android/android_device_google_lynx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
191 Commits 2 Branches 0 Tags 6.1 MiB
6282215c69
Commit Graph

41 Commits

Author SHA1 Message Date
Vic Huang
d7525ba274 Add sepolicy for property persist.vendor.service.bdroid. 
avc:  denied  { set } for property=persist.vendor.service.bdroid.bdaddr pid=860 uid=1002 gid=1002 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0

Bug: 359428216
Test: Forest build
Flag: EXEMPT N/A
Change-Id: Iee12fc870810c0919593745487f57eb5fb8fde9c
 2024-09-05 07:43:01 +00:00
Vic Huang
29c8930e79 Add sepolicy for property persist.vendor.service.bdroid. 
avc:  denied  { set } for property=persist.vendor.service.bdroid.bdaddr pid=860 uid=1002 gid=1002 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0

Bug: 357483837
Test: Forest build
Flag: EXEMPT N/A
Change-Id: I18e092be0e352071fc1d3a68796d458a0bb4b704
 2024-08-07 06:29:02 +00:00
Jacky Liu
1cce81f773 Update i2c device paths 
Update i2c device paths with static bus numbers.
Remove entries which are already in gs201-sepolicy.

Bug: 323447554
Test: Boot to home
Change-Id: I8d204e099f7a37422259c0ccac2bf25a082c2fcf
 2024-02-06 16:16:19 +00:00
Jenny Ho
fe3d38fe37 sepolicy: lynx: add wireless path permission 
I auditd  : type=1400 audit(0.0:4402): avc:  denied  { read } for  comm="UeventThread" name="voltage_now" dev="sysfs" ino=66900 scontext=u:r:hal_wireless_charger:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
I auditd  : type=1400 audit(0.0:3924): avc:  denied  { read } for  comm="binder:531_2" name="wakeup82" dev="sysfs" ino=83487 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0

Bug: 320193504
Change-Id: I98e3c48f9c6eaaab2d303721bdb473fc72884738
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2024-01-16 13:44:37 +08:00
Hsiu-Chang Chen
cadc3a71b6 wifi: genfs_contexts: fix path for wifi device 
Bug: 313754855
Test: without avc denial when booting
Change-Id: I0d94aa3c766c2d98748f53223e45fdb32caa38ba
 2023-12-04 15:37:05 +08:00
Wilson Sung
3e3f8080aa Supress kernel avc log before SELinux initialized 
Fix: 281814849
Change-Id: Ie83557668ded8ab17bf77e60ed21db33e9f4f580
 2023-06-19 11:40:12 +08:00
Yen-Chao Chen
cf61d5959d Suppress avc denials of sysfs am: f446026014 am: c03d408bb4 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/21570169

Change-Id: I64cc0d6b9cfd5945a6ccf7f927450c2ad9be838e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-02 03:51:30 +00:00
Yen-Chao Chen
c03d408bb4 Suppress avc denials of sysfs am: f446026014 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/21570169

Change-Id: I478ce949320bcf89047a6bb62103b0c4a9f572e6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-02 03:15:26 +00:00
Yen-Chao Chen
f446026014 Suppress avc denials of sysfs 
Bug: 267839070
Test: adb bugreport

Change-Id: I8d4aed4aba15efa0cc38574565e4a66bc3049321
Signed-off-by: Yen-Chao Chen <davidycchen@google.com>
 2023-03-01 15:10:16 +08:00
Tai Kuo
5925557552 Revert "device-sepolicy: Add sepolicy for vibrator hal" am: 02be088bc5 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/21455936

Change-Id: Ie2e3086bf535add2e1ede16e374f8a78e2780216
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-17 06:23:10 +00:00
Tai Kuo
02be088bc5 Revert "device-sepolicy: Add sepolicy for vibrator hal" 
This reverts commit b5eec482fd.

Bug: 198239103
Test: build pass on git_tm-qpr-dev-plus-aosp
Change-Id: Iee9305e6ba5abbc8df9b353ed5bbfeaa64f0b43b
 2023-02-16 22:11:32 +08:00
Hsiu-Chang Chen
ae260626bc wlan: add cnss-daemon and related libraries am: 53746d9546 am: cc2eda58a1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/21257900

Change-Id: Ifa5b92a131372c681371a48bb8c6fec715a20b34
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-15 10:08:06 +00:00
Hsiu-Chang Chen
53746d9546 wlan: add cnss-daemon and related libraries 
cnss-daemon is necessary for CHRE function

Bug: 264524963
Test: Regression Test
Change-Id: Ic7b63617e30a9e6427b0ac280bf4763f9cc19f6e
 2023-02-15 01:47:13 +00:00
Ken Yang
fa9c88aef8 WLC: Cleanup the sysfs_wlc policies 
Bug: 263830018
Change-Id: I6b31c6127e01b946c51200683b511853f2d304b4
Signed-off-by: Ken Yang <yangken@google.com>
 2023-01-13 14:41:12 +00:00
Ken Yang
c70f56e2df WLC: Add device specific sepolicy for wireless_charger 
Bug: 237600973
Change-Id: I9d219c3abf02266cc8200c70840a65aedb17ee7b
Signed-off-by: Ken Yang <yangken@google.com>
 2022-12-20 00:59:17 +00:00
Chris Paulo
50b8efd9eb device-sepolicy: Add sepolicy for vibrator hal am: b5eec482fd am: 2c6be03c0d 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/19981337

Change-Id: I81c821acf7f0e94f91dc32d259da8635aedb7ced
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-16 21:20:50 +00:00
Chris Paulo
b5eec482fd device-sepolicy: Add sepolicy for vibrator hal 
Added sepolicy for vibrator hal specific to device

uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=vibrator.adaptive_haptics.enabled pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1'
avc: denied { open } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { getattr } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { map } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1094 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
avc: denied { connectto } for comm="android.hardwar" path="/dev/socket/chre" scontext=u:r:hal_vibrator_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1
avc: denied { open } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms
avc: denied { getattr } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms

Bug: 198239103
Test: Verified functionality
Signed-off-by: Chris Paulo <chrispaulo@google.com>
Change-Id: Ib118b553eab1db6f9fadaebeae0d57eb329294e3
 2022-11-15 05:27:55 +00:00
Hsiu-Chang Chen
63b5468da9 Add sepolicy rules for hal_wifi_default am: b2c724f0ed am: 32cd0dbba0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/20194047

Change-Id: I492d79005fcd85fb84f29baec08d6a95d766ea01
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-17 09:31:44 +00:00
Hsiu-Chang Chen
b2c724f0ed Add sepolicy rules for hal_wifi_default 
In PDK build, it uses default wifi hal instead
wifi_ext hal. Need to add rules for hal_wifi_default
as well as we added for hal_wifi_ext

Bug: 253544307
Test: Wifi can be enabled in PDK builds
Change-Id: I57ad330c2467ae99b9c5190fbdc2f02e998b2fc1
 2022-10-15 02:50:33 +00:00
Hsiu-Chang Chen
852dfa55f8 Add sepolicy for tcpdump_logger am: ea80cb5016 am: f068419777 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/19739489

Change-Id: Ib7a73b5066d30e2d039abae54de1368741e043fb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-26 03:18:07 +00:00
Hsiu-Chang Chen
674508eccc Add sepolicy for wifi_sniffer and wifi_perf_diag am: e465f1a856 am: 6122c700d7 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/19738530

Change-Id: I30803fd319b090e50fbce8688825d4902d979699
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-25 09:25:11 +00:00
Hsiu-Chang Chen
ea80cb5016 Add sepolicy for tcpdump_logger 
avc: denied { search } for name="wifi" dev="dm-44" ino=329 scontext=u:r:tcpdump_logger:s0 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir

Bug: 243764714
Test: PixelLogger works normally
Change-Id: I4ee93dbe10bae08e01053656a8429c57bb3651c8
 2022-08-25 16:56:44 +08:00
Hsiu-Chang Chen
e465f1a856 Add sepolicy for wifi_sniffer and wifi_perf_diag 
avc: denied { search } for name="wifi" dev="dm-38" ino=329 scontext=u:r:wifi_sniffer:s0 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir
avc: denied { setuid } for capability=7 scontext=u:r:wifi_sniffer:s0 tcontext=u:r:wifi_sniffer:s0 tclass=capability
avc: denied { setgid } for capability=6 scontext=u:r:wifi_sniffer:s0 tcontext=u:r:wifi_sniffer:s0 tclass=capability
avc: denied { search } for comm="wifi_perf_diag" name="wifi" dev="dm-38" ino=329 scontext=u:r:wifi_perf_diag:s0 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir

Bug: 243727673
Test: PixelLogger works normally
Change-Id: Idd0bb1ffeb198eea855b717a745fd93fecfe2251
 2022-08-25 08:21:16 +00:00
Aaron Tsai
867fb0a6d8 Fix avc denied for hal_radioext_default am: 11348d7e76 am: 282e204a94 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/19515072

Change-Id: Ideea35242707bee69695b03c8f2db22aa171953e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-15 04:46:02 +00:00
Aaron Tsai
11348d7e76 Fix avc denied for hal_radioext_default 
05-30 13:13:30.868   867   867 I auditd  : type=1400 audit(0.0:21): avc: denied { call } for comm="HwBinder:867_1" scontext=u:r:hal_radioext_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=binder permissive=0

Bug: 234311798
Test: verified with the forrest ROM and error log gone
Change-Id: I0195fe2d8e81ea0149255524cfc047540159281b
 2022-08-04 07:19:10 +08:00
Hsiu-Chang Chen
412d4909c5 wifi: correct label wlan0/p2p0/wifi-aware0 device as sysfs_net am: 9ac637312b am: ccea61be5a 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/19493414

Change-Id: Id224eb65a530ba1cd6a4b5896b67e55e0b434c07
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-03 00:09:17 +00:00
Hsiu-Chang Chen
9ac637312b wifi: correct label wlan0/p2p0/wifi-aware0 device as sysfs_net 
Bug: 239657967
Test: NetdSELinuxTest#CheckProperMTULabels
Change-Id: I31db1d2110b2c18cf12a5cfa9b13e8c6dff09d59
 2022-08-02 08:54:18 +00:00
chungkai
f2a7632106 genfs_contexts: fix path for i2c peripheral device 
paths are changed when we enable parallel module loading and
reorder the initializtaion of devices.

Test: without avc denial on L10 when booting
Bug: 240641235
Signed-off-by: chungkai <chungkai@google.com>
Change-Id: I411ceaa02cb6fb36fc767937a62f945685c4a019
 2022-08-02 08:51:28 +00:00
Darren Hsu
4e2b651fdc sepolicy: allow hal_power_stats to read wifi sysfs and property 
avc: denied { read } for name="power_stats" dev="sysfs"
ino=114517 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

avc: denied { read } for name="u:object_r:wifi_hal_prop:s0"
dev="tmpfs" ino=371 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0

Bug: 240391946
Test: get bugreport and make sure no avc denials related to
Test: hal_power_stats
Change-Id: I3be32eb4e61926c3abd24c67e7dab9b4056bf00a
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-07-28 15:48:41 +08:00
Hsiu-Chang Chen
0c59021e58 Add sepolicy for hal_wifi_ext 
07-27 11:58:09.569   869   869 I auditd  : type=1400 audit(0.0:2682598):
avc: denied { read } for comm="wifi_ext@1.0-se" name="driverdump" dev="proc"
ino=4026535980 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:proc:s0
tclass=file permissive=0

Bug: 239656339
Test: avc error is gone
Change-Id: Icf816897780fecc1bb35696e492e6fa2661abc20
 2022-07-27 08:27:21 +00:00
Hsiu-Chang Chen
4d4fd451a6 Add sepolicy for vendor_location 
06-25 21:59:57.532  3922  3922 I auditd  : type=1400 audit(0.0:11):
avc: denied { sendto } for comm="loc_mq_clnt"
path="/dev/socket/location/mq/LOWI-SERVER"
scontext=u:r:vendor_location:s0 tcontext=u:r:lowi_server:s0
tclass=unix_dgram_socket permissive=0
06-29 04:30:11.188  8182  8182 I auditd  : type=1400 audit(0.0:1517):
avc: denied { sendto } for comm="loc_mq_clnt"
path="/dev/socket/location/mq/7b2e9924f8-LC"
scontext=u:r:vendor_location:s0 tcontext=u:r:hal_wifi_ext:s0
tclass=unix_dgram_socket permissive=0

Bug: 237467750
Test: avc error is gone
Change-Id: Ic4ff2bdf30b042c08c38b134c6af086d7033511f
 2022-06-29 15:01:15 +08:00
Hsiu-Chang Chen
101db9756d Add sepolicy for lowi-server 
06-24 16:58:55.724  9519  9519 I lowi-server: type=1400 audit(0.0:1980):
avc: denied { read write } for path="socket:[69473]" dev="sockfs" ino=69473
scontext=u:r:lowi_server:s0 tcontext=u:r:vendor_location:s0
tclass=unix_dgram_socket permissive=1

Bug: 235281415
Test: avc error is gone
Change-Id: I93615b98c08f6e6e5c3cc182bddcff30e452e103
 2022-06-24 17:07:25 +08:00
timothywang
9a67905169 Add sepolicy to enable camera vendor property 
Bug: 234324271
Test: adb shell getprop
Change-Id: I6a0b344880deeb767df97136c42b2fb86668f39d
 2022-06-14 10:30:10 +08:00
Darren Hsu
07f8ea39a1 sepolicy: label more paths for sysfs_wakeup 
Bug: 234311758
Test: forrest apct/device_boot_health_check_extra
Change-Id: I6dab109733062b32e09cfddcbf43cbdc515c07ba
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2022-06-06 11:13:06 +08:00
Jack Wu
2d50edbc64 Add sepolicy for P9222 WLC power_supply 
05-30 05:13:03.096   836   836 I auditd  : type=1400 audit(0.0:6): avc: denied { getattr } for comm="android.hardwar" path="/sys/devices/platform/10da0000.hsi2c/i2c-6/i2c-p9222/power_supply/wireless/capacity" dev="sysfs" ino=71270 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
05-30 05:13:03.100   836   836 I auditd  : type=1400 audit(0.0:7): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=71272 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 234311757
Test: build ok, no avc denied
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I0fb296a9472eda7ff5f2babfea1c769caea525e1
 2022-05-31 13:08:07 +08:00
Hsiu-Chang Chen
63cd5c6143 Add sepolicy for pixellogger 
04-25 11:36:17.795  4101  4101 I auditd  : type=1400 audit(0.0:6339): avc: denied { search } for comm="LoggingService" name="wifi" dev="dm-40" ino=338 scontext=u:r:logger_app:s0:c229,c256,c512,c768 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir permissive=1 app=com.android.pixellogger
04-25 11:36:17.799   863   863 I auditd  : type=1400 audit(0.0:6340): avc: denied { search } for comm="wifi_ext@1.0-se" name="wifi" dev="dm-40" ino=338 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:vendor_wifi_vendor_data_file:s0 tclass=dir permissive=1

Bug: 230280450
Test: Pixelloger can collect WLAN logs
Change-Id: Id95e4132f2814deb1fbfb307568a4ece87a28611
 2022-04-25 11:49:43 +08:00
Hsiu-Chang Chen
374602a559 wifi: Add sepolicy for LOWI tools 
Add sepolicy rules for LOWI tools including loc_launcher and
lowi-server which are necessary for NAN and RTT

Bug: 223296149
Test: loc_launcher and lowi-server start automatically
Change-Id: I915be13fa715de85de91c30e0605f1e8e9d578f4
 2022-03-15 09:37:05 +00:00
Tai Kuo
1663eff382 Setup sysfs_vibrator 
Bug: 220068530
Test: dumpsys android.hardware.vibrator.IVibrator/default
Change-Id: Icd8a7d5db2277c72be9a72723434145db4eecb02
 2022-03-07 11:27:09 +08:00
Hsiu-Chang Chen
069de3333d wifi: Add sepolicy for qcom driver control interface 
01-06 11:55:38.816   796   796 I auditd  : type=1400 audit(0.0:281): avc: denied { write } for comm="wifi_ext@1.0-se" name="wlan" dev="tmpfs" ino=984 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
01-06 11:55:38.820   796   796 I auditd  : type=1400 audit(0.0:282): avc: denied { open } for comm="wifi_ext@1.0-se" path="/dev/wlan" dev="tmpfs" ino=984 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Bug: 209934729
Test: Basic function tests, SSR tests
Change-Id: Id6afd0580f8792eeb7ef8a25d42724ec79696875
 2022-01-10 14:45:30 +08:00
horngchuang
a069c07972 Add l10 specific camera component sepolicy settings 
Also, move those settings from whitechapel_pro common folder

Bug: 210598444
Test: build okay
Change-Id: Ie96dd9e6da5bdddd62d2ed9f920cb49daa1d74eb
 2022-01-10 10:52:06 +08:00
Cyan_Hsieh
401c431fcd Initial device lynx sepolicy 
Bug: 202250383
Change-Id: I7b096bdb87ea45760bbcf929cd5757e159952e75
 2021-11-01 15:28:54 +08:00