Alcatraz323
14aa292b1a
sdm660-common: sepolicy: don't do anything on untrusted_app
...
* allowing any extra permission for "untrustred_app" domain is DANGER
* the "untrustred_app" domain rule should ONLY be defined by aosp
* kill all don't audit except getopt for untrusted_app. it's a tool to show which app are evil, let it show in audit logs
Signed-off-by: pix106 <sbordenave@gmail.com>
2024-01-14 17:18:17 +01:00
Alcatraz323
ccab114cee
sdm660-common: implement the switch to turn off charging ripple animation
...
* we may not want that animation when using a charge limiter
Signed-off-by: pix106 <sbordenave@gmail.com>
2023-08-22 08:45:13 +02:00
Alcatraz323
9ab5292b0b
sdm660-common: introduce my simple battery management system
...
* settings page located in Settings -> Battery
* soc-based step charger, jeita thermal charger switch (also done something in kernel)
* add a mode for user always connected with chagrging cable to limit battery around 40% - 60%
* add a switch for user to limit max charge at around 80%
Signed-off-by: pix106 <sbordenave@gmail.com>
2023-08-22 08:45:13 +02:00
Alcatraz323
68c470f248
sdm660-common: sepolicy: address bunch of denials
...
* suppress bunch of capability denials, they are harmless and managed by aosp, if it should be fixed, aosp will do
* correct some typo
Signed-off-by: pix106 <sbordenave@gmail.com>
2023-08-22 08:44:53 +02:00
Sabar
20fa9c5207
Revert "sdm660-common: drop IFAA/mliplay completely"
...
This reverts commit dd6db97ea5
2023-06-24 08:20:03 +02:00
minaripenguin
6a0750c77e
sdm660-common: sepolicy: Allow system_server to set tethering properties
...
W libc : Unable to set property "persist.device_config.tethering.bpf_net_maps_enable_java_bpf_map" to "0": error code: 0x18
E SettingsToPropertiesMapper: Unable to set property persist.device_config.tethering.bpf_net_maps_enable_java_bpf_map value '0'
E SettingsToPropertiesMapper: java.lang.RuntimeException: failed to set system property (check logcat for reason)
Signed-off-by: pix106 <sbordenave@gmail.com>
2023-03-20 07:18:06 +01:00
pix106
657e264742
sdm660-common: sepolicy: allow platform_app to read config.gz
...
type=1400 audit(0.0:2767): avc: denied { read } for name="config.gz" dev="proc" ino=4026532183 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:config_gz:s0 tclass=file permissive=0 app=com.android.launcher3
2023-01-04 06:53:43 +01:00
Kevin F. Haggerty
7e036b7ae1
sdm660-common: sepolicy: Allow platform_app to access zram sysfs nodes
...
avc: denied { search } for name=zram0 dev=sysfs ino=20744
scontext=u:r:platform_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir
permissive=0
Signed-off-by: minaripenguin <minaripenguin@users.noreply.github.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
2023-01-04 06:23:15 +01:00
boedhack99
6ec5654a34
sdm660-common: sepolicy: Address system_server denials
...
[ 74.956461] type=1400 audit(1660191118.746:65): avc: denied { ioctl } for comm=PackageManagerB path=/product/app/YouTubeMusicPrebuilt/YouTubeMusicPrebuilt.apk dev=dm-3 ino=76 ioctlcmd=0x6686 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
Change-Id: I2e35d9d284273962a9c1d6a41dea9a0e9677e5ef
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-12-22 04:56:20 +01:00
boedhack99
4de8dd15b3
sdm660-common: sepolicy: More fix Iorap denials
...
* W FinalizerDaemon: type=1400 audit(0.0:10): avc: denied { getopt } for path=/dev/socket/usap_pool_primary scontext=u:r:permissioncontroller_app:s0:c122,c256,c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.android.permissioncontroller
Change-Id: Idc9cf242578412846e3f770a118fefc6fb5eda29
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-11-07 08:34:26 +01:00
pix106
9188e83cbd
sdm660-common: sepolicy: drop and dontaudit kill and sys_admin permissions.
2022-09-12 22:41:46 +02:00
Adithya R
dd6db97ea5
sdm660-common: drop IFAA/mliplay completely
...
* no one actually uses this
Signed-off-by: SparXFusion <s2234nadar@gmail.com>
Signed-off-by: faham1997 <nafidfaham08@gmail.com>
Signed-off-by: ImPrashantt <prashant33968@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-06-06 12:41:59 +02:00
iusmac
b0841be519
sdm660-common: sepolicy: Adress IORap usap_pool denial
...
W FinalizerDaemon: type=1400 audit(0.0:532): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:rradios0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-05-15 06:36:18 +02:00
pix106
7f5c98e112
sdm660-common: Bring back folio daemon and userspace hall switcher
...
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-03-26 11:56:35 +01:00
clarencelol
1426027286
sdm660-common: sepolicy: unknown type exported_audio_prop
...
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-02-21 06:52:18 +01:00
Kunmun
10087c76b8
sdm660-common: sepolicy: Label more sepolicies for k4.19
...
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-02-21 06:52:18 +01:00
clarencelol
f30354722b
sdm660-common: sepolicy: Address more denials
...
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-02-21 06:52:18 +01:00
Chenyang Zhong
d64b0b54a9
sdm660-common: sepolicy: Address init denial
...
Change-Id: Id0d0c88bbedde6b6586e3a6f04704457d910d8a0
Signed-off-by: pix106 <sbordenave@gmail.com>
2022-02-16 20:58:05 +01:00
pix106
653c608694
Revert "sdm660-common: sepolicy: Address many sys_admin and kill denials"
...
This reverts commit d05ecaa812
2021-12-31 07:51:33 +01:00
pix106
d05ecaa812
sdm660-common: sepolicy: Address many sys_admin and kill denials
...
sdm660-common: sepolicy: Address qti_init_shell kill denial
avc: denied { kill } for comm="init.class_main" capability=5 scontext=u:r:qti_init_shell:s0 tcontext=u:r:qti_init_shell:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address hal_power_default kill and sys_admin denial
avc: denied { sys_admin } for comm="android.hardwar" capability=21 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0
avc: denied { kill } for comm="android.hardwar" capability=5 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address vdc sys_admin denial
avc: denied { sys_admin } for comm="vdc" capability=21 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address vold_prepare_subdirs sys_admin denial
avc: denied { sys_admin } for comm="vold_prepare_su" capability=21 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address fsck sys_admin denial
avc: denied { sys_admin } for comm="e2fsck" capability=21 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0
sdm660-common: sepolicy: address toolbox sys_admin, kill denial
avc: denied { sys_admin } for comm="mkswap" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0
avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address ueventd kill and sys_admin denials
avc: denied { sys_admin } for pid=460 comm="ueventd" capability=21 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0
avc: denied { kill } for comm="ueventd" capability=5 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address irsc_util sys_admin denial
avc: denied { sys_admin } for comm="irsc_util" capability=21 scontext=u:r:irsc_util:s0 tcontext=u:r:irsc_util:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address rfs_access sys_admin denial
avc: denied { sys_admin } for comm="tftp_server" capability=21 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address rmt_storage sys_admin denial
avc: denied { sys_admin } for comm="rmt_storage" capability=21 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address vendor_pd_mapper sys_admin denial
sdm660-common: sepolicy: Address vendor_modprobe sys_admin denial
avc: denied { sys_admin } for comm="modprobe" capability=21 scontext=u:r:vendor_modprobe:s0 tcontext=u:r:vendor_modprobe:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address adbd sys_admin denial
avc: denied { sys_admin } for comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address vendor_dpmd sys_admin denial
avc: denied { sys_admin } for comm="dpmd" capability=21 scontext=u:r:vendor_dpmd:s0 tcontext=u:r:vendor_dpmd:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address thermal-engine sys_admin denial
avc: denied { sys_admin } for comm="thermal-engine" capability=21 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address usbd sys_admin denial
avc: denied { sys_admin } for comm="usbd" capability=21 scontext=u:r:usbd:s0 tcontext=u:r:usbd:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address vendor_msm_irqbalanced sys_admin denial
avc: denied { sys_admin } for comm="msm_irqbalance" capability=21 scontext=u:r:vendor_msm_irqbalanced:s0 tcontext=u:r:vendor_msm_irqbalanced:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address hal_wifi_supplicant_default sys_admin denial
avc: denied { sys_admin } for comm="wpa_supplicant" capability=21 scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:hal_wifi_supplicant_default:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address boringssl_self_test sys_admin denial
avc: denied { sys_admin } for pid=460 comm="boringssl_self_" capability=21 scontext=u:r:boringssl_self_test:s0 tcontext=u:r:boringssl_self_test:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address vendor_boringssl_self_test sys_admin denial
avc: denied { sys_admin } for pid=462 comm="boringssl_self_" capability=21 scontext=u:r:vendor_boringssl_self_test:s0 tcontext=u:r:vendor_boringssl_self_test:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address linkerconfig sys_admin denial
avc: denied { sys_admin } for pid=459 comm="linkerconfig" capability=21 scontext=u:r:linkerconfig:s0 tcontext=u:r:linkerconfig:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address fsverity_init sys_admin denial
avc: denied { sys_admin } for comm="fsverity_init" capability=21 scontext=u:r:fsverity_init:s0 tcontext=u:r:fsverity_init:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address migrate_legacy_obb_data sys_admin denial
avc: denied { sys_admin } for comm="migrate_legacy_" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="mkdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="touch" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rmdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="log" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address hvdcp sys_admin denial
avc: denied { sys_admin } for comm="hvdcp_opti" capability=21 scontext=u:r:hvdcp:s0 tcontext=u:r:hvdcp:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address netmgrd sys_admin denial
avc: denied { sys_admin } for comm="netmgrd" capability=21 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability permissive=0
sdm660-common: sepolicy: Address adbroot sys_admin denial
avc: denied { sys_admin } for comm="adb_root" capability=21 scontext=u:r:adbroot:s0 tcontext=u:r:adbroot:s0 tclass=capability permissive=0
Signed-off-by: pix106 <sbordenave@gmail.com>
2021-11-13 11:31:51 +01:00
raiyanbinmohsin
d995aabb68
Revert "sdm660-common: Awaken-ify"
...
This reverts commit 635c08ae00
2021-11-13 11:31:51 +01:00
OdSazib
5351cc35f9
sdm66-common: sepolicy: Fix labeling sysfs nodes for K4.19
...
- Address more denials and label some new nodes
Signed-off-by: OdSazib <odsazib@gmail.com>
2021-07-16 15:56:07 +06:00
OdSazib
0a263a5716
sdm660-common: sepolicy: Update sepolicy for 4.19
2021-07-13 11:56:43 +06:00
clarencelol
7b3df1cb47
sdm660-common: sepolicy: Label wakeup nodes for 4.19
...
- also resolve arbitrary sysfs paths for system_suspend
2021-06-07 09:21:11 +06:00
OdSazib
478a2b33b6
sdm660-common: sepolicy: Rework sepolicy (No more neverallow)
...
- Thanks to LineageOS and our sdm660 community
Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c
2021-05-18 05:03:51 +06:00
OdSazib
1edf16f04c
sdm660-common: apex: Symlink metadata to existing sessions
...
* Better we do this instead of creating extra dir
2021-02-16 18:50:35 +06:00
Chenyang Zhong
851d88070e
sdm660-common: create and symlink a dummy /metadata/apex
...
Google moved apex sessions directory from /data/apex/sessions to
/metadata/apex/sessions after commit:
"Move apex sessions directory to /metadata"
36cf4bbac6
2021-02-09 20:53:35 +06:00
OdSazib
2135c18643
sdm660-common: DeviceSettings: Drop userspace hall switcher
...
* The sensor works as it is, hence not needed anymore
2021-02-03 23:05:50 +06:00
OdSazib
dd30ca9b1e
sdm660-common: sepolicy: Allow ota updater to access package file
2021-01-27 20:41:45 +06:00
OdSazib
9492d1fa58
sdm660-common: Use stock poweroff charging animation
...
* It's best animation out there with battery level
This reverts commit 9271fec5a4
2020-12-21 09:19:25 +06:00
OdSazib
9a192b7de0
sdm660-common: sepolicy: Update sepolicy and cleanup
...
* Address some denials from android 11
* Fix video recording
* Sort in alphabetic order
Signed-off-by: OdSazib <odsazib@gmail.com>
2020-12-21 09:16:25 +06:00
OdSazib
f614ba1ce6
sdm660-common: Clean up sepolicy for Android 11
...
checkpolicy: error(s) encountered while parsing configuration
Changes in Android 11
* dpmd > vendor_dpmd
* persist_camera_prop > vendor_persist_camera_prop
* persist_dpm_prop > vendor_persist_dpm_prop
Signed-off-by: OdSazib <odsazib@gmail.com>
2020-12-13 18:38:07 +06:00
Michael Bestas
5fcfc725ef
sdm660-common: sepolicy: Allow dpmd set ctl_stop_prop
...
Change-Id: Id24b6370e907cc153b07383c65416aa9226e65a8
2020-08-12 02:11:34 +06:00
chandra chaganti
691a8c6843
sdm660-common: sepolicy: allow appdomain to get persist_camera_prop
...
* E libc : Access denied finding property "vendor.camera.aux.packagelist"
Change-Id: I06feb5bd6a2321880065585395101c349c741909
2020-01-28 16:59:19 +01:00
dianlujitao
e427647713
sdm660-common: sepolicy: Label vendor.camera.aux.packageblacklist
...
Change-Id: I07b82e0ba4a8e16faf67c64e0ffe73a690b38064
Signed-off-by: Sebita <kjjjnob.seba@gmail.com>
2020-01-06 10:50:34 +01:00
Nick Kralevich
160b13b9df
sdm660: folio_daemon: Add system_file_type in sepolicy
...
This file resides on /system, so must be annotated with the
system_file_type attribute.
Test: Policy compiles.
Change-Id: Ic834caefe1417465ac842ddce909e968511f45b2
2019-10-19 20:51:10 +02:00
Jeff Vander Stoep
c145e57b0f
sdm660: Move folio_daemon to system in sepolicy
...
Remove Treble violations.
Bug: 36867326
Bug: 62387246
Test: loaded on taimen, checked dmesg, and tested daemon with magnet
Change-Id: I4662b41206b94cae6ac9843b5dc7e1452003c63c
2019-10-19 20:50:52 +02:00
Kevin F. Haggerty
d34b30b2e6
sdm660-common: Allow dnsmasq to getattr netd unix_stream_socket
...
* Noted upon starting wifi tether
* avc: denied { getattr } for path="socket:[11154]" dev="sockfs"
ino=11154 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0
tclass=unix_stream_socket permissive=0
Change-Id: I98afc740fda3eb87a627abc414525b05f6877e33
2019-08-15 15:31:32 +02:00
Max Weffers
20f13a6298
sdm660: sepolicy: Label sys.listeners.registered as tee_listener_prop
2019-08-15 15:31:17 +02:00
GuaiYiHu
05085a02e2
sdm660: sepolicy: Address denials
...
Change-Id: I8fad5d60ca066b758c526f2027985b63662180cc
2019-08-14 10:04:13 +02:00
