Evolution-x-devices/device_google_gs201
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_gs201 synced 2026-01-27 18:37:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,561 Commits 5 Branches 0 Tags
67dfc514bbda271ab16c88dbc8dbc16949b18bb4
Commit Graph

43 Commits

Author SHA1 Message Date
Vic Huang
bd7fbe9a02 [BT] Define vendor_bluetooth_prop 
avc:  denied  { set } for property=persist.vendor.service.bdroid.bdaddr pid=860 uid=1002 gid=1002 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0

Bug: 359428216
Test: Forest build
Flag: EXEMPT N/A
Change-Id: I1aeb04e32620b2815db02f34ee40eae94deeed3c
 2024-09-09 05:47:01 +00:00
Aaron Tsai
b05833237c Add permission for setting gril property 
05-22 18:00:40.443   948   948 I auditd  : type=1400 audit(0.0:854): avc:  denied  { write } for  comm="radioext@1.0-se" name="property_service" dev="tmpfs" ino=851 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Bug: 343012301
Bug: 203824024
Test: manual test
Flag: EXEMPT bugfix
Change-Id: Ie873e186d3eda618ba832164d9c9713b410977d2
 2024-07-05 08:05:01 +00:00
Woody Lin
98620c3b10 Add vendor_sjtag_lock_state_prop and init-check_ap_pd_auth-sh 
1. Add init-check_ap_pd_auth-sh for the vendor daemon script
   `/vendor/bin/init.check_ap_pd_auth.sh`.
2. Add policy for properties `ro.vendor.sjtag_{ap,gsa}_is_unlocked` for
   init, init-check_ap_pd_auth-sh and ssr_detector to access them.

SjtagService: type=1400 audit(0.0:1005): avc:  denied  { open } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1006): avc:  denied  { getattr } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1007): avc:  denied  { map } for  path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1008): avc:  denied  { write } for  name="property_service" dev="tmpfs" ino=446 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
SjtagService: type=1400 audit(0.0:1009): avc:  denied  { connectto } for  path="/dev/socket/property_service" scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1

Bug: 298314432
Change-Id: Ib5dbcc50e266e33797626280504ea9e2cdc9f942
 2023-09-13 04:10:09 +00:00
Renato Grottesi
1f1f647570 Cleanup unused ArmNN settings. 
Test: pre-submit
Bug: 294463729
Change-Id: If623bee7f1050f814a2a3531bfa5de414fa32104
 2023-08-18 04:31:43 +00:00
Bruno BELANYI
9d61da55a1 Add ArmNN config sysprops SELinux rules 
Bug: b/205202540
Test: manual - reboot device and check the absence of AVC denials
Change-Id: I90af8201d5fae44f73d709491f272a113b44ca67
 2023-04-20 08:14:00 +00:00
Bruno BELANYI
c1ee9afdef Use restricted vendor property for ARM runtime options 
They need to be read by everything that links with libmali, but we don't
expect anybody to actually write to them.

Bug: b/272740524
Test: CtsDeqpTestCases (dEQP-VK.protected_memory.stack.stacksize_*)
Change-Id: I4cd468302da02603cccd9b4b98cb95745129daf5
 2023-04-17 10:59:19 +00:00
Adam Shih
9519323a98 use dumpsate from gs-common 
Bug: 273380985
Test: adb bugreport
Change-Id: Ibd54c0049480810e2aa14074e0ec9c4d611d51ff
 2023-04-10 01:11:14 +00:00
Victor Liu
187dcc4e08 uwb: add permission for ccc ranging 
Bug: 255649425
Change-Id: I83ce369e52f382d76723b2b045e09607483a0a6a
 2023-04-06 20:57:42 +00:00
Jörg Wagner
28503a8706 Update Mali DDK to r40 : Additional SELinux settings 
Expose DDK's dynamic configuration options through the Android Sysprop
interface, following recommendations from Arm's Android Integration
Manual.

Bug: 261718474

(cherry picked from commit 4183daf7f1)
Merged-In: I75457d2d4f6e37bdd85329bac7fd81327cfff628
Change-Id: Ic40d6576537fc6699e3315040236e79aba16af18
 2023-03-21 10:32:25 +00:00
Adam Shih
0f80193c30 use gs-common camera dump 
Bug: 273380509
Test: adb bugreport
Change-Id: I925fbbba81a92689c4590df4a8d7529cc8b57bf8
 2023-03-20 11:14:44 +08:00
Ken Tsou
e4fad2e355 hal_health_default: allow to access persist.vendor.shutdown.* am: 55d345c5e8 am: 877a01aa5e 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/21455545

Change-Id: I7819419ef876b10affac4978f924988e8a57f024
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-18 15:53:32 +00:00
Ken Tsou
55d345c5e8 hal_health_default: allow to access persist.vendor.shutdown.* 
msg='avc: denied { set } for property=persist.vendor.shutdown.voltage_avg pid=908 uid=1000 gid=1000 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'

Bug: 266181615
Change-Id: Ia87610f0363bbfbe4fe446244b44818c273841f4
Signed-off-by: Ken Tsou <kentsou@google.com>
 2023-02-16 10:37:44 +08:00
Stephen Crane
5cd114d3a0 Allow Trusty storageproxy property 
Allows the Trusty storageproxyd to set ro.vendor.trusty.storage.fs_ready
when the data filesystems are ready for use, and allows vendor init to
query and wait on this property.

Test: build, flash, test app loading
Bug: 258018785
Change-Id: I0b4f80371385bf0ddb0c44e81b1893bb80c7a63d
Merged-In: I0b4f80371385bf0ddb0c44e81b1893bb80c7a63d
 2022-11-28 19:48:56 +00:00
Stephen Crane
c03e9b58db Allow Trusty storageproxy property 
Allows the Trusty storageproxyd to set ro.vendor.trusty.storage.fs_ready
when the data filesystems are ready for use, and allows vendor init to
query and wait on this property.

Test: build, flash, test app loading
Bug: 258018785
Change-Id: I0b4f80371385bf0ddb0c44e81b1893bb80c7a63d
 2022-11-23 18:45:55 +00:00
George Lee
d59612c409 gs201-sepolicy: Add BrownoutDetection app [DO NOT MERGE] 
This app files bugreport for user-debug build with reboot reason = ocp
or uvlo.  Removed the dependency on BetterBug.

Bug: 237287659
Test: Ensure bugreport is generated under user-debug build with reboot
reason = ocp or uvlo.
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Ib8fceb62e66e9d561a6597687ea3cbe5ac9a832d
 2022-11-16 18:20:57 +00:00
George Lee
d1e0b924ae betterbug: Update selinux policy for betterbug 
Update startup_bugreport_requested property to vendor_public for
betterbug to access.

Bug: 237287659
Test: Load Betterbug for accessing startup bugreport reason property
Signed-off-by: George Lee <geolee@google.com>
Change-Id: Idc07e3f4ce425c0167654743fbe1ad8b7ece5e15
 2022-10-31 16:30:39 +00:00
George Lee
13fbaff253 bcl: Add Mitigation Logger - Del gs201-sepolicy 
Mitigation Logger logs battery related information for 1 second when it
is triggered by under voltage or over current interrupts.  Information
collected is to help debug system brownout.

Bug: 228383769
Test: Boot and Test
Change-Id: Ia13f6b16dd35803873f20514c21a95ed8dd20a55
Signed-off-by: George Lee <geolee@google.com>
 2022-10-31 14:17:55 +00:00
George Lee
6c2da109f8 bcl: Remove unused brownout boot reason sepolicy am: 083ba62902 am: 7bdbe0b215 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20191486

Change-Id: I17b3998db65accc57097dac0dfde7cf139013b7c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-13 23:56:30 +00:00
George Lee
083ba62902 bcl: Remove unused brownout boot reason sepolicy 
vendor_brownout_boot_reason was added under previous change.  It should
be added as part of follow on change to enable metric collection.

Bug: 246817058
Test: Confirm brownout_boot_reason non existent
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I1fed12e851750314f53a0d6517a9eff92c44e247
 2022-10-13 12:52:20 -07:00
George Lee
9d07c520b5 bcl: Add brownout boot reason sepolicy am: b72e47e1b0 am: 2c91c54d7b 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20152240

Change-Id: Ia0758fbbbbaea7eed44f7a9dc5e3f33f7bf8c90c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-13 19:49:08 +00:00
George Lee
b72e47e1b0 bcl: Add brownout boot reason sepolicy 
Lastmeal.txt may be generated from after device rebooted from IRQ
triggering.  By applying limit on the time when it generates,
lastmeal.txt will not be generated after device rebooted.

Bug: 246817058
Test: Confirm lastmeal.txt generation
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I02515fc452dbfa5c8a40041cbb8731664dace62e
 2022-10-12 19:59:58 -07:00
George Lee
52ff289b2c bcl: Add mitigation ready device sepolicy am: 2260099ad3 am: ae51ebfd98 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20123277

Change-Id: I6b937ab9105b79c2ed1f5d1a10c04ca878d57865
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-10 20:48:21 +00:00
George Lee
2260099ad3 bcl: Add mitigation ready device sepolicy 
Instead of relying on vendor.thermal.link_ready property to gate write
to BCL's SYSFS node, adding mitigation ready SYSFS so that writes to
BCL's SYSFS node would not cause NULL pointer dereference.

Bug: 249130916
Test: Confirm property vendor.brownout.mitigation.ready is set
Signed-off-by: George Lee <geolee@google.com>
Change-Id: I1b21a1c745e7e17f78e9d4c001032dd2c46673cf
 2022-10-10 19:49:34 +00:00
Adam Shih
8064010f8a use gs-common insert module script 
Bug: 243763292
Test: boot to home
Change-Id: I6f0c1a020ea2962f03df6794a6011a31d2244b1a
 2022-09-06 12:41:01 +08:00
Jinting Lin
b69195ebe9 Fix avc denied for vendor telephony debug app 
avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 pid=8533 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { search } for name="com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=344 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=0
avc: denied { write } for name="property_service" dev="tmpfs" ino=379 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Test: manual test

Bug: 241976048
Change-Id: I5aa49a8e243d212180c7da6f65da9021164fca44
 2022-08-24 01:54:34 +00:00
Taesoon Park
9211922e70 Add permission to access vendor.ims property to vendor ims app 
Vendor IMS Service read a SystemProperty starts with
persist.vendor.ims prefix, but it does not have a permission to
access it.
This change create a permission to access the SystemProperties start
with 'persist.vendor.ims.' prefix from vendor ims service.

Bug: 204714230
Test: Test results in b/225430461#comment40 enabling the property

Signed-off-by: Taesoon Park <ts89.park@samsung.com>
Change-Id: Ied50f377a3069eac65836ea999dfe021f4e4ed5d
 2022-04-01 01:19:26 +00:00
Omer Osman
e5cc5f7937 Add hidraw device and Dynamic Sensor SE Linux policy 
Test: Incoming HID data from Pixel Buds

Change-Id: I77489100e13d892fb7d3a7cee9734de044795dec
 2022-03-27 23:26:29 +00:00
Roshan Pius
c5710ad18e gs-sepolicy(uwb): Changes for new UCI stack 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Bug: 204718220
Bug: 206045367
Test: Manual Tests
Change-Id: Ib0456617d0f5cf116d11a9412f47f36e2b8df570
 2022-03-14 16:09:02 +00:00
Krzysztof Kosiński
b76b5e3872 Add camera HAL sepolicy based on previous chip family. 
The camera HAL code is reused from the previous chip and needs to
perform the same operations as previously, with the following
differences:
- The interrupt affinity workaround may no longer be necessary
  due to image sensor changes, so the ability to set interrupt
  affinity is removed.
- Access to some files that were only present before the APEX
  migration is removed.
- vendor_camera_tuning_file is no longer needed.
- TEE access for face auth is removed for now.

Bug: 205904406
Bug: 205657132
Bug: 205780186
Bug: 205072921
Bug: 205657133
Bug: 205780065
Bug: 204718762
Bug: 207300298
Bug: 209889068
Bug: 210067468
Test: Ensure that the policy builds; I don't have access to target
      hardware at the moment.

Change-Id: Ia70b98d4e1f3a156a5e719f0d069a90579b6a247
 2022-01-27 15:36:30 +00:00
linpeter
72dc78222f update display sepolicy 
Bug: 205073165
Bug: 205656937
Bug: 205779906
Bug: 205904436
Bug: 207062172
Bug: 208721526
Bug: 204718757
Bug: 205904380
Bug: 213133646

test: check avc denied with hal_graphics_composer_default, hbmsvmanager_app
Change-Id: I964a62fa6570fd9056b420efae7bf2fcbbe9fc9f
 2022-01-12 08:10:50 +00:00
Kris Chen
8d3c4a7b4e fingerprint: Fix avc errors 
Bug: 207062260
Test: boot with no relevant error on C10
Change-Id: I6d3b74c34d2344c4e889afaf8bb99278785e5416
 2021-11-25 07:09:31 +00:00
Adam Shih
90068020c3 review property settings 
Bug: 203025336
Test: build pass
Change-Id: I48bc1b0a5ffc4631fec04750c9b58bed8f15d39d
 2021-10-18 12:01:42 +08:00
Adam Shih
16c10d6a33 review init-insmod-sh 
Bug: 196916111
Test: boot to home
Change-Id: I085ff319e08c65cfc3d51fb480259fa137f8e3f3
 2021-10-05 01:42:16 +00:00
Adam Shih
618ea304d4 review tcpdump_logger 
Bug: 201599426
Test: boot with tcpdump_logger started
Change-Id: I023f48ea45b8d5a2180c91577241e9d9410469a4
 2021-09-30 14:40:10 +08:00
Adam Shih
82cdc92c84 review hal_usb 
Bug: 201599187
Test: boot with hal_usb_impl started
Change-Id: I77875c6911f6582454d666a57ed59cc1e386885b
 2021-09-30 11:00:43 +08:00
Adam Shih
758dd9c309 review hal_power_default related contexts 
Bug: 201230944
Test: make sure all contexts setting take effect
Change-Id: I1e3be99700560583153e70efdd21de5356b97c74
 2021-09-28 13:54:03 +08:00
Adam Shih
ad68e7dc96 remove hal_health_default 
It will be easier to review it through boot test
Bug: 201230944
Test: boot to home

Change-Id: I5008c4054ce04f062a8ca01a1e2bfd4cfe8daf70
 2021-09-28 08:04:38 +08:00
Adam Shih
54e3056f4c review vendor_battery_profile_prop 
The action came from PTS
Bug: 196916111
Test: boot to home

Change-Id: I950fb0fa3fd959d3c176d5fc960b57f905034d67
 2021-09-22 10:21:27 +08:00
Adam Shih
368ac5f679 review hal_nfc_default 
Bug: 196916111
Test: boot to home with nfc hal started
Change-Id: Iee8c30777f83788ff703c8094c03182171d713c5
 2021-09-17 11:06:51 +08:00
Adam Shih
256795caa7 review SSR app 
Bug: 198532074
Test: boot with SSR app labeled
Change-Id: I7fd0765ffdcc5632be1c91a28de25c6e1e531e26
 2021-09-14 04:00:15 +00:00
Adam Shih
18fb79d460 review rild 
Bug: 198532074
Test: boot with rild started
Change-Id: Ic29d2cbbb9691f1386c024d1438fdd050ef14b8f
 2021-09-03 15:25:10 +08:00
Adam Shih
b12473a9de review modem_diagnostic_app 
Bug: 196916111
Test: boot with modem_diagnostic_app running
Change-Id: Ic79f2048f840845ba73cc4d0853371a50ce63317
 2021-08-18 11:07:37 +08:00
Adam Shih
c2582ecc01 review dmd sepolicy 
Bug: 196916111
Test: boot with dmd launched successfully
Change-Id: Ic962ab09dcd7697c27f9b2ab68400a0060573888
 2021-08-18 09:46:29 +08:00