Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
212 Commits 2 Branches 0 Tags
971ea5d074ef111faaf5700ace396bb6442c3e38
Commit Graph

212 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Lin
971ea5d074 vibrator hal: add support for drv2624 haptics driver on wahoo 
This adds the vibrator HAL that implements the new setAmplitude and
perform(Effect) API.

Test done: vibrator_hidl_hal_test
Bug: 36782452

Change-Id: If9988434277790becb469d4dd928e75f7e6af41a
Signed-off-by: David Lin <dtwlin@google.com>
 2017-04-05 12:44:20 -07:00
Wei Wang
df8b9af4a5 Merge "wahoo: improve boot time and pull in bootanim display time" 2017-04-05 14:33:42 +00:00
TreeHugger Robot
aa4df693c7 Merge "Add usb service" 2017-04-05 02:45:58 +00:00
Wei Wang
e0fc600245 wahoo: improve boot time and pull in bootanim display time 
1) separate fstab mount
2) launch bootanim early
3) boottime cpuset/io tune
4) parallel slow init operations: write sysfs and insmod

After CL:
Boot time saved 330ms, bootanim triggered early before data/ mounted

Bug: 36780513
Test: walleye boots
Change-Id: I02803179746710413f4b1e2372f3550cd95d1581
 2017-04-04 19:11:21 -07:00
TreeHugger Robot
b1a2a67cf8 Merge "Adding service_context's and allows to handle the following denials" 2017-04-04 23:49:46 +00:00
TreeHugger Robot
5cb55c5e82 Merge "Wifi Offload HAL implementation for V1.0 interface" 2017-04-04 23:10:35 +00:00
Wei Wang
86ca1da571 Merge "wahoo: include missing libwpa_client" 2017-04-04 22:12:49 +00:00
Max Bires
26fe3e3a66 Adding service_context's and allows to handle the following denials 
denied  { add } for service=rcs pid=3849 uid=1001 scontext=u:r:radio:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager

denied  { add } for service=qti.ims.ext pid=5885 uid=1001
scontext=u:r:radio:s0 tcontext=u:object_r:default_android_service:s0
tclass=service_manager

denied  { add } for service=cneservice pid=3134 uid=1000
scontext=u:r:system_app:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager

denied  { find } for service=permission pid=839 uid=0
scontext=u:r:folio_daemon:s0 tcontext=u:object_r:permission_service:s0
tclass=service_manager

denied  { find } for service=sensorservice pid=839 uid=0
scontext=u:r:folio_daemon:s0
tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager

denied  { add } for
service=com.fingerprints.extension.IFingerprintNavigation pid=847
uid=1000 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager

denied { set } for property=radio.traffic.stats.tx pid=830 uid=1001
gid=1001 scontext=u:r:rild:s0 tcontext=u:object_r:default_prop:s0
tclass=property_service

denied { getattr } for pid=708 comm="servicemanager"
scontext=u:r:servicemanager:s0 tcontext=u:r:folio_daemon:s0
tclass=process

denied { open } for pid=708 comm="servicemanager"
path="/proc/832/attr/current" dev="proc" ino=33917
scontext=u:r:servicemanager:s0 tcontext=u:r:folio_daemon:s0 tclass=file

denied { read } for pid=708 comm="servicemanager" name="current"
dev="proc" ino=33917 scontext=u:r:servicemanager:s0
tcontext=u:r:folio_daemon:s0 tclass=file

denied { search } for pid=708 comm="servicemanager" name="832"
dev="proc" ino=21805 scontext=u:r:servicemanager:s0
tcontext=u:r:folio_daemon:s0 tclass=dir

denied { call } for pid=743 comm="Binder:698_2" scontext=u:r:per_mgr:s0
tcontext=u:r:system_server:s0 tclass=binder

denied { call } for pid=743 comm="Binder:698_2" scontext=u:r:per_mgr:s0
tcontext=u:r:rild:s0 tclass=binder

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I0b09503680bb8e11d5e4ae63033a441e4c03a2cd
 2017-04-04 21:53:50 +00:00
Sohani Rao
a25b59e448 Wifi Offload HAL implementation for V1.0 interface 
Implements Offload HAL HIDL service for Wifi Offload v1.0 interface

Bug: 32842314
Test: Unit tests and Mannual test to ensure service is running
Change-Id: I9612ec28b9b042be10b7e022362124de906649ab
 2017-04-04 14:29:20 -07:00
Trevor Bunker
8a611aeffe sepolicy: fix build 
duplicate file type chre_socket

Test: manual build
Change-Id: Ic608570c6a86a7ef8bdbda9449c6123e4372d3bb
 2017-04-04 13:34:32 -07:00
Wei Wang
0db68e8fe3 wahoo: include missing libwpa_client 
Bug: 36893555
Test: build and boot muskie
Change-Id: I6cde962cebdfc15f377ca0d9f36aadeafedade06
 2017-04-04 11:49:01 -07:00
TreeHugger Robot
778d0e0bc6 Merge "Adding allows to handle the following denials." 2017-04-04 18:10:40 +00:00
Max Bires
275bad3194 Adding allows to handle the following denials. 
denied  { add find } for service=rcs pid=8083 uid=1001
scontext=u:r:radio:s0 tcontext=u:object_r:default_android_service:s0
tclass=service_manager

denied  { find } for service=vendor.qcom.PeripheralManager pid=850
uid=1000 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:per_mgr_service:s0 tclass=service_manager

denied  { find } for service=vendor.qcom.PeripheralManager pid=846
uid=1001 scontext=u:r:rild:s0 tcontext=u:object_r:per_mgr_service:s0
tclass=service_manager

denied  { find } for service=vendor.qcom.PeripheralManager pid=1365
uid=1000 scontext=u:r:system_server:s0
tcontext=u:object_r:per_mgr_service:s0 tclass=service_manager

denied { relabelto } for name="sda20" dev="tmpfs" ino=18344
scontext=u:r:init:s0 tcontext=u:object_r:sda_block_device:s0
tclass=blk_file

denied { getattr } for pid=2911 comm="droid.bluetooth"
path="/storage/emulated" dev="tmpfs" ino=80994 scontext=u:r:bluetooth:s0
tcontext=u:object_r:storage_stub_file:s0 tclass=dir

denied { write } for pid=841 comm="chre" name="socket" dev="tmpfs"
ino=20101 scontext=u:r:chre:s0 tcontext=u:object_r:socket_device:s0
tclass=dir

denied { ioctl } for pid=837 comm="folio_daemon" path="/dev/binder"
dev="tmpfs" ino=20922 ioctlcmd=6201 scontext=u:r:folio_daemon:s0
tcontext=u:object_r:binder_device:s0 tclass=chr_file

denied { create read getattr } for pid=700 comm="android.hardwar"
name="WCD9340_Bluetooth_cal.acdbdelta" scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:audio_data_file:s0 tclass=file

denied { search write add_name } for pid=700 comm="android.hardwar"
name="audio" dev="sda45" ino=639037 scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:audio_data_file:s0 tclass=dir

denied { connectto } for pid=935 comm="HwBinder:823_2"
path="/dev/socket/perfd" scontext=u:r:mediacodec:s0
tcontext=u:r:perfd:s0 tclass=unix_stream_socket

denied { connectto } for pid=1276 comm="writer" path="/dev/socket/perfd"
scontext=u:r:hal_audio_default:s0 tcontext=u:r:perfd:s0
tclass=unix_stream_socket

denied { write } for pid=1276 comm="writer" name="perfd" dev="tmpfs"
ino=24997 scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:perfd_socket:s0 tclass=sock_file

denied { create read getattr } for pid=841 comm="perfd"
name="default_values" scontext=u:r:perfd:s0
tcontext=u:object_r:system_data_file:s0 tclass=file

denied { write add_name } for pid=841 comm="perfd" name="perfd"
dev="sda45" ino=3407877 scontext=u:r:perfd:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { read } for pid=841 comm="perfd" name="cpus" dev="cgroup" ino=99
scontext=u:r:perfd:s0 tcontext=u:object_r:cgroup:s0 tclass=file

denied { read open getattr } for pid=803 comm="perfd"
name="u:object_r:post_boot_prop:s0" dev="tmpfs" ino=18264
scontext=u:r:perfd:s0 tcontext=u:object_r:post_boot_prop:s0 tclass=file

denied { read open ioctl } for pid=702 comm="android.hardwar"
path="/dev/block/sdb" dev="tmpfs" ino=10114 ioctlcmd=1268
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

denied { write } for pid=703 comm="android.hardwar" name="sdb"
dev="tmpfs" ino=18208 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sdb_block_device:s0 tclass=blk_file

denied { connectto } for pid=704 comm="android.hardwar"
path="/dev/socket/perfd" scontext=u:r:hal_power_default:s0
tcontext=u:r:perfd:s0 tclass=unix_stream_socket

denied { search } for pid=714 comm="android.hardwar"
name="800f000.qcom,spmi" dev="sysfs" ino=17602
scontext=u:r:hal_usb_default:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read open getattr } for pid=714 comm="android.hardwar"
name="current_power_role" dev="sysfs" ino=49071
scontext=u:r:hal_usb_default:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=file

denied { search } for pid=1062 comm="imsdatadaemon" name="netmgr"
dev="tmpfs" ino=22946 scontext=u:r:ims:s0
tcontext=u:object_r:netmgrd_socket:s0 tclass=dir

denied { create setattr unlink } for pid=818 comm="init" name="chre"
dev="tmpfs" ino=21770 scontext=u:r:init:s0
tcontext=u:object_r:socket_device:s0 tclass=sock_file

denied { connectto } for pid=696 comm="setprop"
path="/dev/socket/property_service" scontext=u:r:init_power:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { set } for property=sys.post_boot.parsed pid=696 uid=0 gid=0
scontext=u:r:init_power:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

denied { write } for pid=696 comm="setprop" name="property_service"
dev="tmpfs" ino=21108 scontext=u:r:init_power:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { read open write } for pid=836 comm="perfd" name="swap_ratio"
dev="proc" ino=25638 scontext=u:r:perfd:s0 tcontext=u:object_r:proc:s0
tclass=file

denied { read open } for pid=827 comm="perfd"
name="available_frequencies" dev="sysfs" ino=33342 scontext=u:r:perfd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { search } for pid=827 comm="perfd" name="5000000.qcom,kgsl-3d0"
dev="sysfs" ino=21521 scontext=u:r:perfd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=827 comm="perfd" name="devfreq" dev="sysfs"
ino=33377 scontext=u:r:perfd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=lnk_file

denied { write } for pid=881 comm="perfd" name="perfd" dev="sda45"
ino=3407877 scontext=u:r:perfd:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { read } for pid=827 comm="perfd" name="soc_id" dev="sysfs"
ino=49301 scontext=u:r:perfd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { write } for pid=3830 comm=504F5349582074696D65722032
name="perfd" dev="tmpfs" ino=8971 scontext=u:r:perfd:s0
tcontext=u:object_r:perfd_socket:s0 tclass=sock_file

denied { search } for pid=827 comm="perfd" name="soc0" dev="sysfs"
ino=49297 scontext=u:r:perfd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

denied { kill } for pid=858 comm="perfd" capability=5
scontext=u:r:perfd:s0 tcontext=u:r:perfd:s0 tclass=capability

denied { signull } for pid=858 comm="perfd" scontext=u:r:perfd:s0
tcontext=u:r:mediacodec:s0 tclass=process

denied { call } for pid=924 comm="Binder:732_1" scontext=u:r:per_mgr:s0
tcontext=u:r:wcnss_service:s0 tclass=binder

denied { search } for pid=3670 comm="IFMsg_Rxr" name="qmux_radio"
dev="tmpfs" ino=22942 scontext=u:r:radio:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=dir

denied { write } for pid=3789 comm="IFMsg_Rxr" name="rild_ims0"
dev="tmpfs" ino=28087 scontext=u:r:radio:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file

denied { search } for pid=1405 comm="rild" name="netmgr" dev="tmpfs"
ino=22946 scontext=u:r:rild:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=dir

denied { open } for pid=3138 comm=".dataservices"
path="/dev/__properties__/u:object_r:cnd_prop:s0" dev="tmpfs" ino=18241
scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_prop:s0 tclass=file

denied { create read getattr lock unlink } for pid=3134 comm="Thread-5"
name="xtra.sqlite" scontext=u:r:system_server:s0
tcontext=u:object_r:location_data_file:s0 tclass=file

denied { search } for pid=3594 comm="Thread-5" name="netmgr" dev="tmpfs"
ino=22946 scontext=u:r:system_server:s0
tcontext=u:object_r:netmgrd_socket:s0 tclass=dir

denied { search } for pid=1578 comm="system-server-i" name="/"
dev="sdd3" ino=2 scontext=u:r:system_server:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { call } for pid=3134 comm="Thread-5"
scontext=u:r:system_server:s0 tcontext=u:r:per_mgr:s0 tclass=binder

denied { search write add_name create read open remove_name } for
pid=3134 comm="Thread-5" name="location" dev="sda45" ino=639046
scontext=u:r:system_server:s0 tcontext=u:object_r:location_data_file:s0
tclass=dir

denied { transfer } for pid=1445 comm="Binder:1425_1"
scontext=u:r:system_server:s0 tcontext=u:r:folio_daemon:s0 tclass=binder

denied { read create write } for pid=929 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { ioctl } for pid=925 comm="time_daemon" path="socket:[18992]"
dev="sockfs" ino=18992 ioctlcmd=c302 scontext=u:r:time_daemon:s0
tcontext=u:r:time_daemon:s0 tclass=socket

denied { ioctl } for pid=859 comm="time_daemon" path="socket:[19003]"
dev="sockfs" ino=19003 ioctlcmd=c304 scontext=u:r:time_daemon:s0
tcontext=u:r:time_daemon:s0 tclass=socket

denied { read open } for pid=827 comm="time_daemon" name="rtc0"
dev="tmpfs" ino=22580 scontext=u:r:time_daemon:s0
tcontext=u:object_r:rtc_device:s0 tclass=chr_file

denied { read open getattr } for pid=860 comm="time_daemon"
name="soc_id" dev="sysfs" ino=49301 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { read open } for pid=827 comm="time_daemon" name="name"
dev="sysfs" ino=32499 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { setgid setuid sys_time } for pid=827 comm="time_daemon"
capability=6 scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0
tclass=capability

denied { search read open } for pid=827 comm="time_daemon"
name="msm_subsys" dev="sysfs" ino=16858 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=827 comm="time_daemon" name="subsys0"
dev="sysfs" ino=32507 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { search } for pid=860 comm="time_daemon" name="soc0" dev="sysfs"
ino=49297 scontext=u:r:time_daemon:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

denied { getattr setattr } for pid=589 comm="ueventd" name="sda20"
dev="tmpfs" ino=9908 scontext=u:r:ueventd:s0
tcontext=u:object_r:tmpfs:s0 tclass=blk_file

denied { ioctl } for pid=828 comm="cnss_diag" path="socket:[100666]"
dev="sockfs" ino=100666 ioctlcmd=8be5 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=udp_socket

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Iedf0a829a8e9629961104bb350e53224a179d5dd
 2017-04-04 16:37:57 +00:00
Vineeta Srivastava
d2559c428d Merge "Split fstab from wahoo" 2017-04-04 05:14:17 +00:00
Vineeta Srivastava
6391a9f523 Split fstab from wahoo 
Change-Id: I37ae0d2b5d1a12a513744b8f59cdc71aaf26dba1
 2017-04-03 18:11:10 -07:00
Vineeta Srivastava
93e84f9caf Start port-bridge service when serial_cdev is enabled 
Change-Id: I3113c45483893629ea417579b8b04446d2f52808
 2017-04-04 00:33:36 +00:00
Brian Duddie
ac4cb203d6 Merge "Add binderized context hub HAL" 2017-04-04 00:28:27 +00:00
TreeHugger Robot
8c6ba4b3ab Merge "Do not assume default names for VINTF." 2017-04-03 22:54:37 +00:00
TreeHugger Robot
e95cc6d94f Merge "Adding dirs to genfscon for sysfs to fix labeling issue." 2017-04-03 19:38:56 +00:00
Brian Duddie
dfdaceabf2 Add binderized context hub HAL 
Add context hub HAL implementation to the build, with new sepolicy files
that resolve these denials:

type=1400 audit(4779207.059:418): avc: denied { write } for pid=809
comm="android.hardwar" name="chre" dev="tmpfs" ino=32491
scontext=u:r:hal_contexthub_default:s0
tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=1

type=1400 audit(5568590.159:45): avc: denied { connectto } for pid=734
comm="android.hardwar" path="/dev/socket/chre"
scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:chre:s0
tclass=unix_stream_socket permissive=1

Bug: 35808469
Test: confirm HAL gets loaded, VTS passes, no denials from
      hal_contexthub_default
Change-Id: I1882571c0541de78242755cd4b3b1548365a388b
 2017-04-03 11:49:09 -07:00
matt_huang
2f747de0cd Change permissions of led driver 
Change-Id: Ia9a8dd8d401d274a37820bdb30727eec8b1f54b3
Signed-off-by: matt_huang <matt_huang@htc.com>
 2017-04-03 10:00:43 -07:00
Max Bires
73a599a65d Adding dirs to genfscon for sysfs to fix labeling issue. 
This fixes the following denials:
denied { open } for pid=669 comm="init.power.sh"
path="/sys/class/devfreq" dev="sysfs" ino=28322
scontext=u:r:init_power:s0 tcontext=u:object_r:sysfs:s0 tclass=dir

denied { search } for pid=669 comm="init.power.sh" name="soc:qcom,cpubw"
dev="sysfs" ino=18242 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { write } for pid=669 comm="init.power.sh" name="governor"
dev="sysfs" ino=44449 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=669 comm="init.power.sh"
path="/sys/devices/soc/soc:qcom,cpubw/devfreq/soc:qcom,cpubw/governor"
dev="sysfs" ino=44449 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

Bug: 35154684
Test: The above denials are cleared out and the tcontext is correct
Change-Id: Ida40036c18427ab9a3116b7b855a8418f11137e7
 2017-04-03 09:33:38 -07:00
Max Bires
f41ff958d8 Fixing the following run and boot time denials 
denied { getattr read open } for pid=716 comm="android.hardwar"
path="/dev/block/sdc1" dev="tmpfs" ino=21762
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

denied { set } for property=htc.camera.sensor.inf pid=717 uid=1047
gid=1005 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_prop:s0 tclass=property_service

denied { read open } for pid=642 comm="qseecomd" name="/" dev="sda45"
ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { read open search write add_name } for pid=642 comm="qseecomd"
name="fpdata" dev="sda45" ino=3408055 scontext=u:r:tee:s0
tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir

denied { create read } for pid=642 comm="qseecomd" name="user.db.bak"
scontext=u:r:tee:s0 tcontext=u:object_r:fingerprintd_data_file:s0
tclass=file

denied { read write } for pid=7567 comm="secdiscard" name="sda45"
dev="tmpfs" ino=21749 scontext=u:r:vold:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: If5d8fffd2c50e85e22c7bcbbb429bd80bbf1f0fa
 2017-04-02 19:07:17 -07:00
Max Bires
3669fffc1f Adding allows to fix following denials during run/boot time 
denied { write } for pid=808 comm="cnd" name="property_service"
dev="tmpfs" ino=19844 scontext=u:r:cnd:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { connectto } for pid=808 comm="cnd"
path="/dev/socket/property_service" scontext=u:r:cnd:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { set } for property=persist.sys.cnd.iwlan pid=808 uid=1000
gid=1000 scontext=u:r:cnd:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

denied { sendto } for pid=808 comm="cnd" path="/dev/socket/wpa_wlan0"
scontext=u:r:cnd:s0 tcontext=u:r:hal_wifi_supplicant_default:s0
tclass=unix_dgram_socket

denied { connectto } for pid=687 comm="android.hardwar"
path=0062745F736F636B scontext=u:r:hal_bluetooth_default:s0
tcontext=u:r:wcnss_filter:s0 tclass=unix_stream_socket

denied { getattr } for pid=688 comm="android.hardwar"
path="/dev/block/sdb1" dev="tmpfs" ino=21693
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

denied { read } for pid=688 comm="android.hardwar" name="by-name"
dev="tmpfs" ino=19833 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:block_device:s0 tclass=dir

denied { sendto } for pid=4906 comm="wpa_supplicant"
path="/data/misc/wifi/sockets/wpa_ctrl_808-2"
scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:cnd:s0
tclass=unix_dgram_socket

denied { connectto } for pid=1071 comm="imsdatadaemon"
path="/dev/socket/netmgr/netmgr_connect_socket" scontext=u:r:ims:s0
tcontext=u:r:netmgrd:s0 tclass=unix_stream_socket

denied { open getattr } for pid=7689 comm="Thread-2"
path="/dev/__properties__/u:object_r:ramdump_prop:s0" dev="tmpfs"
ino=20494 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:ramdump_prop:s0 tclass=file

denied { write } for pid=3588 comm="IFMsg_Rxr" name="rild_ims0"
dev="tmpfs" ino=30159 scontext=u:r:radio:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file

denied { read open } for pid=672 comm="ramdump" name="fstab" dev="sysfs"
ino=16483 scontext=u:r:ramdump:s0 tcontext=u:object_r:sysfs:s0
tclass=dir

denied { read open getattr } for pid=672 comm="ramdump" name="cmdline"
dev="proc" ino=4026532068 scontext=u:r:ramdump:s0
tcontext=u:object_r:proc:s0 tclass=file

denied { connectto } for pid=3249 comm="Thread-4"
path="/dev/socket/netmgr/netmgr_connect_socket"
scontext=u:r:system_server:s0 tcontext=u:r:netmgrd:s0
tclass=unix_stream_socket

denied { call transfer } for pid=3148 comm="Thread-4"
scontext=u:r:system_server:s0 tcontext=u:r:per_mgr:s0 tclass=binder

denied { write } for pid=3249 comm="Thread-4"
name="netmgr_connect_socket" dev="tmpfs" ino=25191
scontext=u:r:system_server:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=sock_file

denied { read write open } for pid=3337 comm="wcnss_filter"
name="ttyHS0" dev="tmpfs" ino=21812 scontext=u:r:wcnss_filter:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { getattr } for pid=826 comm="cnss-daemon"
path="/proc/sys/net/ipv4/tcp_adv_win_scale" dev="proc" ino=106652
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:proc_net:s0
tclass=file

denied { ioctl } for pid=7237 comm="ifconfig" path="socket:[108096]"
dev="sockfs" ino=108096 ioctlcmd=8914 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=udp_socket

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I1adafb8205c8d2a662921b42af9b580bc1d63bb8
 2017-04-03 00:23:03 +00:00
TreeHugger Robot
609f422c4d Merge "wahoo: Add libbt-vendor in device.mk" 2017-04-01 19:39:06 +00:00
TreeHugger Robot
ec45cdc146 Merge "Annotate core components that access vendor data types" 2017-04-01 04:43:18 +00:00
TreeHugger Robot
077214c030 Merge "sepolicy: add time_daemon domain to allow service to boot" 2017-04-01 01:56:06 +00:00
TreeHugger Robot
ddcd856200 Merge "nfc: Enable Binderized NFC HAL" 2017-04-01 01:49:06 +00:00
TreeHugger Robot
9614e64032 Merge "Start CHRE daemon on boot" 2017-04-01 01:41:26 +00:00
TreeHugger Robot
a09512fab6 Merge "Add QShrink database file in bugreport" 2017-04-01 00:30:03 +00:00
Thierry Strudel
a724e0a68f sepolicy: add time_daemon domain to allow service to boot 
Bug: 36813405
Change-Id: Ied27aaf28631117749b395c2aee225c32ee76298
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-03-31 16:56:01 -07:00
TreeHugger Robot
dab7846483 Merge "Add support for folio cases" 2017-03-31 23:40:38 +00:00
Thierry Strudel
d372a17a3c power_profile: initial values 
Change-Id: I3666b5942a114eb8b6556b6f1c11970966742089
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-03-31 23:38:10 +00:00
Yifan Hong
abd31bddb4 Do not assume default names for VINTF. 
Explicitly state each interface for each HAL.

Bug: 36570950
Test: boots, each HAL works
Change-Id: Iae567439933cf6014734f9a15fff0829707c4193
 2017-03-31 15:18:36 -07:00
Jie Song
7c99eaed4a Add QShrink database file in bugreport 
Bug: 36779903
Test: Trigger bugreport and check qdb file
Change-Id: Ic3d120c5a6b7bdd5c4e7ec38b327d4368cb615e2
 2017-03-31 14:04:05 -07:00
Andrew Lehmer
99cbc8d596 Add support for folio cases 
Bug: 35243564
Test: Used magnet to wake and lock device. Also tested during suspend.
Change-Id: I4b819e12cc23a3d7a8ce048e208c15eac4f8d6c5
 2017-03-31 13:08:45 -07:00
Brian Duddie
f2f151eebe Start CHRE daemon on boot 
Test: flash build, confirm CHRE daemon starts, SLPI does not crash, no
      SELinux denials, and context hub HAL connects to it and works
      normally
Change-Id: I7af26548ed6e5b0544db621468a8cb8839f878ed
 2017-03-31 13:07:50 -07:00
Ruchi Kandoi
fd5682266a nfc: Enable Binderized NFC HAL 
Test: Boots and NFC works
Bug: 36097473
Change-Id: I47a89b59fed2111f443960a5d0d2a0dcfa5bea5f
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
 2017-03-31 12:02:07 -07:00
Ruchi Kandoi
da8f1b44eb nfc: sepolicy: creates data/vendor/nfc/ for HAL specific data 
Test: NFC powers up without any denials
Bug: 36686703
Change-Id: Ib33a0042c5d03d2b9ee8a02dac143da9c8c216a9
Signed-off-by: Ruchi Kandoi<kandoiruchi@google.com>
 2017-03-31 12:02:03 -07:00
Ruchi Kandoi
9b94b777c0 nfc: Use hal_nfc_default domain for NFC HALs 
Bug: 36686581
Test: Boots without nfc related sepolicy denials
Change-Id: I69b89fe8068a4cb06058471f0ca73b9e69732d54
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
 2017-03-31 12:01:45 -07:00
Myles Watson
16ec889049 wahoo: Add libbt-vendor in device.mk 
Bug: 36810308
Test: build
Change-Id: I9743958ac9e6325d69367573d30bd6e57edfe139
 2017-03-31 11:49:33 -07:00
Brian Duddie
1e723fbe13 Merge "Add sepolicy for CHRE" 2017-03-31 18:41:06 +00:00
Alex Klyubin
3588a63f60 Merge "Add cameraserver and NFC HAL to socket comms violators list" 2017-03-31 16:12:08 +00:00
Jeff Vander Stoep
b779833c27 Annotate core components that access vendor data types 
A neverallow asserts that core domains may not access data types
specified in vendor policy. Some violations occured due to policy
granted to both HALs and HAL clients. Some of these violations could
be fixed by modifying the policy such that if a HAL no longer runs in
passthrough mode, then only apply permissions to the HAL itself and
not to clients.

For domains that still violate the neverallow rule, grant a temporary
exemption with TODOs and bugs assigned for the remaining work.

Bug: 34980020
Test: Build and boot Muskie. Make phone call, watch youtube video.
      No new denials observed.

Change-Id: I27ec9cdd04d8f5d5524b5b0bcb8c88f9edcc72fb
 2017-03-30 21:32:47 -07:00
Jie Song
c6778b1de3 Merge "Enable persist.radio.sib16_support for Wahoo" 2017-03-31 01:58:37 +00:00
Alex Klyubin
2ae5745596 Add cameraserver and NFC HAL to socket comms violators list 
Being on this list does not change what these domains can do. It only
loosens neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153
Change-Id: I376f08b1afd274376655679cd86bc6adeebf7c94
 2017-03-30 18:00:38 -07:00
Brian Duddie
4efae5dab1 Add sepolicy for CHRE 
Add SELinux domain for CHRE daemon, and grant permissions based on the
following audit output:

type=1400 audit(5568588.679:16): avc: denied { read } for pid=707
comm="chre" name="ion" dev="tmpfs" ino=21569 scontext=u:r:chre:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1

type=1400 audit(5568588.679:17): avc: denied { open } for pid=707
comm="chre" path="/dev/ion" dev="tmpfs" ino=21569 scontext=u:r:chre:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1

type=1400 audit(5568588.679:18): avc: denied { read } for pid=707
comm="chre" name="adsprpc-smd" dev="tmpfs" ino=21668
scontext=u:r:chre:s0 tcontext=u:object_r:qdsp_device:s0 tclass=chr_file
permissive=1

type=1400 audit(5568588.679:19): avc: denied { open } for pid=707
comm="chre" path="/dev/adsprpc-smd" dev="tmpfs" ino=21668
scontext=u:r:chre:s0 tcontext=u:object_r:qdsp_device:s0 tclass=chr_file
permissive=1

type=1400 audit(5568588.679:20): avc: denied { ioctl } for pid=707
comm="chre" path="/dev/adsprpc-smd" dev="tmpfs" ino=21668 ioctlcmd=5208
scontext=u:r:chre:s0 tcontext=u:object_r:qdsp_device:s0 tclass=chr_file
permissive=1

type=1400 audit(5568588.729:24): avc: denied { read } for pid=707
comm="chre" name="dsp" dev="sda20" ino=381 scontext=u:r:chre:s0
tcontext=u:object_r:system_file:s0 tclass=dir permissive=1

Test: run chre, confirm no denials in log
Change-Id: Ibd61dfa3d286e17561feffeef7afbc2bfec867ce
 2017-03-30 15:01:41 -07:00
TreeHugger Robot
8f6890a219 Merge "Add additional XML files needed for sound trigger hal." 2017-03-30 21:02:22 +00:00
Jie Song
a940a544c3 Enable persist.radio.sib16_support for Wahoo 
Bug: 36703499
Change-Id: I62ce4eee224a51d098081dd5efe1d844ed08d75f
 2017-03-30 13:44:17 -07:00
Mikhail Naganov
689da96d32 Bring up binderized Audio and Soundtrigger services on new Pixels 
Verified: audio in Hangouts, Play Music + EQ, YouTube,
    audio over A2DP and USB.

Soundtrigger seems to be working--the device wakes up to lockscreen,
need to dismiss it manually, and then Assistant prompt appears
immediately by itself. Looks to me more like an issue with Assistant
rather than with s/t.

Bug: 35808308
Bug: 36098105
Test: manual
Change-Id: I03c0e04a8f35b7da0bbef9dd32e606a07067ba36
 2017-03-30 11:19:37 -07:00