summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-08-19Allow rebalance interrupts to chown am: 9b1dc1d0a8android-12.0.0_r32android-12.0.0_r29android-12.0.0_r27android-12.0.0_r21android-12.0.0_r20android-12.0.0_r19android-12.0.0_r18android12-qpr1-d-s3-releaseandroid12-qpr1-d-s2-releaseandroid12-qpr1-d-s1-releaseandroid12-qpr1-d-releaseEdmond Chung
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15615939 Change-Id: Ie72f1cb2264010cb6f2322e84d49b8747709bd50
2021-08-18Allow rebalance interrupts to chownEdmond Chung
Bug: 196058977 Test: Check ownership of smp_affinity handles Change-Id: Idf2235882ba4eb714edc4634e32acce86fc92585
2021-08-17Add the 'bdev_type' attribute to all block device types am: f55e1932feBart Van Assche
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15583518 Change-Id: I4288e2383379d084c007677db9c0f0051dd506fe
2021-08-16Add the 'bdev_type' attribute to all block device typesBart Van Assche
The following patch introduces code that iterates over all block devices: https://android-review.googlesource.com/c/platform/system/core/+/1783847/9 The following patch grants 'init' and 'apexd' permission to iterate over all block devices: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947 The above SELinux policy change requires to add the 'bdev_type' attribute to all block devices. Hence this patch. Bug: 194450129 Test: Built Android images and installed these on a test device. Change-Id: Ie76b00aa51e696508b9471dbd34f96dad5aa3240 Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-03pixel-sepolicy:debugpolicy: initial versionandroid12-devOleg Matcovschi
Bug: 194730972 Signed-off-by: Oleg Matcovschi <omatcovschi@google.com> Change-Id: Iec80b0b9e0a99875dcae478a5e63d94caae86767
2021-08-02ADPF: Allow PowerHAL to set schedJimmy Shiu
system_server also creates UI sometimes. Ex: ANR Dialog, the Pointer Location in developer options. Bug: 194775170 Test: build and enable Pointer Location debug option Merged-In: Ife50e90d2899623d8a482ca79ae7c74aafae9a49 Change-Id: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
2021-07-20add file contexts for factory_post_boot.shLuke Chang
Bug: 191531000 Test: TreeHugger, built and booted to home, check factory cgroup Change-Id: Id9faa3b4b9662f23dc56d8bd3a027aaeb6315fa5
2021-07-01pixel-sepolicy/ramdump: create ramdump_vendor_fsWoody Lin
Bug 177481425 requires a dedicated file type for fscontext to mount fusefs. To reduce code changes difference between sc-dev and master, create file_type 'ramdump_vendor_fs' for both as base. Later it will be revised to 'fusefs_type' on master branch only. Bug: 177481425 Merged-In: I6bd07933e4a24835c3ad3b7afb8c9619651bff18 Change-Id: I6bd07933e4a24835c3ad3b7afb8c9619651bff18
2021-06-24Allow vendor_init to do cgroup migrationWei Wang
Bug: 191925901 Test: Build Signed-off-by: Wei Wang <wvw@google.com> Change-Id: I68126a1e1ae6193c85f6e0d9baf92a83023f436f
2021-06-11MM: create GKI version of sepolicyMartin Liu
Bug: 190571517 Bug: 189938926 Bug: 190732106 Signed-off-by: Martin Liu <liumartin@google.com> Change-Id: Id5c39f45b0dd88e4c7c972fa60f416c715d6f34d Merged-In: Id5c39f45b0dd88e4c7c972fa60f416c715d6f34d
2021-05-31Do not let vendor-init access gs101-thermalHridya Valsaraju
If needed, the initialization must be done from dumpstate HAL instead. Test: build Bug: 186500818 Change-Id: Ib38878acffb472f89ff54747f070a949feab0130
2021-05-25keymint: Add SharedSecret policiesTommy Chiu
Bug: 188728065 Change-Id: Icdbea8dcd84bfe25105c16027d5e32958bd1f31b
2021-05-21Merge "rebalance_interrupts sepolicy" into sc-devAndrew Chant
2021-05-17vibrator: cs40l25: allow audio_device dir searchVince Leung
Add policies to allow vibrator HAL to search on audio_device dir. Bug: 178431048 Test: manually verify audio-coupled-haptics is working for Pixel ringtones on P21 devices Change-Id: If9e8833dcbe50024587347abbea3bbb978a08a76
2021-05-17rebalance_interrupts sepolicyAndrew Chant
Add rebalance_interrupts sepolicy to allow rebalance_interrupts to modify smp_affinity for IRQs. Example denials w/o this: [ 43.144107] type=1400 audit(1621271039.800:58): avc: denied { read } for comm="rebalance_inter" name="irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1 [ 43.144306] type=1400 audit(1621271039.800:59): avc: denied { open } for comm="rebalance_inter" path="/sys/kernel/irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1 [ 43.144452] type=1400 audit(1621271039.800:60): avc: denied { search } for comm="rebalance_inter" name="irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1 [ 43.159532] type=1400 audit(1621271039.816:61): avc: denied { search } for comm="rebalance_inter" name="irq" dev="proc" ino=4026531868 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:proc_irq:s0 tclass=dir permissive=1 Bug: 148403062 Change-Id: I0cf7e163d8436f428a53bbb96ff2949753004ac1
2021-05-17vibrator: cs40l25: allow access to audio devicesVince Leung
Add policies to allow access to audio devices required for audio haptics channel. Bug: 178431048 Test: manually verify audio-coupled-haptics is working for Pixel ringtones on P21 devices Change-Id: I8e481ba65b5a713bcc2e25fdf4727ad68ba7f721
2021-05-10Remove pixelstats access to "/d/physical-memory-group-manager"Hridya Valsaraju
Now that these statistics have been moved to sysfs and b/185589010 is fixed, remove these permission. Test: build Bug: 186500818 Change-Id: I2860564b3fe3710d85a104e4907a515d6beb8eca
2021-04-26Remove non-general sepolicy and add some rule for sniffer log.chenpaul
This commit include 2 changes: 1. Remove Qcom platform rule to generalize the rule in pixel-sepolicy 2. Add tcpdump rule for Pixel Logger to access tcpdump folder Bug: 186069127 Test: Pixel Logger app can start sniffer logger Change-Id: I171a773fe658384d5ccb163ff1d6686a2665c808
2021-04-21Merge "keymint: Add instance name" into sc-devTreeHugger Robot
2021-04-20Merge "vibrator: cs40l26: setup sepolicy" into sc-devTreeHugger Robot
2021-04-20keymint: Add instance nameTommy Chiu
Bug: 179459878 Change-Id: I7b32b49d3eafaceda1ef494bc2ef2a2e5feffd26
2021-04-19citadeld: updates sepolicies to access the IStats HIDL service am: ↵Vova Sharaienko
5c75973039 am: 0ff4e5096e am: 753bd0744a Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045 Change-Id: I2851d5158c260a819e03caecde710dacd5ac95ac
2021-04-19citadeld: updates sepolicies to access the IStats HIDL service am: ↵Vova Sharaienko
5c75973039 am: 0ff4e5096e Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045 Change-Id: I33e46b006ea21f6a410dc131781722da36e9eb25
2021-04-19citadeld: updates sepolicies to access the IStats HIDL service am: 5c75973039Vova Sharaienko
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045 Change-Id: I43f460c8f02ccfbba11aaf5f055ce1cab4edff10
2021-04-19citadeld: updates sepolicies to access the IStats HIDL serviceandroid-s-beta-2android-s-beta-1Vova Sharaienko
The IStats HIDL service is still in use in rvc-qpr-dev-plus-aosp branch Since the sepolicy located at AOSP is shared betweed sc-dev and other branches - need to keep allow rules for the AIDL & HIDL version Bug: 185607559 Test: Build, flash, and logcat for sepolicies messages Change-Id: I5437178feff7efdab25423ec7e63a8d8e9312c29
2021-04-19Merge "[Keymint] Add sepolicy for keymint-citadel service" into sc-devTreeHugger Robot
2021-04-19vibrator: cs40l26: setup sepolicyTai Kuo
Bug: 184610991 Test: Service and HAL can init properly from rc Signed-off-by: Tai Kuo <taikuo@google.com> Change-Id: I9d72f564688f56f7415d7398b032df375d86e37c
2021-04-16Merge "Revert "Stats: removed obsolete IStats HIDL sepolicies"" into sc-devTreeHugger Robot
2021-04-16Revert "Stats: removed obsolete IStats HIDL sepolicies"Vova Sharaienko
This reverts commit 6f660acb3f43dd5e994a5b8e226fa64d2bc3f2a5. Reason for revert: http://b/185462725 Change-Id: Iea1ba0835a684721789cd068c87a13b1d56aa847
2021-04-16[automerger skipped] citadeld: reverted required sepolicies am: 1d0c3e6b52 ↵Vova Sharaienko
am: a08704c2c4 am: c1baf4906d -s ours am skip reason: skip tag Change-Id I8a3da90860a32b8f883d2769d195fdfb48627127 with SHA-1 726f7b060a is already in history Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959 Change-Id: Iefccc4db2255f53db5774d21a13629212549b032
2021-04-16citadeld: reverted required sepolicies am: 1d0c3e6b52 am: a08704c2c4Vova Sharaienko
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959 Change-Id: I1e0443e33e9d15e67a3c0bbc72e87c83f2feb708
2021-04-16citadeld: reverted required sepolicies am: 1d0c3e6b52Vova Sharaienko
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959 Change-Id: I10e7ed93b57d0d21df443185663be8762e501dbc
2021-04-15citadeld: reverted required sepoliciesVova Sharaienko
Bug: 185440155 Bug: 185480917 Test: Build, flash, and logcat for sepolicies messages Change-Id: Ia0dfe5c9e50a18993cf075eb1ee198f78fb2b839 Merged-In: I8a3da90860a32b8f883d2769d195fdfb48627127
2021-04-15citadeld: reverted required sepoliciesVova Sharaienko
Bug: 185440155 Test: Build, flash, and logcat for sepolicies messages Change-Id: I8a3da90860a32b8f883d2769d195fdfb48627127
2021-04-15Merge "powerstats: Add power_stats_device type" into sc-devBenjamin Schwartz
2021-04-15Merge "Stats: removed obsolete IStats HIDL sepolicies" into sc-devVova Sharaienko
2021-04-15Merge "Stats: removed obsolete IStats HIDL sepolicies" am: 3bb63ff4bf am: ↵Vova Sharaienko
240aa49bb8 am: 3b9aedcbea Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1673872 Change-Id: I9b97d5db33ce0bb29413c0fb63ad1f8c822ba26b
2021-04-15Stats: removed obsolete IStats HIDL sepoliciesVova Sharaienko
Bug: 181887265 Test: Build, flash, and logcat for sepolicies messages Change-Id: Iabd233270969b981169168b47011cc8f4961c56d
2021-04-15Merge "Stats: removed obsolete IStats HIDL sepolicies" am: 3bb63ff4bf am: ↵Vova Sharaienko
240aa49bb8 Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1673872 Change-Id: I36557151e8f83786fae30520ec4de8f25ebb20c3
2021-04-15Merge "Stats: removed obsolete IStats HIDL sepolicies" am: 3bb63ff4bfVova Sharaienko
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1673872 Change-Id: I8965dcc780a84e4d185a0a74994400a17e861c98
2021-04-14powerstats: Add power_stats_device typeBenjamin Schwartz
Bug: 181577366 Test: dumpsys android.hardware.power.stats.IPowerStats/default Change-Id: I2d81adb31223466208382e9425f40eb01fe11f90
2021-04-14Merge "Stats: removed obsolete IStats HIDL sepolicies"Vova Sharaienko
2021-04-14Add wireless/device/mitigate_threshold to control Dream Defend from ↵Stephane Lee
GoogleBattery am: df5f6ee522 am: 833a62da50 am: 7bf38352c7 Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1674303 Change-Id: If8371c062236c39ac954e0ff011fdf279f7f3361
2021-04-14Add wireless/device/mitigate_threshold to control Dream Defend from ↵Stephane Lee
GoogleBattery am: df5f6ee522 am: 833a62da50 Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1674303 Change-Id: I682cd76412b88926ea58dae9b71db9cd2622d03d
2021-04-14Add wireless/device/mitigate_threshold to control Dream Defend from ↵Stephane Lee
GoogleBattery am: df5f6ee522 Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1674303 Change-Id: I70e31e072197098a21316d66072208c5145a7124
2021-04-14Stats: removed obsolete IStats HIDL sepoliciesVova Sharaienko
Bug: 181887265 Test: Test: Build, flash, and logcat for sepolicies messages Change-Id: I7776076c47a7fd476120a29093deef59d6cf3be2
2021-04-13Add wireless/device/mitigate_threshold to control Dream Defend from ↵Stephane Lee
GoogleBattery Bug: 184547203 Test: Ensure there are no sepolicy/access errors from GoogleBattery Change-Id: I5b21aa6fea767bd6706307341963941ac4077d6f
2021-04-13Merge "wifi - Add sepolicy for wlan_logger" into sc-devTreeHugger Robot
2021-04-13Merge "Allow PowerHAL to change sched for ADPF" into sc-devWei Wang
2021-04-08[automerger skipped] Merge "Move vendor_kernel_modules to public." am: ↵Yabin Cui
42d7cab5d1 am: 910ead0d1f am: 2a646acc69 -s ours am skip reason: skip tag Change-Id I21d5c60c63fd0cb46e074d76934dccf53819683d with SHA-1 98c027ef63 is already in history Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1660784 Change-Id: I7694c8a6ad4249ca2eb3fac9b6b86abdb088011c
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-19 20:30:42 +0000