Permit the sensors daemon to read files in /sys/devices/soc0, which is
used to identify the hardware revision it is running on, so it can
properly handle registry variations.
Addresses these denials (and more which would occur if only the blocked
operations were permitted):
type=1400 audit(2017551.030:4): avc: denied { getattr } for pid=805
comm="sensors.qcom" path="/sys/devices/soc0/hw_platform" dev="sysfs"
ino=50525 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file permissive=0
Bug: 63857630
Bug: 63901499
Test: confirm denials do not appear on boot, sanity check all sensors
provide data, run sensors CTS
Change-Id: I2ba59a21b22d09af03226d5993d80e1d868bf607
Grant capabilities and change file permissions to allow the sensors.qcom
daemon to start up as the system user/group, rather than running as
root.
Fixes: 63775281
Test: monitor logcat after reboot, confirm no file open errors. Run
QSensorTest, confirm all sensors provide sane data. Confirm that
IMU calibration can read + write its saved settings. Run sensors CTS.
Change-Id: Ib80ea21900d6af6cd34c82c4a63f50c7e0ac18ff
Adds some tracing for the launch hint in the power HAL.
Test: extra trace data confirmed
bug 63913311
Change-Id: I6a207e4a0134650f9d339648a1058ddf5b2e7d9c
console_suspend defaults to Y in the kernel and we want
to control it in an init script where we set
console_suspend = Y if serial console is enabled and
console_suspend = N if serial console is disabled.
Bug: 63857173
Test: boot with serial console enabled / disabled
Change-Id: I8743a2bbda0d09596d46b9376c901e854677a0e5
Setting ioprio to realtime within rmt_stroage requires unnecessarily
granting CAP_SYS_ADMIN, which is a highly privileged superuser
capability.
Having init set ioprio at service launch removes the need for
granting this capability and keeps rmt_storage unprivileged.
Addresses the following errors:
07-20dd 14:21:03.867 824 824 W rmt_storage: type=1400 audit(0.0:4):
avc: denied { sys_admin } for capability=21 scontext=u:r:rmt_storage:s0
tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0
07-20 14:21:03.874 824 824 E rmt_storage: Error setting io priority
to CLASS_RT (1)
Test 1 and 2 below verify that my change results in the intended
behavior. Test 3 is a sanity check to show the state without
granting CAP_SYS_ADMIN and to demonstrate that my change results
in the intended state.
Test: original code with CAP_SYS_ADMIN granted
# ionice -p <rmt_storage pid>
Realtime: prio 0
Test: ioprio_set moved to init.rc script
# ionice -p <rmt_storage pid>
Realtime: prio 0
Test: original code without CAP_SYS_ADMIN granted (sanity check)
# ionice -p <rmt_storage pid>
unknown: prio 0
Bug: 63074582
Change-Id: I9bc660aaca72f3df562e8010bc23c9731f648a9e
1) Explicitly specify uid, gid and groups needed for cnd Add
CAP_BLOCK_SUSPEND
2) Move sys.ims properties to vendor.ims
3) Remove imscmservice from init as its not used on Pixel
Bug: 63850865
Bug: 63804057
Change-Id: Ie8f0eefa96a21605a63ae5a73e59270866704ed7
This reverts commit 134f509da1.
I'm not sure if the start time of qseecomd has been moving around, but
it seems that this is no longer necessary.
Bug: 37589340
Test: enroll new fingerprints and authenticate with them. FDR should not
have problems upon reboot.
Change-Id: I0b817143de5f3aa13ac5baabfe3c8a59f0341710
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Bug: 63818298
Test: confirm CHRE starts up, and HAL can communicate with it via
monitoring logcat and running lshal debug
Change-Id: I72f74d66f98266ba1bcd417e5ec61ace4ddb780c
Bug: 63147021
Test: Verify app can run and access diag interface
Change-Id: I6aaadd5af6508aee8229968636e4f76c8c957d5e
(cherry picked from commit a48092ad06)
From a qualcomm diag composition has idVendor 0x05c6,
the other Google USB composition change does not work properly
That's because this configfs.rc file change only idProduct.
Add Google's vendor id 0x18d1 to each composition.
Bug: 63056085
Change-Id: I2e45fe2176ad4601b23b33edeb5d6dbee5111242
Signed-off-by: seokjeong.hong <seokjeong.hong@lge.com>
NAK'ed OUT transfers never complete once the usb controller enters
L1 LPM. The issue was rootcaused to the usb controller not performing
remote wakeup when it enters L1 and a trasaction is queued.
Since, this is entirely controlled by controller's hardware,
disable L1 lpm to prevent transfer failure.
Also, init already has the required sepolicy to write to sysfs nodes.
Bug: 62038982
Test: Transfers happen with Broadwell chromebooks
Change-Id: Ibb13b5b79e1aa6a5d35ddcaffece4ef4942920b7
