summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
| | * | Add hal_configstore to hal_client_domain of hal_camera_default.Chia-Kai Liang2018-07-171-0/+3
| | |/ | | | | | | | | | | | | | | | Bug: 111370628 Test: Build and run locally. The denial is removed. Change-Id: I9a5d4d628fbf9f606593442eef86d931d0d29276
| * | Merge "sepolicy: Allow audio HAL to take wakelock" into pi-devTreeHugger Robot2018-07-171-0/+3
| |\ \ | | |/ | |/|
| | * sepolicy: Allow audio HAL to take wakelockHaynes Mathew George2018-07-131-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow audio hal service to take wakelock. This is needed to ensure Hotword sessions are not stuck in ADSP due to device suspend Bug: 111018819 Test: manual Change-Id: I935a3e6a1237b8faaa5315f58fc587c03d80e9a5
* | | Snap for 4896779 from f97c1b6224827c0eac048135ddf04b1eec3bba57 to pi-dr1-releaseandroid-build-team Robot2018-07-174-0/+9
|\| | | | | | | | | | | Change-Id: I868ea43f311046c512d23839202ff0bdc997dc40
| * | Merge "crosshatch: hardware.google.light@1.0-service sepolicy" into pi-devDaniel Solomon2018-07-163-0/+6
| |\ \
| | * | crosshatch: hardware.google.light@1.0-service sepolicylinpeter2018-07-133-0/+6
| | | | | | | | | | | | | | | | | | | | Bug: 109762428 Change-Id: I45754f9c2433694e7d339b304361fe42979ab525
| * | | hal_health_default: allow wake_alarm cap & vendor mnt searchThierry Strudel2018-07-141-0/+3
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Test: this error is not seen anymore "android.hardware.health@2.0-impl: wakealarm_init: timerfd_create failed" Test: not seeing "/vendor/bin/hw/android.hardware.health@2.0-service.crosshatch: Failed to read /persist/battery/..." Bug: 111004332 Bug: 111019010 Change-Id: I383e8062387642017718a30db560a38157ef9a22 Signed-off-by: Thierry Strudel <tstrudel@google.com>
* | | Snap for 4894342 from 67ba88e511ac733f6343c6a247c7067dfd5af213 to pi-dr1-releaseandroid-build-team Robot2018-07-151-4/+4
|\| | | | | | | | | | | Change-Id: I76079417a99ea358e46fd0bca94050e3dd4f14b8
| * | Merge "Revert "crosshatch: vendor.google.light@1.0-service sepolicy"" into ↵Daniel Solomon2018-07-133-6/+0
| |\ \ | | | | | | | | | | | | pi-dev
| | * | Revert "crosshatch: vendor.google.light@1.0-service sepolicy"Daniel Solomon2018-07-133-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit f2b73620e426643e078504a03b967036e2762020. Reason for revert: Breaks aosp_crosshatch and aosp_blueline Bug: 109762428 Change-Id: I3895f44d7ecd32e318f6010456ee9a9dd5d6b5fc
| * | | Merge "crosshatch: vendor.google.light@1.0-service sepolicy" into pi-devDaniel Solomon2018-07-123-0/+6
| |\| |
| | * | crosshatch: vendor.google.light@1.0-service sepolicylinpeter2018-07-033-0/+6
| | | | | | | | | | | | | | | | | | | | Bug: 109762428 Change-Id: If40a455fe36fa35aea54a5aee9b84e158574263a
| * | | Merge "display: sepolicy: allow dir search and file read in /mnt display ↵Adam Shih2018-07-121-4/+4
| |\ \ \ | | | | | | | | | | | | | | | folder" into pi-dev
| | * | | display: sepolicy: allow dir search and file read in /mnt display folderAdam Shih2018-07-101-4/+4
| | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids the followig denials: type=1400 audit(1828.443:4): avc: denied { search } for pid=610 comm="android.hardwar" name="display" dev="sdf2" ino=18 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:persist_display_file:s0 tclass=dir permissive=0 Bug: 80078218 Test: make target selinux_policy and push the output to device, reboot, and find the log gone. Change-Id: Ic47ef7b9b845437dbf842d0f5ede1e2d7f5ab56a
* | | | Snap for 4887958 from 84a774a1e3b5ec6ef3a8406dc63afe7153c26c7e to pi-dr1-releaseandroid-build-team Robot2018-07-123-2/+3
|\| | | | | | | | | | | | | | | Change-Id: I26c9af76c321e12c437dc979ff229ff6cf4a5f3b
| * | | Merge "display: Add vendor.debug.egl.swapinterval to vendor_display_prop" ↵TreeHugger Robot2018-07-113-2/+3
| |\ \ \ | | |/ / | |/| | | | | | into pi-dev
| | * | display: Add vendor.debug.egl.swapinterval to vendor_display_propSiddharth Kapoor2018-07-093-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Graphics prebuilts from gfx promotion #0050.03 introduce additional property acccess from libEGL vendor.debug.egl.swapinterval Define this property as vendor_display_prop, to let bootanimation/apps access it cleanly. This is a regression issue from ag/4451309 Bug: 111144425 Bug: 111216764 Test: device logs does not throw following error: E libc : Access denied finding property "vendor.debug.egl.swapinterval" Change-Id: Icff5286bd1e348f27ad358a3e743db88dad5ec3a
* | | | Snap for 4882959 from 26762af0deea45ba760047897e75b048186a9557 to pi-dr1-releaseandroid-build-team Robot2018-07-105-0/+13
|\| | | | | | | | | | | | | | | Change-Id: Ib65c14905ae997654880481b431a5154b5791ea7
| * | | Grant Health HAL needed permissionsThierry Strudel2018-07-095-0/+13
| |/ / | | | | | | | | | | | | | | | | | | | | | Bug: 79881385 Bug: 80435107 Bug: 111004332 Change-Id: I888273b12692c4351801ebf485dc9e91efb9d6a8 Signed-off-by: Thierry Strudel <tstrudel@google.com>
| * | sepolicy: allow camera to set vendor propertyAdam Shih2018-07-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids the followig denials: [ 2.722000] selinux: avc: denied { set } for property=persist.camera.is_type pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a [ 2.722012] init: Unable to set property 'persist.camera.is_type' to '5' in property file '/vendor/build.prop': SELinux permission check failed [ 2.722022] selinux: avc: denied { set } for property=persist.camera.gzoom.at pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a [ 2.722028] init: Unable to set property 'persist.camera.gzoom.at' to '0' in property file '/vendor/build.prop': SELinux permission check failed [ 2.722037] selinux: avc: denied { set } for property=persist.camera.googfd.enable pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a [ 2.722043] init: Unable to set property 'persist.camera.googfd.enable' to '1' in property file '/vendor/build.prop': SELinux permission check failed [ 2.722051] selinux: avc: denied { set } for property=persist.camera.logical.default pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a [ 2.722058] init: Unable to set property 'persist.camera.logical.default' to '1' in property file '/vendor/build.prop': SELinux permission check failed [ 2.722194] selinux: avc: denied { set } for property=persist.vendor.camera.multicam pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a Bug: 111241530 Test: make target selinux_policy and push the output to device, reboot, and find the log gone. Change-Id: I40751449b41b5831fcc5925c667c6ea331835994
* | | sepolicy: allow camera to set vendor propertyAdam Shih2018-07-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids the followig denials: [ 2.722000] selinux: avc: denied { set } for property=persist.camera.is_type pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a [ 2.722012] init: Unable to set property 'persist.camera.is_type' to '5' in property file '/vendor/build.prop': SELinux permission check failed [ 2.722022] selinux: avc: denied { set } for property=persist.camera.gzoom.at pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a [ 2.722028] init: Unable to set property 'persist.camera.gzoom.at' to '0' in property file '/vendor/build.prop': SELinux permission check failed [ 2.722037] selinux: avc: denied { set } for property=persist.camera.googfd.enable pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a [ 2.722043] init: Unable to set property 'persist.camera.googfd.enable' to '1' in property file '/vendor/build.prop': SELinux permission check failed [ 2.722051] selinux: avc: denied { set } for property=persist.camera.logical.default pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a [ 2.722058] init: Unable to set property 'persist.camera.logical.default' to '1' in property file '/vendor/build.prop': SELinux permission check failed [ 2.722194] selinux: avc: denied { set } for property=persist.vendor.camera.multicam pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0\x0a Bug: 111241530 Test: make target selinux_policy and push the output to device, reboot, and find the log gone. Change-Id: I40751449b41b5831fcc5925c667c6ea331835994 (cherry picked from commit 80c77d5db9986236ec16a7bf4065705a58c5af84)
* | | Snap for 4880674 from fb7deca099da2a1604b3c94735aefda443838e29 to pi-dr1-releaseandroid-build-team Robot2018-07-0833-69/+56
|\| | | | | | | | | | | Change-Id: Icfe9120ca4b8c5f1c9814993188fa60099b0f872
| * | sepolicy: Fix treble violations associated with propertiesRoopesh Rajashekharaiah Nataraja2018-07-0611-23/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Keep this setting for camera because we are using it: persist.camera. u:object_r:vendor_camera_prop:s0 Bug: 111135792 Bug: 110913895 Test: build pass and pass AU test Change-Id: Idea43b935f5e1b5aacb6d1d9ffd0caa29fe89119 Merged-In: Idea43b935f5e1b5aacb6d1d9ffd0caa29fe89119 (cherry picked from commit 3ff4408cfef03829edbd70be06c321739abcd85f)
| * | Relocating /dsp -> /vendor/dspAdam Shih2018-07-062-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also adding vendor_file_type for the file context (adsprpcd_file) used to label /vendor/dsp/*. Bug: 110913895 Test: boot to home and find the label in effect Change-Id: Idc4f56ee32d3913b3079ef00088adb1f9f4977e3 Merged-In: Idc4f56ee32d3913b3079ef00088adb1f9f4977e3 (cherry picked from commit 6de9091ea2c1df08990671832c238c4df76d49e9)
| * | sepolicy: selinux changes for persist due to mount point changes.Adam Shih2018-07-0620-35/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | QCOM original quote: 1- labeling /mnt/vendor/persist to mnt_vendor_file. 2- adding vendor_persit_type attrbute for persist 2- removing persist related rule for coredomains 3- Adding required policy to access persist Bug: 110913895 Test: built pass, boot to home and find the label is in effect Change-Id: I3899bbebc654403a41aad62bace9f9d143b9dad3 Merged-In: I3899bbebc654403a41aad62bace9f9d143b9dad3 (cherry picked from commit ec7031653f52254298ba6337f23fe7b2cbc7ea8d)
| * | sepolicy: Fix violations with system domains writing vendor propsAdam Shih2018-07-067-11/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some violators about reading is still needed Bug: 110913895 Test: Tested bluetooth, camera function complete Change-Id: I7171fb04d21ac19a4318ae6340135896ac392f33 Merged-In: I7171fb04d21ac19a4318ae6340135896ac392f33 (cherry picked from commit 613769a891e397900d023842e9f6154b34a4d6d9)
| * | display: sepolicy: allow dir search and file read in /mnt/vendorSiddharth Kapoor2018-07-041-0/+4
| |/ | | | | | | | | | | | | | | | | | | This patch fixes the selinux denial for dir search and file read in /mnt/vendor avc: denied { search } for name="vendor" dev="tmpfs" ino=21517 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0 Bug: 80078218 Test: No selinux denial while searching file in /mnt/vendor Change-Id: If8403c105942a1f596fc6ec9c2c0c1b8f08c9279
* | Snap for 4874588 from 4c55e78defc93f371bc0a58e993ed591ec4eb52b to pi-dr1-releaseandroid-build-team Robot2018-07-031-0/+1
|\| | | | | | | Change-Id: I8381028172da0b8983266905b13748751daa97e0
| * Merge "sepolicy: reserve pcmC1D27c as camera device" into pi-devXu Han2018-07-021-0/+1
| |\
| | * sepolicy: reserve pcmC1D27c as camera deviceXu Han2018-06-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | pcmC1D27c is used in camera HAL get flicker sensor data. Bug:110945493 Test:CTS Change-Id: I279c9c37d95deafce8ea50fbfeb9426c537bf9d6
* | | Snap for 4872253 from 590e12cdd87b53d5b76c91c290d39553f43e5434 to pi-dr1-releaseandroid-build-team Robot2018-07-016-5/+7
|\| | | | | | | | | | | Change-Id: I5a4665b9ffe901b4b08da939bb0ca6ec264a404f
| * | Merge "Allow QC keymaster to read vendor patch level" into pi-devChris Fries2018-06-291-0/+2
| |\ \
| | * | Allow QC keymaster to read vendor patch levelShawn Willden2018-06-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 110479595 Test: Boot Change-Id: I322378acf07a94c4a203e01ad557c8932288a217
| * | | Merge "Sepolicy changes for wait_for_strongbox" into pi-devTreeHugger Robot2018-06-292-0/+10
| |\| |
| | * | Sepolicy changes for wait_for_strongboxShawn Willden2018-06-282-0/+10
| | |/ | | | | | | | | | | | | | | | Test: Boot Bug: 110479595 Change-Id: I3c87c24e23fb38414fe68c5664d624910433c3da
| * / Add persist.vendor.radio.uicc_se_enabled propertyRuchi Kandoi2018-06-291-0/+1
| |/ | | | | | | | | | | | | | | This property will be used as a indicator to start SE HAL for UICC Test: Test SIM1 starts only RoW sku Bug: 110053681 Change-Id: Icf015e175aafec7c298cf3fbb327bea0b3988a32
| * Merge "Track SELinux denials." into pi-devTreeHugger Robot2018-06-281-0/+3
| |\
| | * Track SELinux denials.Joel Galenson2018-06-281-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | This should help fix presubmit tests. Bug: 110926064 Test: Booted device and saw no untracked denials. Change-Id: I7d3253c1a92b4663b144fdbb852596fed0b4a434
| * | Merge "Revert "sepolicy: Add context ↵Jayachandran Chinnakkannu2018-06-281-1/+0
| |\ \ | | |/ | |/| | | | vendor.qti.hardware.radio.qtiradio::IQtiRadio"" into pi-dev
| | * Revert "sepolicy: Add context vendor.qti.hardware.radio.qtiradio::IQtiRadio"Josh Hou2018-06-281-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 51f36320a62592d445fdee615cd3f891169d04ee. The qti_radio module has been enabled unintentionally and will be disabled. Bug: 110538519 Change-Id: I8bfb56d7ae29e9a4c12e2cd325f1515901c4b204
| * | Merge "sepolicy: pixelstats: uevent reporting in pixelstats" into pi-devTreeHugger Robot2018-06-282-4/+1
| |\ \ | | |/ | |/|
| | * sepolicy: pixelstats: uevent reporting in pixelstatsAndrew Chant2018-06-272-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | Move all hardware reliability uevent reporting from USB HAL to pixelstats. Bug: 69979011 Change-Id: Ia0f926693ed6f1d8c8b3fd94525a27dfcd51aa9c
| * | Merge "genfs_contexts: fix dsi-display for B1" into pi-devTreeHugger Robot2018-06-281-0/+2
| |\ \
| | * | genfs_contexts: fix dsi-display for B1Thierry Strudel2018-06-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 69271229 Change-Id: Ic0fd6d5cbd7a8c5a86e8c39f25f261333fc1c5e3 Signed-off-by: Thierry Strudel <tstrudel@google.com>
* | | | Allow QC keymaster to read vendor patch levelShawn Willden2018-06-291-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 110479595 Test: Boot Change-Id: I322378acf07a94c4a203e01ad557c8932288a217 (cherry picked from commit c1241d2376de2056a4f11b1217e8bf214e76617c)
* | | | Sepolicy changes for wait_for_strongboxShawn Willden2018-06-292-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Test: Boot Bug: 110479595 Change-Id: I3c87c24e23fb38414fe68c5664d624910433c3da (cherry picked from commit dffebcd669e756527f18e5e60bc00fb5bd713cc8)
* | | | Snap for 4866863 from 4cb87f8a4fd2736b6c40ef120e290c0bd494fa14 to pi-dr1-releaseandroid-build-team Robot2018-06-285-1/+20
|\| | | | | | | | | | | | | | | Change-Id: Id3d54116c6041433cf6ba227a48cd71404ead827
| * | | Merge "sepolicy: pixelstats: sysfs and uevent access." into pi-devTreeHugger Robot2018-06-284-0/+10
| |\ \ \ | | | |/ | | |/|
| | * | sepolicy: pixelstats: sysfs and uevent access.Andrew Chant2018-06-274-0/+10
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the ability for pixelstats to access sysfs nodes for hardware reliability reporting. Bug: 71593375 Bug: 79995489 Change-Id: Iead72eacb4f079d8e66e66b05c60fddab351ec2b Signed-off-by: Andrew Chant <achant@google.com>
| * | Merge "crosshatch-sepolicy: allow access to touch proc node" into pi-devSteve Pfetsch2018-06-273-1/+6
| |\ \
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 01:01:17 +0000