diff options
22 files changed, 99 insertions, 4 deletions
diff --git a/display/gs101/hal_graphics_composer_default.te b/display/gs101/hal_graphics_composer_default.te index c1eac9ce..dccddf0e 100644 --- a/display/gs101/hal_graphics_composer_default.te +++ b/display/gs101/hal_graphics_composer_default.te @@ -25,8 +25,8 @@ allow hal_graphics_composer_default sysfs_leds:file rw_file_perms; # allow HWC to get vendor_persist_sys_default_prop get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop) -# allow HWC to get vendor_display_prop -get_prop(hal_graphics_composer_default, vendor_display_prop) +# allow HWC to get/set vendor_display_prop +set_prop(hal_graphics_composer_default, vendor_display_prop) # allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop) diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 21776b79..7901bdcf 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,2 +1,4 @@ #b/228181404 -dontaudit kernel vendor_maxfg_debugfs:dir { search };
\ No newline at end of file +dontaudit kernel vendor_maxfg_debugfs:dir { search }; +#b/247905787 +dontaudit kernel vendor_votable_debugfs:dir { search }; diff --git a/usf/file.te b/usf/file.te index e264c277..8f49e32b 100644 --- a/usf/file.te +++ b/usf/file.te @@ -10,3 +10,7 @@ type persist_sensor_reg_file, file_type, vendor_persist_type; # end with "data_file". type sensor_reg_data_file, file_type, data_file_type; +# Declare the sensor debug data file type. By convention, data file types +# end with "data_file". +type sensor_debug_data_file, file_type, data_file_type; + diff --git a/usf/file_contexts b/usf/file_contexts index ff3d41d3..3c7833b1 100644 --- a/usf/file_contexts +++ b/usf/file_contexts @@ -8,3 +8,5 @@ # Sensor registry data files. /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 +# Sensor debug data files. +/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0 diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te index bda44c9f..491d6403 100644 --- a/usf/sensor_hal.te +++ b/usf/sensor_hal.te @@ -12,6 +12,12 @@ r_dir_file(hal_sensors_default, persist_camera_file) allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; allow hal_sensors_default sensor_reg_data_file:file create_file_perms; +userdebug_or_eng(` + # Allow creation and writing of sensor debug data files. + allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms; + allow hal_sensors_default sensor_debug_data_file:file create_file_perms; +') + # Allow access to the AoC communication driver. allow hal_sensors_default aoc_device:chr_file rw_file_perms; diff --git a/whitechapel/vendor/google/chre.te b/whitechapel/vendor/google/chre.te index 9dfd9bf6..26c1675f 100644 --- a/whitechapel/vendor/google/chre.te +++ b/whitechapel/vendor/google/chre.te @@ -23,3 +23,5 @@ allow chre hal_wifi_ext_hwservice:hwservice_manager find; allow chre fwk_stats_service:service_manager find; binder_call(chre, stats_service_server) +# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP. +allow chre self:global_capability2_class_set block_suspend; diff --git a/whitechapel/vendor/google/fastbootd.te b/whitechapel/vendor/google/fastbootd.te index d6cf7315..e350e0f3 100644 --- a/whitechapel/vendor/google/fastbootd.te +++ b/whitechapel/vendor/google/fastbootd.te @@ -5,4 +5,5 @@ allow fastbootd devinfo_block_device:blk_file rw_file_perms; allow fastbootd sda_block_device:blk_file rw_file_perms; allow fastbootd sysfs_ota:file rw_file_perms; allow fastbootd custom_ab_block_device:blk_file rw_file_perms; +allow fastbootd citadel_device:chr_file rw_file_perms; ') diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 847499d1..48cb759d 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -213,6 +213,9 @@ type sysfs_trusty, sysfs_type, fs_type; # BootControl type sysfs_bootctl, sysfs_type, fs_type; +#vendor-metrics +type sysfs_vendor_metrics, fs_type, sysfs_type; + # Radio type radio_vendor_data_file, file_type, data_file_type; userdebug_or_eng(` diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index da2222b2..a75eff9e 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -108,6 +108,7 @@ /dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 /dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 /dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 50853f0f..8bb12c67 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -14,7 +14,8 @@ genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:ob genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 @@ -354,6 +355,26 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-mete genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 + # bcl sysfs files genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0 genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_heavy_clk_ratio u:object_r:sysfs_bcl:s0 @@ -486,6 +507,7 @@ genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_ genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/audiometrics/hwinfo_part_number u:object_r:sysfs_pixelstats:s0 +genfscon sysfs /devices/platform/audiometrics/ams_rate_read_once u:object_r:sysfs_pixelstats:s0 # SJTAG genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0 @@ -529,6 +551,11 @@ genfscon sysfs /devices/platform/100b0000.G3D u:obje genfscon sysfs /devices/platform/100b0000.ISP u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0 +#vendor-metrics +genfscon sysfs /kernel/metrics/temp_residency/temp_residency_all/stats u:object_r:sysfs_vendor_metrics:s0 +genfscon sysfs /kernel/metrics/resume_latency/resume_latency_metrics u:object_r:sysfs_vendor_metrics:s0 +genfscon sysfs /kernel/metrics/irq/long_irq_metrics u:object_r:sysfs_vendor_metrics:s0 + # Trusty genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 01c69b49..314546f2 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -35,6 +35,10 @@ allow hal_dumpstate_default vendor_log_file:dir search; allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans; allow hal_dumpstate_default vendor_usf_reg_edit:file execute_no_trans; allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans; +userdebug_or_eng(` + allow hal_dumpstate_default sensor_debug_data_file:dir r_dir_perms; + allow hal_dumpstate_default sensor_debug_data_file:file r_file_perms; +') allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:file r_file_perms; @@ -139,6 +143,9 @@ userdebug_or_eng(` allow hal_dumpstate_default vendor_maxfg_debugfs:dir search; allow hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms; + allow hal_dumpstate_default sysfs_vendor_metrics:dir search; + allow hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; + allow hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms; allow hal_dumpstate_default vendor_charger_debugfs:file r_file_perms; @@ -169,6 +176,9 @@ dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; dontaudit hal_dumpstate_default sysfs_pixel_stat:dir r_dir_perms; dontaudit hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; +dontaudit hal_dumpstate_default sysfs_vendor_metrics:dir search; +dontaudit hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; + dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms; dontaudit hal_dumpstate_default vendor_dri_debugfs:dir search; diff --git a/whitechapel/vendor/google/hal_input_processor_default.te b/whitechapel/vendor/google/hal_input_processor_default.te new file mode 100644 index 00000000..00d4c695 --- /dev/null +++ b/whitechapel/vendor/google/hal_input_processor_default.te @@ -0,0 +1,2 @@ +# allow InputProcessor HAL to read the display resolution system property +get_prop(hal_input_processor_default, vendor_display_prop) diff --git a/whitechapel/vendor/google/logger_app.te b/whitechapel/vendor/google/logger_app.te index be15d0e6..14196600 100644 --- a/whitechapel/vendor/google/logger_app.te +++ b/whitechapel/vendor/google/logger_app.te @@ -5,6 +5,10 @@ userdebug_or_eng(` allow logger_app vendor_gps_file:file create_file_perms; allow logger_app vendor_gps_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; + allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; + + binder_call(logger_app, rild) + r_dir_file(logger_app, ramdump_vendor_data_file) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te index f664359d..63dec363 100644 --- a/whitechapel/vendor/google/modem_svc_sit.te +++ b/whitechapel/vendor/google/modem_svc_sit.te @@ -27,3 +27,9 @@ get_prop(modem_svc_sit, vendor_rild_prop) # hwservice permission allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) + +# logging property +get_prop(modem_svc_sit, vendor_logger_prop) + +# Modem property +set_prop(modem_svc_sit, vendor_modem_prop) diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te index f0cca685..eb255475 100644 --- a/whitechapel/vendor/google/pixelstats_vendor.te +++ b/whitechapel/vendor/google/pixelstats_vendor.te @@ -23,6 +23,9 @@ allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find; # Batery history allow pixelstats_vendor battery_history_device:chr_file r_file_perms; +#vendor-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) + # BCL allow pixelstats_vendor sysfs_bcl:dir search; allow pixelstats_vendor sysfs_bcl:file r_file_perms; diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 31ee4b8f..70c72b68 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -55,3 +55,6 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # UWB calibration system_vendor_config_prop(vendor_uwb_calibration_prop) + +# Trusty storage FS ready +vendor_internal_prop(vendor_trusty_storage_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 5eba1f8d..0dd3d463 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -61,10 +61,13 @@ vendor.audiodump.log.ondemand u:object_r:vendor_audio_prop:s0 vendor.audiodump.log.config u:object_r:vendor_audio_prop:s0 vendor.audiodump.output.dir u:object_r:vendor_audio_prop:s0 vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0 +vendor.audiodump.log.cca.updated u:object_r:vendor_audio_prop:s0 +vendor.audiodump.cca.config u:object_r:vendor_audio_prop:s0 # for display ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0 +persist.vendor.display. u:object_r:vendor_display_prop:s0 # for camera persist.vendor.camera. u:object_r:vendor_camera_prop:s0 @@ -114,3 +117,6 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor # uwb ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string + +# Trusty +ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te index 5fc2159c..78b14e51 100644 --- a/whitechapel/vendor/google/rild.te +++ b/whitechapel/vendor/google/rild.te @@ -26,6 +26,7 @@ binder_call(rild, modem_svc_sit) binder_call(rild, vendor_ims_app) binder_call(rild, vendor_rcs_app) binder_call(rild, oemrilservice_app) +binder_call(rild, logger_app) # for hal service add_hwservice(rild, hal_exynos_rild_hwservice) diff --git a/whitechapel/vendor/google/shell.te b/whitechapel/vendor/google/shell.te index f982424d..e13e744e 100644 --- a/whitechapel/vendor/google/shell.te +++ b/whitechapel/vendor/google/shell.te @@ -8,3 +8,4 @@ userdebug_or_eng(` dontaudit shell proc_vendor_sched:dir search; dontaudit shell proc_vendor_sched:file write; +dontaudit shell sysfs_wlc:dir search; diff --git a/whitechapel/vendor/google/storageproxyd.te b/whitechapel/vendor/google/storageproxyd.te index ada64441..bf29cbf2 100644 --- a/whitechapel/vendor/google/storageproxyd.te +++ b/whitechapel/vendor/google/storageproxyd.te @@ -19,3 +19,5 @@ read_fstab(tee) # storageproxyd starts before /data is mounted. It handles /data not being there # gracefully. However, attempts to access /data trigger a denial. dontaudit tee unlabeled:dir { search }; + +set_prop(tee, vendor_trusty_storage_prop) diff --git a/whitechapel/vendor/google/vendor_ims_app.te b/whitechapel/vendor/google/vendor_ims_app.te index 8d655747..140d9c25 100644 --- a/whitechapel/vendor/google/vendor_ims_app.te +++ b/whitechapel/vendor/google/vendor_ims_app.te @@ -1,5 +1,6 @@ type vendor_ims_app, domain; app_domain(vendor_ims_app) +net_domain(vendor_ims_app) allow vendor_ims_app app_api_service:service_manager find; allow vendor_ims_app audioserver_service:service_manager find; @@ -11,6 +12,8 @@ allow vendor_ims_app mediaserver_service:service_manager find; allow vendor_ims_app cameraserver_service:service_manager find; allow vendor_ims_app mediametrics_service:service_manager find; +allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl }; + binder_call(vendor_ims_app, rild) set_prop(vendor_ims_app, vendor_rild_prop) set_prop(vendor_ims_app, radio_prop) diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index dfd8e996..8ebe5e52 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -35,3 +35,9 @@ set_prop(vendor_init, vendor_battery_defender_prop) # Fingerprint property set_prop(vendor_init, vendor_fingerprint_prop) + +# Display +set_prop(vendor_init, vendor_display_prop) + +# Trusty storage FS ready +get_prop(vendor_init, vendor_trusty_storage_prop) |