android_device_google_gs-common

drgreen/android_device_google_gs-common

Fork 0

Commit Graph

Author	SHA1	Message	Date
Bruce Po	e15af041dd	Fix aocx selinux dumpstate permissions After switching aocxd to stable AIDL, we encountered some permissions issues associated with dumpstate: dumpstate: type=1400 audit(0.0:548): avc: denied { call } for scontext=u:r:dumpstate:s0 tcontext=u:r:aocxd:s0 tclass=binder permissive=0 dumpstate: type=1400 audit(0.0:17): avc: denied { use } for path="pipe:[214567]" dev="pipefs" ino=214567 scontext=u:r:aocxd:s0 tcontext=u:r:dumpstate:s0 tclass=fd permissive=0 dumpstate: type=1400 audit(0.0:15): avc: denied { write } for path="pipe:[212933]" dev="pipefs" ino=212933 scontext=u:r:aocxd:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=0 TEST: make selinux_policy -j128 adb push $ANDROID_PRODUCT_OUT/vendor/etc/selinux/* /vendor/etc/selinux adb reboot adb root adb bugreport BUG: 347156752 Change-Id: I188263ee9b186736a48fd3a0cfa83745e2e54108	2024-06-14 15:36:14 -07:00
Bruce Po	d202a34dbc	Allow aocxd to set thread priority aocxd sets thread scheduler to SCHED_FIFO. This is so audio processing in aocxd can run without glitching. vndbinder:11464: type=1400 audit(0.0:17): avc: denied { sys_nice } for capability=23 scontext=u:r:aocxd:s0 tcontext=u:r:aocxd:s0 tclass=capability permissive=0 BUG: 318791959 Change-Id: I9c9148aa7b18ce525091f93956e112b4c178a129	2024-01-17 18:58:06 +00:00
Bruce Po	6b92b30e7b	selinux: New aocx service Add new aocxd server domain - Allow aocxd to access AOC resources - Add new aocx binder vendor service Allow audio hal to find and talk to aocx avc error tcontext=u:object_r:binder_device:s0 tclass=chr_file or tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file avc: denied { add } for pid=1073 uid=0 name=aocx.IAocx scontext=u:r:aocxd:s0 tcontext=u:object_r:aocx:s0 tclass=service_manager avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:aocxd:s0 tclass=binder BUG: 315853303 Change-Id: Ide16a2be9f032bef60f43d4d3daa6372ae06b057	2024-01-08 17:57:03 +00:00

Author

SHA1

Message

Date

Bruce Po

e15af041dd

Fix aocx selinux dumpstate permissions

After switching aocxd to stable AIDL, we encountered some permissions
issues associated with dumpstate:

dumpstate: type=1400 audit(0.0:548): avc:  denied  { call } for  scontext=u:r:dumpstate:s0 tcontext=u:r:aocxd:s0 tclass=binder permissive=0

dumpstate: type=1400 audit(0.0:17): avc:  denied  { use } for  path="pipe:[214567]" dev="pipefs" ino=214567 scontext=u:r:aocxd:s0 tcontext=u:r:dumpstate:s0 tclass=fd permissive=0

dumpstate: type=1400 audit(0.0:15): avc:  denied  { write } for  path="pipe:[212933]" dev="pipefs" ino=212933 scontext=u:r:aocxd:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=0

TEST:
make selinux_policy -j128
adb push $ANDROID_PRODUCT_OUT/vendor/etc/selinux/* /vendor/etc/selinux
adb reboot
adb root
adb bugreport

BUG: 347156752
Change-Id: I188263ee9b186736a48fd3a0cfa83745e2e54108

2024-06-14 15:36:14 -07:00

Bruce Po

d202a34dbc

Allow aocxd to set thread priority

aocxd sets thread scheduler to SCHED_FIFO. This is so audio processing
in aocxd can run without glitching.

vndbinder:11464: type=1400 audit(0.0:17): avc:  denied  { sys_nice } for  capability=23  scontext=u:r:aocxd:s0 tcontext=u:r:aocxd:s0 tclass=capability permissive=0

BUG: 318791959
Change-Id: I9c9148aa7b18ce525091f93956e112b4c178a129

2024-01-17 18:58:06 +00:00

Bruce Po

6b92b30e7b

selinux: New aocx service

Add new aocxd server domain
- Allow aocxd to access AOC resources
- Add new aocx binder vendor service

Allow audio hal to find and talk to aocx

avc error tcontext=u:object_r:binder_device:s0 tclass=chr_file or tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

avc:  denied  { add } for pid=1073 uid=0 name=aocx.IAocx scontext=u:r:aocxd:s0 tcontext=u:object_r:aocx:s0 tclass=service_manager

avc:  denied  { call } for  scontext=u:r:hal_audio_default:s0 tcontext=u:r:aocxd:s0 tclass=binder

BUG: 315853303
Change-Id: Ide16a2be9f032bef60f43d4d3daa6372ae06b057

2024-01-08 17:57:03 +00:00

3 Commits