MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4620 commits 1 branch 0 tags 12 MiB
Commit graph

310 commits

Author SHA1 Message Date
clarencelol
5514002bef sdm660-common: Cleanup sepolicy 
* Fix neverallows

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
1426027286 sdm660-common: sepolicy: unknown type exported_audio_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Kunmun
10087c76b8 sdm660-common: sepolicy: Label more sepolicies for k4.19 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Kyle Harrison
9730b3c65c sdm660-common: sepolicy: Fix exported_camera_prop denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Anush02198
72d6549660 sdm660-common: Address some more denials 
Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Pulkit077
ea39254a1c sdm660-common: sepolicy: Allow gpuservice read graphics_config_prop 
avc: denied { read } for comm="Binder:594_1" name="u:object_r:graphics_config_prop:s0" dev="tmpfs" ino=15716 scontext=u:r:gpuservice:s0 tcontext=u:object_r:graphics_config_prop:s0 tclass=file permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
f30354722b sdm660-common: sepolicy: Address more denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Chenyang Zhong
d64b0b54a9 sdm660-common: sepolicy: Address init denial 
Change-Id: Id0d0c88bbedde6b6586e3a6f04704457d910d8a0
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
pix106
f6c3a49bb9 sdm660-common: sepolicy: Cleanup after LA.UM.10.2.1.r1-03200-sdm660.0 merge 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
pix106
a3055ff0ea sdm660-common: sepolicy: Label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
Inseob Kim
1b8a185822 sdm660-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

[Ratoriku: Adapted to xiaomi sdm660]

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Merged-In: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5d9ffeff77 sdm660-common: sepolicy: cleanup sepolicy/vendor/vendor_init.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
aea288de3b sdm660-common: sepolicy: cleanup sepolicy/vendor/tee.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5d12996503 sdm660-common: sepolicy: cleanup sepolicy/vendor/system_server.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5b91ac6f34 sdm660-common: sepolicy: cleanup sepolicy/vendor/system_app.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
34bcdb600a sdm660-common: sepolicy: cleanup sepolicy/vendor/property_contexts 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
85356b81c5 sdm660-common: sepolicy: drop some gmscore_app rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
e5cf3162cb sdm660-common: sepolicy: drop installd public rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
e2366e40e8 sdm660-common: sepolicy: clean ssgtzd rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
3ecd23c72e Revert "sdm660-common: sepolicy: Address hal_camera_default diag_device denials" 
This reverts commit 86a8976fed64394818e4f61787160aff822e122d.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
2c07bbc96e Revert "sdm660-common: sepolicy: Add permission to access proc_energy_aware file node" 
This reverts commit 15d2b27649b63a2c3fde9a0a1db4f41d733e3c13.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
968d356efe sdm660-common: sepolicy: rework wakeup nodes 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
Max Weffers
bbc6ad98ce sdm660-common: sepolicy: Add Hardware Info permssions and sepolicy rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
d3dcfacce6 sdm660-common: sepolicy: label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
f57c4848a5 Revert "sdm660-common: sepolicy: Fix Camera Denials" 
This reverts commit c1713821ef3bd923c888f850559231fef0ddcfc7.
 2022-02-16 20:55:38 +01:00
daniml3
56d437a773 sdm660-common: sepolicy: Allow hal_audio_default to interact with audio props 
Signed-off-by: daniml3 <daniel@danielml.dev>
Change-Id: I573852e491e781ef60158ede160a7929a33d62a4
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
Edwin Moquete
db5b05330d sdm660-common: sepolicy: Address healthd denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
Edwin Moquete
65b5513c79 sdm660-common: sepolicy: Label some wakeup nodes 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
clarencelol
1284e340a0 sdm660-common: sepolicy: Label wakeup nodes for 4.19 
- also resolve arbitrary sysfs paths for system_suspend

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
clarencelol
4f5d077936 sdm660-common: sepolicy: Address some denials 
* avc: denied { search } for name="data" dev="mmcblk0p69" ino=3072001 scontext=u:r:vendor_dataservice_app:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
clarencelol
819130673b sdm660-common: sepolicy: Fix some PowerHAL denials 
* Let powerhal reads and writes
* device_latency -> latency_device

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Rick Yiu
5183d7fb36 sdm660-common: sepolicy: Add permission to access proc_energy_aware file node 
Energy aware feature control is previously done through debugfs,
which will be deprecated, so move the control to sysctl. Added
permisson for it, and removed the one unused.

[    1.460128] audit: type=1400 audit(2753763.033:8): avc:  denied  { write } for  pid=537 comm="init" name="energy_aware" dev="proc" ino=21663 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

10-05 16:49:18.933   820   820 W NodeLooperThrea: type=1400 audit(0.0:1097): avc: denied { write } for name="energy_aware" dev="proc" ino=66567 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

10-05 17:00:15.726   822   822 W NodeLooperThrea: type=1400 audit(0.0:262): avc: denied { open } for path="/proc/sys/kernel/energy_aware" dev="proc" ino=51228 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

Bug: 141333728
Test: function works as expected
Change-Id: I2b4eda73bfa34824244e21d804b48eee49a71eae
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
DillerOFire
c825b9bdb8 sdm660-common: sepolicy: Allow kernel to create qipcrtr_socket 
* Fixes modem crashes in user build

Change-Id: I1f69408dd1e0289ccd9bb0a6a39ffcc0f289fabd
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
cede39d305 Revert "sdm660-common: sepolicy: Label sys.use_fifo_ui and address system_server vendor_video_prop denial" 
This reverts commit ee3fa3b300.
 2021-12-31 07:51:33 +01:00
pix106
653c608694 Revert "sdm660-common: sepolicy: Address many sys_admin and kill denials" 
This reverts commit d05ecaa812.
 2021-12-31 07:51:33 +01:00
pix106
87ec9f49d1 Revert "sdm660-common: sepolicy: dontaudit netutils_wrapper sys_admin denials" 
This reverts commit f475ccf892.
 2021-12-31 07:51:33 +01:00
pix106
4c65fc4ecf sdm660-common: sepolicy: Clean SEPolicy after LA.UM.10.2.1.r1-02700-sdm660.0 merge 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
b6cfa81507 sdm660-common: sepolicy: drop netmgrd vendor_data_qmipriod_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
clarencelol
ac362f97eb sdm660-common: sepolicy: Address denials 
* init: Unable to set property 'persist.vendor.data.shsusr_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed
* init: Unable to set property 'persist.vendor.data.offload_ko_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed
* init: Unable to set property 'persist.vendor.data.qmipriod_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
clarencelol
68d9ac06ce sdm660-common: sepolicy: unknown type exported_audio_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
clarencelol
cdaf69248d sdm660-common: sepolicy: Address pixel powerstats rules 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
4dc2cf5d58 sdm660-common: sepolicy: Label some camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
4a43432067 sdm660-common: sepolicy: Address hal_camera_default diag_device denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
iamehsangh
509307f0ec sdm660-common: sepolicy: Fix Camera Denials 
W HwBinder: type=1400 audit(0.0:5750): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_video_prop:s0" dev="tmpfs" ino=17412 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_video_prop:s0 tclass=file permissive=0
E libc    : Access denied finding property "vendor.video.disable.ubwc"

W/CAM_cpp: type=1400 audit(0.0:5733): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=19517 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
E/libc    :Access denied finding property "ubwc.no.compression"

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
0525c2a968 sdm660-common: sepolicy: Adress vendor_init fingerprint denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Chitti Babu Theegala
c0b410af36 sdm660-common: sepolicy: adding proc-fs rw permission for hal_power_default 
Change-Id: Ib8c69ca6ca9de3d54f352520412f508dcb1af079
Signed-off-by: Ratoriku <a1063021545@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Wei Wang
ffc9445207 sdm660-common: sepolicy: Allow PowerHAL to change sched for ADPF 
Test: build
Bug: 177492680
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I71d4f6e2d160caad03243295003743f27b4e1736
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Jimmy Shiu
31a8b54659 sdm660-common: sepolicy: Allow PowerHAL to set sched 
system_server also creates UI sometimes.
Ex: ANR Dialog, the Pointer Location in developer options.

Bug: 194775170
Test: build and enable Pointer Location debug option
Merged-In: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Change-Id: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Rick Yiu
4668e4c349 sdm660-common: sepolicy: Grant hal_power_default cgroup read file permission 
It is a cross-platform need.

Bug: 176868402
Bug: 177780314
Test: build selinux_policy pass
Change-Id: If63b205921bd95d82c52e0193947ab8304c1e064
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
daniml3
96086b8408 sdm660-common: sepolicy: Solve radio denials 
Signed-off-by: daniml3 <danimoral1001@gmail.com>
Change-Id: I78db6c6a557c76b9f6b3cc8f983cdc70a2a09ce7
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Inseob Kim
57cca627b1 sdm660-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Ratoriku
a80975c3d7 sdm660-common: Switch to AIDL Light HAL 
Signed-off-by: Ratoriku <a1063021545@gmail.com>
Change-Id: I2618bcb81902688b9b9b975f612c653707787202
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Inseob Kim
abe3f86cf3 sdm660-common: sepolicy: Add contexts for exported telephony props 
To remove bad context names, two contexts are added.

- telephony_config_prop
- telephony_status_prop

exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.

Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Change-Id: Ica687a750af61f2d3386691ce6df220b180fb993
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Omar Hamad
825920e610 sdm660-common: sepolicy: unknown type exported_wifi_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:32 +01:00
pix106
541f980ac2 sdm660-common: sepolicy: label compatible_all fpc1020 node 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
derfelot
db5bbd5642 sdm660-common: sepolicy: Allow vold to write mmcblk0 read_ahead_kb 
avc: denied { write } for name="read_ahead_kb" dev="sysfs" ino=51203 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_mmc_host:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
clarencelol
234a6cfeec sdm660-common: sepolicy: Address more denials 
* Fixed vibrate level in DeviceSettings

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-11-13 11:31:51 +01:00
pix106
f475ccf892 sdm660-common: sepolicy: dontaudit netutils_wrapper sys_admin denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
d05ecaa812 sdm660-common: sepolicy: Address many sys_admin and kill denials 
sdm660-common: sepolicy: Address qti_init_shell kill denial
avc: denied { kill } for comm="init.class_main" capability=5 scontext=u:r:qti_init_shell:s0 tcontext=u:r:qti_init_shell:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hal_power_default kill and sys_admin denial
avc: denied { sys_admin } for comm="android.hardwar" capability=21 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0
avc: denied { kill } for comm="android.hardwar" capability=5 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vdc sys_admin denial
avc: denied { sys_admin } for comm="vdc" capability=21 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vold_prepare_subdirs sys_admin denial
avc: denied { sys_admin } for comm="vold_prepare_su" capability=21 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address fsck sys_admin denial
avc: denied { sys_admin } for comm="e2fsck" capability=21 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0

sdm660-common: sepolicy: address toolbox sys_admin, kill denial
avc: denied { sys_admin } for comm="mkswap" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0
avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address ueventd kill and sys_admin denials
avc:  denied  { sys_admin } for  pid=460 comm="ueventd" capability=21  scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0
avc: denied { kill } for comm="ueventd" capability=5 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address irsc_util sys_admin denial
avc: denied { sys_admin } for comm="irsc_util" capability=21 scontext=u:r:irsc_util:s0 tcontext=u:r:irsc_util:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address rfs_access sys_admin denial
avc: denied { sys_admin } for comm="tftp_server" capability=21 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address rmt_storage sys_admin denial
avc: denied { sys_admin } for comm="rmt_storage" capability=21 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_pd_mapper sys_admin denial

sdm660-common: sepolicy: Address vendor_modprobe sys_admin denial
avc: denied { sys_admin } for comm="modprobe" capability=21 scontext=u:r:vendor_modprobe:s0 tcontext=u:r:vendor_modprobe:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address adbd sys_admin denial
avc: denied { sys_admin } for comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_dpmd sys_admin denial
avc: denied { sys_admin } for comm="dpmd" capability=21 scontext=u:r:vendor_dpmd:s0 tcontext=u:r:vendor_dpmd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address thermal-engine sys_admin denial
avc: denied { sys_admin } for comm="thermal-engine" capability=21 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address usbd sys_admin denial
avc: denied { sys_admin } for comm="usbd" capability=21 scontext=u:r:usbd:s0 tcontext=u:r:usbd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_msm_irqbalanced sys_admin denial
avc: denied { sys_admin } for comm="msm_irqbalance" capability=21 scontext=u:r:vendor_msm_irqbalanced:s0 tcontext=u:r:vendor_msm_irqbalanced:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hal_wifi_supplicant_default sys_admin denial
avc: denied { sys_admin } for comm="wpa_supplicant" capability=21 scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:hal_wifi_supplicant_default:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address boringssl_self_test sys_admin denial
avc:  denied  { sys_admin } for  pid=460 comm="boringssl_self_" capability=21  scontext=u:r:boringssl_self_test:s0 tcontext=u:r:boringssl_self_test:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_boringssl_self_test sys_admin denial
avc:  denied  { sys_admin } for  pid=462 comm="boringssl_self_" capability=21  scontext=u:r:vendor_boringssl_self_test:s0 tcontext=u:r:vendor_boringssl_self_test:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address linkerconfig sys_admin denial
avc:  denied  { sys_admin } for  pid=459 comm="linkerconfig" capability=21  scontext=u:r:linkerconfig:s0 tcontext=u:r:linkerconfig:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address fsverity_init sys_admin denial
avc: denied { sys_admin } for comm="fsverity_init" capability=21 scontext=u:r:fsverity_init:s0 tcontext=u:r:fsverity_init:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address migrate_legacy_obb_data sys_admin denial
avc: denied { sys_admin } for comm="migrate_legacy_" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="mkdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="touch" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rmdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="log" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hvdcp sys_admin denial
avc: denied { sys_admin } for comm="hvdcp_opti" capability=21 scontext=u:r:hvdcp:s0 tcontext=u:r:hvdcp:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address netmgrd sys_admin denial
avc: denied { sys_admin } for comm="netmgrd" capability=21 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address adbroot sys_admin denial
avc: denied { sys_admin } for comm="adb_root" capability=21 scontext=u:r:adbroot:s0 tcontext=u:r:adbroot:s0 tclass=capability permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
738dff294a sdm660-common: sepolicy: Address many denials 
sdm660-common: sepolicy: Address vendor_init persist_file read denial
avc: denied { read } for comm="init" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address tee persist_file read denial
avc: denied { read } for comm="qseecomd" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:tee:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address installd mnt_user_file denial
avc: denied { search } for comm="Binder:1018_6" name="0" dev="tmpfs" ino=5541 scontext=u:r:installd:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=0

sdm660-common: sepolicy: Address ssgtzd qipcrtr_socket denial

sdm660-common: sepolicy: Address platform_app denials
avc: denied { read } for comm="emui:screenshot" name="u:object_r:exported_audio_prop:s0" dev="tmpfs" ino=4254 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:exported_audio_prop:s0 tclass=file permissive=0 app=com.android.systemui

sdm660-common: sepolicy: Address init sysfs_graphics denial
avc: denied { read } for comm="init" name="device" dev="sysfs" ino=44569 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address system_app sysfs_graphics denials
avc: denied { write } for comm="settings.device" name="max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
avc: denied { open } for comm="settings.device" path="/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red/max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address system_server sysfs_rtc denial
avc: denied { read } for comm="system_server" name="hctosys" dev="sysfs" ino=41512 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address gmscore_app getattr denials
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/linkerconfig" dev="tmpfs" ino=3474 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/persist" dev="mmcblk0p63" ino=47 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/init" dev="mmcblk0p63" ino=28 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:init_exec:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/metadata" dev="mmcblk0p63" ino=32 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/postinstall" dev="mmcblk0p63" ino=48 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware_mnt" dev="mmcblk0p58" ino=1 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware" dev="mmcblk0p64" ino=1216 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:vendor_firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms

sdm660-common: sepolicy: Address vendor_mutualex create denial
avc: denied { create } for comm="mutualex" scontext=u:r:vendor_mutualex:s0 tcontext=u:r:vendor_mutualex:s0 tclass=qipcrtr_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
ee3fa3b300 sdm660-common: sepolicy: Label sys.use_fifo_ui and address system_server vendor_video_prop denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
5499c4027c sdm660-common: sepolicy: Label rild.libpath 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
eee54d6e20 sdm660-common: sepolicy: Label some camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
58bbd5db55 sdm660-common: sepolicy: Label sysfs wakeup nodes 
avc: denied { read } for comm="Binder:514_1" name="event_count" dev="sysfs" ino=53144 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="max_time_ms" dev="sysfs" ino=53149 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="wakeup_count" dev="sysfs" ino=53145 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="total_time_ms" dev="sysfs" ino=53148 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="expire_count" dev="sysfs" ino=53146 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="active_count" dev="sysfs" ino=53143 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="last_change_ms" dev="sysfs" ino=53150 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="prevent_suspend_time_ms" dev="sysfs" ino=53151 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="name" dev="sysfs" ino=53142 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="active_time_ms" dev="sysfs" ino=53147 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
5de9bdae50 Revert "sdm660-common: sepolicy: Adjust sepolicy for qti thermal" 
This reverts commit 77c4792ac9.
 2021-11-13 11:31:51 +01:00
pix106
9d53e14cc8 sdm660-common: sepolicy: Remove netmgrd set_prop vendor_data_ko_prop 
* No need after sepolicy update from LA.UM.9.2.1.r1-07200-sdm660.0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
Anush02198
6d46319a55 sdm660-common: sepolicy: Remove some wakeup nodes 
* As we have merged LA.UM.9.2.1.r1-07000-sdm660.0 sepolicy tag to source this is handeld by source

Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
raiyanbinmohsin
d995aabb68 Revert "sdm660-common: Awaken-ify" 
This reverts commit 635c08ae00.

* also drop awaken ota sepolicy
 2021-11-13 11:31:51 +01:00
Sebastiano Barezzi
fa7fa65ffb sdm660-common: ir: Rebrand to Xiaomi SDM660 
Change-Id: I20146c0bc065a460f5a86455ed9a21abce5f9417
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-11-13 11:31:51 +01:00
ghostrider-reborn
79c64bc007 sdm660-common: Introduce kernelspace battery saver 
* Needs Kernel side support
 * This activates kernelspace battery saver via powerhal whenever
   battery saver is enabled in userspace, thereby lowering power
   consumption at kernel-level by disabling boosts and such

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Change-Id: I2623503db27d7518de519bcaa3f5af6ab83879d0
 2021-11-13 11:31:49 +01:00
OdSazib
b8c814713d
sdm660-common: DeviceSettings: Add earpiece gain 
- Requires kernel support

Signed-off-by: OdSazib <odsazib@gmail.com>
Change-Id: If28b4dff421cbba5f17cd2ccfab02f2aa616a9f8
 2021-07-22 13:21:03 +06:00
OdSazib
5351cc35f9
sdm66-common: sepolicy: Fix labeling sysfs nodes for K4.19 
- Address more denials and label some new nodes

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-07-16 15:56:07 +06:00
StyloGey
4ec9f92ace
sdm660-common: Update RIL from AOSPA 
- update radio from LA.UM.9.12.r1-10800-SMxx50.0
- update telephony from qcom-common-AOSPA

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-07-15 17:00:40 +06:00
OdSazib
0a263a5716
sdm660-common: sepolicy: Update sepolicy for 4.19 2021-07-13 11:56:43 +06:00
clarencelol
20efaf472b
sdm660-common: Switch to Thermal 2.0 mock 
* QTI Thermal couldn't read the temperature for some reason
 2021-06-15 21:48:17 +06:00
sairam1411
77c4792ac9
sdm660-common: sepolicy: Adjust sepolicy for qti thermal 
Change-Id: Ib8493f164f12614e6d0a7ea5bd060d05991822b8
 2021-06-15 17:32:47 +06:00
Wilson Chan
2880603f27
sdm660-common: power-libperfmgr: Add Flipendo powerhint 
- Add sepolicy for dex2oat powerhal props to vendor_power_prop

Test: boot and check powerhint parse logs
Test: enabled extreme battery saver and check scaling_max_freq

[clarencelol]: Adapt to sdm660 freq
 2021-06-15 17:32:47 +06:00
clarencelol
5ae45246d0
sdm660-common: power-libperfmgr: Add back audio hints 
* It works as intended

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-06-15 17:32:47 +06:00
clarencelol
7b3df1cb47
sdm660-common: sepolicy: Label wakeup nodes for 4.19 
- also resolve arbitrary sysfs paths for system_suspend
 2021-06-07 09:21:11 +06:00
Quallenauge
f9d71135ea
sdm660-common: sepolicy: Add swapper to kill 
Fixes:
W swapper/6: type=1400 audit(0.0:63): avc: denied { kill } for capability=5 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0

Change-Id: Ib3b5c2a173528cb9f63a4dd750634968c060f471
 2021-06-07 09:21:11 +06:00
Subhajeet Muhuri
1da7c15388
sdm660-common: /sys/devices/soc -> /sys/devices/platform/soc 
Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2021-06-07 09:21:11 +06:00
OdSazib
478a2b33b6
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) 
- Thanks to LineageOS and our sdm660 community

Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c
 2021-05-18 05:03:51 +06:00
OdSazib
ef00e5f20b
sdm660-common: DeviceSettings: Import in-app Dirac 
- Improve code with reference and split gain category

This reverts commits
- 471da74
- de7135d
- f6c011d

All credit goes to Stylog, this is just revert commits with few improvement

Co-authored-by: clarencelol <clarencekuiek@icloud.com>
 2021-04-10 02:24:09 +06:00
Sebastiano Barezzi
973fa8d111
sdm660-common: Fix some camera denials 
Change-Id: I172349433946883aa1035e91ab3ab703a96e7912
 2021-04-04 12:35:05 +06:00
OdSazib
6166317281
sdm660-common: Build power stats and label it 2021-03-15 12:21:09 +06:00
Subhajeet Muhuri
7c3beb85c9
sdm660-common: power-libperfmgr: Switch to AIDL Power HAL 
hardware/google/pixel/power-libperfmgr from android-11.0.0_r25

SQUASHED:
Revert all HIDL interface and nuke previous changes
Import Pixel libperfmgr AIDL Power HAL
Adapt and rebrand for xiaomi_sdm660
Remove Google-specific display LPM control
Remove Google-specific camera and audio hints
Remove VR hints handling
Remove audio hints handling
Remove dumpstate support
Initialize powerHAL when boot is completed
Add support for tap-to-wake feature control
Add sepolicy rules for power-libperfmgr
Enable power-libperfmgr

Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2021-03-10 12:37:27 +06:00
orgesified
373e2fc7e2
sdm660-common: sepolicy: Silence logspam 
Co-authored-by: Jarl-Penguin <jarlpenguin@outlook.com>
Change-Id: Iea2d0ec097c4e33a038ce05fba801364c2e8a381
 2021-03-07 01:51:46 +06:00
Jeferson
2632c4a4b8
sdm660-common: sepolicy: Adress system_server denials 
Change-Id: I7ec0ccc4004a7cf74988e7994ec981e064ba0412
 2021-03-07 01:49:33 +06:00
PIPIPIG233666
206f51bad0
sm660-common: Create socket for /dev/socket/audio_hw_socket 
Change-Id: If4c5b944efb8dde3093ccb7b8f1dca746a02e043
 2021-03-02 23:43:22 +06:00
Bruno Martins
a5de89d28b
sdm660-common: sepolicy: Add rules for older IMS blobs 
Since Android 10 blobs are being used, org.codeaurora.ims still runs
as phone UID as seen by these denials:

  m.android.phone: type=1400 audit(0.0:2914): avc: denied { read } for name="u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=13660 scontext=u:r:radio:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=0
  m.android.phone: type=1400 audit(0.0:473): avc: denied { call } for scontext=u:r:radio:s0 tcontext=u:r:hal_imsrtp:s0 tclass=binder permissive=0

Change-Id: Ic8c1b7996b9e0e7b63ba2a153441c9e8467a8a31
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-02-20 11:55:48 +06:00
Subhajeet Muhuri
7d8fc30985
sdm660-common: Kang more pixel power HAL sepolicy 
* Kanged from mata (with all available nodes on msm4.4)
 2021-02-20 11:55:25 +06:00
OdSazib
1edf16f04c
sdm660-common: apex: Symlink metadata to existing sessions 
* Better we do this instead of creating extra dir
 2021-02-16 18:50:35 +06:00
Chenyang Zhong
851d88070e
sdm660-common: create and symlink a dummy /metadata/apex 
Google moved apex sessions directory from /data/apex/sessions to
/metadata/apex/sessions after commit:

"Move apex sessions directory to /metadata"
36cf4bbac6

Devices with a mounted metadata partition will have the needed
directories set up by system/core/rootdir/init.rc. Xiaomi devices
on sm6125 do not have a metadata partition out of the box, so things
like "Google Play system update" will fail to install the update.

Therefore, create a dummy directory under /data/vendor/metadata_apex
and symlink it to /metadata/apex.

The reason why the old /data/apex/sessions directory is not used
for the symlink is that apexd will call migrateSessionsDirIfNeeded()
to recursively copy things from the old directory to the new one.
Creating the symlink from /data/apex/sessions may result in
unintended behaviors.

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-02-09 20:53:35 +06:00
OdSazib
2135c18643
sdm660-common: DeviceSettings: Drop userspace hall switcher 
* The sensor works as it is, hence not needed anymore
 2021-02-03 23:05:50 +06:00
OdSazib
dd30ca9b1e
sdm660-common: sepolicy: Allow ota updater to access package file 2021-01-27 20:41:45 +06:00
Michael Bestas
0f110dcda2
sdm660-common: sepolicy: Resolve camera HAL denials 
Change-Id: I47490bfa19bfb6162d161ba0c5e9f48556ab6eff
 2021-01-21 03:26:33 +06:00
Jeff Vander Stoep
e48e418541
sdm660-common: sepolicy: camera HAL is a client of configstore 
Addresses:
avc:  denied  { find } for
interface=android.hardware.configstore::ISurfaceFlingerConfigs pid=817
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
tclass=hwservice_manager permissive=0

Bug: 65454046
Test: camera app
Change-Id: I84b92e5809b89b7f755322d485b92f5e7175a06a
 2021-01-21 03:26:33 +06:00
OdSazib
f2fa84055e
sdm660-common: sepolicy: Address more denials 2020-12-30 22:06:56 +06:00
OdSazib
f6cb7bb46a
sdm660-common: Nuke lineage livedisplay 
* Better version is already exist in device settings

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:05 +06:00
Subhajeet Muhuri
06dfda6946
sdm660-common: Add sepolicy rules for power-libperfmgr 
Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:05 +06:00
OdSazib
928c7ac4f5
sdm660-common: Remove qti IOP stack 
* Useless in EAS

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:04 +06:00
OdSazib
9492d1fa58
sdm660-common: Use stock poweroff charging animation 
* It's best animation out there with battery level

This reverts commit 9271fec5a4.
Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-21 09:19:25 +06:00
OdSazib
9a192b7de0
sdm660-common: sepolicy: Update sepolicy and cleanup 
* Address some denials from android 11
* Fix video recording
* Sort in alphabetic order

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-21 09:16:25 +06:00
Aayush Gupta
ad4a731b53
sdm660-common: Address init denials regarding socket_device 
[    9.346918] type=1400 audit(71454275.960:7): avc: denied { create } for comm="init" name="dpmwrapper" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Ref:
[0]: https://source.codeaurora.org/quic/la/device/qcom/sepolicy/commit/?h=LA.UM.9.2.1.r1-03800-sdm660.0&id=79488292273efa5ab89bc405a5f6ae4dec5d011d

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I262b06821c0625978b3685d0666bd2cf599fbf98
 2020-12-13 18:38:07 +06:00
Aayush Gupta
8c68646954
sdm660-common: Allow qti_init_shell to start & stop ril-daemon 
[    9.057234] type=1107 audit(71454275.676:6): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=ctl.stop$ril-daemon pid=1122 uid=0 gid=0 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:ctl_stop_prop:s0 tclass=property_service permissive=0'

Ref:
[0]: https://source.codeaurora.org/quic/la/device/qcom/sepolicy/commit/?h=LA.UM.9.2.1.r1-03800-sdm660.0&id=79488292273efa5ab89bc405a5f6ae4dec5d011d

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I5f062f8c6be56380b40a9428358c5f6c93dd71c8
 2020-12-13 18:38:07 +06:00
LuK1337
bb066620d8
sdm660-common: sepolicy: Address radio denials 
Change-Id: If37262e6be3d31f51dcd482db04ce647ecd57e4d
Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2020-12-13 18:38:07 +06:00
Aayush Gupta
2ccf864f31
sdm660-common: Address denials regarding to access sysfs_kgsl 
[   22.419451] type=1400 audit(1601312073.698:17): avc: denied { search } for comm="ImageWallpaper" name="kgsl-3d0" dev="sysfs" ino=29220 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:sysfs_kgsl:s0 tclass=dir permissive=0 app=com.android.systemui
[    9.476242] type=1400 audit(1601312065.534:13): avc: denied { search } for comm="BootAnimation" name="kgsl-3d0" dev="sysfs" ino=29220 scontext=u:r:bootanim:s0 tcontext=u:object_r:sysfs_kgsl:s0 tclass=dir permissive=0

Change-Id: I80c5de2d9687b3127922d5bc55c26461a797d0f9
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2020-12-13 18:38:07 +06:00
Nolen Johnson
0d7a7d4ef5
sdm660-common: Move rtc contexts to device/qcom/sepolicy 
* In device/qcom/sepolicy-legacy-um now.

Change-Id: I80b877d4b65a3d22cf7a61d70e08e48edeb627de
 2020-12-13 18:38:07 +06:00
nebrassy
7821f6dc80
sdm660-common: sepolicy: drop seapp_contexts 
now labeled in sepolicy-legacy-um

Change-Id: I284d16905a7e67c3d86f300ac9bf73fa1b9490fc
 2020-12-13 18:38:07 +06:00
OdSazib
f614ba1ce6
sdm660-common: Clean up sepolicy for Android 11 
checkpolicy:  error(s) encountered while parsing configuration

Changes in Android 11
* dpmd > vendor_dpmd
* persist_camera_prop > vendor_persist_camera_prop
* persist_dpm_prop > vendor_persist_dpm_prop

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-13 18:38:07 +06:00
LuK1337
510d313d4e
sdm660-common: sepolicy: Label /persist 
Change-Id: I471c0d1fedb51eabc32b54ab35a9823db8efd034
 2020-12-13 18:37:01 +06:00
OdSazib
9bd430ff9b
sdm660-common: XiaomiParts: Add Headphone & Mic Gain 
* This is manually ported by me from Lavender tree on Corvus-Devices
* Thanks @StyloGey for reviewing the java code and giving me a better solution
* Original repo: https://github.com/Corvus-Devices/device_xiaomi_lavender.git

To get it working, you need these two commits in your kernel:
> c04d6d6e61
> 8e25ac3318

Signed-off-by: OdSazib <odsazib@gmail.com>
Change-Id: I1bb48ced1f23728daa2e5170647ce08a04347110
 2020-10-19 11:36:06 +06:00
OdSazib
7580f5f636
sdm660-common: XiamiParts: Add FPS Info Overlay 
* Ported from: https://github.com/Corvus-Devices/device_xiaomi_lavender.git

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-10-19 11:36:06 +06:00
OdSazib
471da74c21
sdm660-common: XiaomiParts: Remove dirac completely 
* Fix XiaomiPart crash while using audio mod like v4a/dolby

Signed-off-by: odsazib <odsazib@gmail.com>
 2020-10-19 11:36:06 +06:00
OdSazib
dd14ca3e30
sdm660-common: Address denials for Livedisplay 
Signed-off-by: odsazib <odsazib@gmail.com>
 2020-10-19 11:36:06 +06:00
Max Weffers
f1b43abf23
sdm660-common: Add IOP Hal blobs from LA.UM.8.2.r1-06500-sdm660.0 
Change-Id: I86bf8623dab2b5a5295bbebc602587b2347fdaf6
 2020-08-12 02:11:34 +06:00
Michael Bestas
5fcfc725ef
sdm660-common: sepolicy: Allow dpmd set ctl_stop_prop 
Change-Id: Id24b6370e907cc153b07383c65416aa9226e65a8
 2020-08-12 02:11:34 +06:00
Max Weffers
a502a3904b
sdm660: sepolicy: Adjust sepolicy for new tap to wake nodes 2020-08-12 02:02:40 +06:00
Christian Oder
9a26ceac4c
sdm660-common: remove neverallow 
Change-Id: I3a6a7c7e6f95947eaf807a0e6d8ab19144a9cee5
 2020-08-12 02:02:38 +06:00
Max Weffers
b7b7fae1ef
sdm660-common: sepolicy: unbreak sepolicy for carbon 
Change-Id: Ie324b974ceb741c524abe7ba53cadb4c2b01219e
 2020-08-12 02:02:38 +06:00
Dušan Uverić
3476f16be6
sdm660-common: XiaomiParts: add notification LED brightness slider 
Signed-off-by: Dušan Uverić <dusan.uveric9@gmail.com>
Change-Id: I86851420cca27d34e36f8e385859c5be63545bba
 2020-08-12 02:02:38 +06:00
Max Weffers
b0fa4e9f51
sdm660-common: sepolicy: Adress few denials 
Change-Id: I45c7af8087a8495e4e7902d74f7811c2d40f5197
 2020-08-12 02:02:38 +06:00
dianlujitao
684521256a
sdm660-common: sepolicy: Label new TP node 
Change-Id: Id55db9b6614320650c8c61e698f71ddc9f04d086
 2020-08-12 02:02:38 +06:00
erfanoabdi
7a514dc86e
sdm660-common: sepolicy: Label Video prop 
Change-Id: Id66a71d45ac8dc5a635bc0e208b45423bd9125e6
 2020-08-12 02:02:38 +06:00
dianlujitao
8d789ade9f
sdm660-common: sepolicy: Clean up sepolicy rules 
Change-Id: I9d7312e6aaafdde2c0751f4887f05d8d5029ee04
 2020-08-12 02:02:38 +06:00
Max Weffers
eb97b49f0c
sdm660-common: Address SELiunx denials and clean up 
Change-Id: I997a268c9ce23eab80f1981293720e17d21bbb7a
 2020-08-12 02:02:38 +06:00
Max Weffers
880ca53df2
sdm660-common: sepolicy: Address some denials 
Change-Id: Iaba642838e51a2c39c2961e30456148f9794f60e
 2020-08-12 02:02:38 +06:00
dianlujitao
06e3d383a2
sdm660-common: sepolicy: Label button backlight nodes 
Change-Id: I594a07fc3e68f1b50f181c4b254811814990c599
 2020-08-12 02:02:38 +06:00
dianlujitao
55f4d4eb18
sdm660-common: sepolicy: Drop unused sysfs_light 
Change-Id: I62bfac69bdcebaf7d484bbc39ea4e16f8beb8e6b
 2020-08-12 02:02:38 +06:00
dianlujitao
f735b1ab0c
sdm660-common: sepolicy: Label IR dev node for jason 
Change-Id: I7ba6af074485509a501f656587379fb0ba5b07d3
 2020-08-12 02:02:37 +06:00
Davide Garberi
4461490e45
sdm660-common: sepolicy: Label renamed white led node 
Change-Id: Ia7c3c47efb628f851dd377b2e09b6f8e150013e3
 2020-08-12 02:02:37 +06:00
Max Weffers
903525f9b0
sdm660: sepolicy: Allow vendor init to set few props 
Change-Id: I0b2574b0e2f5f9b84df1db9ea7386522361a2864
 2020-08-12 02:02:37 +06:00
Soul Trace
9b5bf8c210
ipacm: Fix WLAN tethering offload 
Fix reboot after 120 seconds on WLAN tethering enable.
Fix "target device is connected but no internet" issue.

Move ipacm-related sections from rootdir/etc/init.qcom.rc to data-ipa-cfg-mgr/ipacm/src/ipacm.rc
Make ipacm.rc look like vendor/qcom/opensource/data-ipa-cfg-mgr/ipacm/src/ipacm.rc but add
writepid /dev/cpuset/system-background/tasks to the service definition.
This let ipacm start after data decryption (it got killed on data decrypt and not respawned,
because was disabled).
This fixes following errors:
04-01 14:35:57.525   591 17586 W libc    : Unable to set property "ctl.interface_start" to "android.hardware.tetheroffload.config@1.0::IOffloadConfig/default": error code: 0x20
04-01 14:35:57.526  2665  3190 I ServiceManagement: getService: Trying again for android.hardware.tetheroffload.config@1.0::IOffloadConfig/default...
04-01 14:35:57.526   591 17586 E hwservicemanager: Failed to set property for starting android.hardware.tetheroffload.config@1.0::IOffloadConfig/default

Set wifi.active.interface context to exported_wifi_prop and allow hal_wifi_default to set it.
I don't know why context definition was not embedded to the contexts file, but now it is.
This fixes following errors:
[163263.846522] selinux: avc:  denied  { set } for property=wifi.active.interface pid=2733 uid=1010 gid=1010 scontext=u:r:hal_wifi_default:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=0

Change-Id: I735e7d8d8d07b9545ef16a6baa35a13aba3cd116
 2020-08-12 02:02:37 +06:00
Max Weffers
599a611dd8
sdm660: sepolicy: Grant Vendor Toolbox fingerprint file acces in persist 
Change-Id: I16afcc9bf2f822d741470ca5b741a4b283196575
 2020-08-12 02:02:37 +06:00
dianlujitao
6df111fbc1
sdm660-common: sepolicy: Adjust for lavender dt2w node 
Signed-off-by: Sebita <kjjjnob.seba@gmail.com>
Change-Id: If08946adbf5c2fa619178b3f15ae0635bacdf8a8
 2020-03-10 09:41:52 +01:00
LuK1337
2eb56727c3
sdm660-common: sepolicy: Add more /persist related contexts to toolbox rules 
Change-Id: If9b28d1196eb352422e5acb0a570f2e005c2dcdf
 2020-03-10 09:39:56 +01:00
LuK1337
1e7b6a0417
sdm660-common: sepolicy: Drop unnecessary rule 
* This is already granted through init_daemon_domain(domain).

Change-Id: I6c2f1b3e267256da958b40af5014972785617cbe
 2020-03-10 09:39:56 +01:00
Felix
ac571ee966
sdm660-common: Force restorecon for /mnt/vendor/persist 
The restorecon_recursive directive in init is only applied if the
file_contexts file changed between builds, but not necessarily if any
file or folder inside /mnt/vendor/persist/ has changed.

The restorecon code checks whether an xattr named
"security.sehash" contains a string that matches the current
combined hashes of the SELinux context files and skips restoring labels
if there is a match, see
https://android.googlesource.com/platform/external/selinux/+/refs/tags/android-9.0.0_r35/libselinux/src/android/android_platform.c#1546

Force wiping that xattr so that restorecon always runs since it's not
very expensive (there are currently only about 50 files on /persist).

The restorecon is needed to fix issues such as wrong stock labels on
/mnt/vendor/persist/sensors/:
sensors_persist_file -> persist_sensors_file

Change-Id: Ic0cd848836ee550499d9236f56ed6e939e35f01e
 2020-03-10 09:39:45 +01:00
Ethan Chen
89f5d20ec4
sdm660-common: Allow init to relabel persist link file 
Change-Id: I7872b8455a66e45826d86e0bb71faa1f28a2c7a3
 2020-02-27 17:01:34 +01:00
AmulyaX
f9e999cb0f
sdm660-common: Address QtiExtendedFP denial 
Signed-off-by: AmulyaX <amulya.b520@gmail.com>
 2020-01-31 16:42:36 +01:00
AmulyaX
0f03dbd079
sdm660-common: Address camera hal denial 
Signed-off-by: AmulyaX <amulya.b520@gmail.com>
 2020-01-31 16:42:28 +01:00
chandra chaganti
691a8c6843
sdm660-common: sepolicy: allow appdomain to get persist_camera_prop 
* E libc    : Access denied finding property "vendor.camera.aux.packagelist"

Change-Id: I06feb5bd6a2321880065585395101c349c741909
 2020-01-28 16:59:19 +01:00
Max Weffers
3c13d5743f
sdm660-common: sepolicy: Add sysfs Label for Platinas Fpc Fingerprint 
Change-Id: I7423f84d6142b43818dfd2aa24ca935e6188c32f
 2020-01-28 16:59:14 +01:00
LuK1337
987436f592
sdm660-common: sepolicy: Address time_daemon denials 
Change-Id: I83947a673ed19cfc20c130fb133d1957aa44d284
 2020-01-13 22:08:51 +01:00
PIPIPIG233666
bae9198c4e
sdm660-common: Address fp denials 
Change-Id: Ie2abb5480d3442e5f64d532561ce657362f9f081
 2020-01-06 21:06:22 +01:00
PIPIPIG233666
9c6a56cef6
sdm660-common: Address thermal-engine denials 
Change-Id: I7d824f1066638ec6e73ae80093737b380436ba80
 2020-01-06 21:06:22 +01:00
Michael Bestas
7e257d0aea
sdm660-common: sepolicy: Silence harmless QCOM denials 
Change-Id: Iad1e2c0e654a4a46da76a57ece63dc4f35761d50
 2020-01-06 21:06:21 +01:00
Sebita
7f874140c7
sdm660-common: sepolicy: Label node for lavender dt2w 
Signed-off-by: Sebita <kjjjnob.seba@gmail.com>
Change-Id: I3df604f9025a3517d19468e8fffc750dbfe479ba
 2020-01-06 10:56:13 +01:00
dianlujitao
e427647713
sdm660-common: sepolicy: Label vendor.camera.aux.packageblacklist 
Change-Id: I07b82e0ba4a8e16faf67c64e0ffe73a690b38064
Signed-off-by: Sebita <kjjjnob.seba@gmail.com>
 2020-01-06 10:50:34 +01:00
Max Weffers
5d39827818
sdm660: parts: Rename hall prop to folio_daemon prop 
*needed to prevent neverallow in user builds
 2020-01-04 09:37:09 +01:00