Id: I475ff63b3f77f1bfe49519b76bb31b90c3216105
Signed-off-by: Bart Van Assche <bvanassche@google.com>
 2021-10-15 01:52:10 +00:00
Adam Shih
0b42f3ba82 review file_contexts 
Bug: 203025336
Test: boot to home and check if the files are there
Change-Id: I2b748b18cca389d7fdd8b1b472dcb1605e0ddaaa
 2021-10-14 13:34:33 +08:00
Adam Shih
798b72ad9c review hal_tetheroffload_default 
Bug: 201599426
Test: boot to home with hal_tetheroffload_default started
Change-Id: I85491753dc7336eff285f61c71ad51840a13d7c3
 2021-10-05 01:42:16 +00:00
Adam Shih
cf1ea7aad5 review block devices 
Bug: 196916111
Test: boot with those partition mounted with no avc error
Change-Id: I6248be92d19abf37f5b901aa6101436832813f42
 2021-09-08 12:34:14 +08:00
Adam Shih
98ebd6e7f1 review tee 
Bug: 198723116
Test: boot with tee started
Change-Id: Ib50698834d16887fa00bdbbaf81801f1067909ba
 2021-09-03 15:26:51 +08:00
Adam Shih
91d989bca4 review mount and block devices 
Bug: 196916111
Test: make sure all path under ufs is labeled
Change-Id: Ic3e07e7341f838f54c483ab8b272407a70f1f8f2
 2021-09-02 12:49:38 +08:00
Adam Shih
c6111a8666 review cbd 
Bug: 198532074
Test: boot with cbd started
Change-Id: Iced4bfaa9ea8e749cc0a8cb7a8da91abfc88d765
 2021-09-02 11:41:48 +08:00
Adam Shih
f5ed5632e2 review recovery related operations 
Bug: 196916111
Test: make sure the files are labeled correctly (ls -Z)
Change-Id: I735de8b9635c7852a18ec8f32733cb0a0abd38f3
 2021-08-30 14:45:29 +08:00