Evolution-x-devices/device_google_gs201
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_gs201 synced 2026-02-01 10:28:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
290 Commits 3 Branches 0 Tags
5b00a6c8a23ceddee4f27c76ed72c07a8c584752
Commit Graph

181 Commits

Author SHA1 Message Date
Adam Shih
5b00a6c8a2 Be able to dump logbuffer 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: Ieae4d64b497e911a6c8048f789e364cd1b9d2f4b
 2022-01-19 05:38:52 +00:00
Adam Shih
b8053f6b6e Be able to dump citadel info 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: I4f76a17004b81adbddeb7557e50f488b471aa3c7
 2022-01-19 05:38:52 +00:00
Adam Shih
11d9e265ee be able to dump aoc device 
Bug: 208721677
Bug: 208909124
Test: do adb bugreport with no relevant error log
Change-Id: Icbb2364638dbabe9bcccd744413d5c679b35d058
 2022-01-19 05:38:52 +00:00
Chris Lu
ca13b6a9bf hardwareinfo: add sepolicy for display 
Bug: 203593024
Test: 1. rm -r /data/data/com.google.android.hardwareinfo/
      2. Connect wifi and reboot
      3. Check hardwareinfo, there is no avc denied logs
Change-Id: I44db881286946a283f320302efd6e662fcdae683
 2022-01-19 04:27:22 +00:00
Adam Shih
b2f810f9dd sort tracking file to review it easily 
Bug: 208909124
Bug: 208721677
Test: boot with no relevant error when taking a bugreport
Change-Id: I5dc5d5cdbae329372f58f056dcf10e205ee7e02a
 2022-01-18 08:30:45 +00:00
joenchen
dd55e32ba1 Label min_vrefresh and idle_delay_ms as sysfs_display 
Bug: 213299701
Test: Check the files label by "adb shell ls -Z"
Change-Id: I4c10582ec7dee516b54fb8aac77dafa825aaa93d
 2022-01-17 10:21:16 +00:00
Adam Shih
56df08e495 fix dumpstate permission 
Bug: 208721809
Test: run bugreport under enforcing mode and found  no relevant errors
Change-Id: I106d95fd01b321af815ef8e580305702be716021
 2022-01-17 14:54:54 +08:00
Adam Shih
d9a2fb8506 grant systemui app access to touch service 
Bug: 204718221
Test: boot with no relevant error
Change-Id: Ic320cf682e481522ef9acad6c4eb63891c84c80c
 2022-01-17 11:20:07 +08:00
linjoey
42ac322b3d Add vulkan and gralloc sepolicy. 
Bug: 206891640
Test: Test CTS testVulkanHardwareFeatures passed.
Change-Id: Ia14aa691d6dbfad40344895c9e6a63a267754864
 2022-01-17 02:21:04 +00:00
Adam Shih
0b322cac3d make GPU mali firmware accessible 
Bug: 205779849
Test: boot with no relevant log.

Change-Id: I0cc1c1f84df44b5fbed239d6771937f62861bdb2
 2022-01-17 02:11:39 +00:00
Matt Buckley
5bf8862b01 Allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags 
For the hardware composer and surfaceflinger to coordinate on certain features, it is necessary for the hardware composer to be able to read the surface_flinger_native_boot_prop to know what should be enabled.

Bug: b/214473134
Test: None
Change-Id: If03dae54ea17a8131c489f56092c0edd974ea41b
 2022-01-14 20:20:24 +00:00
Xu Han
9633922461 Fix rlsserive selinux denials 
Bug: 213817228
Test: check "avc denied" log with camera streaming.
Change-Id: Id255ffab3ca145cb0708b701e2afccdcd76ef4ea
 2022-01-14 10:22:40 -08:00
Siddharth Kapoor
8b241f5c35 Update selinux for init-insmod-sh needed for gpu probe 
Bug: 207062151
Test: related avc denials not noticed in the device logs
Change-Id: I87ff2251fd7d92f8b0eb3fac43889758788b702f
Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
 2022-01-14 04:24:52 +00:00
linpeter
72dc78222f update display sepolicy 
Bug: 205073165
Bug: 205656937
Bug: 205779906
Bug: 205904436
Bug: 207062172
Bug: 208721526
Bug: 204718757
Bug: 205904380
Bug: 213133646

test: check avc denied with hal_graphics_composer_default, hbmsvmanager_app
Change-Id: I964a62fa6570fd9056b420efae7bf2fcbbe9fc9f
 2022-01-12 08:10:50 +00:00
TeYuan Wang
89bec046aa Label TMU as sysfs_thermal 
Bug: 202805103
Test: switch thermal tj property and check thermal threshold
Change-Id: Ie1d20912f6111cbb85c04fce5a39e2be803e530f
 2022-01-11 05:52:04 +00:00
Ray Chi
9b8f698ee8 Fix avc denials for USB hals 
Bug: 205073230
Bug: 207062542
Bug: 208527968
Test: no avc log for hal_usb_impl
Change-Id: I840d8cb69ed9189f2697d13ae43b4bdeb25cd616
 2022-01-10 18:33:56 +08:00
horngchuang
ebe7b7c9a5 Remove l10 specific camera component sepolicy settings 
Move these settings to L10 specific folder

Bug: 210598444
Test: build okay
Change-Id: I517d5414f64a32098fd8e5bfa6554f2272680826
 2022-01-10 05:43:46 +00:00
yawensu
4f08892ca1 Fix SELinux errors for vendor_rcs_service_app 
avc:  denied  { find } for pid=2194 uid=10193 name=isub scontext=u:r:vendor_rcs_service_app:s0:c193,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1

Bug: 205779869
Test: Manual.
Change-Id: I8589a0178500ee4ced318fbb487aad585758a3f3
 2022-01-10 11:22:15 +08:00
Jaegeuk Kim
5134bb2094 Revert converting ext4 to f2fs 
Revert the below commits:

commit bf900e2ae5 "allow to convert /efs to f2fs"
commit 54b0addb16 "convert_to_f2fs.sh: add sepolicy"

And, tracking_denials WA.

Bug: 207031989
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Id3dd1c5b8cad962845fd7a88b9069315819e5f3d
 2022-01-06 16:44:08 +00:00
Shiyong Li
a781d5020b consolidate display sysfs nodes into one context 
Bug: 209890345
Bug: 209705194
Test: check selinux denial info
Signed-off-by: Shiyong Li <shiyongli@google.com>
Change-Id: I208f84caf0cbcd18bb3da8004362e6f996cbaba5
 2022-01-05 01:31:58 +00:00
JimiChen
bec2f8f10d Add permision for new sensors and eeproms 
sensor: imx712 and imx712-uw
eeprom: m24c64x-imx712 and m24c64x-imx712-uw

Bug: 210657475
Bug: 210569509
Test: build okay
Change-Id: Ide8429ce41a34b5c27b23eea1095bae93c5b88c4
 2022-01-04 05:49:24 +00:00
horngchuang
c8f6c81670 Add imx787 sensor entry to selinux policy 
/dev/lwis-sensor-imx787 used by rear-cam sensor

Bug: 210654152
Test: local build Pass, boot to Home
Change-Id: Ia15ad131d763190d3ecbfee397f0de33987ddb65
 2022-01-04 05:40:30 +00:00
chungkai
7fe7e43582 Fix avc denials for powerhal 
Test: build pass
Bug: 208909174
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I565df75c22d66199e6966dfac4af2e19b88606a0
 2022-01-03 03:32:01 +00:00
neoyu
8b48664bdc Fix SELinux errors for rild 
avc: denied { read } for comm="rild_exynos" name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1

Bug: 205073023
Test: manual
Change-Id: I2687c443b2830cf08210726f5b2e266c55793d41
 2021-12-30 05:44:38 +00:00
Ted Lin
66f8039b5d HardwareInfo: Add sepolicy for battery 
12-03 09:57:39.480  7907  7907 I id.hardwareinfo: type=1400 audit(0.0:11): avc: denied { getattr } for path="/sys/devices/platform/google,battery/power_supply/battery/serial_number" dev="sysfs" ino=66176 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
12-03 09:57:39.480  7907  7907 I id.hardwareinfo: type=1400 audit(0.0:10): avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/serial_number" dev="sysfs" ino=66176 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
12-03 09:57:39.480  7907  7907 I id.hardwareinfo: type=1400 audit(0.0:9): avc: denied { read } for name="serial_number" dev="sysfs" ino=66176 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1

Bug:208909060
Test: adb bugreport
Change-Id: Ide376401ada800718acf35db11ce79a5e63fe75d
Signed-off-by: Ted Lin <tedlin@google.com>
 2021-12-30 05:21:23 +00:00
neoyu
ad89088b6e Fix SELinux errors for rild 
avc: denied { call } for comm="rild_exynos" scontext=u:r:rild:s0 tcontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tclass=binder permissive=1
avc: denied { call } for comm="rild_exynos" scontext=u:r:rild:s0 tcontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tclass=binder permissive=1

Bug: 205904441
Test: manual
Change-Id: I02339f8d7ef7004091244c9c8708a759da05d751
 2021-12-28 14:32:42 +08:00
neoyu
186040a5e9 Fix SELinux errors for vendor_ims_app 
avc:  denied  { find } for pid=1813 uid=10213 name=isub scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1
avc: denied { call } for scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { transfer } for comm="nnon.imsservice" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { transfer } for scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { call } for comm="nnon.imsservice" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { call } for comm="ImsConnectivity" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice

Bug: 205780067
Bug: 205904439
Test: manual
Change-Id: I50b0861994f19801068a2559ac35521095a18339
 2021-12-27 11:58:43 +08:00
neoyu
02775432c2 Fix SELinux errors for vendor_rcs_app 
avc: denied { call } for comm="nnon.rcsservice" scontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.rcsservice
nnon.rcsservice: type=1400 audit(0.0:116): avc: denied { call } for scontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.rcsservice
avc: denied { transfer } for scontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.rcsservice
avc: denied { transfer } for comm="nnon.rcsservice" scontext=u:r:vendor_rcs_app:s0:c193,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.rcsservice

Bug: 205904435
Test: manual
Change-Id: Ia988e89ac3ccb543cefabfc289e446db09e01c2b
 2021-12-27 11:53:53 +08:00
gwenlin
361962851f Add permission for binding rild and grilservice 
Bug: 208371668
Test: build
Change-Id: Ib5310032194fc4a13326db5002060a204d5f5b27
 2021-12-15 01:42:46 +00:00
Krzysztof Kosiński
deb9d361cd Add sepolicy for camera persist files. 
Bug: 208866457
Test: Verified label for /mnt/vendor/persist/camera on P10
Change-Id: Id4af051ea2e783bed7cabfd2be80bdac994a11ab
 2021-12-10 01:39:26 +00:00
Shiyong Li
8bae253501 allow android.hardware.power.stats-service.pixel to access display sysfs 
Fix the follwoing violations:
avc: denied { read } for name="state" dev="sysfs" ino=68654
scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_sensors:s0
tclass=file
...
avc: denied { open } for path=
"/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/state"
dev="sysfs" ino=68654 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs_sensors:s0 tclass=file

Bug: 209704948
Change-Id: Iad586164811457d09f6c0e81c67c0f217b77ccc2
Signed-off-by: Shiyong Li <shiyongli@google.com>
 2021-12-09 20:10:44 +00:00
Midas Chien
a4f16bf147 allow hwc to access sysfs_display 
Bug: 207615889
Test: check avc denials while hwc access early wakeup node
Change-Id: I453e50de739c31b1075f81fb4c1195a5dffd4d75
 2021-12-09 12:49:06 +00:00
Adam Shih
6004d58760 label camera app 
Bug: 209329856
Test: boot with google camera's label changed
Change-Id: Iff83bf8f42f9e6f9588fc5f45852a11608dc4445
 2021-12-08 13:20:20 +08:00
Adam Shih
4820dcfdba make libraries app-reachable 
Bug: 209703854
Test: Boot with no relevant errors
Change-Id: I5f0d6ed1b578d1684c476bc07d81baaf91005bc6
 2021-12-08 13:17:52 +08:00
Adam Shih
1fb766e7a3 update system_suspend wakeup files 
Bug: 209705335
Test: boot with no relevant errors
Change-Id: I8d9d9b72449319184167790859c655e0695c4c98
 2021-12-08 13:16:07 +08:00
Robb Glasser
3dad021ae8 Fix sensors hal selinux denials on C10. 
Bug: 205657063
Bug: 205780093
Bug: 204718449
Bug: 205904379
Bug: 207721033
Bug: 207062541
Bug: 208909175
Test: SELinuxTest#scanAvcDeniedLogRightAfterReboot on C10
Change-Id: I678ac355fc09da56bc7718c4d70fb40d4cd79de0
 2021-12-08 00:53:52 +00:00
Adam Shih
ccabcd4a24 label telephony apps 
Bug: 208721636
Test: boot with error log changed from system_app to right ones
Change-Id: Ia65b2c8f1759866eca8fcd12dcbed4cedaa61ea2
 2021-12-06 11:27:22 +08:00
Adam Shih
d69e2703f5 dump hal_graphics_composer 
Bug: 208909191
Test: do bugreport with no relevant error logs
Change-Id: I5d89e6a1a40c856d8717d07040362aec5a88fa59
 2021-12-06 10:36:11 +08:00
Randall Huang
abc92ffabe fix vold selinux error 
Bug: 208721768
Test: boot to home
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: I22060550896722e9c8eab4acdaf39dbeb12026ce
 2021-12-02 06:29:49 +00:00
George Chang
b2d162fda7 Fix SELinux error coming from hal_secure_element_uicc 
12-02 09:45:55.564   796   796 I secure_element@: type=1400 audit(0.0:3): avc: denied { call } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   11.030503] type=1400 audit(1638409555.564:3): avc: denied { call } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1

Bug: 208715886
Test: check avc
Change-Id: I701b36fbb58f1c071f1dbc394048dad467ac6c4c
 2021-12-02 06:17:22 +00:00
Roger Fang
ad3e880a3f sepolicy: Add suez audio sepolicy 
pixelstats-vend: type=1400 audit(0.0:30): avc: denied { read } for name="codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:31): avc: denied { open } for path="/sys/devices/platform/audiometrics/codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1
pixelstats-vend: type=1400 audit(0.0:32): avc: denied { getattr } for path="/sys/devices/platform/audiometrics/codec_state" dev="sysfs" ino=83880 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_pixelstats:s0 tclass=file permissive=1

Bug: 206007421
Test: build passed and no avc deniel logs

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: Ib5f5dd248e276f470e213cc053728cbf70c20dbf
 2021-12-02 04:51:37 +00:00
Roger Fang
e25c4dca39 sepolicy: add permission for the hardware info putDsp function 
Bug: 202814070
Test: Manually test passed

Signed-off-by: Roger Fang <rogerfang@google.com>
Change-Id: I15b8fa09fddc89dcbe7893ef73fea72ac6ae63e4
 2021-12-02 04:51:17 +00:00
Adam Shih
316d846ac4 copy euiccpixel_app setting to gs201 
12-01 13:56:53.328  7682  7682 I Thread-2: type=1400 audit(0.0:44): avc: denied { map } for path="/dev/__properties__/u:object_r:dck_prop:s0" dev="tmpfs" ino=136 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:dck_prop:s0 tclass=file permissive=1 app=com.google.euiccpixel
There is only one source of code in
vendor/unbundled_google/packages/EuiccSupportPixelPrebuilt/Android.mk

Bug: 208527969
Test: no relevant error logs were found any more
Change-Id: I06b1cdcfb9109956f9c65dede1208310d2b79c48
 2021-12-01 15:33:58 +00:00
Adam Shih
0546c79a47 make some libraries app reachable 
Bug: 208527969
Test: boot with no relevant error log
Change-Id: Ic21fcecd4a9ff3d293dafe1e7a9dbebd0e736852
 2021-12-01 15:33:49 +00:00
George Chang
097157613a Fix SELinux error coming from hal_secure_element_uicc 
11-11 09:38:59.168   794   794 I secure_element@: type=1400 audit(0.0:102): avc: denied { call } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.632309] type=1400 audit(1636594739.168:103): avc: denied { transfer } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.631474] type=1400 audit(1636594739.168:102): avc: denied { call } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
11-11 09:38:59.168   794   794 I secure_element@: type=1400 audit(0.0:103): avc: denied { transfer } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.633481] type=1400 audit(1636594739.172:104): avc: denied { call } for comm="rild_exynos" scontext=u:r:rild:s0 tcontext=u:r:hal_secure_element_uicc:s0 tclass=binder permissive=1
11-11 09:38:59.172   971   971 I rild_exynos: type=1400 audit(0.0:104): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:hal_secure_element_uicc:s0 tclass=binder permissive=1

Bug: 205904403
Test: check avc
Change-Id: I9186714d81e21ba8920aaa900a92f542e98ceddb
 2021-12-01 06:57:57 +00:00
davidycchen
262709f2ba allow hal_dumpstate_default to access touch sysfs node 
avc: denied { open } for comm="sh"
path="/sys/devices/platform/10d10000.spi/spi_master/spi0/spi0.0/
synaptics_tcm.0/sysfs/force_active" dev="sysfs" ino=89691
scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1

Bug: 199104466
Test: trigger bugreport and check log.

Signed-off-by: davidycchen <davidycchen@google.com>
Change-Id: If35d651b2c8ca375f7f9cc36403eb02911912ebb
 2021-12-01 01:52:46 +00:00
yawensu
24eafb45c8 Fix SELinux error in vendor_qualifiednetworks_app. 
SELinux : avc:  denied  { find } for pid=1763 uid=10201 name=isub scontext=u:r:vendor_qualifiednetworks_app:s0:c201,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1

Bug: 204718865
Test: The error is gone after applying the patch.
Change-Id: I77d5f550614e1d63ab1547fc8d0ad1b70f72bed8
 2021-11-30 01:55:08 +00:00
Midas Chien
8cd52d9d33 Allowed PowerHAL service access Display node 
Bug: 207615889
Test: PowerHAL can access early_wakeup node in enforcing mode
Change-Id: I190e49f07c0c23c576a9fb8444ffb7c68eedf3ac
 2021-11-29 17:34:48 +00:00
chungkai
9721a3076e Fix avc denials for sysfs_vendor_sched 
Bug: 207300315
Bug: 207062875
Bug: 207062781
Test: build pass
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I17212c840c725f66d91f337c57af8e72e5e08b8c
 2021-11-29 03:42:14 +00:00
chungkai
7bbd1fb38a Allow vendor_init to modify proc_sched 
Bug: 207062206
Test: Boot to home
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I5d51e322c1522046623046051e8090fc64bedee5
 2021-11-28 15:47:11 +00:00