summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-10-20pixel-sepolicy: Add additional variants of touch_offload device nameandroid12L-devSteve Pfetsch
[WIP] It would be better to find a regex to capture all variants Bug: 203136531 Signed-off-by: Steve Pfetsch <spfetsch@google.com> Change-Id: I6a3d438b611223d30bc472a3f283d6e016e14479
2021-10-20Consolidate sepolicy for twoshay and touchflow targets.Philip Quinn
Bug: 187654303 Bug: 187795940 Bug: 198755236 Test: twoshay works on B5, R4, B3, P7; reflector works on O6 Change-Id: I04b98c3b42e886b1900150c175318095e559fa25 Merged-In: I04b98c3b42e886b1900150c175318095e559fa25
2021-08-19Allow rebalance interrupts to chown am: 9b1dc1d0a8 am: 612b717259Edmond Chung
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15615939 Change-Id: If9496eaefe99eb977f95fe7ab0781c73848601fb
2021-08-19Allow rebalance interrupts to chown am: 9b1dc1d0a8android-12.0.0_r32android-12.0.0_r29android-12.0.0_r27android-12.0.0_r21android-12.0.0_r20android-12.0.0_r19android-12.0.0_r18android12-qpr1-d-s3-releaseandroid12-qpr1-d-s2-releaseandroid12-qpr1-d-s1-releaseandroid12-qpr1-d-releaseEdmond Chung
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15615939 Change-Id: Ie72f1cb2264010cb6f2322e84d49b8747709bd50
2021-08-18Allow rebalance interrupts to chownEdmond Chung
Bug: 196058977 Test: Check ownership of smp_affinity handles Change-Id: Idf2235882ba4eb714edc4634e32acce86fc92585
2021-08-17Add the 'bdev_type' attribute to all block device types am: f55e1932fe am: ↵Bart Van Assche
8071c23842 Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15583518 Change-Id: I70c4b38e90bbdfcf2c6ee6d625434003f28f2025
2021-08-17Add the 'bdev_type' attribute to all block device types am: f55e1932feBart Van Assche
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15583518 Change-Id: I4288e2383379d084c007677db9c0f0051dd506fe
2021-08-16Add the 'bdev_type' attribute to all block device typesBart Van Assche
The following patch introduces code that iterates over all block devices: https://android-review.googlesource.com/c/platform/system/core/+/1783847/9 The following patch grants 'init' and 'apexd' permission to iterate over all block devices: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947 The above SELinux policy change requires to add the 'bdev_type' attribute to all block devices. Hence this patch. Bug: 194450129 Test: Built Android images and installed these on a test device. Change-Id: Ie76b00aa51e696508b9471dbd34f96dad5aa3240 Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-04pixel-sepolicy:debugpolicy: initial version am: 4f3600ffe2Oleg Matcovschi
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15445355 Change-Id: I3670751a5827df678f6daa3c134790e3186b8ccc
2021-08-03pixel-sepolicy:debugpolicy: initial versionandroid12-devOleg Matcovschi
Bug: 194730972 Signed-off-by: Oleg Matcovschi <omatcovschi@google.com> Change-Id: Iec80b0b9e0a99875dcae478a5e63d94caae86767
2021-08-02ADPF: Allow PowerHAL to set sched am: 698d90adc4Jimmy Shiu
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15422191 Change-Id: I6b084357d3b8be0847954cbb59302a678bc2b0ae
2021-08-02ADPF: Allow PowerHAL to set schedJimmy Shiu
system_server also creates UI sometimes. Ex: ANR Dialog, the Pointer Location in developer options. Bug: 194775170 Test: build and enable Pointer Location debug option Merged-In: Ife50e90d2899623d8a482ca79ae7c74aafae9a49 Change-Id: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
2021-07-30haptics: Move property_contexts to common folderchasewu
Bug: 192901277 Test: build pass, no avc logs Signed-off-by: chasewu <chasewu@google.com> Change-Id: Ia75db8ec3c3cd52b23118da5f638055209563595
2021-07-21add file contexts for factory_post_boot.sh am: 4342600ecfLuke Chang
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15311533 Change-Id: I608637e96433a725662f79264618de1bb074eb17
2021-07-20add file contexts for factory_post_boot.shLuke Chang
Bug: 191531000 Test: TreeHugger, built and booted to home, check factory cgroup Change-Id: Id9faa3b4b9662f23dc56d8bd3a027aaeb6315fa5
2021-07-05pixel-sepolicy/ramdump: create ramdump_vendor_fs am: 80300f9dafWoody Lin
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15171196 Change-Id: Id322857f562fe9853ae3dab0deea2f5e8aa15147
2021-07-01pixel-sepolicy/ramdump: create ramdump_vendor_fsWoody Lin
Bug 177481425 requires a dedicated file type for fscontext to mount fusefs. To reduce code changes difference between sc-dev and master, create file_type 'ramdump_vendor_fs' for both as base. Later it will be revised to 'fusefs_type' on master branch only. Bug: 177481425 Merged-In: I6bd07933e4a24835c3ad3b7afb8c9619651bff18 Change-Id: I6bd07933e4a24835c3ad3b7afb8c9619651bff18
2021-06-25Allow vendor_init to do cgroup migration am: c954e7c50bWei Wang
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15105325 Change-Id: I769efade03d6d021bc8e660b9840ae97e84d5ffd
2021-06-24Allow vendor_init to do cgroup migrationWei Wang
Bug: 191925901 Test: Build Signed-off-by: Wei Wang <wvw@google.com> Change-Id: I68126a1e1ae6193c85f6e0d9baf92a83023f436f
2021-06-14MM: create GKI version of sepolicy am: b063289131Martin Liu
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14934442 Change-Id: Ibef8fac35db9ada218ee7b4eb6e2dd586679d262
2021-06-11MM: create GKI version of sepolicyMartin Liu
Bug: 190571517 Bug: 189938926 Bug: 190732106 Signed-off-by: Martin Liu <liumartin@google.com> Change-Id: Id5c39f45b0dd88e4c7c972fa60f416c715d6f34d Merged-In: Id5c39f45b0dd88e4c7c972fa60f416c715d6f34d
2021-05-31Do not let vendor-init access gs101-thermal am: 9faa545894Hridya Valsaraju
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14491664 Change-Id: I01e5f99c48e1018a83e5aeb190301b862cd054b1
2021-05-31Do not let vendor-init access gs101-thermalHridya Valsaraju
If needed, the initialization must be done from dumpstate HAL instead. Test: build Bug: 186500818 Change-Id: Ib38878acffb472f89ff54747f070a949feab0130
2021-05-27keymint: Add SharedSecret policies am: 65bf73897eTommy Chiu
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14660575 Change-Id: Ic5cf8ccc1d0a78b849c02b8f39b61add3dc2fefb
2021-05-25keymint: Add SharedSecret policiesTommy Chiu
Bug: 188728065 Change-Id: Icdbea8dcd84bfe25105c16027d5e32958bd1f31b
2021-05-21Merge "rebalance_interrupts sepolicy" into sc-dev am: d2c70ca116Andrew Chant
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14603580 Change-Id: I841ca2b8ec67c7179a386b4555076fa34071b079
2021-05-21Merge "rebalance_interrupts sepolicy" into sc-devAndrew Chant
2021-05-17vibrator: cs40l25: allow audio_device dir searchVince Leung
Add policies to allow vibrator HAL to search on audio_device dir. Bug: 178431048 Test: manually verify audio-coupled-haptics is working for Pixel ringtones on P21 devices Change-Id: If9e8833dcbe50024587347abbea3bbb978a08a76
2021-05-17rebalance_interrupts sepolicyAndrew Chant
Add rebalance_interrupts sepolicy to allow rebalance_interrupts to modify smp_affinity for IRQs. Example denials w/o this: [ 43.144107] type=1400 audit(1621271039.800:58): avc: denied { read } for comm="rebalance_inter" name="irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1 [ 43.144306] type=1400 audit(1621271039.800:59): avc: denied { open } for comm="rebalance_inter" path="/sys/kernel/irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1 [ 43.144452] type=1400 audit(1621271039.800:60): avc: denied { search } for comm="rebalance_inter" name="irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1 [ 43.159532] type=1400 audit(1621271039.816:61): avc: denied { search } for comm="rebalance_inter" name="irq" dev="proc" ino=4026531868 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:proc_irq:s0 tclass=dir permissive=1 Bug: 148403062 Change-Id: I0cf7e163d8436f428a53bbb96ff2949753004ac1
2021-05-17vibrator: cs40l25: allow access to audio devicesVince Leung
Add policies to allow access to audio devices required for audio haptics channel. Bug: 178431048 Test: manually verify audio-coupled-haptics is working for Pixel ringtones on P21 devices Change-Id: I8e481ba65b5a713bcc2e25fdf4727ad68ba7f721
2021-05-10Remove pixelstats access to "/d/physical-memory-group-manager"Hridya Valsaraju
Now that these statistics have been moved to sysfs and b/185589010 is fixed, remove these permission. Test: build Bug: 186500818 Change-Id: I2860564b3fe3710d85a104e4907a515d6beb8eca
2021-04-26Remove non-general sepolicy and add some rule for sniffer log.chenpaul
This commit include 2 changes: 1. Remove Qcom platform rule to generalize the rule in pixel-sepolicy 2. Add tcpdump rule for Pixel Logger to access tcpdump folder Bug: 186069127 Test: Pixel Logger app can start sniffer logger Change-Id: I171a773fe658384d5ccb163ff1d6686a2665c808
2021-04-21Merge "keymint: Add instance name" into sc-devTreeHugger Robot
2021-04-20Merge "vibrator: cs40l26: setup sepolicy" into sc-devTreeHugger Robot
2021-04-20keymint: Add instance nameTommy Chiu
Bug: 179459878 Change-Id: I7b32b49d3eafaceda1ef494bc2ef2a2e5feffd26
2021-04-19citadeld: updates sepolicies to access the IStats HIDL service am: ↵Vova Sharaienko
5c75973039 am: 0ff4e5096e am: 753bd0744a Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045 Change-Id: I2851d5158c260a819e03caecde710dacd5ac95ac
2021-04-19citadeld: updates sepolicies to access the IStats HIDL service am: ↵Vova Sharaienko
5c75973039 am: 0ff4e5096e Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045 Change-Id: I33e46b006ea21f6a410dc131781722da36e9eb25
2021-04-19citadeld: updates sepolicies to access the IStats HIDL service am: 5c75973039Vova Sharaienko
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045 Change-Id: I43f460c8f02ccfbba11aaf5f055ce1cab4edff10
2021-04-19citadeld: updates sepolicies to access the IStats HIDL serviceandroid-s-beta-2android-s-beta-1Vova Sharaienko
The IStats HIDL service is still in use in rvc-qpr-dev-plus-aosp branch Since the sepolicy located at AOSP is shared betweed sc-dev and other branches - need to keep allow rules for the AIDL & HIDL version Bug: 185607559 Test: Build, flash, and logcat for sepolicies messages Change-Id: I5437178feff7efdab25423ec7e63a8d8e9312c29
2021-04-19Merge "[Keymint] Add sepolicy for keymint-citadel service" into sc-devTreeHugger Robot
2021-04-19vibrator: cs40l26: setup sepolicyTai Kuo
Bug: 184610991 Test: Service and HAL can init properly from rc Signed-off-by: Tai Kuo <taikuo@google.com> Change-Id: I9d72f564688f56f7415d7398b032df375d86e37c
2021-04-16Merge "Revert "Stats: removed obsolete IStats HIDL sepolicies"" into sc-devTreeHugger Robot
2021-04-16Revert "Stats: removed obsolete IStats HIDL sepolicies"Vova Sharaienko
This reverts commit 6f660acb3f43dd5e994a5b8e226fa64d2bc3f2a5. Reason for revert: http://b/185462725 Change-Id: Iea1ba0835a684721789cd068c87a13b1d56aa847
2021-04-16[automerger skipped] citadeld: reverted required sepolicies am: 1d0c3e6b52 ↵Vova Sharaienko
am: a08704c2c4 am: c1baf4906d -s ours am skip reason: skip tag Change-Id I8a3da90860a32b8f883d2769d195fdfb48627127 with SHA-1 726f7b060a is already in history Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959 Change-Id: Iefccc4db2255f53db5774d21a13629212549b032
2021-04-16citadeld: reverted required sepolicies am: 1d0c3e6b52 am: a08704c2c4Vova Sharaienko
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959 Change-Id: I1e0443e33e9d15e67a3c0bbc72e87c83f2feb708
2021-04-16citadeld: reverted required sepolicies am: 1d0c3e6b52Vova Sharaienko
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959 Change-Id: I10e7ed93b57d0d21df443185663be8762e501dbc
2021-04-15citadeld: reverted required sepoliciesVova Sharaienko
Bug: 185440155 Bug: 185480917 Test: Build, flash, and logcat for sepolicies messages Change-Id: Ia0dfe5c9e50a18993cf075eb1ee198f78fb2b839 Merged-In: I8a3da90860a32b8f883d2769d195fdfb48627127
2021-04-15citadeld: reverted required sepoliciesVova Sharaienko
Bug: 185440155 Test: Build, flash, and logcat for sepolicies messages Change-Id: I8a3da90860a32b8f883d2769d195fdfb48627127
2021-04-15Merge "powerstats: Add power_stats_device type" into sc-devBenjamin Schwartz
2021-04-15Merge "Stats: removed obsolete IStats HIDL sepolicies" into sc-devVova Sharaienko
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 06:15:59 +0000