LenovoZ5s/device_lenovo_sdm710-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1084 commits 6 branches 0 tags 181 MiB
Commit graph

9 commits

Author SHA1 Message Date
Hridya Valsaraju
8803ff0740
sdm710-common: Set PRODUCT_SET_DEBUGFS_RESTRICTIONS 
Starting with Android R launched devices, debugfs cannot be mounted in
production builds. In order to avoid accidental debugfs dependencies
from creeping in during development with userdebug/eng builds, the
build flag PRODUCT_SET_DEBUGFS_RESTRICTIONS can be set by vendors to
enforce additional debugfs restrictions for userdebug/eng builds. The
same flag will be used to enable sepolicy neveallow statements to
prevent new permissions added for debugfs access.

Test: build, boot
Bug: 184381659
Change-Id: I45e6f20c886d467a215c9466f3a09965ff897d7e
 2023-11-25 20:35:07 +02:00
Mukul Dhir
854c54400c
sdm710-common: sepolicy: Allow init to write to proc 
01-01 02:13:02.803   344   344 I hwservicemanager: Since android.hardware.keymaster@3.0::IKeymasterDevice/default is not registered, trying to start it as a lazy HAL.
01-01 02:13:02.804   371   371 I HidlServiceManagement: getService: Trying again for android.hardware.keymaster@3.0::IKeymasterDevice/default...
01-01 02:13:02.930     1     1 I init    : type=1400 audit(0.0:37): avc: denied { write } for name="dirty_background_bytes" dev="proc" ino=12937 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
01-01 02:13:02.953     1     1 I init    : type=1400 audit(0.0:38): avc: denied { write } for name="discard_max_bytes" dev="sysfs" ino=20778 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
01-01 02:13:02.953     1     1 I init    : type=1400 audit(0.0:39): avc: denied { open } for path="/sys/devices/soc.0/f9824900.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/queue/discard_max_bytes" dev="sysfs" ino=20778 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Change-Id: I0283d0744619d82867318879152cd6fbfca094aa
 2023-11-21 22:28:33 +02:00
ShevT
791b9834e0
sdm710-common: sepolicy: Fix avc denials related to debugfs_tracing_debug 
Change-Id: I07967e3ad7d2b0ebedd2bf2f5b2727c935b67119
 2023-11-21 19:42:21 +02:00
halibw
198d911563
sdm710-common: sepolicy: Allow init to relabelto logdump_partition 
Change-Id: I8a3d2c1b0ae6163eb595310e779fa0e74c505da7
 2023-11-12 10:37:06 +02:00
CakesTwix
5d41efd453
sdm710-common: Drop KProfiles 
This reverts commit f8e389999a.
 2023-11-02 11:21:05 +02:00
Cyber Knight
f8e389999a
sdm710-common: Build KProfiles 
- Inherit KProfiles.
- Address sepolicy.
- Define sysfs_kprofiles as a domain.
- Fix permission of nodes relevant to KProfiles at boot.

Signed-off-by: Cyber Knight <cyberknight755@gmail.com>
 2023-06-21 14:24:45 +03:00
Giammarco Senatore
c119216557
kunlun2: Address some initial denials 
- Nuke folder creation that breaks encryption
- Nuke permissivers and other creepy things
- Properly label light and fp HALs
- Address initial fingerprint denials
- Label camera zui prop
 2021-07-17 18:11:00 +02:00
Giammarco Senatore
dfbc4aeaba
kunlun2: Nuke neverallows 
for real now
 2021-07-16 18:33:17 +02:00
DennySPb
14f08dc1fe
Initial selinux policies 
* convert existing one to vendor
 2021-07-16 17:54:51 +02:00