From 86598718d8e143fca0529031ca497467c9d682e2 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 5 Aug 2024 06:06:22 +0000 Subject: [PATCH 1/6] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 357483837 Flag: EXEMPT N/A Change-Id: I709d2f212ad6328a045ee4472c3a7d4e855ff034 --- tracking_denials/bug_map | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 2e6daa3..b717a08 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,2 +1,3 @@ -kernel vendor_charger_debugfs dir b/305600791 hal_bluetooth_default vendor_data_file dir b/318453067 +hal_bluetooth_default vendor_default_prop property_service b/357483837 +kernel vendor_charger_debugfs dir b/305600791 From 29c8930e791fc912ed51b096cb99d58b52584631 Mon Sep 17 00:00:00 2001 From: Vic Huang Date: Wed, 7 Aug 2024 05:34:31 +0000 Subject: [PATCH 2/6] Add sepolicy for property persist.vendor.service.bdroid. avc: denied { set } for property=persist.vendor.service.bdroid.bdaddr pid=860 uid=1002 gid=1002 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0 Bug: 357483837 Test: Forest build Flag: EXEMPT N/A Change-Id: I18e092be0e352071fc1d3a68796d458a0bb4b704 --- tracking_denials/bug_map | 1 - vendor/property_contexts | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 vendor/property_contexts diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index b717a08..a627b40 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,3 +1,2 @@ hal_bluetooth_default vendor_data_file dir b/318453067 -hal_bluetooth_default vendor_default_prop property_service b/357483837 kernel vendor_charger_debugfs dir b/305600791 diff --git a/vendor/property_contexts b/vendor/property_contexts new file mode 100644 index 0000000..d64e0b9 --- /dev/null +++ b/vendor/property_contexts @@ -0,0 +1 @@ +persist.vendor.service.bdroid. u:object_r:vendor_default_prop:s0 From 5b3ea20991a5a91995af492aabb6a8f211ffc576 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 13 Aug 2024 07:31:44 +0000 Subject: [PATCH 3/6] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 359428216 Test: scanBugreport Bug: 359428463 Test: scanAvcDeniedLogRightAfterReboot Bug: 359428217 Flag: EXEMPT bugFix Change-Id: I1ebbc37e75df1348f57e5c4aaad67b28babc2461 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index a627b40..1c50b85 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,2 +1,5 @@ hal_bluetooth_default vendor_data_file dir b/318453067 +hal_bluetooth_default vendor_default_prop property_service b/359428216 kernel vendor_charger_debugfs dir b/305600791 +vendor_init default_prop property_service b/359428217 +vendor_init default_prop property_service b/359428463 From a006f1b9b2cd9819d954901f7e9fec7a6f49b418 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 23 Aug 2024 09:42:06 +0000 Subject: [PATCH 4/6] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 361726059 Test: scanBugreport Bug: 361725767 Bug: 359428463 Test: scanAvcDeniedLogRightAfterReboot Bug: 359428463 Flag: EXEMPT bugFix Change-Id: I1bb0f8713a0a8d44564363f4774f3c893824bc82 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 1c50b85..e6f51f3 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,5 +1,8 @@ +dump_modem sscoredump_vendor_data_coredump_file dir b/361725767 +dump_modem sscoredump_vendor_data_logcat_file dir b/361725767 hal_bluetooth_default vendor_data_file dir b/318453067 hal_bluetooth_default vendor_default_prop property_service b/359428216 +hal_vibrator_default default_android_service service_manager b/361726059 kernel vendor_charger_debugfs dir b/305600791 vendor_init default_prop property_service b/359428217 vendor_init default_prop property_service b/359428463 From d7525ba27464ccb57e58f84bf240ebb2f35bf80d Mon Sep 17 00:00:00 2001 From: Vic Huang Date: Thu, 5 Sep 2024 07:16:32 +0000 Subject: [PATCH 5/6] Add sepolicy for property persist.vendor.service.bdroid. avc: denied { set } for property=persist.vendor.service.bdroid.bdaddr pid=860 uid=1002 gid=1002 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0 Bug: 359428216 Test: Forest build Flag: EXEMPT N/A Change-Id: Iee12fc870810c0919593745487f57eb5fb8fde9c --- bluetooth/hal_bluetooth_default.te | 4 ++++ vendor/property_contexts | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/bluetooth/hal_bluetooth_default.te b/bluetooth/hal_bluetooth_default.te index d78de58..4b2977a 100644 --- a/bluetooth/hal_bluetooth_default.te +++ b/bluetooth/hal_bluetooth_default.te @@ -1,3 +1,5 @@ +# Bluetooth hal + allow hal_bluetooth_default bt_device:chr_file rw_file_perms; add_hwservice(hal_bluetooth_default, hal_bluetooth_coexistence_hwservice) @@ -10,3 +12,5 @@ userdebug_or_eng(` allow hal_bluetooth_default sscoredump_vendor_data_coredump_file:file create_file_perms; set_prop(hal_bluetooth_default, vendor_ssrdump_prop) ') + +set_prop(hal_bluetooth_default, vendor_bluetooth_prop) diff --git a/vendor/property_contexts b/vendor/property_contexts index d64e0b9..60d7f0a 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -1 +1 @@ -persist.vendor.service.bdroid. u:object_r:vendor_default_prop:s0 +persist.vendor.service.bdroid. u:object_r:vendor_bluetooth_prop:s0 From ba31cb9d42ceade05303bba10fd0b6423d6672db Mon Sep 17 00:00:00 2001 From: Andrew Chant Date: Tue, 17 Sep 2024 10:17:07 -0700 Subject: [PATCH 6/6] sepolicy: Allow vendor_init to set vendor_bluetooth_prop Per DeviceBootTest.SELinuxUncheckedDenialBootTest: 09-17 16:22:22.968 1 1 I auditd : type=1107 audit(0.0:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.service.bdroid.soclog pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_bluetooth_prop:s0 tclass=property_service permissive=0' 09-17 16:22:22.968 1 1 I auditd : type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.service.bdroid.fwsnoop pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_bluetooth_prop:s0 tclass=property_service permissive=0' 09-17 16:22:22.968 1 1 I auditd : type=1107 audit(0.0:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.service.bdroid.soclog pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_bluetooth_prop:s0 tclass=property_service permissive=0' 09-17 16:22:22.968 1 1 I auditd : type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.service.bdroid.fwsnoop pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_bluetooth_prop:s0 tclass=property_service permissive=0' Test: SELinuxUncheckedDenialBootTest Bug: 366314934 Flag: EXEMPT bugFix Change-Id: I1710044f4f79a73818fcb55a97ea6b3d826aea1f --- bluetooth/hal_bluetooth_default.te | 1 + 1 file changed, 1 insertion(+) diff --git a/bluetooth/hal_bluetooth_default.te b/bluetooth/hal_bluetooth_default.te index 4b2977a..98c8048 100644 --- a/bluetooth/hal_bluetooth_default.te +++ b/bluetooth/hal_bluetooth_default.te @@ -14,3 +14,4 @@ userdebug_or_eng(` ') set_prop(hal_bluetooth_default, vendor_bluetooth_prop) +set_prop(vendor_init, vendor_bluetooth_prop)