This daemon doesn't exist on the device and causes init errors during
boot.
init: /vendor/etc/init/hw/init.walleye.rc: 745: Unable to decode GID
for 'qcom_diag': getpwnam failed: No such file or directory
init: Could not start service 'vendor.qmuxd' as part of class 'main':
Cannot find '/vendor/bin/qmuxd': No such file or directory
Test: tree-hugger passes
Merged-In: Ib2bc1739cac088af3e9ef2e0482f2536dad8fb8c
Change-Id: Ib2bc1739cac088af3e9ef2e0482f2536dad8fb8c
Before it had permissions to use hal_graphics_allocator_hwservice,
but it didn't declare itself to be an allocator_client.
Bug: 80319537
Test: boot + sanity
Change-Id: I93a23cd3db270491e82b378507f3cb55063561e8
system properties must not be used as a communication channel in between
system and vendor processes. However, there has been no enforcement on
this: system process could write system properties that are owned and
read by vendor processes and vice versa. Such communication should be
done over hwbinder and should be formally specified in HIDL.
Until we finish migrating the existing use cases of sysprops to HIDL,
whitelisting them in system_writes_vendor_properties_violators so that
the violators are clearly tracked.
These violators are allowed only for P, but not for Q.
Bug: 78598545
Test: m -j selinux_policy
Merged-In: I60b12f1232c77ad997c8c87e6d91baa14c626e94
Change-Id: I60b12f1232c77ad997c8c87e6d91baa14c626e94
(cherry picked from commit 3ee4e77674)
We saw a similar denial on Marlin where thermal_engine was trying to
access /dev/diag. This ports that fix to Wahoo to try to fix its
denial.
Bug: 78019417
Test: Build policy.
Change-Id: I3702e705ea4f99a58f4b96008d236d33ecd8045c
Enable the Hearing Aid Profile for Pixel 2's and Pixel's.
Note: Cherry-picked from internal branch.
Bug: 78142728
Test: Manual Pairing on various Pixel phones
Change-Id: I1323387592bbedf69b4fc9185b121d616c96fd9e
(cherry picked from commit accc78a8c0)
These denials seem to be caused by a race with the process that labels
the files.
Bug: 77635294
Test: Build policy.
Merged-In: Ieed9c2be18a092e92ec90fc8a07fa17c8ec19308
Change-Id: Ieed9c2be18a092e92ec90fc8a07fa17c8ec19308
(cherry picked from commit 2c67552cfd)
We've seen these processes trying to access this file, so allow it.
Note that this is likely why they needed the sysfs_diag permission we
granted earlier.
Bug: 77908806
Test: Build
Change-Id: I60a2dae5a0635156070397242f13695678f1d00e
This allows the behavior on userdebug and eng builds and hides it on
user builds.
Bug: 77908806
Test: Build policy.
Merged-In: I0d858a94bb1bab6069107209494536a62019788f
Change-Id: I3ba64a7b7350ae29883f1bd90ea86057c13d4835
So they can be removed from this device specific policy.
Bug: 77850279
Test: walleye + more restrictions continues to have FBE work
Change-Id: Ib77abd81ae886b40f5a078c379d352a53d865e31
(cherry picked from commit 659079a862)
This adds numerous bug_map entries to try to annotate all denials
we've seen.
Bug: 78117980
Test: Build
Change-Id: I78923ebeb8837e09920941450d40504da3924022
This allows the behavior on userdebug and eng builds and hides it on
user builds.
Test: Boot device.
Merged-In: I936f08283bcd03ef88c55b3849f54d2dab5a5d64
Change-Id: I2b9df0f941b25c7813bf2410e94e14f24a7915a6
These are set by the core build system, and are becoming readonly.
Bug: 76424357
Test: lunch aosp_taimen-userdebug; m nothing
Test: build-aosp_taimen.ninja is the same
Change-Id: Iaa1dc4844d7926d711a6dea680011141ab684e56
Tests in aosp/646548 assert that genfs_contexts labeled filesystems
use the correct attributes such as files in /sys having sysfs_type.
Bug: 74182216
Test: build with aosp/646548 - these are build-time tests.
Change-Id: If82fe17632f0c28e481eb7e831730c6ba22d3877
* changes:
Remove regex and label the whole directory.
Remove unnecessary permissions.
Grant hal_bootctl permissions for new type.
Ensure taking a bugreport generates no denials.
libnfc-nci.conf shouldn't be a part of vendor image, since it is
accessed by libnfc-nci and Nfc application, both are part of system
image.
Test: Nfc enable/disable
Bug: 72080121
Merged-In: I686ba234c7d2aa923070c3fa980c56b73b18e574
Change-Id: I686ba234c7d2aa923070c3fa980c56b73b18e574
This is cleaner, as it allows us to remove a regex and label the
entire directory, and it will hopefully improve performance.
Bug: 74209458
Bug: 74366296
Test: Boot device, verify file labels, and test wifi and camera.
Test: Locally flashed OTA by following go/manual-ab-ota.
Test: Locally tested updated_verifier by following b/74366296#comment8.
Merged-In: I003dc949cf109cc63d75cee9515ef72cb9d0f055
Change-Id: I85f07b2fc8bfb472f25a66e32d3c7d746886535e
(cherry picked from commit 8a70f7ef1d)
Remove sysfs file permissions and use the generic type for
directories.
Bug:74213358
Test: Flash OTA.
Merged-In: I27a27972f01a273b4eb65d72dd8f2827c1a374af
Change-Id: I27a27972f01a273b4eb65d72dd8f2827c1a374af
This commit adds new SELinux permissions and neverallow rules so that
taking a bugreport does not produce any denials.
Bug: 73256908
Test: Captured bugreports on Sailfish and Walleye and verified
that there were no denials.
Merged-In: I84ed2be7438a4202d37ff91cb3846f491de29d70
Change-Id: If7151a5b5aaf4d1084ac2ed617c1867bc214281c
It's causing surfaceflinger denials and does not exist on other
devices. Grant kernel read access to vendor/firmware's new type.
denied { search } for comm="surfaceflinger" name="firmware"
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_firmware_file:s0
tclass=dir
denied { read } for comm="surfaceflinger" name="a530_pm4.fw"
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_file:s0
tclass=file permissive=0
Test: boot Taimen without denials.
Bug: 68213100
Change-Id: I8b070a0aae59e12391c881cec8a46b6b4dbe1c67
It's causing surfaceflinger denials and does not exist on other
devices. Grant kernel read access to vendor/firmware's new type.
denied { search } for comm="surfaceflinger" name="firmware"
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_firmware_file:s0
tclass=dir
Test: boot Taimen without denials.
Bug: 68213100
Change-Id: Ib5e1187a09ba59907c29e3de51f7189d25d42b49
Add dependency to install move_widevine_data.sh to /system/bin.
The script is only needed for existing devices that
are running Widevine DRM and are upgrading to Pi or later
Android releases.
Test: Upgrade from O-MR1 to Pi, Netflix & Play Movies
can play back offline content downloaded in O-MR1
Test: adb shell to verify script is in /system/bin
Test: adb shell to verify widevine data is moved to
/data/vendor/mediadrm
Test: use audit2allow to verify no avc:denied for widevine drm service
bug: 73656300
Change-Id: Ie42a8229c4d20f71725ba7e8f5c2b267976ed294
