diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-02-02 23:45:18 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-02-02 23:45:18 +0000 |
commit | c3fe6bf395f311a807d56152398c08ed1767dfe4 (patch) | |
tree | cde4cf4631e79f6acea340166e3142a4b0f2cc2e | |
parent | 9a925ad54bc1d587eb6aa2016a17b456706a5c50 (diff) | |
parent | de4dc819b44f5842c6342471dc8b3561ccd5e0ea (diff) | |
download | gs101-sepolicy-simpleperf-release.tar.gz |
Snap for 11400057 from de4dc819b44f5842c6342471dc8b3561ccd5e0ea to simpleperf-releasesimpleperf-release
Change-Id: Ie28202e33e6597bb300121cd3943ebb94cb794de
-rw-r--r-- | neuralnetworks/file_contexts | 1 | ||||
-rw-r--r-- | neuralnetworks/hal_neuralnetworks_armnn.te | 9 | ||||
-rw-r--r-- | oriole-sepolicy.mk | 2 | ||||
-rw-r--r-- | oriole/grilservice_app.te | 2 | ||||
-rw-r--r-- | raven-sepolicy.mk | 2 | ||||
-rw-r--r-- | raven/cccdk_timesync_app.te | 1 | ||||
-rw-r--r-- | raven/grilservice_app.te | 2 | ||||
-rw-r--r-- | system_ext/private/property_contexts | 3 | ||||
-rw-r--r-- | system_ext/public/property.te | 7 | ||||
-rw-r--r-- | tracking_denials/bug_map | 20 | ||||
-rw-r--r-- | tracking_denials/dumpstate.te | 4 | ||||
-rw-r--r-- | tracking_denials/hal_dumpstate_default.te | 2 | ||||
-rw-r--r-- | whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem | 30 | ||||
-rw-r--r-- | whitechapel/vendor/google/device.te | 3 | ||||
-rw-r--r-- | whitechapel/vendor/google/file.te | 3 | ||||
-rw-r--r-- | whitechapel/vendor/google/file_contexts | 5 | ||||
-rw-r--r-- | whitechapel/vendor/google/hal_bluetooth_btlinux.te | 3 | ||||
-rw-r--r-- | whitechapel/vendor/google/keys.conf | 3 | ||||
-rw-r--r-- | whitechapel/vendor/google/mac_permissions.xml | 3 | ||||
-rw-r--r-- | whitechapel/vendor/google/radio.te | 2 | ||||
-rw-r--r-- | whitechapel/vendor/google/rild.te | 2 |
21 files changed, 71 insertions, 38 deletions
diff --git a/neuralnetworks/file_contexts b/neuralnetworks/file_contexts deleted file mode 100644 index fc151ab..0000000 --- a/neuralnetworks/file_contexts +++ /dev/null @@ -1 +0,0 @@ -/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-armnn u:object_r:hal_neuralnetworks_armnn_exec:s0 diff --git a/neuralnetworks/hal_neuralnetworks_armnn.te b/neuralnetworks/hal_neuralnetworks_armnn.te deleted file mode 100644 index c987285..0000000 --- a/neuralnetworks/hal_neuralnetworks_armnn.te +++ /dev/null @@ -1,9 +0,0 @@ -type hal_neuralnetworks_armnn, domain; -hal_server_domain(hal_neuralnetworks_armnn, hal_neuralnetworks) - -type hal_neuralnetworks_armnn_exec, vendor_file_type, exec_type, file_type; - -allow hal_neuralnetworks_armnn gpu_device:chr_file rw_file_perms; - -init_daemon_domain(hal_neuralnetworks_armnn) - diff --git a/oriole-sepolicy.mk b/oriole-sepolicy.mk new file mode 100644 index 0000000..a4f28b2 --- /dev/null +++ b/oriole-sepolicy.mk @@ -0,0 +1,2 @@ +# Oriole only sepolicy +BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/oriole diff --git a/oriole/grilservice_app.te b/oriole/grilservice_app.te new file mode 100644 index 0000000..c5b6146 --- /dev/null +++ b/oriole/grilservice_app.te @@ -0,0 +1,2 @@ +allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; + diff --git a/raven-sepolicy.mk b/raven-sepolicy.mk new file mode 100644 index 0000000..91d85cd --- /dev/null +++ b/raven-sepolicy.mk @@ -0,0 +1,2 @@ +# Ravne only sepolicy +BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/raven diff --git a/raven/cccdk_timesync_app.te b/raven/cccdk_timesync_app.te new file mode 100644 index 0000000..1a4264d --- /dev/null +++ b/raven/cccdk_timesync_app.te @@ -0,0 +1 @@ +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; diff --git a/raven/grilservice_app.te b/raven/grilservice_app.te new file mode 100644 index 0000000..c5b6146 --- /dev/null +++ b/raven/grilservice_app.te @@ -0,0 +1,2 @@ +allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; + diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 790ba63..b8f0952 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -9,3 +9,6 @@ persist.bootanim.color4 u:object_r:bootanim_system_prop:s0 exact int # Properties for euicc persist.modem.esim_profiles_exist u:object_r:esim_modem_prop:s0 exact string + +# Telephony +telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool
\ No newline at end of file diff --git a/system_ext/public/property.te b/system_ext/public/property.te index bb07d92..1abcc84 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -3,3 +3,10 @@ system_vendor_config_prop(fingerprint_ghbm_prop) # eSIM properties system_vendor_config_prop(esim_modem_prop) + +# Telephony +system_public_prop(telephony_ril_prop) + +userdebug_or_eng(` + set_prop(shell, telephony_ril_prop) +')
\ No newline at end of file diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 4df791a..b50d3d0 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,27 +1,11 @@ -dump_lsi radio_vendor_data_file file b/269218638 -dump_lsi vendor_slog_file file b/269218638 -dump_modem radio_vendor_data_file file b/269370106 -dump_pixel_metrics sysfs file b/268411073 -dump_ramdump radio_vendor_data_file file b/276385941 -dump_ramdump vendor_camera_data_file file b/276385941 -dump_sensors radio_vendor_data_file file b/277528855 -dump_sensors vendor_camera_data_file file b/277528855 -dump_stm sysfs_spi dir b/268147283 -dump_trusty radio_vendor_data_file file b/269045042 -dumpstate app_zygote process b/238263438 -dumpstate hal_input_processor_default process b/238143262 -dumpstate system_data_file dir b/264483156 -dumpstate system_data_file dir b/264483673 +dump_stm sysfs_spi dir b/277989397 hal_camera_default boot_status_prop file b/275002227 hal_camera_default edgetpu_app_service service_manager b/275002227 hal_drm_default default_prop file b/232714489 -hal_dumpstate_default dump_lsi process b/269045042 -hal_dumpstate_default dump_thermal process b/270247432 hal_power_default hal_power_default capability b/240632824 incidentd debugfs_wakeup_sources file b/238263568 incidentd incidentd anon_inode b/268146971 rfsd vendor_rild_prop property_service b/269218654 su modem_img_file filesystem b/238825802 -system_app proc_pagetypeinfo file b/287169829 system_server system_userdir_file dir b/281814691 -platform_app hal_uwb_vendor_service find b/290766628 +system_suspend sysfs_aoc dir b/291237382 diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te index f7b2ebd..6025bd5 100644 --- a/tracking_denials/dumpstate.te +++ b/tracking_denials/dumpstate.te @@ -1,6 +1,4 @@ # b/277155042 dontaudit dumpstate app_zygote:process { signal }; -# b/185723618 -dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find }; -# b/277155042 dontaudit dumpstate default_android_service:service_manager { find }; +dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find }; diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te new file mode 100644 index 0000000..dbcd88e --- /dev/null +++ b/tracking_denials/hal_dumpstate_default.te @@ -0,0 +1,2 @@ +# b/277989067 +dontaudit hal_dumpstate_default vendor_shell_exec:file { execute_no_trans }; diff --git a/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem b/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem new file mode 100644 index 0000000..7b8c5b2 --- /dev/null +++ b/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
+MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n
+bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz
+MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
+b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G
+A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP
+1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR
+UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5
+4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL
+jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8
+pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0
+VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3
+A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO
+sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV
+eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO
+nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI
+hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5
+YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm
+FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr
+njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI
+hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e
+JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3
+IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA
+V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H
+r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F
+DB17LhMLl0GxX9j1
+-----END CERTIFICATE-----
diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te index 17dede9..113cd5c 100644 --- a/whitechapel/vendor/google/device.te +++ b/whitechapel/vendor/google/device.te @@ -35,9 +35,6 @@ type vscaler_heap_device, dmabuf_heap_device_type, dev_type; # Fingerprint device type fingerprint_device, dev_type; -# Raw HID device -type hidraw_device, dev_type; - # SecureElement SPI device type st54spi_device, dev_type; type st33spi_device, dev_type; diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index d8cce99..8eec86a 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -55,6 +55,9 @@ type sysfs_fingerprint, sysfs_type, fs_type; # CHRE type chre_socket, file_type; +# BT +type vendor_bt_data_file, file_type, data_file_type; + # IOMMU type sysfs_iommu, sysfs_type, fs_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index a8be48f..ea95a34 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -152,6 +152,7 @@ # data files /data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 # Camera /vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google u:object_r:hal_camera_default_exec:s0 @@ -372,7 +373,3 @@ /vendor/lib64/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0 - -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 - diff --git a/whitechapel/vendor/google/hal_bluetooth_btlinux.te b/whitechapel/vendor/google/hal_bluetooth_btlinux.te new file mode 100644 index 0000000..851dc89 --- /dev/null +++ b/whitechapel/vendor/google/hal_bluetooth_btlinux.te @@ -0,0 +1,3 @@ +allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms; +allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms; + diff --git a/whitechapel/vendor/google/keys.conf b/whitechapel/vendor/google/keys.conf index fb6e52b..0693d7c 100644 --- a/whitechapel/vendor/google/keys.conf +++ b/whitechapel/vendor/google/keys.conf @@ -6,3 +6,6 @@ ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb [@EUICCSUPPORTPIXEL] ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem + +[@CAMERASERVICES] +ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem diff --git a/whitechapel/vendor/google/mac_permissions.xml b/whitechapel/vendor/google/mac_permissions.xml index 6cb7113..b51e565 100644 --- a/whitechapel/vendor/google/mac_permissions.xml +++ b/whitechapel/vendor/google/mac_permissions.xml @@ -30,4 +30,7 @@ <signer signature="@EUICCSUPPORTPIXEL" > <seinfo value="EuiccSupportPixel" /> </signer> + <signer signature="@CAMERASERVICES" > + <seinfo value="CameraServices" /> + </signer> </policy> diff --git a/whitechapel/vendor/google/radio.te b/whitechapel/vendor/google/radio.te index baa356b..a604c72 100644 --- a/whitechapel/vendor/google/radio.te +++ b/whitechapel/vendor/google/radio.te @@ -1,3 +1,5 @@ +set_prop(radio, telephony_ril_prop) + allow radio hal_exynos_rild_hwservice:hwservice_manager find; allow radio proc_vendor_sched:dir r_dir_perms; allow radio proc_vendor_sched:file w_file_perms; diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te index 5108b45..e578ec4 100644 --- a/whitechapel/vendor/google/rild.te +++ b/whitechapel/vendor/google/rild.te @@ -7,6 +7,8 @@ set_prop(rild, vendor_sys_default_prop) get_prop(rild, sota_prop) get_prop(rild, system_boot_reason_prop) +set_prop(rild, telephony_ril_prop) + allow rild proc_net:file rw_file_perms; allow rild radio_vendor_data_file:dir create_dir_perms; allow rild radio_vendor_data_file:file create_file_perms; |