diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-01-10 00:02:30 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-01-10 00:02:30 +0000 |
| commit | 66f48241b5e406b1410ec1a8e7c6d33c651bb81c (patch) | |
| tree | f5c74a62e39f7b458251b1f25a483323fd32ffba | |
| parent | d4e0af01054737a0972a758af4aa4e95819b57b9 (diff) | |
| parent | 946b7e5e36e64e79650327673dc5e55a1369c7f7 (diff) | |
Snap for 9470583 from 946b7e5e36e64e79650327673dc5e55a1369c7f7 to tm-qpr3-release
Change-Id: Ie3c7f15286d2ae239bb03fcce42c9658ebc9d7c7
33 files changed, 207 insertions, 5 deletions
diff --git a/aoc/genfs_contexts b/aoc/genfs_contexts index 46773bb0..f474c77b 100644 --- a/aoc/genfs_contexts +++ b/aoc/genfs_contexts @@ -13,7 +13,8 @@ genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:ob genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 # pixelstat_vendor genfscon sysfs /devices/platform/audiometrics/codec_state u:object_r:sysfs_pixelstats:s0 @@ -25,4 +26,6 @@ genfscon sysfs /devices/platform/audiometrics/speaker_temp u:ob genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/audiometrics/hwinfo_part_number u:object_r:sysfs_pixelstats:s0 +genfscon sysfs /devices/platform/audiometrics/ams_rate_read_once u:object_r:sysfs_pixelstats:s0 +genfscon sysfs /devices/platform/audiometrics/cca_rate_read_once u:object_r:sysfs_pixelstats:s0 diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 3bc07df7..fcebf544 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -11,3 +11,5 @@ init-insmod-sh vendor_ready_prop property_service b/239364360 kernel vendor_charger_debugfs dir b/238571150 kernel vendor_usb_debugfs dir b/227121550 shell sysfs_wlc dir b/238260741 +hal_contexthub_default fwk_stats_service service_manager b/241714943 +shell sscoredump_vendor_data_crashinfo_file dir b/241714944 diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 605f1fa6..38fcbb6d 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,5 +1,3 @@ -# b/238398889 -dontaudit kernel vendor_charger_debugfs:dir { search }; # b/213817227 dontaudit kernel vendor_battery_debugfs:dir { search }; # b/220801802 diff --git a/whitechapel_pro/battery_mitigation.te b/whitechapel_pro/battery_mitigation.te index 59af9d53..643b2fc6 100644 --- a/whitechapel_pro/battery_mitigation.te +++ b/whitechapel_pro/battery_mitigation.te @@ -2,6 +2,8 @@ type battery_mitigation, domain; type battery_mitigation_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(battery_mitigation) get_prop(battery_mitigation, boot_status_prop) +set_prop(battery_mitigation, vendor_mitigation_ready_prop) +get_prop(battery_mitigation, vendor_brownout_reason_prop) hal_client_domain(battery_mitigation, hal_thermal); hal_client_domain(battery_mitigation, hal_health); @@ -11,6 +13,9 @@ r_dir_file(battery_mitigation, sysfs_iio_devices) r_dir_file(battery_mitigation, sysfs_thermal) r_dir_file(battery_mitigation, thermal_link_device) r_dir_file(battery_mitigation, sysfs_odpm) +allow battery_mitigation sysfs_bcl:dir r_dir_perms; +allow battery_mitigation sysfs_bcl:file r_file_perms; +allow battery_mitigation sysfs_bcl:lnk_file r_file_perms; allow battery_mitigation sysfs_thermal:lnk_file r_file_perms; allow battery_mitigation mitigation_vendor_data_file:dir rw_dir_perms; allow battery_mitigation mitigation_vendor_data_file:file create_file_perms; diff --git a/whitechapel_pro/brownout_detection_app.te b/whitechapel_pro/brownout_detection_app.te new file mode 100644 index 00000000..6146a745 --- /dev/null +++ b/whitechapel_pro/brownout_detection_app.te @@ -0,0 +1,9 @@ +type brownout_detection_app, domain, coredomain; + +userdebug_or_eng(` + app_domain(brownout_detection_app) + net_domain(brownout_detection_app) + allow brownout_detection_app app_api_service:service_manager find; + allow brownout_detection_app system_api_service:service_manager find; + get_prop(brownout_detection_app, vendor_brownout_reason_prop) +') diff --git a/whitechapel_pro/chre.te b/whitechapel_pro/chre.te index 6d826217..26c1675f 100644 --- a/whitechapel_pro/chre.te +++ b/whitechapel_pro/chre.te @@ -22,3 +22,6 @@ allow chre hal_wifi_ext_hwservice:hwservice_manager find; # Allow CHRE host to talk to stats service allow chre fwk_stats_service:service_manager find; binder_call(chre, stats_service_server) + +# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP. +allow chre self:global_capability2_class_set block_suspend; diff --git a/whitechapel_pro/convert-to-ext4-sh.te b/whitechapel_pro/convert-to-ext4-sh.te index cbf633de..d64382df 100644 --- a/whitechapel_pro/convert-to-ext4-sh.te +++ b/whitechapel_pro/convert-to-ext4-sh.te @@ -30,4 +30,5 @@ userdebug_or_eng(` dontaudit convert-to-ext4-sh self:capability { chown fowner fsetid dac_read_search sys_admin sys_rawio }; dontaudit convert-to-ext4-sh unlabeled:dir { add_name create mounton open rw_file_perms search setattr }; dontaudit convert-to-ext4-sh unlabeled:file { create rw_file_perms setattr }; + dontaudit convert-to-ext4-sh convert-to-ext4-sh:capability { dac_override }; ') diff --git a/whitechapel_pro/debug_camera_app.te b/whitechapel_pro/debug_camera_app.te index 50379b54..7ef8ab46 100644 --- a/whitechapel_pro/debug_camera_app.te +++ b/whitechapel_pro/debug_camera_app.te @@ -2,6 +2,7 @@ type debug_camera_app, domain, coredomain; userdebug_or_eng(` app_domain(debug_camera_app) + net_domain(debug_camera_app) allow debug_camera_app app_api_service:service_manager find; allow debug_camera_app audioserver_service:service_manager find; diff --git a/whitechapel_pro/disable-contaminant-detection-sh.te b/whitechapel_pro/disable-contaminant-detection-sh.te new file mode 100644 index 00000000..95845a18 --- /dev/null +++ b/whitechapel_pro/disable-contaminant-detection-sh.te @@ -0,0 +1,7 @@ +type disable-contaminant-detection-sh, domain; +type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(disable-contaminant-detection-sh) + +allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; +allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; +allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/whitechapel_pro/fastbootd.te b/whitechapel_pro/fastbootd.te index 0d215a84..5945ef24 100644 --- a/whitechapel_pro/fastbootd.te +++ b/whitechapel_pro/fastbootd.te @@ -4,4 +4,5 @@ allow fastbootd devinfo_block_device:blk_file rw_file_perms; allow fastbootd sda_block_device:blk_file rw_file_perms; allow fastbootd sysfs_ota:file rw_file_perms; allow fastbootd citadel_device:chr_file rw_file_perms; +allow fastbootd st54spi_device:chr_file rw_file_perms; ') diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te index ea0caf2a..90fe2fbf 100644 --- a/whitechapel_pro/file.te +++ b/whitechapel_pro/file.te @@ -10,6 +10,7 @@ type tcpdump_vendor_data_file, file_type, data_file_type; type vendor_camera_data_file, file_type, data_file_type; type vendor_media_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; +type sensor_debug_data_file, file_type, data_file_type; type sensor_reg_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; @@ -55,7 +56,7 @@ type sysfs_soc, sysfs_type, fs_type; type sysfs_camera, sysfs_type, fs_type; type sysfs_write_leds, sysfs_type, fs_type; type sysfs_pca, sysfs_type, fs_type; - +type sysfs_ptracker, sysfs_type, fs_type; # debugfs type debugfs_f2fs, debugfs_type, fs_type; type vendor_maxfg_debugfs, fs_type, debugfs_type; @@ -82,6 +83,7 @@ type persist_sensor_reg_file, file_type, vendor_persist_type; type persist_ss_file, file_type, vendor_persist_type; type persist_uwb_file, file_type, vendor_persist_type; type persist_display_file, file_type, vendor_persist_type; +type persist_leds_file, file_type, vendor_persist_type; # CHRE type chre_socket, file_type; @@ -94,6 +96,9 @@ type vendor_usf_stats, vendor_file_type, file_type; type vendor_usf_reg_edit, vendor_file_type, file_type; type vendor_dumpsys, vendor_file_type, file_type; +#vendor-metrics +type sysfs_vendor_metrics, fs_type, sysfs_type; + # Modem type modem_efs_file, file_type; type modem_userdata_file, file_type; @@ -107,6 +112,11 @@ type sysfs_usbc_throttling_stats, sysfs_type, fs_type; # Touch type proc_touch, proc_type, fs_type; +type proc_touch_gti, proc_type, fs_type; +userdebug_or_eng(` + typeattribute proc_touch mlstrustedobject; + typeattribute proc_touch_gti mlstrustedobject; +') # Vendor sched files userdebug_or_eng(` diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 78a43624..dc1101bc 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -44,6 +44,7 @@ /vendor/bin/hw/battery_mitigation u:object_r:battery_mitigation_exec:s0 /vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 /system_ext/bin/convert_to_ext4\.sh u:object_r:convert-to-ext4-sh_exec:s0 +/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -106,6 +107,7 @@ /dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 /dev/bbd_pwrstat u:object_r:power_stats_device:s0 /dev/lwis-act-jotnar u:object_r:lwis_device:s0 /dev/lwis-act-slenderman u:object_r:lwis_device:s0 @@ -208,8 +210,10 @@ /data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 +/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 +/dev/maxfg_history u:object_r:battery_history_device:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 /data/vendor/mitigation(/.*)? u:object_r:mitigation_vendor_data_file:s0 @@ -222,6 +226,7 @@ /mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 /mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/led(/.*)? u:object_r:persist_leds_file:s0 # Extra mount images /mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0 diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index 70252d16..04bd9a9c 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -31,6 +31,7 @@ genfscon sysfs /devices/soc0/revision u genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/synaptics_tcm.0/sysfs u:object_r:sysfs_touch:s0 genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0 genfscon proc /focaltech_touch u:object_r:proc_touch:s0 +genfscon proc /goog_touch_interface u:object_r:proc_touch_gti:s0 # tracefs genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0 @@ -40,6 +41,7 @@ genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/ieee80215 # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 +genfscon sysfs /wlan_ptracker u:object_r:sysfs_ptracker:s0 # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 @@ -53,6 +55,7 @@ genfscon sysfs /devices/platform/28000000.mali/power_policy u genfscon sysfs /devices/platform/28000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/28000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/28000000.mali/kprcs u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/28000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 # Fabric genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0 @@ -109,6 +112,7 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/s2mp genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-0/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-2/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 @@ -118,6 +122,7 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/s2mp genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 # Devfreq current frequency genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 @@ -339,6 +344,9 @@ genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.au genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2 u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb3 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb2 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb3 u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 @@ -384,8 +392,14 @@ genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_fall_thres u:obj genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 +#vendor-metrics +genfscon sysfs /kernel/metrics/temp_residency/temp_residency_all/stats u:object_r:sysfs_vendor_metrics:s0 +genfscon sysfs /kernel/metrics/resume_latency/resume_latency_metrics u:object_r:sysfs_vendor_metrics:s0 +genfscon sysfs /kernel/metrics/irq/long_irq_metrics u:object_r:sysfs_vendor_metrics:s0 + # Camera genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq u:object_r:sysfs_camera:s0 genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 # USB-C throttling stats @@ -413,3 +427,7 @@ genfscon sysfs /module/trusty_core/parameters/use_high_wq u:obje # EM Profile genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# Privacy LED +genfscon sysfs /devices/platform/pwmleds/leds/green/brightness u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness u:object_r:sysfs_leds:s0 diff --git a/whitechapel_pro/google_touch_app.te b/whitechapel_pro/google_touch_app.te new file mode 100644 index 00000000..8428ff80 --- /dev/null +++ b/whitechapel_pro/google_touch_app.te @@ -0,0 +1,12 @@ +type google_touch_app, domain; + +userdebug_or_eng(` + app_domain(google_touch_app) + + allow google_touch_app app_api_service:service_manager find; + + allow google_touch_app sysfs_touch:dir r_dir_perms; + allow google_touch_app sysfs_touch:file rw_file_perms; + allow google_touch_app proc_touch:file rw_file_perms; + allow google_touch_app proc_touch_gti:file rw_file_perms; +') diff --git a/whitechapel_pro/hal_dumpstate_default.te b/whitechapel_pro/hal_dumpstate_default.te index e819eb16..12fb8a7e 100644 --- a/whitechapel_pro/hal_dumpstate_default.te +++ b/whitechapel_pro/hal_dumpstate_default.te @@ -6,6 +6,11 @@ allow hal_dumpstate_default sysfs_cpu:file r_file_perms; allow hal_dumpstate_default vendor_usf_reg_edit:file execute_no_trans; allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans; +userdebug_or_eng(` + allow hal_dumpstate_default sensor_debug_data_file:dir r_dir_perms; + allow hal_dumpstate_default sensor_debug_data_file:file r_file_perms; +') + allow hal_dumpstate_default vendor_rfsd_log_file:dir r_dir_perms; allow hal_dumpstate_default vendor_rfsd_log_file:file r_file_perms; @@ -40,6 +45,9 @@ allow hal_dumpstate_default mitigation_vendor_data_file:file r_file_perms; allow hal_dumpstate_default sysfs_wifi:dir r_dir_perms; allow hal_dumpstate_default sysfs_wifi:file r_file_perms; +allow hal_dumpstate_default sysfs_ptracker:dir r_dir_perms; +allow hal_dumpstate_default sysfs_ptracker:file r_file_perms; + allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms; allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms; @@ -76,6 +84,9 @@ allow hal_dumpstate_default sysfs_touch:file rw_file_perms; allow hal_dumpstate_default proc_touch:dir r_dir_perms; allow hal_dumpstate_default proc_touch:file rw_file_perms; +allow hal_dumpstate_default proc_touch_gti:dir r_dir_perms; +allow hal_dumpstate_default proc_touch_gti:file rw_file_perms; + allow hal_dumpstate_default vendor_displaycolor_service:service_manager find; binder_call(hal_dumpstate_default, hal_graphics_composer_default); allow hal_dumpstate_default sysfs_display:dir r_dir_perms; @@ -94,6 +105,15 @@ allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans; allow hal_dumpstate_default proc_vendor_sched:dir r_dir_perms; allow hal_dumpstate_default proc_vendor_sched:file r_file_perms; +allow hal_dumpstate_default battery_history_device:chr_file r_file_perms; + +userdebug_or_eng(` + allow hal_dumpstate_default sysfs_leds:dir search; + allow hal_dumpstate_default sysfs_leds:file rw_file_perms; + allow hal_dumpstate_default persist_file:dir search; + r_dir_file(hal_dumpstate_default, persist_leds_file); +') + get_prop(hal_dumpstate_default, vendor_camera_debug_prop); get_prop(hal_dumpstate_default, boottime_public_prop) get_prop(hal_dumpstate_default, vendor_camera_prop) @@ -124,6 +144,10 @@ userdebug_or_eng(` allow hal_dumpstate_default vendor_dri_debugfs:file r_file_perms; allow hal_dumpstate_default vendor_page_pinner_debugfs:dir search; allow hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; + allow hal_dumpstate_default debugfs_tracing_instances:dir search; + allow hal_dumpstate_default debugfs_tracing_instances:file r_file_perms; + allow hal_dumpstate_default sysfs_vendor_metrics:dir search; + allow hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; allow hal_dumpstate_default vendor_cma_debugfs:dir r_dir_perms; allow hal_dumpstate_default vendor_cma_debugfs:file r_file_perms; allow hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms; @@ -152,6 +176,10 @@ dontaudit hal_dumpstate_default sysfs_bcl:dir r_dir_perms; dontaudit hal_dumpstate_default sysfs_bcl:file r_file_perms; dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:dir search; dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; +dontaudit hal_dumpstate_default debugfs_tracing_instances:dir search; +dontaudit hal_dumpstate_default debugfs_tracing_instances:file r_file_perms; +dontaudit hal_dumpstate_default sysfs_vendor_metrics:dir search; +dontaudit hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; dontaudit hal_dumpstate_default vendor_cma_debugfs:dir r_dir_perms; dontaudit hal_dumpstate_default vendor_cma_debugfs:file r_file_perms; dontaudit hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms; diff --git a/whitechapel_pro/hal_fingerprint_default.te b/whitechapel_pro/hal_fingerprint_default.te index ec02f9c4..912776dd 100644 --- a/whitechapel_pro/hal_fingerprint_default.te +++ b/whitechapel_pro/hal_fingerprint_default.te @@ -30,3 +30,6 @@ allow hal_fingerprint_default sysfs_trusty:file rw_file_perms; # Allow fingerprint to access display hal allow hal_fingerprint_default hal_pixel_display_service:service_manager find; binder_call(hal_fingerprint_default, hal_graphics_composer_default) + +# allow fingerprint to access thermal hal +hal_client_domain(hal_fingerprint_default, hal_thermal); diff --git a/whitechapel_pro/hal_health_default.te b/whitechapel_pro/hal_health_default.te index 0e393765..6c3c6940 100644 --- a/whitechapel_pro/hal_health_default.te +++ b/whitechapel_pro/hal_health_default.te @@ -1,5 +1,7 @@ allow hal_health_default mnt_vendor_file:dir search; allow hal_health_default persist_file:dir search; +allow hal_health_default persist_battery_file:file create_file_perms; +allow hal_health_default persist_battery_file:dir rw_dir_perms; set_prop(hal_health_default, vendor_battery_defender_prop) @@ -7,6 +9,9 @@ set_prop(hal_health_default, vendor_battery_defender_prop) allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; +allow hal_health_default fwk_stats_service:service_manager find; +binder_use(hal_health_default) + allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file w_file_perms; allow hal_health_default sysfs_thermal:dir search; diff --git a/whitechapel_pro/hal_sensors_default.te b/whitechapel_pro/hal_sensors_default.te index a645b502..fcd758a4 100644 --- a/whitechapel_pro/hal_sensors_default.te +++ b/whitechapel_pro/hal_sensors_default.te @@ -33,6 +33,12 @@ r_dir_file(hal_sensors_default, persist_camera_file) allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; allow hal_sensors_default sensor_reg_data_file:file create_file_perms; +userdebug_or_eng(` + # Allow creation and writing of sensor debug data files. + allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms; + allow hal_sensors_default sensor_debug_data_file:file create_file_perms; +') + # Allow access to the display info for ALS. allow hal_sensors_default sysfs_display:file rw_file_perms; @@ -75,3 +81,8 @@ binder_call(hal_sensors_default, hal_graphics_composer_default); # Allow display_info_service access to the backlight driver. allow hal_sensors_default sysfs_write_leds:file rw_file_perms; + +# Allow access to the power supply files for MagCC. +r_dir_file(hal_sensors_default, sysfs_batteryinfo) +allow hal_sensors_default sysfs_wlc:dir r_dir_perms; + diff --git a/whitechapel_pro/hbmsvmanager_app.te b/whitechapel_pro/hbmsvmanager_app.te index 3ed4f823..b7058090 100644 --- a/whitechapel_pro/hbmsvmanager_app.te +++ b/whitechapel_pro/hbmsvmanager_app.te @@ -1,4 +1,4 @@ -type hbmsvmanager_app, domain; +type hbmsvmanager_app, domain, coredomain; app_domain(hbmsvmanager_app); diff --git a/whitechapel_pro/kernel.te b/whitechapel_pro/kernel.te index c34e7f72..376d8e14 100644 --- a/whitechapel_pro/kernel.te +++ b/whitechapel_pro/kernel.te @@ -9,3 +9,4 @@ allow kernel self:capability2 perfmon; allow kernel self:perf_event cpu; dontaudit kernel vendor_battery_debugfs:dir search; +dontaudit kernel vendor_regmap_debugfs:dir search; diff --git a/whitechapel_pro/logger_app.te b/whitechapel_pro/logger_app.te index 9809f309..684e94ad 100644 --- a/whitechapel_pro/logger_app.te +++ b/whitechapel_pro/logger_app.te @@ -5,6 +5,10 @@ userdebug_or_eng(` allow logger_app vendor_gps_file:file create_file_perms; allow logger_app vendor_gps_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; + allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; + + binder_call(logger_app, rild) + r_dir_file(logger_app, ramdump_vendor_data_file) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te index 9954f493..9d4cba72 100644 --- a/whitechapel_pro/modem_svc_sit.te +++ b/whitechapel_pro/modem_svc_sit.te @@ -25,6 +25,9 @@ get_prop(modem_svc_sit, vendor_rild_prop) allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) +# logging property +get_prop(modem_svc_sit, vendor_logger_prop) + userdebug_or_eng(` allow modem_svc_sit radio_test_device:chr_file rw_file_perms; ') diff --git a/whitechapel_pro/pixelstats_vendor.te b/whitechapel_pro/pixelstats_vendor.te index 068e7fb8..a8d7b123 100644 --- a/whitechapel_pro/pixelstats_vendor.te +++ b/whitechapel_pro/pixelstats_vendor.te @@ -22,3 +22,14 @@ get_prop(pixelstats_vendor, smart_idle_maint_enabled_prop); # Pca charge allow pixelstats_vendor sysfs_pca:file rw_file_perms; + +#Thermal +r_dir_file(pixelstats_vendor, sysfs_thermal) +allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; + +#vendor-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te index bc898f47..b5bf04c2 100644 --- a/whitechapel_pro/property.te +++ b/whitechapel_pro/property.te @@ -34,3 +34,12 @@ system_vendor_config_prop(vendor_uwb_calibration_prop) # Dynamic sensor vendor_internal_prop(vendor_dynamic_sensor_prop) +# Telephony debug app +vendor_internal_prop(vendor_telephony_app_prop) + +# Battery Mitigation +vendor_internal_prop(vendor_mitigation_ready_prop) +vendor_public_prop(vendor_brownout_reason_prop) + +# Trusty storage FS ready +vendor_internal_prop(vendor_trusty_storage_prop) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index ce737004..32b304b1 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -103,3 +103,13 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # for ims service persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0 + +# for vendor telephony debug app +vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0 + +# Battery Mitigation +vendor.brownout.mitigation.ready u:object_r:vendor_mitigation_ready_prop:s0 +vendor.brownout_reason u:object_r:vendor_brownout_reason_prop:s0 + +# Trusty +ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 diff --git a/whitechapel_pro/recovery.te b/whitechapel_pro/recovery.te index bfa3c7dc..a498af07 100644 --- a/whitechapel_pro/recovery.te +++ b/whitechapel_pro/recovery.te @@ -1,4 +1,5 @@ recovery_only(` allow recovery sysfs_ota:file rw_file_perms; allow recovery citadel_device:chr_file rw_file_perms; + allow recovery st54spi_device:chr_file rw_file_perms; ') diff --git a/whitechapel_pro/rild.te b/whitechapel_pro/rild.te index d8c8c290..bfabf428 100644 --- a/whitechapel_pro/rild.te +++ b/whitechapel_pro/rild.te @@ -26,6 +26,8 @@ binder_call(rild, oemrilservice_app) binder_call(rild, hal_secure_element_uicc) binder_call(rild, grilservice_app) binder_call(rild, vendor_engineermode_app) +binder_call(rild, vendor_telephony_debug_app) +binder_call(rild, logger_app) # for hal service add_hwservice(rild, hal_exynos_rild_hwservice) diff --git a/whitechapel_pro/seapp_contexts b/whitechapel_pro/seapp_contexts index 0fbe0333..d7fd69de 100644 --- a/whitechapel_pro/seapp_contexts +++ b/whitechapel_pro/seapp_contexts @@ -44,6 +44,9 @@ user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_ # CBRS setup app user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user +# Touch app +user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user + # Qorvo UWB system app # TODO(b/222204912): Should this run under uwb user? user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all @@ -71,3 +74,6 @@ user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_ # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all + +# BrownoutDetection +user=_app isPrivApp=true name=com.google.android.brownoutdetection domain=brownout_detection_app type=app_data_file levelFrom=all diff --git a/whitechapel_pro/shell.te b/whitechapel_pro/shell.te index 978a5426..44ae0768 100644 --- a/whitechapel_pro/shell.te +++ b/whitechapel_pro/shell.te @@ -3,3 +3,6 @@ userdebug_or_eng(` allow shell sysfs_sjtag:dir r_dir_perms; allow shell sysfs_sjtag:file rw_file_perms; ') + +# wlc +dontaudit shell sysfs_wlc:dir search; diff --git a/whitechapel_pro/tee.te b/whitechapel_pro/tee.te index 58228b5a..811dcbbc 100644 --- a/whitechapel_pro/tee.te +++ b/whitechapel_pro/tee.te @@ -15,3 +15,5 @@ read_fstab(tee) # storageproxyd starts before /data is mounted. It handles /data not being there # gracefully. However, attempts to access /data trigger a denial. dontaudit tee unlabeled:dir { search }; + +set_prop(tee, vendor_trusty_storage_prop) diff --git a/whitechapel_pro/vendor_ims_app.te b/whitechapel_pro/vendor_ims_app.te index 38e63646..ed65eae1 100644 --- a/whitechapel_pro/vendor_ims_app.te +++ b/whitechapel_pro/vendor_ims_app.te @@ -1,5 +1,6 @@ type vendor_ims_app, domain; app_domain(vendor_ims_app) +net_domain(vendor_ims_app) allow vendor_ims_app app_api_service:service_manager find; allow vendor_ims_app audioserver_service:service_manager find; @@ -11,6 +12,8 @@ allow vendor_ims_app mediaserver_service:service_manager find; allow vendor_ims_app cameraserver_service:service_manager find; allow vendor_ims_app mediametrics_service:service_manager find; +allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl }; + binder_call(vendor_ims_app, rild) set_prop(vendor_ims_app, vendor_rild_prop) set_prop(vendor_ims_app, radio_prop) diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te index 3287d344..5b828e93 100644 --- a/whitechapel_pro/vendor_init.te +++ b/whitechapel_pro/vendor_init.te @@ -35,3 +35,12 @@ set_prop(vendor_init, vendor_battery_defender_prop) # Display set_prop(vendor_init, vendor_display_prop) + +# Battery Mitigation +set_prop(vendor_init, vendor_brownout_reason_prop) + +# MM +allow vendor_init proc_watermark_scale_factor:file w_file_perms; + +# Trusty storage FS ready +get_prop(vendor_init, vendor_trusty_storage_prop) diff --git a/whitechapel_pro/vendor_telephony_debug_app.te b/whitechapel_pro/vendor_telephony_debug_app.te index 946460cc..539fffce 100644 --- a/whitechapel_pro/vendor_telephony_debug_app.te +++ b/whitechapel_pro/vendor_telephony_debug_app.te @@ -2,3 +2,19 @@ type vendor_telephony_debug_app, domain; app_domain(vendor_telephony_debug_app) allow vendor_telephony_debug_app app_api_service:service_manager find; +allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find; + +binder_call(vendor_telephony_debug_app, rild) + +# RIL property +set_prop(vendor_telephony_debug_app, vendor_rild_prop) + +# Debug property +set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop) + +userdebug_or_eng(` +# System Debug Mode +dontaudit vendor_telephony_debug_app system_app_data_file:dir create_dir_perms; +dontaudit vendor_telephony_debug_app system_app_data_file:file create_file_perms; +dontaudit vendor_telephony_debug_app default_prop:file r_file_perms; +') |