MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4813 commits 1 branch 0 tags 12 MiB
Commit graph

346 commits

Author SHA1 Message Date
pix106
630b415554 sdm660-common: sepolicy: label gf.debug.whitebox.enabled 2023-01-08 20:28:01 +01:00
pix106
2b5dfda876 sdm660-common: sepolicy: allow hal_capabilityconfigstore_qti_default access to vendor_cap_configstore_dbg_prop 2023-01-08 08:59:27 +01:00
pix106
657e264742 sdm660-common: sepolicy: allow platform_app to read config.gz 
type=1400 audit(0.0:2767): avc: denied { read } for name="config.gz" dev="proc" ino=4026532183 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:config_gz:s0 tclass=file permissive=0 app=com.android.launcher3
 2023-01-04 06:53:43 +01:00
Kevin F. Haggerty
7e036b7ae1 sdm660-common: sepolicy: Allow platform_app to access zram sysfs nodes 
avc: denied { search } for name=zram0 dev=sysfs ino=20744
scontext=u:r:platform_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir
permissive=0

Signed-off-by: minaripenguin <minaripenguin@users.noreply.github.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2023-01-04 06:23:15 +01:00
Wilson Chan
e1a20c6dee Revert "sdm660-common: power-libperfmgr: Add Flipendo powerhint" 
- Add sepolicy for dex2oat powerhal props to vendor_power_prop

Test: boot and check powerhint parse logs
Test: enabled extreme battery saver and check scaling_max_freq

[clarencelol]: Adapt to sdm660 freq
 2023-01-04 06:23:15 +01:00
pix106
0fcf8ea137 Revert "sdm660-common: Migrate to Xiaomi power AIDL HAL" 
Revert "sdm660-common: rootdir: Clean part of Unexported properties"
Revert "sdm660-common: power-libperfmgr: Reduce GPU idle timer to 64ms"
 2023-01-04 06:23:14 +01:00
pix106
2cc84ac68d sdm660-common: sepolicy: allow vendor_init to read hal_camera_prop 2022-12-28 18:15:49 +01:00
brunorolak
91d1bdc13e sdm660-common: sepolicy: remove camera duplicates 
Duplicate prefix match detected for 'vendor.camera.skip_unconfigure.packagelist'

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-27 07:38:22 +01:00
Bruno Martins
71c49fcc8c sdm660-common: Migrate to Xiaomi power AIDL HAL 
Change-Id: I42170d51a517170b58d532addd9c38496e43457c

jasmine_sprout: Remove QTI perfd

Bug: 69270928
Test: Build and boot device and test camera
Change-Id: I87b283206f462fb5c8ec9cdd303ae2934fe9bfc4

jasmine_sprout: Declare BOARD_VENDOR

* Needed for xiaomi-perfmgr power AIDL guards

Change-Id: Idbb48e0f9b01090a456ad5d3f2d51f4dfab55672

jasmine_sprout: Create dummy libqti-perfd-client

* proprietary perfd blobs can finally be nuked without breaking goodix
* we could even map the functions to use libperfmgr powerhints in the future

[SebaUbuntu]: Cleanup Android.bp and add copyright header

Change-Id: I124652f3041761966a3e3bd97c757fecc39cc5fb

jasmine_sprout: libqti-perfd-client: Remove namespace declaration

It's pointless when using extern "C".

Change-Id: Ibdf9f06a70aa3a75687b33781c78cf2172bb334d

jasmine_sprout: libqti-perfd-client: return a dummy value

Return a positive integer for perf lock acquire and release so
that Goodix/FPC fingerprint sensor blobs will not complain.

Goodix:
E [goodixHAL][gf_hal_milan_f_series]: goodix_perf_lock_acquire: Failed to acquire perf lock, err: 0
E [goodixHAL][gf_hal_milan_f_series]: goodix_perf_lock_release: Perf lock release error 0

FPC:
E fpc_tac : fpc_perf_lock_acquire: Incorrect params, Failed to acquire perf lock, err
E fpc_tac : fpc_perf_lock_release: Perf lock release error 0

Signed-off-by: Chenyang Zhong <zhongcy95@gmail.com>
Change-Id: I861672e9a738c2204755d802670f4b28b662f286

jasmine_sprout: libqti-perfd-client: Move to C

* Why bothering with C++ mangling when we can just build it as a standard C library?

Change-Id: I45ea977edf7ea7fab6fece76f3049654a8d24c5d

jasmine_sprout: Add powerhint.json jasmine

Change-Id: If270fc906fd833bb6b0d3b00621c0b079346e47d

jasmine_sprout: rootdir: Initial libperfmgr init config

* From coral, heavily stripped down

Change-Id: Ib6846e4f4f23baf56910d2330e26846b99830218

jasmine_sprout: sepolicy: Initial libperfmgr sepolicy

Change-Id: I3d0a259bc89b4ecd0bf1632199172710d98230e0

jasmine_sprout: Don't explicitly build older minor version HIDL libs

Change-Id: Ib0caa49054a79b1f01ffc751826286a29c642e06

jasmine_sprout: Remove QTI perf reminants

jasmine_sprout: Add back ro.vendor.extension_library definition

 * We aren't using QCOM's perfd but our blobs still check for this.
 * To avoid unnecessary errors, let's just add it back.

Change-Id: Icc44b330f21a658cfa8ded691a6628d8f62c3649
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-27 07:34:56 +01:00
Sebastiano Barezzi
c8d924ba0a sdm660-common: Move to common Xiaomi lights AIDL 
Change-Id: Icb3bb31ebad01519b91a6d41b47e1b57e1ac84e1
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-22 04:56:20 +01:00
pix106
aa76e60586 sdm660-common: sepolicy: allow zygote to search vendor_framework_file 
type=1400 audit(0.0:55): avc: denied { search } for name="framework" dev="mmcblk0p14" ino=1094 scontext=u:r:zygote:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=dir permissive=0
 2022-12-22 04:56:20 +01:00
7Soldier
9aeebe4081 sdm660-common: sepolicy: Dontaudit crash_dump init ptrace denial 
Signed-off-by: 7Soldier <reg.fm4@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-22 04:56:20 +01:00
romgharti
b374e4b4bc sdm660-commoy: sepolicy: Adress isolated_app denial 
avc:  denied  { find } for pid=5488 uid=90000 name=content_capture scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-22 04:56:20 +01:00
Elektroschmock
7c2ddff90f sdm660-common: sepolicy: Fix isolated_app denial 
avc: denied { setattr } for comm="CrUtilityMain" name="commands.json" dev="mmcblk0p42" ino=1251111 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="commands.json" dev="mmcblk0p42" ino=1251111 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="f2" dev="mmcblk0p42" ino=1251128 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="f2" dev="mmcblk0p42" ino=1251128 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0

Change-Id: I9a70417149c3239b89cc4266942cb3de4da34a4f
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-22 04:56:20 +01:00
drkphnx
b9d8296f0e sdm660-common: sepolicy: address or dontaudit some untrusted_app denials 
Signed-off-by: drkphnx <dark.phnx12@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-22 04:56:20 +01:00
boedhack99
6ec5654a34 sdm660-common: sepolicy: Address system_server denials 
[   74.956461] type=1400 audit(1660191118.746:65): avc: denied { ioctl } for comm=PackageManagerB path=/product/app/YouTubeMusicPrebuilt/YouTubeMusicPrebuilt.apk dev=dm-3 ino=76 ioctlcmd=0x6686 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0

Change-Id: I2e35d9d284273962a9c1d6a41dea9a0e9677e5ef
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-12-22 04:56:20 +01:00
pix106
fe4f91bb8f Revert "sdm660-common: sepolicy: Allow system_app to read /proc/pagetypeinfo" 
* duplicated rule

This reverts commit 5df53b728d.
 2022-12-22 04:56:20 +01:00
pix106
e41816077c sdm660-common: sepolicy: allow apexd to read apex_metadata_file 
* type=1400 audit(115448057.189:5): avc: denied { read } for comm="apexd" name="apex" dev="mmcblk0p63" ino=32 scontext=u:r:apexd:s0 tcontext=u:object_r:apex_metadata_file:s0 tclass=lnk_file permissive=0
 2022-12-22 04:56:20 +01:00
Aditya Pratap Singh
25a33facca sdm660-common: sepolicy: allow untrusted_app_zygote to access unix stream socket 
avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:r:untrusted_app:s0:c26,c257,c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.topjohnwu.magisk
Signed-off-by: afterallafk<shivamatiet2001@gmail.com>
Signed-off-by: Abhishek001konni <Abhishek001konni@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-11-07 08:34:27 +01:00
pix106
d58068cc9f sdm660-common: sepolicy: adress untrusted_app_27 unix_stream_socket denials 2022-11-07 08:34:27 +01:00
sabarop
16db6a4456 sdm660-common: sepolicy: address multiple denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-11-07 08:34:26 +01:00
boedhack99
4de8dd15b3 sdm660-common: sepolicy: More fix Iorap denials 
* W FinalizerDaemon: type=1400 audit(0.0:10): avc: denied { getopt } for path=/dev/socket/usap_pool_primary scontext=u:r:permissioncontroller_app:s0:c122,c256,c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.android.permissioncontroller

Change-Id: Idc9cf242578412846e3f770a118fefc6fb5eda29
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-11-07 08:34:26 +01:00
Mohan C M
55c4433e3a sdm660-common: sepolicy: address hal_bluetooth_qti 
- avc: denied { read } for comm="bluetooth@1.0-s" name="ssrdump" dev="mmcblk0p49" ino=2162694 scontext=u:r:hal_bluetooth_qti:s0 tcontext=u:object_r:ramdump_vendor_data_file:s0 tclass=dir permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-11-07 08:34:26 +01:00
pix106
25b04c31af sdm660-common: sepolicy: address surfaceflinger hal_graphics_composer_default denial 2022-11-07 08:34:26 +01:00
pix106
fa6dfc8c13 sdm660-common: sepolicy: address qti_init_shell proc_watermark_scale_factor denials 2022-11-07 08:34:26 +01:00
pix106
2f38bc6da8 FIX sdm660-common: sepolicy: label init.goodix.sh and fingerprint datafile 2022-11-07 08:15:11 +01:00
pix106
9572ebacd7 sdm660-common: sepolicy: allow hal_power_default sys_admin capability 2022-10-11 09:24:15 +02:00
Rick Yiu
e279964f3c sdm660-common: sepolicy: Add permission to access proc_energy_aware file node 
This reverts commit 2c07bbc96e.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-10-11 08:47:30 +02:00
Elektroschmock
c4050270fd sdm660-common: sepolicy: Label /dev/stune(/.*) as cgroup 
* avc: denied { write } for comm="adb_root" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="adb_root" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="installd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="installd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="netd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="netd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="storaged" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="storaged" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="apexd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:apexd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0

Change-Id: Idc69978328640ff40ad5efe2f0abd79304e75893
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-10-11 08:47:30 +02:00
pix106
717057c76c sdm660-common: sepolicy: relabel miui prop 2022-10-11 08:47:30 +02:00
pix106
90b568e7b7 sdm660-common: sepolicy: drop and dontaudit kill and sys_admin permissions. 2022-09-13 06:56:46 +02:00
UtsavBalar1231
5852c41f14 sdm660-common: sepolicy: Allow init.qcom.post_boot.sh to set watermark_scale_factor 
This fixes:
W init.qcom.post_: type=1400 audit(0.0:42): avc: denied { write } for name="watermark_scale_factor" dev="proc" ino=52566 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:proc_watermark_scale_factor:s0 tclass=file permissive=0

Change-Id: Ib79c0208e758f03df5ce6652322802354836d6a5
Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-09-13 06:56:46 +02:00
Dyneteve
66e57467db sdm660-common: sepolicy: Fix OTA on encrypted f2fs. 
* uncrypt : type=1400 audit(0.0:12165): avc: denied { sys_admin } for capability=21 scontext=u:r:uncrypt:s0 tcontext=u:r:uncrypt:s0 tclass=capability permissive=0

Change-Id: Ifec7cea45830a9e10f55a194e377857429bf4051
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-09-13 06:56:46 +02:00
Kevin F. Haggerty
5df53b728d sdm660-common: sepolicy: Allow system_app to read /proc/pagetypeinfo 
avc: denied { read } for name="pagetypeinfo" dev="proc" ino=4026543033
scontext=u:r:system_app:s0 tcontext=u:object_r:proc_pagetypeinfo:s0
tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-09-13 06:56:46 +02:00
pix106
9188e83cbd sdm660-common: sepolicy: drop and dontaudit kill and sys_admin permissions. 2022-09-12 22:41:46 +02:00
pix106
077a21d15e sdm660-common: sepolicy: move system_app.te 2022-09-11 10:58:54 +02:00
pix106
467daca424 sdm660-common: sepolicy: label init.goodix.sh and fingerprint datafile 
Could not start service 'vendor.goodix_script' as part of class 'late_start': File /vendor/bin/init.goodix.sh (labeled u:object_r:vendor_file:s0) has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-09-04 09:20:37 +02:00
pix106
922735f672 sdm660-common: sepolicy: label sys.camera.miui.apk prop 
audit(0.0:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=sys.camera.miui.apk pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:hal_camera_prop:s0 tclass=file permissive=0'

vendor_init already has permissions on vendor_camera_prop, so set sys.camera.miui.apk as vendor_camera_prop

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-08-30 20:00:11 +02:00
boedhack99
641996465a sdm660-common: sepolicy: Allow zygote to search adsprpdc file 
Fixes:
avc: denied { search } for comm="main" name="/" dev="sde48" ino=2 scontext=u:r:zygote:s0 tcontext=u:object_r:adsprpcd_file:s0 tclass=dir permissive=0
avc: denied { search } for comm="usap64" name="/" dev="sde48" ino=2 scontext=u:r:zygote:s0 tcontext=u:object_r:adsprpcd_file:s0 tclass=dir permissive=0

Change-Id: Idd3df6ec46049d5691e298ac1d0851d7ab0bead3
Signed-off-by: Khusika Dhamar Gusti <mail@khusika.dev>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-08-25 10:04:35 +02:00
pix106
3a56beef55 sdm660-common: sepolicy: Label ro.audio.usb.period_us 
Co-authored-by: Omar Hamad <etahamad@icloud.com>
 2022-08-18 08:52:27 +02:00
pix106
998d8a03be sdm660-common: sepolicy: address hal_bluetooth_qti diag_device chr_file denial 2022-08-08 22:52:29 +02:00
pix106
ce09f0e3af sdm660-common: DeviceSettings: Adapt vibration control to QTI Haptics 
* needs kernel support
 2022-07-29 13:48:08 +02:00
Kevin F. Haggerty
1f7abf2f4e sdm660-common: sepolicy: Allow system_app to read /proc/pagetypeinfo 
avc: denied { read } for name="pagetypeinfo" dev="proc" ino=4026543033
scontext=u:r:system_app:s0 tcontext=u:object_r:proc_pagetypeinfo:s0
tclass=file permissive=0

Change-Id: I16465eb9acca9ff64a755d47f86f4ff424ebe4de
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-07-29 13:48:08 +02:00
pix106
fdf6fbbe8d sdm660-common: sepolicy: rename 'bluetooth.te ' 2022-07-29 13:48:08 +02:00
Adithya R
cff5bdbd3b sdm660-common: sepolicy: Allow vendor_init to set ssr prop 
E init    : Do not have permissions to set 'persist.vendor.ssr.restart_level' to 'ALL_ENABLE' in property file '/vendor/build.prop': SELinux permission check failed

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-07-04 07:40:35 +02:00
pix106
ff88467668 sdm660-common: sepolicy: Address installd kill capability denial 
11-19 18:40:50.303 14813 14813 W cp      : type=1400 audit(0.0:45): avc: denied { kill } for capability=5 scontext=u:r:installd:s0 tcontext=u:r:installd:s0 tclass=capability permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-19 21:37:31 +02:00
pix106
99f4032d92 sdm660-common: sepolicy: Adress qti_init_shell persist_file denials 2022-06-19 21:37:26 +02:00
pix106
9f73958b59 sdm660-common: sepolicy: Address hal_audio_default persist_file denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-16 06:18:31 +02:00
pix106
8600a1d97f sdm660-common: sepolicy: Address zygote unix_stream_socket denials 2022-06-16 06:18:31 +02:00
pix106
f8c33f55be sdm660-common: sepolicy: allow hal_wifi_default to get persist_vendor_debug_wifi_prop props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 17:58:45 +02:00
pix106
837f5ca200 sdm660-common: sepolicy: Address vendor_init persist_file denials 
avc: denied { read } for comm="init" name="persist" dev="mmcblk0p13" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 17:52:42 +02:00
pix106
8193f9632b Revert "sdm660-common: sepolicy: cleanup sepolicy/vendor/tee.te" 
This reverts commit aea288de3b.
 2022-06-06 17:45:39 +02:00
Rahul Krishna
0bb3001be2 sem660-common: sepolicy: Label notification led nodes 
* adapt to 4.19 sysfs path

Change-Id: Id4b74a3e61525810698ef0d4477856620c2a5490
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 12:41:59 +02:00
pix106
f5050df60f sdm660-common: sepolicy: drop Mlipay sepolicy 2022-06-06 12:41:59 +02:00
Adithya R
dd6db97ea5 sdm660-common: drop IFAA/mliplay completely 
* no one actually uses this

Signed-off-by: SparXFusion <s2234nadar@gmail.com>
Signed-off-by: faham1997 <nafidfaham08@gmail.com>
Signed-off-by: ImPrashantt <prashant33968@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 12:41:59 +02:00
Edwin Moquete
097c21d39f sdm660-common: Update radio blobs from ginkgo 
* Cleanup and disable ATFWD

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 10:25:30 +02:00
pix106
5b7ba9c20b sdm660-common: sepolicy: Address system_app sysfs_graphics denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 07:07:31 +02:00
pix106
3b1238fc93 sdm660-common: sepolicy: Address vendor_pd_locater_dbg_prop denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:41:37 +02:00
pix106
89c611bb8d sdm660-common: sepolicy: Label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:37:16 +02:00
clarencelol
a26372805e sdm660-common: sepolicy: Address hal_wifi_default denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:36:18 +02:00
iusmac
b0841be519 sdm660-common: sepolicy: Adress IORap usap_pool denial 
W FinalizerDaemon: type=1400 audit(0.0:532): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:rradios0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:36:18 +02:00
pix106
71a635149b sdm660-common: sepolicy: address gmscore_app traced denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 18:10:19 +02:00
ChengYou Ho
523f856d9e sdm660-common: sepolicy: Allow surfaceflinger to search hal_graphics_composer_default 
[log]
avc: denied { search } dev="proc" scontext=u:r:surfaceflinger:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=dir permissive=0

Bug: 154688047
Change-Id: Ia9735f2b938f57c37f741d6f0526cf29df180fcb
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 15:27:37 +02:00
pix106
b07ef1d515 sdm660-common: sepolicy: address hal_bluetooth_qti qipcrtr_socket denials 2022-05-07 15:27:37 +02:00
Demon Singur
81083ebf5c sdm660-common: sepolicy: let camera hal access /data/misc files 
Removed from system_sepolicy, but still needed by our old camera stack.

Solves the following denials.
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0

Change-Id: I497bade68e6a5b2f60cd8ec90a97a81986d971af
Signed-off-by: Hadad <repo-sync@outlook.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 15:27:37 +02:00
pix106
7c4bba77a9 sdm660-common: sepolicy: Label more camera props 2022-05-07 15:27:37 +02:00
pix106
b802fbff4b sdm660-common: sepolicy: fix sepolicy to use vendor_camera_prop 2022-05-06 23:52:59 +02:00
clarencelol
7c134c0715 sdm660-common: sepolicy: Address more denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
clarencelol
ee42318baf sdm660-common: sepolicy: Address some camera denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Co-authored-by: pix106 <sbordenave@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
Kshitij Gupta
b6f2052cd7 sdm660-common: sepolicy: dontaudit untrusted_app to open ashmem_device 
- Fixes scroll lag in many apps, such as Twitter:
    W RenderThread: type=1400 audit(0.0:12371): avc: denied { open } for path=/dev/ashmem dev=tmpfs ino=10848 scontext=u:r:untrusted_app:s0:c123,c256,c512,c768 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file permissive=0 app=com.twitter.android
- Apps are no longer allowed open access to /dev/ashmem, unless they
  target API level < Q.
  (8b12ff5f21)

Change-Id: I6405786fea05891642d8437acafcd8c891d75912
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
clarencelol
68b51b59ee sdm660-common: Nuke powerstats HAL 
* Powerstats are so buggy lmao, it keeps error  android.hardware.power.stats@1.0-service.xiaomi_sdm660: Failed to getEnergyData

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
ba258d8957 sdm660-common: clover: sepolicy: change dt2w path for 4.19 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
Max Weffers
bfd5bb16ae sdm660-common: clover: sepolicy: Label dt2w nodes 
Co-authored-by: pix106 <sbordenave@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
347bc3181e sdm660-common: clover: sepolicy: Adress no fingerprint denials 
avc: denied { mounton } for comm="init" path="/vendor/etc/permissions/android.hardware.fingerprint.xml" dev="mmcblk0p14" ino=513 scontext=u:r:init:s0 tcontext=u:object_r:vendor_configs_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/framework/com.fingerprints.extension.jar" dev="mmcblk0p14" ino=651 scontext=u:r:init:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/etc/permissions/com.fingerprints.extension.xml" dev="mmcblk0p14" ino=546 scontext=u:r:init:s0 tcontext=u:object_r:vendor_configs_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/app/FingerprintExtensionService/FingerprintExtensionService.apk" dev="mmcblk0p14" ino=20 scontext=u:r:init:s0 tcontext=u:object_r:vendor_app_file:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
8d5ad52d17 sdm660-common: clover: sepolicy: Address noril denials 
avc: denied { mounton } for comm="init" path="/system/app/CarrierDefaultApp/CarrierDefaultApp.apk" dev="mmcblk0p13" ino=118 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/product/app/messaging/messaging.apk" dev="mmcblk0p13" ino=2818 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/product/priv-app/Dialer/Dialer.apk" dev="mmcblk0p13" ino=3324 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/system_ext/priv-app/CarrierConfig/CarrierConfig.apk" dev="mmcblk0p13" ino=3648 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/priv-app/CallLogBackup/CallLogBackup.apk" dev="mmcblk0p13" ino=2549 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/priv-app/CellBroadcastLegacyApp/CellBroadcastLegacyApp.apk" dev="mmcblk0p13" ino=2555 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/system_ext/priv-app/EmergencyInfo/EmergencyInfo.apk" dev="mmcblk0p13" ino=3666 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
7f5c98e112 sdm660-common: Bring back folio daemon and userspace hall switcher 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
clarencelol
dabe131677 sdm660-common: sepolicy: Recover back some wakeup nodes 
* Got deleted in bfa5307238

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:34 +01:00
clarencelol
dab63c3e87 sdm660-common: sepolicy: Fix neverallows 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:34 +01:00
pix106
03af5cd52d sdm660-common: sepolicy: Address hal_camera_default bootanim_system_prop denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
3a94fe2218 sdm660-common: sepolicy: Address hal_camera_default persist_camera_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Nolen Johnson
6738906339 sdm660-common: sepolicy: Allow hal_camera_default to set camera properties 
Change-Id: I69f4d1039c3ccae4d21aaddb35d09ae575bd3979
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
f2daf4bd2f sdm660-common: sepolicy: Clean camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
4ad2b0e7e1 sdm660-common: sepolicy: Address pixel powerstats rules 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
e22941eedf sdm660-common: sepolicy: Drop neverallows 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
e63aed4ff1 sdm660-common: sepolicy: Goodbye neverallows 
* Drop some neverallows along the way

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Adithya R
fbd91b6f05 sdm660-common: init: Add MIUI camera flag from stock 
* Prebuilt libcameraservice sets this prop to 1 if the running camera
   app is MIUI/ANX camera, and 0 otherwise

 * This is needed to unlock all functions of MIUI/ANX camera in
   the camera HAL, such as pro mode controls, beauty modes, portrait
   depth slider and much more, and mainly fixes excess noise in
   camera shots taken with our ultrawide lens

 * We won't keep the prop enabled by default because as long as its
   enabled, gcam/mods crash immediately on launch and we don't want
   that. So let's retain the stock behaviour instead.

[clarencelol]: * avc: denied { set } for property=sys.camera.miui.apk pid=1008 uid=1047 gid=1005 scontext=u:object_r:system_prop:s0 tclass=property_service permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
5514002bef sdm660-common: Cleanup sepolicy 
* Fix neverallows

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
1426027286 sdm660-common: sepolicy: unknown type exported_audio_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Kunmun
10087c76b8 sdm660-common: sepolicy: Label more sepolicies for k4.19 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Kyle Harrison
9730b3c65c sdm660-common: sepolicy: Fix exported_camera_prop denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Anush02198
72d6549660 sdm660-common: Address some more denials 
Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Pulkit077
ea39254a1c sdm660-common: sepolicy: Allow gpuservice read graphics_config_prop 
avc: denied { read } for comm="Binder:594_1" name="u:object_r:graphics_config_prop:s0" dev="tmpfs" ino=15716 scontext=u:r:gpuservice:s0 tcontext=u:object_r:graphics_config_prop:s0 tclass=file permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
f30354722b sdm660-common: sepolicy: Address more denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Chenyang Zhong
d64b0b54a9 sdm660-common: sepolicy: Address init denial 
Change-Id: Id0d0c88bbedde6b6586e3a6f04704457d910d8a0
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
pix106
f6c3a49bb9 sdm660-common: sepolicy: Cleanup after LA.UM.10.2.1.r1-03200-sdm660.0 merge 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
pix106
a3055ff0ea sdm660-common: sepolicy: Label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
Inseob Kim
1b8a185822 sdm660-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

[Ratoriku: Adapted to xiaomi sdm660]

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Merged-In: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5d9ffeff77 sdm660-common: sepolicy: cleanup sepolicy/vendor/vendor_init.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
aea288de3b sdm660-common: sepolicy: cleanup sepolicy/vendor/tee.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5d12996503 sdm660-common: sepolicy: cleanup sepolicy/vendor/system_server.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00