Commits · aosp-new/android13-d3-s1-release · CodeLinaro / la / device / google / felix-sepolicy

Jan 12, 2023
- Snap for 9481243 from 663979a7 to tm-d3-release · 4579d960
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: I6b15c54c0dd69116715d96523b481dd410a96548
```
  android-13.0.0_r57
  
  4579d960
Jan 10, 2023

Allow SystemUI to access fp hal. · 663979a7

Bug: 261209932
Test: Verified SystemUI can access HAL extension.
Change-Id: Iefeca78703af30246420a55133c00769b84789f9
Merged-In: Iefeca78703af30246420a55133c00769b84789f9

663979a7

Snap for 9470583 from c3b8cda0 to tm-d3-release · 50cc05f9
Android Build Coastguard Worker authored 2 years ago
```
Change-Id: Ieaf1c701ca173c2e5955d9206215c9948151cc52
```
50cc05f9

Jan 09, 2023
- Merge "fingerprint: allow fps to access sysfs_leds" into tm-qpr-dev · c3b8cda0
  Eddie Lan authored 2 years ago
  
  c3b8cda0
Dec 28, 2022
- Snap for 9439764 from 49cdfcb3 to tm-d3-release · 406217b5
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: Iee958d25c55d9f11242e94c6d6f9c878c576df1d
```
  406217b5
Dec 23, 2022

sepolicy: add necessary sepolicy for dual battery · 49cdfcb3

Wasb Liu authored 2 years ago

12-22 16:24:51.964 1000 865 865 I auditd : type=1400 audit(0.0:10): avc: denied { read } for comm="android.hardwar" name="logbuffer_maxfg_secondary" dev="tmpfs" ino=799 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
12-22 16:24:51.968 1000 865 865 I auditd : type=1400 audit(0.0:11): avc: denied { read } for comm="android.hardwar" name="logbuffer_maxfg_secondary_monitor" dev="tmpfs" ino=630 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
12-22 16:24:51.968 1000 865 865 I auditd : type=1400 audit(0.0:12): avc: denied { read } for comm="android.hardwar" name="logbuffer_dual_batt" dev="tmpfs" ino=1040 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

12-22 16:23:17.056 1000 522 522 I auditd : type=1400 audit(0.0:4): avc: denied { read } for comm="binder:522_1" name="wakeup65" dev="sysfs" ino=79686 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0

Bug: 263496320
Test: no dual batt related denied
Change-Id: I021cd15d771524828a942fe1e4c63e3a24418ae8
Signed-off-by: Wasb Liu <wasbliu@google.com>

49cdfcb3

Dec 17, 2022
- Snap for 9414670 from 3a92d3d2 to tm-d3-release · 3b4e465b
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: If0967574227e53967e179a30774f4ccb6ec48510
```
  3b4e465b
Dec 15, 2022

fingerprint: allow fps to access sysfs_leds · 0e76ae19

eddielan authored 2 years ago

Bug: 261151317
Test: make selinux_policy -j112
Change-Id: If098515510ac48efb7d2ea23f4aeee87869e01e6

0e76ae19

Dec 14, 2022
- remove tracking denial of device chr_file · 3a92d3d2
  Jenny Ho authored 2 years ago
```
Bug: 254164096
Change-Id: I300d092df3610f29f05ca65a89eba5459ca0063a
Signed-off-by: Jenny Ho <hsiufangho@google.com>
```
  3a92d3d2
- Snap for 9401607 from c0242479 to tm-d3-release · 25309f5d
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: I910e0b078451c08cdc4647b3ba74a7a99534d99b
```
  25309f5d
Dec 01, 2022

Remove sepolicy for vibrator manager service · c0242479

Chase Wu authored 2 years ago


Bug: 260090235
Test: check avc error
Change-Id: I2cb9f9efe849ae6e7fb9b1b5aba2f92a3346af6d
Signed-off-by: Chase Wu <chasewu@google.com>

c0242479

Nov 28, 2022
- Snap for 9339220 from 3c82f575 to tm-d3-release · 43506d5e
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: Icfe8bedd12cddaa76ef90d983fbe03165fac8da7
```
  43506d5e
Nov 24, 2022

Allow dumpstate to access touch vendor nodes[DO NOT MERGE] · 3c82f575

Mason Wang authored 2 years ago

Fix following avc denial log:
avc: denied { read } for name="driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { write } for name="driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/proc/fts/driver_test" dev="proc" ino=4026535583 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/appid" dev="sysfs" ino=110523 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=110529 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/proc/fts_ext/driver_test" dev="proc" ino=4026535585 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721

Bug: 226475119
Bug: 254164096
Test: There are no above avc denial logs.
Change-Id: I0a136a7e259640e3e13ea66c945251cf26878b33

3c82f575

Nov 23, 2022
- Snap for 9321341 from d6fe8df1 to tm-d3-release · 2f3ecc52
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: Iec935d47a24d9e6cb5a58af0f2841edbcca0ba4d
```
  2f3ecc52
Nov 22, 2022

Revert "Allow dumpstate to access touch vendor nodes" · d6fe8df1

Nicole Lee authored 2 years ago

This reverts commit b1d4e8ab.

Reason for revert: DroidMonitor: Potential culprit for Bug 260019672 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.

Change-Id: I8c3bf9982eb9c163e73e75624fd3265ddaa1de95

d6fe8df1

Nov 18, 2022
- Snap for 9305732 from f544a5a6 to tm-d3-release · be9aa70c
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: If39bded333070868853a4d931c3b6268143c049a
```
  be9aa70c
Nov 11, 2022

sepolicy: Allow fingerprint to access fwk hwservice · f544a5a6

eddielan authored 2 years ago

11-11 19:57:30.203   464   464 E SELinux : avc:
denied  { find } for interface=android.frameworks.sensorservice::ISensorManager
sid=u:r:hal_fingerprint_capacitance:s0 pid=903
scontext=u:r:hal_fingerprint_capacitance:s0
tcontext=u:object_r:fwk_sensor_hwservice:s0
tclass=hwservice_manager permissive=0

Bug: 258783592
Test: Build pass
Change-Id: I58a31c04cbb45ab12b0bf42a10c57ddf4f065ee7

f544a5a6

Nov 03, 2022

Snap for 9253587 from 6c42229d to tm-d3-release · bb103de6
Android Build Coastguard Worker authored 2 years ago
```
Change-Id: Iab35ce7f310f19ac6be3143bb6fff8354c17d898
```
bb103de6

[coastguard skipped] Merge sparse cherrypicks from... · dda7f65e

Android Build Coastguard Worker authored 2 years ago

[coastguard skipped] Merge sparse cherrypicks from sparse-9251470-L06300000957185510 into tm-d3-release.

Change-Id: I386f808e6cfaaca280979eeb02779b041b37ab86

dda7f65e

Merge cherrypicks of [18350088] into sparse-9251470-L06300000957185510. · c75138f6
Android Build Coastguard Worker authored 2 years ago
```
Change-Id: I1ec96ab226c77e03ddefe0a386575fc46c265abe
```
c75138f6

add sepolicy for vibrator manager service · 2d318217

Chase Wu authored 2 years ago


Bug: 181615889
Test: Run all test suites
Signed-off-by: chasewu <chasewu@google.com>
Change-Id: Ie9e3c86b01afb26557ae69ead813dd123b4df91b
(cherry picked from commit 6c42229d)
Merged-In: Ie9e3c86b01afb26557ae69ead813dd123b4df91b

2d318217

add sepolicy for vibrator manager service · 6c42229d

Chase Wu authored 2 years ago


Bug: 181615889
Test: Run all test suites
Signed-off-by: chasewu <chasewu@google.com>
Change-Id: Ie9e3c86b01afb26557ae69ead813dd123b4df91b

6c42229d

Oct 29, 2022
- Snap for 9232464 from b1d4e8ab to tm-d3-release · 0e2e5d09
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: I47c9ae069d34ea53cfc825bd4d0c84756e3a23a0
```
  0e2e5d09
Oct 28, 2022

Allow dumpstate to access touch vendor nodes · b1d4e8ab

Mason Wang authored 2 years ago

Fix following avc denial log:
avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="driver_test" dev="proc" ino=4026535565 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 bug=b/240632721
avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721

Bug: 226475119
Bug: 254164096
Test: There are no above avc denial logs.
Change-Id: Ie01104ebfb94154584d9d466cb295095eb634f48

b1d4e8ab

Oct 27, 2022
- Snap for 9227242 from 9219b31d to tm-d3-release · 37397471
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: Ibf604548aea25c5148e189db5327f051568cf6d6
```
  37397471
- Merge "sepolicy: remove tracking bugs for PowerStatsHAL and SystemSuspend" into tm-qpr-dev · 9219b31d
  TreeHugger Robot authored 2 years ago
  
  9219b31d
Oct 26, 2022

sepolicy: remove tracking bugs for PowerStatsHAL and SystemSuspend · 577965ec

Darren Hsu authored 2 years ago


b/240632970 is not reproducible on TD3A.221020.001.
b/240632822 has been fixed by ag/20209545.

Bug: 240632970
Bug: 240632822
Test: Capture bugreport and check no avc denails
Change-Id: I9a2290e2857415c3edecd98b88af6382a42530ff
Signed-off-by: Darren Hsu <darrenhsu@google.com>

577965ec

Fix FPS servicemanager sepolicy issue · ef12403d

eddielan authored 2 years ago

10-25 03:25:07.740   429   429 I auditd  : type=1400 audit(0.0:4):
avc: denied { call } for comm="servicemanager"
scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_capacitance:s0
tclass=binder permissive=0

Bug: 253533883
Test: make selinux_policy -j128 && check log on device
Change-Id: Ic3007d53398eb9770466c24b3aa49c1325bdbb47

ef12403d

Oct 19, 2022
- Snap for 9195661 from f2b95577 to tm-d3-release · fbcd3c26
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: Iaef285f70f6600f68084b212ff8a7f1c7fa633de
```
  fbcd3c26
- Merge "sepolicy: add sysfs_wakeup labels for System Suspend" into tm-qpr-dev · f2b95577
  TreeHugger Robot authored 2 years ago
  
  f2b95577
Oct 18, 2022
- Snap for 9190355 from 2fef9efc to tm-d3-release · 9020283b
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: I1a03c8a78ae26696125ef776def4d7c620cb26af
```
  9020283b
- sepolicy: add sysfs_wakeup labels for System Suspend · 99f9cd6a
  Darren Hsu authored 2 years ago
```
Bug: 253980198
Test: run vts -m SuspendSepolicyTests
Change-Id: Ie58c35b37ad0a904d0292d2be9092f82b02d514b
Signed-off-by: Darren Hsu <darrenhsu@google.com>
```
  99f9cd6a
Oct 17, 2022

Remove fingerprint tracking bug · 2fef9efc

eddielan authored 2 years ago

Patch was merged on ag/19457937

Bug: 240633068
Test: make selinux_policy -j128
Change-Id: Ic25e266701993fadc51b12c25c9a170c38e29785

2fef9efc

Sep 08, 2022
- Snap for 9043175 from 5126a011 to tm-d3-release · 0ca70307
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: I9e9f13bf6709561a34b9adc058d5b3a74d272284
```
  0ca70307
Sep 07, 2022

Remove bug mapping in the tracking denials · 5126a011

Ted Lin authored 2 years ago


Bug: 240632860
Test: Check the bugreport
Signed-off-by: Ted Lin <tedlin@google.com>
Change-Id: Ic4c68fe39b3e7e82cf9edcb6b594b598f5ba9499

5126a011

Aug 25, 2022
- Snap for 8994498 from 454e019b to tm-d3-release · 82ac348a
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: Iea4510f4a5eaa7c8ef7622114754169391b5a62d
```
  82ac348a
- Update error on ROM 8979803 · 454e019b
  Adam Shih authored 2 years ago
```
Bug: 240632860
Test: SELinuxUncheckedDenialBootTest
Change-Id: Ie192b157e89f86fe36b99202e6ab8677a55c7cee
```
  454e019b
Aug 24, 2022

Snap for 8989105 from 2dcb7cc9 to tm-d3-release · 7757b3d4
Android Build Coastguard Worker authored 2 years ago
```
Change-Id: I0a8cc4718bc67ac54d6e0a12d25a0ceac2adfe99
```
7757b3d4

Add sepolicy for dual_batt_gauge power supply · 2dcb7cc9

Wasb Liu authored 2 years ago

08-23 02:45:54.456 860 860 I auditd : type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="type" dev="sysfs" ino=100372 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 243491187
Test: reboot device and check the avc
Signed-off-by: Wasb Liu <wasbliu@google.com>
Change-Id: I7600c816e743fc91afaf66db00ba332229b21e28

2dcb7cc9

Aug 20, 2022
- Snap for 8969739 from 1ef6c24d to tm-d3-release · 01f2a3a7
  Android Build Coastguard Worker authored 2 years ago
```
Change-Id: I47355d006ed0b41fc84e124fb28d2375e4191833
```
  01f2a3a7