MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4945 commits 1 branch 0 tags 12 MiB
Commit graph

9 commits

Author SHA1 Message Date
Alcatraz323
c6e458cf31 sdm660-common: sepolicy: don't do anything on untrusted_app 
Add untrusted_app_32
 2024-01-14 17:18:54 +01:00
Alcatraz323
14aa292b1a sdm660-common: sepolicy: don't do anything on untrusted_app 
* allowing any extra permission for "untrustred_app" domain is DANGER
* the "untrustred_app" domain rule should ONLY be defined by aosp
* kill all don't audit except getopt for untrusted_app. it's a tool to show which app are evil, let it show in audit logs

Signed-off-by: pix106 <sbordenave@gmail.com>
 2024-01-14 17:18:17 +01:00
Alcatraz323
b8666f9e93 sdm660-common: sepolicy: reset QTI USB sepolicy to legacy ported version 
* defined in July -> 8a6b2a503a

Signed-off-by: pix106 <sbordenave@gmail.com>
 2023-08-22 08:44:53 +02:00
Alcatraz323
68c470f248 sdm660-common: sepolicy: address bunch of denials 
* suppress bunch of capability denials, they are harmless and managed by aosp, if it should be fixed, aosp will do
* correct some typo

Signed-off-by: pix106 <sbordenave@gmail.com>
 2023-08-22 08:44:53 +02:00
7Soldier
9aeebe4081 sdm660-common: sepolicy: Dontaudit crash_dump init ptrace denial 
Signed-off-by: 7Soldier <reg.fm4@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-22 04:56:20 +01:00
pix106
9572ebacd7 sdm660-common: sepolicy: allow hal_power_default sys_admin capability 2022-10-11 09:24:15 +02:00
pix106
90b568e7b7 sdm660-common: sepolicy: drop and dontaudit kill and sys_admin permissions. 2022-09-13 06:56:46 +02:00
pix106
9188e83cbd sdm660-common: sepolicy: drop and dontaudit kill and sys_admin permissions. 2022-09-12 22:41:46 +02:00
Kshitij Gupta
b6f2052cd7 sdm660-common: sepolicy: dontaudit untrusted_app to open ashmem_device 
- Fixes scroll lag in many apps, such as Twitter:
    W RenderThread: type=1400 audit(0.0:12371): avc: denied { open } for path=/dev/ashmem dev=tmpfs ino=10848 scontext=u:r:untrusted_app:s0:c123,c256,c512,c768 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file permissive=0 app=com.twitter.android
- Apps are no longer allowed open access to /dev/ashmem, unless they
  target API level < Q.
  (8b12ff5f21)

Change-Id: I6405786fea05891642d8437acafcd8c891d75912
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00