From 97d10b082df4969a2da410b3e38abd8209096d5a Mon Sep 17 00:00:00 2001 From: Robin Hsu Date: Tue, 14 Jun 2022 05:35:23 +0800 Subject: pixel_stats: add access to PSI information Add access to PSI information, i.e. /proc/pressure/xyz, where xyz=cpu, io, or memory. Test: local test Bug: 233841658 Merged-In: Ic433cd2ebfdd24694ed63bee118e30e286c11b41 (cherry picked from commit 69d59aa6e7b3e9897ffc811558708d322d4bed2a) Signed-off-by: Robin Hsu Change-Id: I0e45ec31bbf470504efdd0143bbecef31bce299e --- pixelstats/pixelstats_vendor.te | 1 + 1 file changed, 1 insertion(+) diff --git a/pixelstats/pixelstats_vendor.te b/pixelstats/pixelstats_vendor.te index ed506e9..75fd6fe 100644 --- a/pixelstats/pixelstats_vendor.te +++ b/pixelstats/pixelstats_vendor.te @@ -24,6 +24,7 @@ allow pixelstats_vendor sysfs_pixel_stat:dir r_dir_perms; allow pixelstats_vendor sysfs_pixel_stat:file r_file_perms; userdebug_or_eng(` + allow pixelstats_vendor { proc_pressure_cpu proc_pressure_io proc_pressure_mem }:file r_file_perms; allow pixelstats_vendor proc_vmstat:file r_file_perms; allow pixelstats_vendor sysfs_ion:dir search; allow pixelstats_vendor sysfs_ion:file r_file_perms; -- cgit v1.2.3 From ff2f391c34638e6cc836d65abf05bac2f1e49e45 Mon Sep 17 00:00:00 2001 From: Stephane Lee Date: Wed, 5 Oct 2022 22:08:03 +0000 Subject: Ensure there are no selinux errors in hal_googlebattery during bugreports It appears as though bugreports are still possible on user builds, so ensure sepolicies include all builds Bug: 242638443 Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials Ignore-AOSP-First: GoogleBattery is a pixel specific vendor AIDL interface Change-Id: Id2b5dcfb5d8f72c0003979262911ab5b8665a060 --- googlebattery/dumpstate.te | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/googlebattery/dumpstate.te b/googlebattery/dumpstate.te index b84095c..5de6a2e 100644 --- a/googlebattery/dumpstate.te +++ b/googlebattery/dumpstate.te @@ -1,6 +1,3 @@ -userdebug_or_eng(` - # To find and bind Google Battery HAL - allow dumpstate hal_googlebattery_service:service_manager find; - binder_call(dumpstate, hal_googlebattery) -') - +# To find and bind Google Battery HAL +allow dumpstate hal_googlebattery_service:service_manager find; +binder_call(dumpstate, hal_googlebattery) -- cgit v1.2.3 From 51cfab33de855071e459d46b2bc2f6dfd194f6a7 Mon Sep 17 00:00:00 2001 From: Minchan Kim Date: Mon, 7 Nov 2022 10:44:35 -0800 Subject: MM: allow vendor_init creates trace instance To get pixel specific trace events, vendor_init needs permissions to create trace instance. Test: "adb bugreport" includes the trace dump Bug: 238728493 Change-Id: Id7fdeb31ec8d45d40072bd28cc2e68e47be60c17 Signed-off-by: Minchan Kim --- mm/gki/vendor_init.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/gki/vendor_init.te b/mm/gki/vendor_init.te index 5bedbad..018b318 100644 --- a/mm/gki/vendor_init.te +++ b/mm/gki/vendor_init.te @@ -1,3 +1,6 @@ allow vendor_init proc_watermark_boost_factor:file w_file_perms; allow vendor_init proc_lowmem_reserve_ratio:file w_file_perms; allow vendor_init proc_min_free_kbytes:file w_file_perms; + +allow vendor_init debugfs_tracing_instances:dir create_dir_perms; +allow vendor_init debugfs_tracing_instances:file w_file_perms; -- cgit v1.2.3 From db0a7dd6820c5bc77f5e00241390b0e97c616ca0 Mon Sep 17 00:00:00 2001 From: chenpaul Date: Fri, 23 Dec 2022 15:07:33 +0800 Subject: Wifi Diagnostic Tool Sepolicy Bug: 253366496 Test: Wifi Diagnostic Tool is workable Ignore-AOSP-First: AOSP build not support Wifi Diagnostic Tool Change-Id: I982f7aa9f862f4883a47c8c57ecd7341a9cbd7ec --- wifi_diagnostic/file_contexts | 1 + wifi_diagnostic/hal_wifi_supplicant_default.te | 3 +++ wifi_diagnostic/logger_app.te | 3 +++ wifi_diagnostic/property.te | 1 + wifi_diagnostic/property_contexts | 2 ++ wifi_diagnostic/wifi_diagnostic.te | 29 ++++++++++++++++++++++++++ 6 files changed, 39 insertions(+) create mode 100644 wifi_diagnostic/file_contexts create mode 100644 wifi_diagnostic/hal_wifi_supplicant_default.te create mode 100644 wifi_diagnostic/logger_app.te create mode 100644 wifi_diagnostic/property.te create mode 100644 wifi_diagnostic/property_contexts create mode 100644 wifi_diagnostic/wifi_diagnostic.te diff --git a/wifi_diagnostic/file_contexts b/wifi_diagnostic/file_contexts new file mode 100644 index 0000000..f0a40d5 --- /dev/null +++ b/wifi_diagnostic/file_contexts @@ -0,0 +1 @@ +/vendor/bin/wifi_diagnostic u:object_r:wifi_diagnostic_exec:s0 diff --git a/wifi_diagnostic/hal_wifi_supplicant_default.te b/wifi_diagnostic/hal_wifi_supplicant_default.te new file mode 100644 index 0000000..9cd58c1 --- /dev/null +++ b/wifi_diagnostic/hal_wifi_supplicant_default.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` +allow hal_wifi_supplicant_default wifi_diagnostic:unix_dgram_socket sendto; +') diff --git a/wifi_diagnostic/logger_app.te b/wifi_diagnostic/logger_app.te new file mode 100644 index 0000000..0fc09a3 --- /dev/null +++ b/wifi_diagnostic/logger_app.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` + set_prop(logger_app, vendor_wifi_diagnostic_prop) +') diff --git a/wifi_diagnostic/property.te b/wifi_diagnostic/property.te new file mode 100644 index 0000000..ad69f65 --- /dev/null +++ b/wifi_diagnostic/property.te @@ -0,0 +1 @@ +vendor_internal_prop(vendor_wifi_diagnostic_prop) diff --git a/wifi_diagnostic/property_contexts b/wifi_diagnostic/property_contexts new file mode 100644 index 0000000..2348204 --- /dev/null +++ b/wifi_diagnostic/property_contexts @@ -0,0 +1,2 @@ +vendor.wifi.diagnostic.start u:object_r:vendor_wifi_diagnostic_prop:s0 +vendor.wifi.diagnostic.reassocBssid u:object_r:vendor_wifi_diagnostic_prop:s0 diff --git a/wifi_diagnostic/wifi_diagnostic.te b/wifi_diagnostic/wifi_diagnostic.te new file mode 100644 index 0000000..23a39d3 --- /dev/null +++ b/wifi_diagnostic/wifi_diagnostic.te @@ -0,0 +1,29 @@ +type wifi_diagnostic, domain; +type wifi_diagnostic_exec, exec_type, vendor_file_type, file_type; + +# make transition from init to its domain +userdebug_or_eng(` +init_daemon_domain(wifi_diagnostic) +net_domain(wifi_diagnostic) + +# daemon +allow wifi_diagnostic wifi_logging_data_file:dir create_dir_perms; +allow wifi_diagnostic wifi_logging_data_file:file create_file_perms; +allow wifi_diagnostic vendor_shell_exec:file execute_no_trans; +allow wifi_diagnostic wifi_diagnostic_exec:file execute_no_trans; +allow wifi_diagnostic self:capability net_admin; +allow wifi_diagnostic self:udp_socket ioctl; +allowxperm wifi_diagnostic self:udp_socket ioctl { SIOCETHTOOL SIOCDEVPRIVATE }; + +# wpa_cli +allow wifi_diagnostic self:capability { setgid setuid }; +allow wifi_diagnostic wpa_data_file:dir w_dir_perms; +allow wifi_diagnostic wpa_data_file:sock_file { create setattr write unlink }; +allow wifi_diagnostic hal_wifi_supplicant_default:unix_dgram_socket sendto; +allow wifi_diagnostic vendor_file:file execute_no_trans; +allow wifi_diagnostic vendor_file:dir r_dir_perms; + +# property +get_prop(wifi_diagnostic, vendor_wifi_diagnostic_prop) +set_prop(wifi_diagnostic, vendor_wifi_diagnostic_prop) +') -- cgit v1.2.3