From 4f83b8787938d75358912ec3cf49df5f58f92c16 Mon Sep 17 00:00:00 2001 From: horngchuang Date: Fri, 8 Apr 2022 16:35:19 +0800 Subject: Add F10 specific camera component sepolicy settings Bug: 227709256 Test: build okay Change-Id: If1d2a22a0d3efd5b87a44f137ad115091e5653ac --- vendor/file_contexts | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 vendor/file_contexts diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..e1897f3 --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,6 @@ +# Devices +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-sensor-medusa u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 -- cgit v1.2.3 From d4c74fffeb0b1141f45b35f5d8479d5c432ff483 Mon Sep 17 00:00:00 2001 From: JimiChen Date: Fri, 15 Apr 2022 15:41:43 +0800 Subject: Add sepolicy for specific camera components Bug: 228822580 Bug: 228823145 Test: build okay Change-Id: I9530292acb28414d13374128d9f453bdb602503f --- vendor/file_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index e1897f3..42d1b20 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,6 +1,8 @@ # Devices /dev/lwis-act-nessie u:object_r:lwis_device:s0 /dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-medusa u:object_r:lwis_device:s0 /dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-medusa u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 -- cgit v1.2.3 From 1b1d98425f09c4f12b473e2db5713d73297792b1 Mon Sep 17 00:00:00 2001 From: Wasb Liu Date: Fri, 29 Apr 2022 16:35:39 +0800 Subject: Add sepolicy for P9222 WLC power_supply avc: denied { getattr } for comm="android.hardwar" path="/sys/devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/capacity" dev="sysfs" ino=72303 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 229820966 Test: build ok, wireless power_supply can be detected by healthd Signed-off-by: Wasb Liu Change-Id: I3078a11d6398be626d2c419ebee7d9e33babe441 --- vendor/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 vendor/genfs_contexts diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts new file mode 100644 index 0000000..45238c9 --- /dev/null +++ b/vendor/genfs_contexts @@ -0,0 +1,3 @@ +# BMS +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 -- cgit v1.2.3 From bc7b3c639c58767c2285894c28d45f77a05acbf0 Mon Sep 17 00:00:00 2001 From: linpeter Date: Thu, 9 Jun 2022 15:47:41 +0800 Subject: Add file context for decon1 and dsim1 Bug: 232886745 test: check sysfs context Change-Id: Icb85a54fd4d5b949fde698ca7afeb97a0bd43408 --- vendor/genfs_contexts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 45238c9..14cd3e0 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,3 +1,13 @@ # BMS genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 + +# Display +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/osc2_clk_khz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c241000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -- cgit v1.2.3 From 96d7d967fea6215d7cb7455ac3da5421615c2159 Mon Sep 17 00:00:00 2001 From: linpeter Date: Tue, 14 Jun 2022 21:58:44 +0800 Subject: Add service context for IDisplay/secondary Bug: 210380703 test: check avc Change-Id: I32a62b5cbbd0168d3a90245af04a204e74d063b2 --- vendor/service_contexts | 1 + 1 file changed, 1 insertion(+) create mode 100644 vendor/service_contexts diff --git a/vendor/service_contexts b/vendor/service_contexts new file mode 100644 index 0000000..3a83109 --- /dev/null +++ b/vendor/service_contexts @@ -0,0 +1 @@ +com.google.hardware.pixel.display.IDisplay/secondary u:object_r:hal_pixel_display_service:s0 -- cgit v1.2.3 From 9d19bb92a9cc55aeec8d4cf4ac67e7f304be7a7b Mon Sep 17 00:00:00 2001 From: Ted Wang Date: Tue, 28 Jun 2022 15:19:42 +0800 Subject: Add sepolicy for Blutooth Bug: 236681575 Test: Manually Change-Id: I7bb8af445718703032ba1b22858654b6a5972063 --- vendor/file_contexts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 42d1b20..0117b05 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -6,3 +6,8 @@ /dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-medusa u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 + +# Bluetooth +/dev/ttySAC18 u:object_r:hci_attach_dev:s0 +/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 -- cgit v1.2.3 From c16dc8d22646b4446fa91570ea60c68b773c413c Mon Sep 17 00:00:00 2001 From: eddielan Date: Mon, 4 Jul 2022 14:15:21 +0800 Subject: fingerprint: Add new lable for capacitance fingerprint u:object_r:hal_fingerprint_capacitance_exec:s0 android.hardware.biometrics.fingerprint-service.fpc42 Cherry-pick from ag/19085661 Bug: 235424180 Test: make selinux_policy -j128 Test: Check binary sepolicy on device Change-Id: I8859965df77356b4691292ab66dbbb8c0b9db3b3 --- felix-sepolicy.mk | 3 +++ fingerprint_capacitance/file.te | 1 + fingerprint_capacitance/file_contexts | 1 + fingerprint_capacitance/genfs_contexts | 1 + .../hal_fingerprint_capacitance.te | 24 ++++++++++++++++++++++ 5 files changed, 30 insertions(+) create mode 100644 fingerprint_capacitance/file.te create mode 100644 fingerprint_capacitance/file_contexts create mode 100644 fingerprint_capacitance/genfs_contexts create mode 100644 fingerprint_capacitance/hal_fingerprint_capacitance.te diff --git a/felix-sepolicy.mk b/felix-sepolicy.mk index bebb8db..c2d5ed2 100644 --- a/felix-sepolicy.mk +++ b/felix-sepolicy.mk @@ -1,2 +1,5 @@ # sepolicy that are shared among devices using whitechapel BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/vendor + +# Fingerprint +BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/fingerprint_capacitance diff --git a/fingerprint_capacitance/file.te b/fingerprint_capacitance/file.te new file mode 100644 index 0000000..0218b46 --- /dev/null +++ b/fingerprint_capacitance/file.te @@ -0,0 +1 @@ +type sysfs_fingerprint, sysfs_type, fs_type; diff --git a/fingerprint_capacitance/file_contexts b/fingerprint_capacitance/file_contexts new file mode 100644 index 0000000..aa6d801 --- /dev/null +++ b/fingerprint_capacitance/file_contexts @@ -0,0 +1 @@ +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.fpc42 u:object_r:hal_fingerprint_capacitance_exec:s0 diff --git a/fingerprint_capacitance/genfs_contexts b/fingerprint_capacitance/genfs_contexts new file mode 100644 index 0000000..9fe2a86 --- /dev/null +++ b/fingerprint_capacitance/genfs_contexts @@ -0,0 +1 @@ +genfscon sysfs /devices/platform/odm/odm:fp_fpc1020 u:object_r:sysfs_fingerprint:s0 diff --git a/fingerprint_capacitance/hal_fingerprint_capacitance.te b/fingerprint_capacitance/hal_fingerprint_capacitance.te new file mode 100644 index 0000000..23b31e4 --- /dev/null +++ b/fingerprint_capacitance/hal_fingerprint_capacitance.te @@ -0,0 +1,24 @@ +# hal_fingerprint_capacitance definition +type hal_fingerprint_capacitance, domain; +hal_server_domain(hal_fingerprint_capacitance, hal_fingerprint) + +type hal_fingerprint_capacitance_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_fingerprint_capacitance) + +set_prop(hal_fingerprint_capacitance, vendor_fingerprint_prop) + +# allow fingerprint to access file +allow hal_fingerprint_capacitance fingerprint_device:chr_file rw_file_perms; +allow hal_fingerprint_capacitance tee_device:chr_file rw_file_perms; +allow hal_fingerprint_capacitance sysfs_fingerprint:dir r_dir_perms; +allow hal_fingerprint_capacitance sysfs_fingerprint:file rw_file_perms; + +# allow fingerprint to access power hal +hal_client_domain(hal_fingerprint_capacitance, hal_power); + +# allow fingerprint to find fwk service +allow hal_fingerprint_capacitance fwk_stats_service:service_manager find; + +# allow fingerprint to access input_device +allow hal_fingerprint_capacitance input_device:dir r_dir_perms; +allow hal_fingerprint_capacitance input_device:chr_file rw_file_perms; -- cgit v1.2.3 From 0ee97b98fea24f4b594cbbb9e7a1f941500d9698 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 15 Jul 2022 10:24:02 +0800 Subject: setup felix tracking folder Bug: 234547283 Test: build pass Change-Id: Ibe8461efae81360fdf18c1908ef9e6b1d080a482 --- felix-sepolicy.mk | 1 + tracking_denials/README.txt | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 tracking_denials/README.txt diff --git a/felix-sepolicy.mk b/felix-sepolicy.mk index c2d5ed2..9e88a7d 100644 --- a/felix-sepolicy.mk +++ b/felix-sepolicy.mk @@ -1,5 +1,6 @@ # sepolicy that are shared among devices using whitechapel BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/vendor +BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/tracking_denials # Fingerprint BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/fingerprint_capacitance diff --git a/tracking_denials/README.txt b/tracking_denials/README.txt new file mode 100644 index 0000000..6cfc62d --- /dev/null +++ b/tracking_denials/README.txt @@ -0,0 +1,2 @@ +This folder stores known errors detected by PTS. Be sure to remove relevant +files to reproduce error log on latest ROMs. -- cgit v1.2.3 From eece5dd7a0e9b12d54fae03272710c46d99a6e17 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 18 Jul 2022 10:55:27 +0800 Subject: Update SELinux error Bug: 234547283 Change-Id: Ie74f138fdb08167ec4e3ebf2461bc430e6ca3664 --- tracking_denials/bug_map | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tracking_denials/bug_map diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 0000000..e69de29 -- cgit v1.2.3 From eb0d700258af415603ace2da5f737a6dc4b14ddd Mon Sep 17 00:00:00 2001 From: Chase Wu Date: Thu, 21 Jul 2022 16:08:29 +0800 Subject: add sepolicy for both vibrator path Change the both driver path's sysfs to sysfs_vibrator Bug: 181615889 Test: adb shell ls -lZ /sys/bus/i2c/devices/i2c-cs40l26a/default/ Test: adb shell ls -lZ /sys/bus/i2c/devices/i2c-cs40l26a-dual/default/ Signed-off-by: Chase Wu Change-Id: I839d4b9406d140a326730873cb8cb86d13188fe2 --- vendor/genfs_contexts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 14cd3e0..d0529ea 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -11,3 +11,7 @@ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_need_ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/osc2_clk_khz u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c241000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 + +# Haptics +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 -- cgit v1.2.3 From f6c212c9211a6210edd97af7070d1034d120bba5 Mon Sep 17 00:00:00 2001 From: luofrank Date: Thu, 21 Jul 2022 18:54:03 +0800 Subject: Add rules to allow Sensor HAL write access to als_table Sensor HAL needs write access to /sys/class/backlight/panel1-backlight/als_table. Bug: 238847421 Test: Refer to b/238847421#comment5. Change-Id: I21845b7772b3806f8796dab7e23b91fe3ae6c881 --- vendor/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index d0529ea..b2fd362 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -12,6 +12,8 @@ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/osc2_clk_kh genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c241000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight/panel1-backlight/als_table u:object_r:sysfs_write_leds:s0 + # Haptics genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 -- cgit v1.2.3 From 44f363e1476e8aa031f57f98826be3dd7a7cafea Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Fri, 29 Jul 2022 10:17:52 +0800 Subject: Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 240632970 Bug: 240632821 Bug: 240632822 Bug: 240632721 Bug: 240633068 Bug: 240632860 Change-Id: I9b38d4edca95f2721d94c2d7bc1af046cd8382b9 --- tracking_denials/bug_map | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e69de29..b57b65d 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -0,0 +1,10 @@ +hal_dumpstate_default device chr_file b/240632721 +hal_dumpstate_default proc file b/240632721 +hal_dumpstate_default sysfs file b/240632721 +hal_fingerprint_capacitance default_android_hwservice hwservice_manager b/240633068 +hal_health_default sysfs file b/240632860 +hal_power_stats_default sysfs file b/240632970 +servicemanager hal_fingerprint_capacitance binder b/240632821 +system_suspend sysfs dir b/240632822 +system_suspend sysfs_batteryinfo dir b/240632822 +system_suspend sysfs_wlc dir b/240632822 -- cgit v1.2.3 From 99914783af0787b265e058b1611567b94d496da9 Mon Sep 17 00:00:00 2001 From: eddielan Date: Fri, 29 Jul 2022 12:01:21 +0800 Subject: Fix FPS hwservice sepolicy issue avc: denied { find } for interface=com.fingerprints42.extension::IFingerprintEngineering sid=u:r:hal_fingerprint_capacitance:s0 pid=895 scontext=u:r:hal_fingerprint_capacitance:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 Bug: 240633068 Test: make selinux_policy -j128 Change-Id: Ifd13d8c73c97cef9a85555a7d09de4424548ca73 --- fingerprint_capacitance/hal_fingerprint_capacitance.te | 4 ++++ fingerprint_capacitance/hwservice.te | 1 + fingerprint_capacitance/hwservice_contexts | 2 ++ 3 files changed, 7 insertions(+) create mode 100644 fingerprint_capacitance/hwservice.te create mode 100644 fingerprint_capacitance/hwservice_contexts diff --git a/fingerprint_capacitance/hal_fingerprint_capacitance.te b/fingerprint_capacitance/hal_fingerprint_capacitance.te index 23b31e4..8cc623f 100644 --- a/fingerprint_capacitance/hal_fingerprint_capacitance.te +++ b/fingerprint_capacitance/hal_fingerprint_capacitance.te @@ -22,3 +22,7 @@ allow hal_fingerprint_capacitance fwk_stats_service:service_manager find; # allow fingerprint to access input_device allow hal_fingerprint_capacitance input_device:dir r_dir_perms; allow hal_fingerprint_capacitance input_device:chr_file rw_file_perms; + +# allow fingerprint to access hwservice +hwbinder_use(hal_fingerprint_capacitance) +add_hwservice(hal_fingerprint_capacitance, hal_fingerprint_capacitance_ext_hwservice) diff --git a/fingerprint_capacitance/hwservice.te b/fingerprint_capacitance/hwservice.te new file mode 100644 index 0000000..68c51ab --- /dev/null +++ b/fingerprint_capacitance/hwservice.te @@ -0,0 +1 @@ +type hal_fingerprint_capacitance_ext_hwservice, hwservice_manager_type; diff --git a/fingerprint_capacitance/hwservice_contexts b/fingerprint_capacitance/hwservice_contexts new file mode 100644 index 0000000..ed09300 --- /dev/null +++ b/fingerprint_capacitance/hwservice_contexts @@ -0,0 +1,2 @@ +com.fingerprints42.extension::IFingerprintEngineering u:object_r:hal_fingerprint_capacitance_ext_hwservice:s0 +com.fingerprints42.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_capacitance_ext_hwservice:s0 -- cgit v1.2.3 From 342edcb7de37428614b7e2db2839f88424e73e7c Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 2 Aug 2022 10:22:27 +0800 Subject: Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 241034024 Change-Id: I712b025aef59d838773ff55b62b8fb5ecbcbb35b --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index b57b65d..5115738 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,4 @@ +convert-to-ext4-sh convert-to-ext4-sh capability b/241034024 hal_dumpstate_default device chr_file b/240632721 hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 -- cgit v1.2.3 From fd1cdb48b7ce3f7eeaa7874a68eb48ddb045a066 Mon Sep 17 00:00:00 2001 From: Ted Lin Date: Tue, 2 Aug 2022 15:31:17 +0800 Subject: Sepolicy: fix the avc 07-29 08:18:53.464 876 876 I auditd : type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=78463 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 240632860 Test: reboot device and check the avc Signed-off-by: Ted Lin Change-Id: Ibb1f93c2003e9229c1fd2b3bd14ee022fa6539cc --- vendor/genfs_contexts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index b2fd362..e69743c 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,6 +1,11 @@ # BMS genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +# maxfg_base +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +# maxfg_flip +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 + # Display genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 -- cgit v1.2.3 From b1ce1cbeece2567f90606570ad16f4651ac94484 Mon Sep 17 00:00:00 2001 From: Ted Lin Date: Wed, 3 Aug 2022 17:22:07 +0800 Subject: Remove bug mapping in the tracking denials Bug: 240632860 Test: Check the bugreport Signed-off-by: Ted Lin Change-Id: I35c69c1289337cd40ab3511512045b986bad9388 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 5115738..27a67a4 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -3,7 +3,6 @@ hal_dumpstate_default device chr_file b/240632721 hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 hal_fingerprint_capacitance default_android_hwservice hwservice_manager b/240633068 -hal_health_default sysfs file b/240632860 hal_power_stats_default sysfs file b/240632970 servicemanager hal_fingerprint_capacitance binder b/240632821 system_suspend sysfs dir b/240632822 -- cgit v1.2.3 From baebf44224899490ee0817d49f26d5a065b7ee9d Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 9 Aug 2022 06:15:39 +0000 Subject: Revert "Update SELinux error" This reverts commit 342edcb7de37428614b7e2db2839f88424e73e7c. Reason for revert: ag/19563471 has fixed the problem Change-Id: Iad76a9ca182e1cf3363dc58aed943ef4ae13be59 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 5115738..b57b65d 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,3 @@ -convert-to-ext4-sh convert-to-ext4-sh capability b/241034024 hal_dumpstate_default device chr_file b/240632721 hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 -- cgit v1.2.3 From 2dcb7cc94f006eddcc312314056a3c39a1119bfc Mon Sep 17 00:00:00 2001 From: Wasb Liu Date: Tue, 23 Aug 2022 16:32:47 +0800 Subject: Add sepolicy for dual_batt_gauge power supply 08-23 02:45:54.456 860 860 I auditd : type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=100372 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 243491187 Test: reboot device and check the avc Signed-off-by: Wasb Liu Change-Id: I7600c816e743fc91afaf66db00ba332229b21e28 --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e69743c..592f20a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,6 +1,7 @@ # BMS genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply u:object_r:sysfs_batteryinfo:s0 # maxfg_base genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 # maxfg_flip -- cgit v1.2.3 From 454e019beed82da1dcf5da2a986a9e2f685a498a Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Thu, 25 Aug 2022 10:52:53 +0800 Subject: Update error on ROM 8979803 Bug: 240632860 Test: SELinuxUncheckedDenialBootTest Change-Id: Ie192b157e89f86fe36b99202e6ab8677a55c7cee --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 6bec564..d5fe9da 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -7,3 +7,4 @@ servicemanager hal_fingerprint_capacitance binder b/240632821 system_suspend sysfs dir b/240632822 system_suspend sysfs_batteryinfo dir b/240632822 system_suspend sysfs_wlc dir b/240632822 +hal_health_default sysfs file b/240632860 -- cgit v1.2.3 From 5126a011d049af5ec3838ccaaa9eb6dd1b8f3b8d Mon Sep 17 00:00:00 2001 From: Ted Lin Date: Wed, 7 Sep 2022 16:50:57 +0800 Subject: Remove bug mapping in the tracking denials Bug: 240632860 Test: Check the bugreport Signed-off-by: Ted Lin Change-Id: Ic4c68fe39b3e7e82cf9edcb6b594b598f5ba9499 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d5fe9da..6bec564 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -7,4 +7,3 @@ servicemanager hal_fingerprint_capacitance binder b/240632821 system_suspend sysfs dir b/240632822 system_suspend sysfs_batteryinfo dir b/240632822 system_suspend sysfs_wlc dir b/240632822 -hal_health_default sysfs file b/240632860 -- cgit v1.2.3 From 2fef9efcc440e4ca7fa48f43b37c28594e6bc667 Mon Sep 17 00:00:00 2001 From: eddielan Date: Mon, 17 Oct 2022 15:09:24 +0800 Subject: Remove fingerprint tracking bug Patch was merged on ag/19457937 Bug: 240633068 Test: make selinux_policy -j128 Change-Id: Ic25e266701993fadc51b12c25c9a170c38e29785 --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 6bec564..78c77d6 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,7 +1,6 @@ hal_dumpstate_default device chr_file b/240632721 hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 -hal_fingerprint_capacitance default_android_hwservice hwservice_manager b/240633068 hal_power_stats_default sysfs file b/240632970 servicemanager hal_fingerprint_capacitance binder b/240632821 system_suspend sysfs dir b/240632822 -- cgit v1.2.3 From 99f9cd6a452cdeea50d077d4a02949ba7f8e885e Mon Sep 17 00:00:00 2001 From: Darren Hsu Date: Tue, 18 Oct 2022 10:22:44 +0800 Subject: sepolicy: add sysfs_wakeup labels for System Suspend Bug: 253980198 Test: run vts -m SuspendSepolicyTests Change-Id: Ie58c35b37ad0a904d0292d2be9092f82b02d514b Signed-off-by: Darren Hsu --- vendor/genfs_contexts | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 592f20a..d6ca0f2 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -23,3 +23,15 @@ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight/p # Haptics genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 + +# Power System Suspend +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0 -- cgit v1.2.3 From ef12403d4461db17bcae132558c2b80618e7d7cb Mon Sep 17 00:00:00 2001 From: eddielan Date: Tue, 25 Oct 2022 18:04:51 +0800 Subject: Fix FPS servicemanager sepolicy issue 10-25 03:25:07.740 429 429 I auditd : type=1400 audit(0.0:4): avc: denied { call } for comm="servicemanager" scontext=u:r:servicemanager:s0 tcontext=u:r:hal_fingerprint_capacitance:s0 tclass=binder permissive=0 Bug: 253533883 Test: make selinux_policy -j128 && check log on device Change-Id: Ic3007d53398eb9770466c24b3aa49c1325bdbb47 --- fingerprint_capacitance/servicemanager.te | 1 + 1 file changed, 1 insertion(+) create mode 100644 fingerprint_capacitance/servicemanager.te diff --git a/fingerprint_capacitance/servicemanager.te b/fingerprint_capacitance/servicemanager.te new file mode 100644 index 0000000..6e1afe9 --- /dev/null +++ b/fingerprint_capacitance/servicemanager.te @@ -0,0 +1 @@ +binder_call(servicemanager, hal_fingerprint_capacitance) -- cgit v1.2.3 From 577965ec5fa9f8e7841b6ece6ad42822ae9ff09d Mon Sep 17 00:00:00 2001 From: Darren Hsu Date: Wed, 26 Oct 2022 17:13:35 +0800 Subject: sepolicy: remove tracking bugs for PowerStatsHAL and SystemSuspend b/240632970 is not reproducible on TD3A.221020.001. b/240632822 has been fixed by ag/20209545. Bug: 240632970 Bug: 240632822 Test: Capture bugreport and check no avc denails Change-Id: I9a2290e2857415c3edecd98b88af6382a42530ff Signed-off-by: Darren Hsu --- tracking_denials/bug_map | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 78c77d6..07153c4 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,8 +1,4 @@ hal_dumpstate_default device chr_file b/240632721 hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 -hal_power_stats_default sysfs file b/240632970 servicemanager hal_fingerprint_capacitance binder b/240632821 -system_suspend sysfs dir b/240632822 -system_suspend sysfs_batteryinfo dir b/240632822 -system_suspend sysfs_wlc dir b/240632822 -- cgit v1.2.3 From b1d4e8ab2f5e985656b9f58801776b200ae00d8f Mon Sep 17 00:00:00 2001 From: Mason Wang Date: Fri, 28 Oct 2022 11:16:37 +0800 Subject: Allow dumpstate to access touch vendor nodes Fix following avc denial log: avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { read } for name="driver_test" dev="proc" ino=4026535565 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 bug=b/240632721 avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721 Bug: 226475119 Bug: 254164096 Test: There are no above avc denial logs. Change-Id: Ie01104ebfb94154584d9d466cb295095eb634f48 --- vendor/genfs_contexts | 6 ++++++ vendor/hal_dumpstate_default.te | 5 +++++ 2 files changed, 11 insertions(+) create mode 100644 vendor/hal_dumpstate_default.te diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index d6ca0f2..0658e31 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -35,3 +35,9 @@ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0 + +#Touch +genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0 u:object_r:sysfs_touch:s0 +genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0 +genfscon proc /fts/driver_test u:object_r:proc_touch:s0 +genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0 diff --git a/vendor/hal_dumpstate_default.te b/vendor/hal_dumpstate_default.te new file mode 100644 index 0000000..6675163 --- /dev/null +++ b/vendor/hal_dumpstate_default.te @@ -0,0 +1,5 @@ +allow hal_dumpstate_default sysfs_touch:dir r_dir_perms; +allow hal_dumpstate_default sysfs_touch:file rw_file_perms; + +allow hal_dumpstate_default proc_touch:dir r_dir_perms; +allow hal_dumpstate_default proc_touch:file rw_file_perms; -- cgit v1.2.3 From 6c42229dccf43ae99770fbc9ddcc1a1364ba79de Mon Sep 17 00:00:00 2001 From: Chase Wu Date: Tue, 1 Nov 2022 15:37:52 +0800 Subject: add sepolicy for vibrator manager service Bug: 181615889 Test: Run all test suites Signed-off-by: chasewu Change-Id: Ie9e3c86b01afb26557ae69ead813dd123b4df91b --- vendor/device.te | 1 + vendor/file_contexts | 5 +++++ vendor/hal_vibrator_default.te | 5 +++++ vendor/hal_vibrator_stereo_default.te | 21 +++++++++++++++++++++ vendor/vndservice.te | 1 + vendor/vndservice_contexts | 2 ++ 6 files changed, 35 insertions(+) create mode 100644 vendor/device.te create mode 100644 vendor/hal_vibrator_default.te create mode 100644 vendor/hal_vibrator_stereo_default.te create mode 100644 vendor/vndservice.te create mode 100644 vendor/vndservice_contexts diff --git a/vendor/device.te b/vendor/device.te new file mode 100644 index 0000000..1a969b6 --- /dev/null +++ b/vendor/device.te @@ -0,0 +1 @@ +type vibrator_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 0117b05..91d227e 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -11,3 +11,8 @@ /dev/ttySAC18 u:object_r:hci_attach_dev:s0 /dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 /dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 + +# Haptics +/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private u:object_r:hal_vibrator_default_exec:s0 +/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-stereo-private u:object_r:hal_vibrator_stereo_exec:s0 +/dev/gpiochip44 u:object_r:vibrator_device:s0 diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te new file mode 100644 index 0000000..3b14315 --- /dev/null +++ b/vendor/hal_vibrator_default.te @@ -0,0 +1,5 @@ +# Allow vibrator HAL to communicate with another service +binder_call(hal_vibrator_default, hal_vibrator_stereo); + +# Allow vibrator HAL to "add" the hal_vibrator_vndservice service type +add_service(hal_vibrator_default, hal_vibrator_vndservice); diff --git a/vendor/hal_vibrator_stereo_default.te b/vendor/hal_vibrator_stereo_default.te new file mode 100644 index 0000000..9cb2793 --- /dev/null +++ b/vendor/hal_vibrator_stereo_default.te @@ -0,0 +1,21 @@ +# From system sepilicy +type hal_vibrator_stereo, domain; +hal_server_domain(hal_vibrator_stereo, hal_vibrator) + +type hal_vibrator_stereo_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_vibrator_stereo) + +# From project +get_prop(hal_vibrator_stereo, vendor_vibrator_prop); +get_prop(hal_vibrator_stereo, boot_status_prop); + +# Allow vibrator HAL's default implementation to use vendor-binder service +vndbinder_use(hal_vibrator_stereo); + +# For gpio dev node +allow hal_vibrator_stereo vibrator_device:chr_file rw_file_perms; + +# For vibrator HAL's communication with other service +binder_call(hal_vibrator_stereo, hal_vibrator_default); + +allow hal_vibrator_stereo hal_vibrator_vndservice:service_manager find; diff --git a/vendor/vndservice.te b/vendor/vndservice.te new file mode 100644 index 0000000..5df985b --- /dev/null +++ b/vendor/vndservice.te @@ -0,0 +1 @@ +type hal_vibrator_vndservice, vndservice_manager_type; diff --git a/vendor/vndservice_contexts b/vendor/vndservice_contexts new file mode 100644 index 0000000..2b6b4aa --- /dev/null +++ b/vendor/vndservice_contexts @@ -0,0 +1,2 @@ +android.hardware.vibrator.IVibratorSync/default u:object_r:hal_vibrator_vndservice:s0 +android.hardware.vibrator.IVibratorSync/dual u:object_r:hal_vibrator_vndservice:s0 -- cgit v1.2.3 From f544a5a6517145222b33a40acfb62dd1a4ff86c4 Mon Sep 17 00:00:00 2001 From: eddielan Date: Fri, 11 Nov 2022 20:10:20 +0800 Subject: sepolicy: Allow fingerprint to access fwk hwservice 11-11 19:57:30.203 464 464 E SELinux : avc: denied { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_fingerprint_capacitance:s0 pid=903 scontext=u:r:hal_fingerprint_capacitance:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=0 Bug: 258783592 Test: Build pass Change-Id: I58a31c04cbb45ab12b0bf42a10c57ddf4f065ee7 --- fingerprint_capacitance/hal_fingerprint_capacitance.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fingerprint_capacitance/hal_fingerprint_capacitance.te b/fingerprint_capacitance/hal_fingerprint_capacitance.te index 8cc623f..6100d44 100644 --- a/fingerprint_capacitance/hal_fingerprint_capacitance.te +++ b/fingerprint_capacitance/hal_fingerprint_capacitance.te @@ -26,3 +26,6 @@ allow hal_fingerprint_capacitance input_device:chr_file rw_file_perms; # allow fingerprint to access hwservice hwbinder_use(hal_fingerprint_capacitance) add_hwservice(hal_fingerprint_capacitance, hal_fingerprint_capacitance_ext_hwservice) + +# allow fingerprint to access fwk sensor hwservice +allow hal_fingerprint_capacitance fwk_sensor_hwservice:hwservice_manager find; -- cgit v1.2.3 From d6fe8df1316782098e21130826c2c8be9c2e349f Mon Sep 17 00:00:00 2001 From: Nicole Lee Date: Tue, 22 Nov 2022 03:46:26 +0000 Subject: Revert "Allow dumpstate to access touch vendor nodes" This reverts commit b1d4e8ab2f5e985656b9f58801776b200ae00d8f. Reason for revert: DroidMonitor: Potential culprit for Bug 260019672 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted. Change-Id: I8c3bf9982eb9c163e73e75624fd3265ddaa1de95 --- vendor/genfs_contexts | 6 ------ vendor/hal_dumpstate_default.te | 5 ----- 2 files changed, 11 deletions(-) delete mode 100644 vendor/hal_dumpstate_default.te diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 0658e31..d6ca0f2 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -35,9 +35,3 @@ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0 - -#Touch -genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0 u:object_r:sysfs_touch:s0 -genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0 -genfscon proc /fts/driver_test u:object_r:proc_touch:s0 -genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0 diff --git a/vendor/hal_dumpstate_default.te b/vendor/hal_dumpstate_default.te deleted file mode 100644 index 6675163..0000000 --- a/vendor/hal_dumpstate_default.te +++ /dev/null @@ -1,5 +0,0 @@ -allow hal_dumpstate_default sysfs_touch:dir r_dir_perms; -allow hal_dumpstate_default sysfs_touch:file rw_file_perms; - -allow hal_dumpstate_default proc_touch:dir r_dir_perms; -allow hal_dumpstate_default proc_touch:file rw_file_perms; -- cgit v1.2.3 From 3c82f575b9ab4c943af86f7bbcd576fcfcb216df Mon Sep 17 00:00:00 2001 From: Mason Wang Date: Tue, 22 Nov 2022 23:34:13 +0000 Subject: Allow dumpstate to access touch vendor nodes[DO NOT MERGE] Fix following avc denial log: avc: denied { read } for name="driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { write } for name="driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/proc/fts/driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/appid" dev="sysfs" ino=110523 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=110529 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { open } for path="/proc/fts_ext/driver_test" dev="proc" ino=4026535585 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721 avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721 Bug: 226475119 Bug: 254164096 Test: There are no above avc denial logs. Change-Id: I0a136a7e259640e3e13ea66c945251cf26878b33 --- vendor/genfs_contexts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index d6ca0f2..0658e31 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -35,3 +35,9 @@ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0 + +#Touch +genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0 u:object_r:sysfs_touch:s0 +genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0 +genfscon proc /fts/driver_test u:object_r:proc_touch:s0 +genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0 -- cgit v1.2.3 From c02424796dd2247a089b20f984eca3b52d7648a1 Mon Sep 17 00:00:00 2001 From: Chase Wu Date: Fri, 2 Dec 2022 01:07:16 +0800 Subject: Remove sepolicy for vibrator manager service Bug: 260090235 Test: check avc error Change-Id: I2cb9f9efe849ae6e7fb9b1b5aba2f92a3346af6d Signed-off-by: Chase Wu --- vendor/file_contexts | 1 - vendor/hal_vibrator_default.te | 8 +++----- vendor/hal_vibrator_stereo_default.te | 21 --------------------- vendor/vndservice.te | 1 - vendor/vndservice_contexts | 2 -- 5 files changed, 3 insertions(+), 30 deletions(-) delete mode 100644 vendor/hal_vibrator_stereo_default.te delete mode 100644 vendor/vndservice.te delete mode 100644 vendor/vndservice_contexts diff --git a/vendor/file_contexts b/vendor/file_contexts index 91d227e..edf1c97 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -14,5 +14,4 @@ # Haptics /vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private u:object_r:hal_vibrator_default_exec:s0 -/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-stereo-private u:object_r:hal_vibrator_stereo_exec:s0 /dev/gpiochip44 u:object_r:vibrator_device:s0 diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te index 3b14315..7858155 100644 --- a/vendor/hal_vibrator_default.te +++ b/vendor/hal_vibrator_default.te @@ -1,5 +1,3 @@ -# Allow vibrator HAL to communicate with another service -binder_call(hal_vibrator_default, hal_vibrator_stereo); - -# Allow vibrator HAL to "add" the hal_vibrator_vndservice service type -add_service(hal_vibrator_default, hal_vibrator_vndservice); +# For gpio dev node +vndbinder_use(hal_vibrator_default); +allow hal_vibrator_default vibrator_device:chr_file rw_file_perms; diff --git a/vendor/hal_vibrator_stereo_default.te b/vendor/hal_vibrator_stereo_default.te deleted file mode 100644 index 9cb2793..0000000 --- a/vendor/hal_vibrator_stereo_default.te +++ /dev/null @@ -1,21 +0,0 @@ -# From system sepilicy -type hal_vibrator_stereo, domain; -hal_server_domain(hal_vibrator_stereo, hal_vibrator) - -type hal_vibrator_stereo_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_vibrator_stereo) - -# From project -get_prop(hal_vibrator_stereo, vendor_vibrator_prop); -get_prop(hal_vibrator_stereo, boot_status_prop); - -# Allow vibrator HAL's default implementation to use vendor-binder service -vndbinder_use(hal_vibrator_stereo); - -# For gpio dev node -allow hal_vibrator_stereo vibrator_device:chr_file rw_file_perms; - -# For vibrator HAL's communication with other service -binder_call(hal_vibrator_stereo, hal_vibrator_default); - -allow hal_vibrator_stereo hal_vibrator_vndservice:service_manager find; diff --git a/vendor/vndservice.te b/vendor/vndservice.te deleted file mode 100644 index 5df985b..0000000 --- a/vendor/vndservice.te +++ /dev/null @@ -1 +0,0 @@ -type hal_vibrator_vndservice, vndservice_manager_type; diff --git a/vendor/vndservice_contexts b/vendor/vndservice_contexts deleted file mode 100644 index 2b6b4aa..0000000 --- a/vendor/vndservice_contexts +++ /dev/null @@ -1,2 +0,0 @@ -android.hardware.vibrator.IVibratorSync/default u:object_r:hal_vibrator_vndservice:s0 -android.hardware.vibrator.IVibratorSync/dual u:object_r:hal_vibrator_vndservice:s0 -- cgit v1.2.3 From 3a92d3d265d8e98de5718b2746c69fe4426d66d7 Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Wed, 14 Dec 2022 15:21:50 +0800 Subject: remove tracking denial of device chr_file Bug: 254164096 Change-Id: I300d092df3610f29f05ca65a89eba5459ca0063a Signed-off-by: Jenny Ho --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 07153c4..440df93 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,3 @@ -hal_dumpstate_default device chr_file b/240632721 hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 servicemanager hal_fingerprint_capacitance binder b/240632821 -- cgit v1.2.3 From 0e76ae19c19a46b05fad0c2fbc9f021007a10215 Mon Sep 17 00:00:00 2001 From: eddielan Date: Fri, 2 Dec 2022 20:31:22 +0800 Subject: fingerprint: allow fps to access sysfs_leds Bug: 261151317 Test: make selinux_policy -j112 Change-Id: If098515510ac48efb7d2ea23f4aeee87869e01e6 --- fingerprint_capacitance/hal_fingerprint_capacitance.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fingerprint_capacitance/hal_fingerprint_capacitance.te b/fingerprint_capacitance/hal_fingerprint_capacitance.te index 6100d44..8c78ee5 100644 --- a/fingerprint_capacitance/hal_fingerprint_capacitance.te +++ b/fingerprint_capacitance/hal_fingerprint_capacitance.te @@ -19,6 +19,10 @@ hal_client_domain(hal_fingerprint_capacitance, hal_power); # allow fingerprint to find fwk service allow hal_fingerprint_capacitance fwk_stats_service:service_manager find; +# allow fingerprint to access sysfs_leds +allow hal_fingerprint_capacitance sysfs_leds:dir search; +allow hal_fingerprint_capacitance sysfs_leds:file rw_file_perms; + # allow fingerprint to access input_device allow hal_fingerprint_capacitance input_device:dir r_dir_perms; allow hal_fingerprint_capacitance input_device:chr_file rw_file_perms; -- cgit v1.2.3 From 97c1d104cc24087aefbd480ae83058281dd5e9f2 Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Fri, 16 Dec 2022 05:47:50 +0000 Subject: WLC: Add device specific sepolicy for wireless_charger Bug: 237600973 Change-Id: I301c636cffb5520aa7bcf998d099c29ca19a2dd6 Signed-off-by: Ken Yang --- vendor/platform_app.te | 2 ++ vendor/system_app.te | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 vendor/platform_app.te create mode 100644 vendor/system_app.te diff --git a/vendor/platform_app.te b/vendor/platform_app.te new file mode 100644 index 0000000..6ac0514 --- /dev/null +++ b/vendor/platform_app.te @@ -0,0 +1,2 @@ +allow platform_app hal_wireless_charger_service:service_manager find; +binder_call(platform_app, hal_wireless_charger) diff --git a/vendor/system_app.te b/vendor/system_app.te new file mode 100644 index 0000000..ca56668 --- /dev/null +++ b/vendor/system_app.te @@ -0,0 +1,2 @@ +allow system_app hal_wireless_charger_service:service_manager find; +binder_call(system_app, hal_wireless_charger) -- cgit v1.2.3 From 49cdfcb3c7332a48feb143cb1f4b472d8dadbc85 Mon Sep 17 00:00:00 2001 From: Wasb Liu Date: Thu, 22 Dec 2022 16:41:47 +0800 Subject: sepolicy: add necessary sepolicy for dual battery 12-22 16:24:51.964 1000 865 865 I auditd : type=1400 audit(0.0:10): avc: denied { read } for comm="android.hardwar" name="logbuffer_maxfg_secondary" dev="tmpfs" ino=799 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 12-22 16:24:51.968 1000 865 865 I auditd : type=1400 audit(0.0:11): avc: denied { read } for comm="android.hardwar" name="logbuffer_maxfg_secondary_monitor" dev="tmpfs" ino=630 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 12-22 16:24:51.968 1000 865 865 I auditd : type=1400 audit(0.0:12): avc: denied { read } for comm="android.hardwar" name="logbuffer_dual_batt" dev="tmpfs" ino=1040 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 12-22 16:23:17.056 1000 522 522 I auditd : type=1400 audit(0.0:4): avc: denied { read } for comm="binder:522_1" name="wakeup65" dev="sysfs" ino=79686 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 Bug: 263496320 Test: no dual batt related denied Change-Id: I021cd15d771524828a942fe1e4c63e3a24418ae8 Signed-off-by: Wasb Liu --- vendor/file_contexts | 5 +++++ vendor/genfs_contexts | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index edf1c97..05e853f 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -15,3 +15,8 @@ # Haptics /vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private u:object_r:hal_vibrator_default_exec:s0 /dev/gpiochip44 u:object_r:vibrator_device:s0 + +# Logbuffer +/dev/logbuffer_dual_batt u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_secondary u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_secondary_monitor u:object_r:logbuffer_device:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 0658e31..38213ea 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -4,7 +4,7 @@ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply u:object_r:sysfs_batteryinfo:s0 # maxfg_base genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -# maxfg_flip +# maxfg_secondary genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 @@ -32,6 +32,7 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/wake genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0 -- cgit v1.2.3 From b6e7c3d0c78d64a1d964beaf8a07b2f407b4b51e Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Thu, 5 Jan 2023 09:46:16 +0000 Subject: WLC: Cleanup the sysfs_wlc policies Bug: 263830018 Change-Id: I534eda445241e3a907b11004cafb737f6ec63586 Signed-off-by: Ken Yang --- vendor/genfs_contexts | 18 ++++++++++++++++++ vendor/platform_app.te | 2 -- vendor/system_app.te | 2 -- 3 files changed, 18 insertions(+), 4 deletions(-) delete mode 100644 vendor/platform_app.te delete mode 100644 vendor/system_app.te diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index cc4462f..473fc71 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,6 +1,24 @@ + # BMS +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 + genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply u:object_r:sysfs_batteryinfo:s0 # maxfg_base genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 diff --git a/vendor/platform_app.te b/vendor/platform_app.te deleted file mode 100644 index 6ac0514..0000000 --- a/vendor/platform_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow platform_app hal_wireless_charger_service:service_manager find; -binder_call(platform_app, hal_wireless_charger) diff --git a/vendor/system_app.te b/vendor/system_app.te deleted file mode 100644 index ca56668..0000000 --- a/vendor/system_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow system_app hal_wireless_charger_service:service_manager find; -binder_call(system_app, hal_wireless_charger) -- cgit v1.2.3 From e71f3a87394c9d8488cb3840e1ff41daf8ee7288 Mon Sep 17 00:00:00 2001 From: Joshua McCloskey Date: Thu, 5 Jan 2023 04:31:25 +0000 Subject: Allow SystemUI to access fp hal. Bug: 261209932 Test: Verified SystemUI can access HAL extension. Change-Id: Iefeca78703af30246420a55133c00769b84789f9 --- fingerprint_capacitance/system_app.te | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 fingerprint_capacitance/system_app.te diff --git a/fingerprint_capacitance/system_app.te b/fingerprint_capacitance/system_app.te new file mode 100644 index 0000000..f583431 --- /dev/null +++ b/fingerprint_capacitance/system_app.te @@ -0,0 +1,3 @@ +# TODO (b/264266705) Remove this and make it specific to the app +# allow SystemUIGoogle to access fingerprint hal +hal_client_domain(system_app, hal_fingerprint) -- cgit v1.2.3 From 663979a7726de5f51722e187649783dbb592a73c Mon Sep 17 00:00:00 2001 From: Joshua McCloskey Date: Thu, 5 Jan 2023 04:31:25 +0000 Subject: Allow SystemUI to access fp hal. Bug: 261209932 Test: Verified SystemUI can access HAL extension. Change-Id: Iefeca78703af30246420a55133c00769b84789f9 Merged-In: Iefeca78703af30246420a55133c00769b84789f9 --- fingerprint_capacitance/system_app.te | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 fingerprint_capacitance/system_app.te diff --git a/fingerprint_capacitance/system_app.te b/fingerprint_capacitance/system_app.te new file mode 100644 index 0000000..f583431 --- /dev/null +++ b/fingerprint_capacitance/system_app.te @@ -0,0 +1,3 @@ +# TODO (b/264266705) Remove this and make it specific to the app +# allow SystemUIGoogle to access fingerprint hal +hal_client_domain(system_app, hal_fingerprint) -- cgit v1.2.3 From 88988e5d2e8157bb04b1936bc4813b05a678ef19 Mon Sep 17 00:00:00 2001 From: leochuang Date: Wed, 22 Feb 2023 10:29:31 +0800 Subject: Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 270247256 Change-Id: Id8a692a7e5bc3979c000b85de60785216b8f6a64 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 440df93..6f45cf4 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,4 @@ hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 servicemanager hal_fingerprint_capacitance binder b/240632821 +vndservicemanager hal_keymint_citadel binder b/270247256 -- cgit v1.2.3 From 036e3370c284b9934d63ed67c6ecd7a6674b4e37 Mon Sep 17 00:00:00 2001 From: sukiliu Date: Fri, 24 Feb 2023 09:59:43 +0800 Subject: Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 270633150 Change-Id: I9dc73b7e5be8d872d4c68972df77907e08b656f3 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 6f45cf4..8ea1b5c 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,5 @@ hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 servicemanager hal_fingerprint_capacitance binder b/240632821 +system_app proc_pagetypeinfo file b/270633150 vndservicemanager hal_keymint_citadel binder b/270247256 -- cgit v1.2.3 From cb0c1bab29648615f07eed97b31a46730d726ea0 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 24 Mar 2023 11:11:05 +0800 Subject: Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 275001798 Test: scanBugreport Bug: 275001897 Bug: 275001799 Change-Id: Ifa1adaaa2bf33297e3c36a559dccc12726568896 --- tracking_denials/bug_map | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 8ea1b5c..8ce31ad 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,5 +1,9 @@ +derive_sdk dumpstate fifo_file b/275001897 +hal_camera_default boot_status_prop file b/275001798 +hal_camera_default edgetpu_app_service service_manager b/275001798 hal_dumpstate_default proc file b/240632721 hal_dumpstate_default sysfs file b/240632721 +incident dumpstate fifo_file b/275001799 servicemanager hal_fingerprint_capacitance binder b/240632821 system_app proc_pagetypeinfo file b/270633150 vndservicemanager hal_keymint_citadel binder b/270247256 -- cgit v1.2.3 From 60404f62e36379ca939c2915e2322a75da383f08 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 7 Apr 2023 14:34:58 +0800 Subject: Update error on ROM 9890454 Bug: 277155247 Bug: 277155366 Test: pts-tradefed run pts -m PtsSELinuxTest Change-Id: I4de26053ca9b4e572a62a40d73268453cee3b7a1 --- tracking_denials/dumpstate.te | 2 ++ tracking_denials/shell.te | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 tracking_denials/dumpstate.te create mode 100644 tracking_denials/shell.te diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te new file mode 100644 index 0000000..5d94f92 --- /dev/null +++ b/tracking_denials/dumpstate.te @@ -0,0 +1,2 @@ +# b/277155247 +dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/shell.te b/tracking_denials/shell.te new file mode 100644 index 0000000..5caa2cc --- /dev/null +++ b/tracking_denials/shell.te @@ -0,0 +1,2 @@ +# b/277155366 +dontaudit shell sysfs_net:file { read }; -- cgit v1.2.3 From 354a3d1de2d9f52bef95d277f755f59ff239fb6c Mon Sep 17 00:00:00 2001 From: Chungkai Mei Date: Thu, 27 Apr 2023 09:08:02 +0000 Subject: sepolicy: fix avc denials add potential paths for i2c peripheral devices sine we enable parallel module loading Test: ABTD https://android-build.googleplex.com/builds/abtd/run/L94600000960253970 https://android-build.googleplex.com/builds/abtd/run/L92800000960257192 Bug: 279848350 Change-Id: I7779752aa79c1e0ffa1d1c5a7150ef5193d4f986 Signed-off-by: Chungkai Mei --- vendor/genfs_contexts | 123 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 122 insertions(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 473fc71..81332b5 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -18,13 +18,32 @@ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9222 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9222 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9222/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply u:object_r:sysfs_batteryinfo:s0 # maxfg_base +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 # maxfg_secondary +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 - +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 # Display genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 @@ -39,18 +58,120 @@ genfscon sysfs /devices/platform/1c241000.drmdecon/early_wakeup genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight/panel1-backlight/als_table u:object_r:sysfs_write_leds:s0 # Haptics +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-cs40l26a-dual u:object_r:sysfs_vibrator:s0 # Power System Suspend +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-9/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-9/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-9/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-9/i2c-s2mpg12mfd/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-0/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-2/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-3/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-4/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-0/0-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-1/1-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-9/9-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/0-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/0-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-0/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/1-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/1-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-1/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/2-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/2-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/3-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/3-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/4-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/4-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/5-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/5-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/6-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/6-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/8-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/8-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/9-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/9-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 + genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0 -- cgit v1.2.3 From 3269d81be0c73383bc5930158ba53f432d8f0b0a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 9 May 2023 10:07:26 +0800 Subject: Update SELinux error Test: scanBugreport Bug: 281602658 Change-Id: Iea3d0acee3b894b6a262b7cf38a1a53cc2dc7e09 --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 8ce31ad..0555915 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,4 +1,5 @@ derive_sdk dumpstate fifo_file b/275001897 +dump_power_gs201 battery_history_device chr_file b/281602658 hal_camera_default boot_status_prop file b/275001798 hal_camera_default edgetpu_app_service service_manager b/275001798 hal_dumpstate_default proc file b/240632721 -- cgit v1.2.3 From 3254e69a859db19abdd10746bd8bfed65320ee4d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 10 May 2023 20:01:01 +0800 Subject: Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 280706429 Test: scanBugreport Bug: 281602658 Change-Id: I48f5d334d01d9031b488a0051c84bf4b38d2b09a --- tracking_denials/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 0555915..7932443 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -7,4 +7,5 @@ hal_dumpstate_default sysfs file b/240632721 incident dumpstate fifo_file b/275001799 servicemanager hal_fingerprint_capacitance binder b/240632821 system_app proc_pagetypeinfo file b/270633150 +system_server system_userdir_file dir b/280706429 vndservicemanager hal_keymint_citadel binder b/270247256 -- cgit v1.2.3