summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-01-10Allow SystemUI to access fp hal.android-13.0.0_r82android-13.0.0_r81android-13.0.0_r80android-13.0.0_r74android-13.0.0_r73android-13.0.0_r72android-13.0.0_r66android-13.0.0_r65android-13.0.0_r64android-13.0.0_r60android-13.0.0_r59android-13.0.0_r58android13-qpr3-c-s8-releaseandroid13-qpr3-c-s7-releaseandroid13-qpr3-c-s6-releaseandroid13-qpr3-c-s5-releaseandroid13-qpr3-c-s4-releaseandroid13-qpr3-c-s3-releaseandroid13-qpr3-c-s2-releaseandroid13-qpr3-c-s12-releaseandroid13-qpr3-c-s11-releaseandroid13-qpr3-c-s10-releaseandroid13-qpr3-c-s1-releaseJoshua McCloskey
Bug: 261209932 Test: Verified SystemUI can access HAL extension. Change-Id: Iefeca78703af30246420a55133c00769b84789f9 Merged-In: Iefeca78703af30246420a55133c00769b84789f9
2023-01-09Merge "fingerprint: allow fps to access sysfs_leds" into tm-qpr-devEddie Lan
2022-12-23sepolicy: add necessary sepolicy for dual batteryWasb Liu
12-22 16:24:51.964 1000 865 865 I auditd : type=1400 audit(0.0:10): avc: denied { read } for comm="android.hardwar" name="logbuffer_maxfg_secondary" dev="tmpfs" ino=799 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 12-22 16:24:51.968 1000 865 865 I auditd : type=1400 audit(0.0:11): avc: denied { read } for comm="android.hardwar" name="logbuffer_maxfg_secondary_monitor" dev="tmpfs" ino=630 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 12-22 16:24:51.968 1000 865 865 I auditd : type=1400 audit(0.0:12): avc: denied { read } for comm="android.hardwar" name="logbuffer_dual_batt" dev="tmpfs" ino=1040 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 12-22 16:23:17.056 1000 522 522 I auditd : type=1400 audit(0.0:4): avc: denied { read } for comm="binder:522_1" name="wakeup65" dev="sysfs" ino=79686 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 Bug: 263496320 Test: no dual batt related denied Change-Id: I021cd15d771524828a942fe1e4c63e3a24418ae8 Signed-off-by: Wasb Liu <wasbliu@google.com>
2022-12-15fingerprint: allow fps to access sysfs_ledseddielan
Bug: 261151317 Test: make selinux_policy -j112 Change-Id: If098515510ac48efb7d2ea23f4aeee87869e01e6
2022-12-14remove tracking denial of device chr_fileJenny Ho
Bug: 254164096 Change-Id: I300d092df3610f29f05ca65a89eba5459ca0063a Signed-off-by: Jenny Ho <hsiufangho@google.com>
2022-12-02Remove sepolicy for vibrator manager serviceChase Wu
Bug: 260090235 Test: check avc error Change-Id: I2cb9f9efe849ae6e7fb9b1b5aba2f92a3346af6d Signed-off-by: Chase Wu <chasewu@google.com>
2022-11-24Allow dumpstate to access touch vendor nodes[DO NOT MERGE]Mason Wang
Fix following avc denial log: avc: denied { read } for name="driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { write } for name="driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/proc/fts/driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/appid" dev="sysfs" ino=110523 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=110529 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/proc/fts_ext/driver_test" dev="proc" ino=4026535585 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721 Bug: 226475119 Bug: 254164096 Test: There are no above avc denial logs. Change-Id: I0a136a7e259640e3e13ea66c945251cf26878b33
2022-11-22Revert "Allow dumpstate to access touch vendor nodes"Nicole Lee
This reverts commit b1d4e8ab2f5e985656b9f58801776b200ae00d8f. Reason for revert: DroidMonitor: Potential culprit for Bug 260019672 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted. Change-Id: I8c3bf9982eb9c163e73e75624fd3265ddaa1de95
2022-11-11sepolicy: Allow fingerprint to access fwk hwserviceeddielan
11-11 19:57:30.203 464 464 E SELinux : avc: denied { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_fingerprint_capacitance:s0 pid=903 scontext=u:r:hal_fingerprint_capacitance:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=0 Bug: 258783592 Test: Build pass Change-Id: I58a31c04cbb45ab12b0bf42a10c57ddf4f065ee7
2022-11-03add sepolicy for vibrator manager serviceChase Wu
Bug: 181615889 Test: Run all test suites Signed-off-by: chasewu <chasewu@google.com> Change-Id: Ie9e3c86b01afb26557ae69ead813dd123b4df91b
2022-10-28Allow dumpstate to access touch vendor nodesMason Wang
Fix following avc denial log: avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { read } for name="driver_test" dev="proc" ino=4026535565 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 bug=b/240632721 avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721 Bug: 226475119 Bug: 254164096 Test: There are no above avc denial logs. Change-Id: Ie01104ebfb94154584d9d466cb295095eb634f48
2022-10-27Merge "sepolicy: remove tracking bugs for PowerStatsHAL and SystemSuspend" ↵TreeHugger Robot
into tm-qpr-dev
2022-10-26sepolicy: remove tracking bugs for PowerStatsHAL and SystemSuspendDarren Hsu
b/240632970 is not reproducible on TD3A.221020.001. b/240632822 has been fixed by ag/20209545. Bug: 240632970 Bug: 240632822 Test: Capture bugreport and check no avc denails Change-Id: I9a2290e2857415c3edecd98b88af6382a42530ff Signed-off-by: Darren Hsu <darrenhsu@google.com>
2022-10-26Fix FPS servicemanager sepolicy issueeddielan
10-25 03:25:07.740 429 429 I auditd : type=1400 audit(0.0:4): avc: denied { call } for comm="servicemanager" scontext=u:r:servicemanager:s0 tcontext=u:r:hal_fingerprint_capacitance:s0 tclass=binder permissive=0 Bug: 253533883 Test: make selinux_policy -j128 && check log on device Change-Id: Ic3007d53398eb9770466c24b3aa49c1325bdbb47
2022-10-19Merge "sepolicy: add sysfs_wakeup labels for System Suspend" into tm-qpr-devTreeHugger Robot
2022-10-18sepolicy: add sysfs_wakeup labels for System SuspendDarren Hsu
Bug: 253980198 Test: run vts -m SuspendSepolicyTests Change-Id: Ie58c35b37ad0a904d0292d2be9092f82b02d514b Signed-off-by: Darren Hsu <darrenhsu@google.com>
2022-10-17Remove fingerprint tracking bugeddielan
Patch was merged on ag/19457937 Bug: 240633068 Test: make selinux_policy -j128 Change-Id: Ic25e266701993fadc51b12c25c9a170c38e29785
2022-09-07Remove bug mapping in the tracking denialsTed Lin
Bug: 240632860 Test: Check the bugreport Signed-off-by: Ted Lin <tedlin@google.com> Change-Id: Ic4c68fe39b3e7e82cf9edcb6b594b598f5ba9499
2022-08-25Update error on ROM 8979803Adam Shih
Bug: 240632860 Test: SELinuxUncheckedDenialBootTest Change-Id: Ie192b157e89f86fe36b99202e6ab8677a55c7cee
2022-08-24Add sepolicy for dual_batt_gauge power supplyWasb Liu
08-23 02:45:54.456 860 860 I auditd : type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=100372 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 243491187 Test: reboot device and check the avc Signed-off-by: Wasb Liu <wasbliu@google.com> Change-Id: I7600c816e743fc91afaf66db00ba332229b21e28
2022-08-19Merge "Remove bug mapping in the tracking denials" into tm-qpr-devTed Lin
2022-08-09Merge "Revert "Update SELinux error"" into tm-qpr-devTreeHugger Robot
2022-08-09Revert "Update SELinux error"Adam Shih
This reverts commit 342edcb7de37428614b7e2db2839f88424e73e7c. Reason for revert: ag/19563471 has fixed the problem Change-Id: Iad76a9ca182e1cf3363dc58aed943ef4ae13be59
2022-08-04Remove bug mapping in the tracking denialsTed Lin
Bug: 240632860 Test: Check the bugreport Signed-off-by: Ted Lin <tedlin@google.com> Change-Id: I35c69c1289337cd40ab3511512045b986bad9388
2022-08-03Sepolicy: fix the avcTed Lin
07-29 08:18:53.464 876 876 I auditd : type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=78463 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 240632860 Test: reboot device and check the avc Signed-off-by: Ted Lin <tedlin@google.com> Change-Id: Ibb1f93c2003e9229c1fd2b3bd14ee022fa6539cc
2022-08-02Update SELinux errorAdam Shih
Test: SELinuxUncheckedDenialBootTest Bug: 241034024 Change-Id: I712b025aef59d838773ff55b62b8fb5ecbcbb35b
2022-08-01Merge "Fix FPS hwservice sepolicy issue" into tm-qpr-devTreeHugger Robot
2022-07-29Fix FPS hwservice sepolicy issueeddielan
avc: denied { find } for interface=com.fingerprints42.extension::IFingerprintEngineering sid=u:r:hal_fingerprint_capacitance:s0 pid=895 scontext=u:r:hal_fingerprint_capacitance:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 Bug: 240633068 Test: make selinux_policy -j128 Change-Id: Ifd13d8c73c97cef9a85555a7d09de4424548ca73
2022-07-29Update SELinux errorAdam Shih
Test: SELinuxUncheckedDenialBootTest Bug: 240632970 Bug: 240632821 Bug: 240632822 Bug: 240632721 Bug: 240633068 Bug: 240632860 Change-Id: I9b38d4edca95f2721d94c2d7bc1af046cd8382b9
2022-07-25Add rules to allow Sensor HAL write access to als_tableluofrank
Sensor HAL needs write access to /sys/class/backlight/panel1-backlight/als_table. Bug: 238847421 Test: Refer to b/238847421#comment5. Change-Id: I21845b7772b3806f8796dab7e23b91fe3ae6c881
2022-07-22Merge "add sepolicy for both vibrator path" into tm-qpr-devTreeHugger Robot
2022-07-21Merge "Add service context for IDisplay/secondary" into tm-qpr-devTreeHugger Robot
2022-07-21add sepolicy for both vibrator pathChase Wu
Change the both driver path's sysfs to sysfs_vibrator Bug: 181615889 Test: adb shell ls -lZ /sys/bus/i2c/devices/i2c-cs40l26a/default/ Test: adb shell ls -lZ /sys/bus/i2c/devices/i2c-cs40l26a-dual/default/ Signed-off-by: Chase Wu <chasewu@google.com> Change-Id: I839d4b9406d140a326730873cb8cb86d13188fe2
2022-07-18Update SELinux errorAdam Shih
Bug: 234547283 Change-Id: Ie74f138fdb08167ec4e3ebf2461bc430e6ca3664
2022-07-15setup felix tracking folderAdam Shih
Bug: 234547283 Test: build pass Change-Id: Ibe8461efae81360fdf18c1908ef9e6b1d080a482
2022-07-06Merge "Add sepolicy for Blutooth" into tm-qpr-devTreeHugger Robot
2022-07-04fingerprint: Add new lable for capacitance fingerprinteddielan
u:object_r:hal_fingerprint_capacitance_exec:s0 android.hardware.biometrics.fingerprint-service.fpc42 Cherry-pick from ag/19085661 Bug: 235424180 Test: make selinux_policy -j128 Test: Check binary sepolicy on device Change-Id: I8859965df77356b4691292ab66dbbb8c0b9db3b3
2022-06-28Add sepolicy for BlutoothTed Wang
Bug: 236681575 Test: Manually Change-Id: I7bb8af445718703032ba1b22858654b6a5972063
2022-06-14Add service context for IDisplay/secondarylinpeter
Bug: 210380703 test: check avc Change-Id: I32a62b5cbbd0168d3a90245af04a204e74d063b2
2022-06-09Add file context for decon1 and dsim1linpeter
Bug: 232886745 test: check sysfs context Change-Id: Icb85a54fd4d5b949fde698ca7afeb97a0bd43408
2022-04-29Add sepolicy for P9222 WLC power_supplyWasb Liu
avc: denied { getattr } for comm="android.hardwar" path="/sys/devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/capacity" dev="sysfs" ino=72303 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 229820966 Test: build ok, wireless power_supply can be detected by healthd Signed-off-by: Wasb Liu <wasbliu@google.com> Change-Id: I3078a11d6398be626d2c419ebee7d9e33babe441
2022-04-15Add sepolicy for specific camera componentsJimiChen
Bug: 228822580 Bug: 228823145 Test: build okay Change-Id: I9530292acb28414d13374128d9f453bdb602503f
2022-04-08Add F10 specific camera component sepolicy settingshorngchuang
Bug: 227709256 Test: build okay Change-Id: If1d2a22a0d3efd5b87a44f137ad115091e5653ac
2021-12-21Include core policy OWNERSJoel Galenson
Test: None Change-Id: I79aa7e4f49da1d0c64ccf808f5fddac6bead73d0
2021-12-06Initial device felix sepolicyCyan_Hsieh
Bug: 206057564 Change-Id: Ie0a08bf9c7a6cdaf634efce69401bcaa9e6a5d1b
2021-11-22Initial empty repositoryRoman Yepishev
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 16:28:06 +0000