summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-03-01Suppress avc denials of sysfsandroid-13.0.0_r82android-13.0.0_r81android-13.0.0_r80android-13.0.0_r74android-13.0.0_r73android-13.0.0_r72android-13.0.0_r66android-13.0.0_r65android-13.0.0_r64android-13.0.0_r60android-13.0.0_r59android-13.0.0_r58android13-qpr3-c-s8-releaseandroid13-qpr3-c-s7-releaseandroid13-qpr3-c-s6-releaseandroid13-qpr3-c-s5-releaseandroid13-qpr3-c-s4-releaseandroid13-qpr3-c-s3-releaseandroid13-qpr3-c-s2-releaseandroid13-qpr3-c-s12-releaseandroid13-qpr3-c-s11-releaseandroid13-qpr3-c-s10-releaseandroid13-qpr3-c-s1-releaseYen-Chao Chen
Bug: 267839070 Test: adb bugreport Change-Id: I8d4aed4aba15efa0cc38574565e4a66bc3049321 Signed-off-by: Yen-Chao Chen <davidycchen@google.com>
2023-02-15wlan: add cnss-daemon and related librariesHsiu-Chang Chen
cnss-daemon is necessary for CHRE function Bug: 264524963 Test: Regression Test Change-Id: Ic7b63617e30a9e6427b0ac280bf4763f9cc19f6e
2022-12-02No avc denied in SELinuxUncheckedDenialBootTestVic Huang
DeviceBootTest.DeviceBootTest.SELinuxUncheckedDenialBootTest avc: denied { call } for comm="oid.grilservice" scontext=u:r:grilservice_app:s0:c227,c256,c512,c768 tcontext=u:r:hal_bluetooth_default:s0 tclass=binder permissive=0 app=com.google.android.grilservice Bug: 259198345 Change-Id: Ie3800e3197f04b83ba8789c82518cbb721e1fe37
2022-11-15device-sepolicy: Add sepolicy for vibrator halChris Paulo
Added sepolicy for vibrator hal specific to device uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=vibrator.adaptive_haptics.enabled pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1' avc: denied { open } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { getattr } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { map } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1094 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1 avc: denied { connectto } for comm="android.hardwar" path="/dev/socket/chre" scontext=u:r:hal_vibrator_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1 avc: denied { open } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms avc: denied { getattr } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms Bug: 198239103 Test: Verified functionality Signed-off-by: Chris Paulo <chrispaulo@google.com> Change-Id: Ib118b553eab1db6f9fadaebeae0d57eb329294e3
2022-10-28Fix avc denied for init-insmod-shHsiu-Chang Chen
qrtr.ko doesn't request net_admin permission now 05-30 05:12:58.524 492 492 I auditd : type=1400 audit(0.0:4): avc: denied { net_admin } for comm="modprobe" capability=12 scontext=u:r:init-insmod-sh:s0 tcontext=u:r:init-insmod-sh:s0 tclass=capability permissive=0 Bug: 234311675 Test: verified with the forrest ROM and error log gone Change-Id: I72fb5441b977b6ba67d19416049a2776c3aebd12
2022-10-15Add sepolicy rules for hal_wifi_defaultHsiu-Chang Chen
In PDK build, it uses default wifi hal instead wifi_ext hal. Need to add rules for hal_wifi_default as well as we added for hal_wifi_ext Bug: 253544307 Test: Wifi can be enabled in PDK builds Change-Id: I57ad330c2467ae99b9c5190fbdc2f02e998b2fc1
2022-08-25Add sepolicy for tcpdump_loggerHsiu-Chang Chen
avc: denied { search } for name="wifi" dev="dm-44" ino=329 scontext=u:r:tcpdump_logger:s0 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir Bug: 243764714 Test: PixelLogger works normally Change-Id: I4ee93dbe10bae08e01053656a8429c57bb3651c8
2022-08-25Add sepolicy for wifi_sniffer and wifi_perf_diagHsiu-Chang Chen
avc: denied { search } for name="wifi" dev="dm-38" ino=329 scontext=u:r:wifi_sniffer:s0 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir avc: denied { setuid } for capability=7 scontext=u:r:wifi_sniffer:s0 tcontext=u:r:wifi_sniffer:s0 tclass=capability avc: denied { setgid } for capability=6 scontext=u:r:wifi_sniffer:s0 tcontext=u:r:wifi_sniffer:s0 tclass=capability avc: denied { search } for comm="wifi_perf_diag" name="wifi" dev="dm-38" ino=329 scontext=u:r:wifi_perf_diag:s0 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir Bug: 243727673 Test: PixelLogger works normally Change-Id: Idd0bb1ffeb198eea855b717a745fd93fecfe2251
2022-08-04Fix avc denied for hal_radioext_defaultAaron Tsai
05-30 13:13:30.868 867 867 I auditd : type=1400 audit(0.0:21): avc: denied { call } for comm="HwBinder:867_1" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=binder permissive=0 Bug: 234311798 Test: verified with the forrest ROM and error log gone Change-Id: I0195fe2d8e81ea0149255524cfc047540159281b
2022-08-02wifi: correct label wlan0/p2p0/wifi-aware0 device as sysfs_netHsiu-Chang Chen
Bug: 239657967 Test: NetdSELinuxTest#CheckProperMTULabels Change-Id: I31db1d2110b2c18cf12a5cfa9b13e8c6dff09d59
2022-07-28sepolicy: allow hal_power_stats to read wifi sysfs and propertyDarren Hsu
avc: denied { read } for name="power_stats" dev="sysfs" ino=114517 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=371 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0 Bug: 240391946 Test: get bugreport and make sure no avc denials related to Test: hal_power_stats Change-Id: I3be32eb4e61926c3abd24c67e7dab9b4056bf00a Signed-off-by: Darren Hsu <darrenhsu@google.com>
2022-07-27Add sepolicy for hal_wifi_extHsiu-Chang Chen
07-27 11:58:09.569 869 869 I auditd : type=1400 audit(0.0:2682598): avc: denied { read } for comm="wifi_ext@1.0-se" name="driverdump" dev="proc" ino=4026535980 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 Bug: 239656339 Test: avc error is gone Change-Id: Icf816897780fecc1bb35696e492e6fa2661abc20
2022-07-22Update SELinux errorAdam Shih
Test: SELinuxUncheckedDenialBootTest Bug: 239887174 Change-Id: I4034d5ae64004142e312fd534d436014bfc0fe5b
2022-07-20Bluetooth: Allow QTI HAL service to access its logbufferCheney Ni
Bug: 229691092 Test: Pass file permission check Change-Id: Ic97bf3b23c452d20e5e32f3bafe2f6b2c5d2be3b
2022-07-18Revert "Update SELinux error"Robin Peng
This reverts commit 74af0fe9e61b85f0e6a929307a311b7b91359f2f. Reason to revert: issue has been fixed Bug: 239364576 Bug: 239364745 Signed-off-by: Robin Peng <robinpeng@google.com> Change-Id: Iaef3454b376a7d5266b72f242b0ca94c77e1c1fe
2022-07-18Update SELinux errorAdam Shih
Test: SELinuxUncheckedDenialBootTest Bug: 239364745 Change-Id: I65e5ac420fe7c94cfb08d4a9e1f1191152b49754
2022-07-15Update SELinux errorAdam Shih
Bug: 234547283 Change-Id: I9caeeee12b5c8f29d9962cfc93d4902115c99b90
2022-07-13Update SELinux errorAdam Shih
Test: SELinuxUncheckedDenialBootTest Bug: 238837168 Change-Id: Ic852fa8e8c1a8832699bc7f001abc7769ba67394
2022-07-06Update SELinux errorAdam Shih
Test: SELinuxUncheckedDenialBootTest Bug: 238143398 Change-Id: Ic30fa2201c37296a031d0e9ddc518c47c49ccaa2
2022-06-29Add sepolicy for vendor_locationHsiu-Chang Chen
06-25 21:59:57.532 3922 3922 I auditd : type=1400 audit(0.0:11): avc: denied { sendto } for comm="loc_mq_clnt" path="/dev/socket/location/mq/LOWI-SERVER" scontext=u:r:vendor_location:s0 tcontext=u:r:lowi_server:s0 tclass=unix_dgram_socket permissive=0 06-29 04:30:11.188 8182 8182 I auditd : type=1400 audit(0.0:1517): avc: denied { sendto } for comm="loc_mq_clnt" path="/dev/socket/location/mq/7b2e9924f8-LC" scontext=u:r:vendor_location:s0 tcontext=u:r:hal_wifi_ext:s0 tclass=unix_dgram_socket permissive=0 Bug: 237467750 Test: avc error is gone Change-Id: Ic4ff2bdf30b042c08c38b134c6af086d7033511f
2022-06-29update error on ROM 8769316Adam Shih
Bug: 237467750 Test: SELinuxUncheckedDenialBootTest Change-Id: I0ad1b8cc2f0d298143de177f49e45418dfd857ac
2022-06-24Add sepolicy for lowi-serverHsiu-Chang Chen
06-24 16:58:55.724 9519 9519 I lowi-server: type=1400 audit(0.0:1980): avc: denied { read write } for path="socket:[69473]" dev="sockfs" ino=69473 scontext=u:r:lowi_server:s0 tcontext=u:r:vendor_location:s0 tclass=unix_dgram_socket permissive=1 Bug: 235281415 Test: avc error is gone Change-Id: I93615b98c08f6e6e5c3cc182bddcff30e452e103
2022-06-14Add sepolicy to enable camera vendor propertytimothywang
Bug: 234324271 Test: adb shell getprop Change-Id: I6a0b344880deeb767df97136c42b2fb86668f39d
2022-06-08Update error on ROM 8693966Adam Shih
bug: 234311798 bug: 235281134 bug: 235281415 Test: SELinuxUncheckedDenialBootTest Change-Id: Ib6da45ce6d0c8d0d2668fcc2b3b41cf450c953d2
2022-06-06sepolicy: label more paths for sysfs_wakeupDarren Hsu
Bug: 234311758 Test: forrest apct/device_boot_health_check_extra Change-Id: I6dab109733062b32e09cfddcbf43cbdc515c07ba Signed-off-by: Darren Hsu <darrenhsu@google.com>
2022-05-31Add sepolicy for P9222 WLC power_supplyJack Wu
05-30 05:13:03.096 836 836 I auditd : type=1400 audit(0.0:6): avc: denied { getattr } for comm="android.hardwar" path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9222/power_supply/wireless/capacity" dev="sysfs" ino=71270 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 05-30 05:13:03.100 836 836 I auditd : type=1400 audit(0.0:7): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=71272 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 234311757 Test: build ok, no avc denied Signed-off-by: Jack Wu <wjack@google.com> Change-Id: I0fb296a9472eda7ff5f2babfea1c769caea525e1
2022-05-30Update avc error on ROM 8659812sukiliu
Bug: 234311757 Bug: 234311798 Bug: 234311675 Bug: 234311758 Test: forrest with boot test w/ SELinux check Change-Id: I809cd16ca133fcbe5dbac6c7b8f089897fab300c
2022-04-25Add sepolicy for pixelloggerHsiu-Chang Chen
04-25 11:36:17.795 4101 4101 I auditd : type=1400 audit(0.0:6339): avc: denied { search } for comm="LoggingService" name="wifi" dev="dm-40" ino=338 scontext=u:r:logger_app:s0:c229,c256,c512,c768 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir permissive=1 app=com.android.pixellogger 04-25 11:36:17.799 863 863 I auditd : type=1400 audit(0.0:6340): avc: denied { search } for comm="wifi_ext@1.0-se" name="wifi" dev="dm-40" ino=338 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir permissive=1 Bug: 230280450 Test: Pixelloger can collect WLAN logs Change-Id: Id95e4132f2814deb1fbfb307568a4ece87a28611
2022-03-15wifi: Add sepolicy for LOWI toolsHsiu-Chang Chen
Add sepolicy rules for LOWI tools including loc_launcher and lowi-server which are necessary for NAN and RTT Bug: 223296149 Test: loc_launcher and lowi-server start automatically Change-Id: I915be13fa715de85de91c30e0605f1e8e9d578f4
2022-03-07Setup sysfs_vibratorTai Kuo
Bug: 220068530 Test: dumpsys android.hardware.vibrator.IVibrator/default Change-Id: Icd8a7d5db2277c72be9a72723434145db4eecb02
2022-01-10wifi: Add sepolicy for qcom driver control interfaceHsiu-Chang Chen
01-06 11:55:38.816 796 796 I auditd : type=1400 audit(0.0:281): avc: denied { write } for comm="wifi_ext@1.0-se" name="wlan" dev="tmpfs" ino=984 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 01-06 11:55:38.820 796 796 I auditd : type=1400 audit(0.0:282): avc: denied { open } for comm="wifi_ext@1.0-se" path="/dev/wlan" dev="tmpfs" ino=984 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 Bug: 209934729 Test: Basic function tests, SSR tests Change-Id: Id6afd0580f8792eeb7ef8a25d42724ec79696875
2022-01-10Add l10 specific camera component sepolicy settingshorngchuang
Also, move those settings from whitechapel_pro common folder Bug: 210598444 Test: build okay Change-Id: Ie96dd9e6da5bdddd62d2ed9f920cb49daa1d74eb
2021-12-21Include core policy OWNERSJoel Galenson
Test: None Change-Id: I75f26e14abc35f1bc5fb143491ce9419d4cd13f4
2021-12-16Bluetooth: Add Sepolicy for QTI default HAL (1/2)Cheney Ni
Bug: 202113218 Test: manually Change-Id: I589b5c1df9fad6541799c1ba370fe2359cc31831
2021-11-01Initial device lynx sepolicyCyan_Hsieh
Bug: 202250383 Change-Id: I7b096bdb87ea45760bbcf929cd5757e159952e75
2021-10-13Initial empty repositoryBill Rassieur
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 06:41:09 +0000