MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4403 commits 1 branch 0 tags 12 MiB
Commit graph

278 commits

Author SHA1 Message Date
Aditya Pratap Singh
25a33facca sdm660-common: sepolicy: allow untrusted_app_zygote to access unix stream socket 
avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:r:untrusted_app:s0:c26,c257,c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.topjohnwu.magisk
Signed-off-by: afterallafk<shivamatiet2001@gmail.com>
Signed-off-by: Abhishek001konni <Abhishek001konni@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-11-07 08:34:27 +01:00
pix106
d58068cc9f sdm660-common: sepolicy: adress untrusted_app_27 unix_stream_socket denials 2022-11-07 08:34:27 +01:00
sabarop
16db6a4456 sdm660-common: sepolicy: address multiple denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-11-07 08:34:26 +01:00
boedhack99
4de8dd15b3 sdm660-common: sepolicy: More fix Iorap denials 
* W FinalizerDaemon: type=1400 audit(0.0:10): avc: denied { getopt } for path=/dev/socket/usap_pool_primary scontext=u:r:permissioncontroller_app:s0:c122,c256,c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.android.permissioncontroller

Change-Id: Idc9cf242578412846e3f770a118fefc6fb5eda29
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-11-07 08:34:26 +01:00
Mohan C M
55c4433e3a sdm660-common: sepolicy: address hal_bluetooth_qti 
- avc: denied { read } for comm="bluetooth@1.0-s" name="ssrdump" dev="mmcblk0p49" ino=2162694 scontext=u:r:hal_bluetooth_qti:s0 tcontext=u:object_r:ramdump_vendor_data_file:s0 tclass=dir permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-11-07 08:34:26 +01:00
pix106
25b04c31af sdm660-common: sepolicy: address surfaceflinger hal_graphics_composer_default denial 2022-11-07 08:34:26 +01:00
pix106
fa6dfc8c13 sdm660-common: sepolicy: address qti_init_shell proc_watermark_scale_factor denials 2022-11-07 08:34:26 +01:00
pix106
2f38bc6da8 FIX sdm660-common: sepolicy: label init.goodix.sh and fingerprint datafile 2022-11-07 08:15:11 +01:00
pix106
9572ebacd7 sdm660-common: sepolicy: allow hal_power_default sys_admin capability 2022-10-11 09:24:15 +02:00
Rick Yiu
e279964f3c sdm660-common: sepolicy: Add permission to access proc_energy_aware file node 
This reverts commit 2c07bbc96e.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-10-11 08:47:30 +02:00
Elektroschmock
c4050270fd sdm660-common: sepolicy: Label /dev/stune(/.*) as cgroup 
* avc: denied { write } for comm="adb_root" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="adb_root" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="installd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="installd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="netd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="netd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="storaged" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="storaged" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="apexd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:apexd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0

Change-Id: Idc69978328640ff40ad5efe2f0abd79304e75893
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-10-11 08:47:30 +02:00
pix106
717057c76c sdm660-common: sepolicy: relabel miui prop 2022-10-11 08:47:30 +02:00
pix106
90b568e7b7 sdm660-common: sepolicy: drop and dontaudit kill and sys_admin permissions. 2022-09-13 06:56:46 +02:00
UtsavBalar1231
5852c41f14 sdm660-common: sepolicy: Allow init.qcom.post_boot.sh to set watermark_scale_factor 
This fixes:
W init.qcom.post_: type=1400 audit(0.0:42): avc: denied { write } for name="watermark_scale_factor" dev="proc" ino=52566 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:proc_watermark_scale_factor:s0 tclass=file permissive=0

Change-Id: Ib79c0208e758f03df5ce6652322802354836d6a5
Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-09-13 06:56:46 +02:00
Dyneteve
66e57467db sdm660-common: sepolicy: Fix OTA on encrypted f2fs. 
* uncrypt : type=1400 audit(0.0:12165): avc: denied { sys_admin } for capability=21 scontext=u:r:uncrypt:s0 tcontext=u:r:uncrypt:s0 tclass=capability permissive=0

Change-Id: Ifec7cea45830a9e10f55a194e377857429bf4051
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-09-13 06:56:46 +02:00
Kevin F. Haggerty
5df53b728d sdm660-common: sepolicy: Allow system_app to read /proc/pagetypeinfo 
avc: denied { read } for name="pagetypeinfo" dev="proc" ino=4026543033
scontext=u:r:system_app:s0 tcontext=u:object_r:proc_pagetypeinfo:s0
tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-09-13 06:56:46 +02:00
pix106
9188e83cbd sdm660-common: sepolicy: drop and dontaudit kill and sys_admin permissions. 2022-09-12 22:41:46 +02:00
pix106
077a21d15e sdm660-common: sepolicy: move system_app.te 2022-09-11 10:58:54 +02:00
pix106
467daca424 sdm660-common: sepolicy: label init.goodix.sh and fingerprint datafile 
Could not start service 'vendor.goodix_script' as part of class 'late_start': File /vendor/bin/init.goodix.sh (labeled u:object_r:vendor_file:s0) has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-09-04 09:20:37 +02:00
pix106
922735f672 sdm660-common: sepolicy: label sys.camera.miui.apk prop 
audit(0.0:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=sys.camera.miui.apk pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:hal_camera_prop:s0 tclass=file permissive=0'

vendor_init already has permissions on vendor_camera_prop, so set sys.camera.miui.apk as vendor_camera_prop

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-08-30 20:00:11 +02:00
boedhack99
641996465a sdm660-common: sepolicy: Allow zygote to search adsprpdc file 
Fixes:
avc: denied { search } for comm="main" name="/" dev="sde48" ino=2 scontext=u:r:zygote:s0 tcontext=u:object_r:adsprpcd_file:s0 tclass=dir permissive=0
avc: denied { search } for comm="usap64" name="/" dev="sde48" ino=2 scontext=u:r:zygote:s0 tcontext=u:object_r:adsprpcd_file:s0 tclass=dir permissive=0

Change-Id: Idd3df6ec46049d5691e298ac1d0851d7ab0bead3
Signed-off-by: Khusika Dhamar Gusti <mail@khusika.dev>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-08-25 10:04:35 +02:00
pix106
3a56beef55 sdm660-common: sepolicy: Label ro.audio.usb.period_us 
Co-authored-by: Omar Hamad <etahamad@icloud.com>
 2022-08-18 08:52:27 +02:00
pix106
998d8a03be sdm660-common: sepolicy: address hal_bluetooth_qti diag_device chr_file denial 2022-08-08 22:52:29 +02:00
pix106
ce09f0e3af sdm660-common: DeviceSettings: Adapt vibration control to QTI Haptics 
* needs kernel support
 2022-07-29 13:48:08 +02:00
Kevin F. Haggerty
1f7abf2f4e sdm660-common: sepolicy: Allow system_app to read /proc/pagetypeinfo 
avc: denied { read } for name="pagetypeinfo" dev="proc" ino=4026543033
scontext=u:r:system_app:s0 tcontext=u:object_r:proc_pagetypeinfo:s0
tclass=file permissive=0

Change-Id: I16465eb9acca9ff64a755d47f86f4ff424ebe4de
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-07-29 13:48:08 +02:00
pix106
fdf6fbbe8d sdm660-common: sepolicy: rename 'bluetooth.te ' 2022-07-29 13:48:08 +02:00
Adithya R
cff5bdbd3b sdm660-common: sepolicy: Allow vendor_init to set ssr prop 
E init    : Do not have permissions to set 'persist.vendor.ssr.restart_level' to 'ALL_ENABLE' in property file '/vendor/build.prop': SELinux permission check failed

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-07-04 07:40:35 +02:00
pix106
ff88467668 sdm660-common: sepolicy: Address installd kill capability denial 
11-19 18:40:50.303 14813 14813 W cp      : type=1400 audit(0.0:45): avc: denied { kill } for capability=5 scontext=u:r:installd:s0 tcontext=u:r:installd:s0 tclass=capability permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-19 21:37:31 +02:00
pix106
99f4032d92 sdm660-common: sepolicy: Adress qti_init_shell persist_file denials 2022-06-19 21:37:26 +02:00
pix106
9f73958b59 sdm660-common: sepolicy: Address hal_audio_default persist_file denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-16 06:18:31 +02:00
pix106
8600a1d97f sdm660-common: sepolicy: Address zygote unix_stream_socket denials 2022-06-16 06:18:31 +02:00
pix106
f8c33f55be sdm660-common: sepolicy: allow hal_wifi_default to get persist_vendor_debug_wifi_prop props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 17:58:45 +02:00
pix106
837f5ca200 sdm660-common: sepolicy: Address vendor_init persist_file denials 
avc: denied { read } for comm="init" name="persist" dev="mmcblk0p13" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 17:52:42 +02:00
pix106
8193f9632b Revert "sdm660-common: sepolicy: cleanup sepolicy/vendor/tee.te" 
This reverts commit aea288de3b.
 2022-06-06 17:45:39 +02:00
Rahul Krishna
0bb3001be2 sem660-common: sepolicy: Label notification led nodes 
* adapt to 4.19 sysfs path

Change-Id: Id4b74a3e61525810698ef0d4477856620c2a5490
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 12:41:59 +02:00
pix106
f5050df60f sdm660-common: sepolicy: drop Mlipay sepolicy 2022-06-06 12:41:59 +02:00
Adithya R
dd6db97ea5 sdm660-common: drop IFAA/mliplay completely 
* no one actually uses this

Signed-off-by: SparXFusion <s2234nadar@gmail.com>
Signed-off-by: faham1997 <nafidfaham08@gmail.com>
Signed-off-by: ImPrashantt <prashant33968@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 12:41:59 +02:00
Edwin Moquete
097c21d39f sdm660-common: Update radio blobs from ginkgo 
* Cleanup and disable ATFWD

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 10:25:30 +02:00
pix106
5b7ba9c20b sdm660-common: sepolicy: Address system_app sysfs_graphics denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 07:07:31 +02:00
pix106
3b1238fc93 sdm660-common: sepolicy: Address vendor_pd_locater_dbg_prop denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:41:37 +02:00
pix106
89c611bb8d sdm660-common: sepolicy: Label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:37:16 +02:00
clarencelol
a26372805e sdm660-common: sepolicy: Address hal_wifi_default denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:36:18 +02:00
iusmac
b0841be519 sdm660-common: sepolicy: Adress IORap usap_pool denial 
W FinalizerDaemon: type=1400 audit(0.0:532): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:rradios0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:36:18 +02:00
pix106
71a635149b sdm660-common: sepolicy: address gmscore_app traced denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 18:10:19 +02:00
ChengYou Ho
523f856d9e sdm660-common: sepolicy: Allow surfaceflinger to search hal_graphics_composer_default 
[log]
avc: denied { search } dev="proc" scontext=u:r:surfaceflinger:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=dir permissive=0

Bug: 154688047
Change-Id: Ia9735f2b938f57c37f741d6f0526cf29df180fcb
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 15:27:37 +02:00
pix106
b07ef1d515 sdm660-common: sepolicy: address hal_bluetooth_qti qipcrtr_socket denials 2022-05-07 15:27:37 +02:00
Demon Singur
81083ebf5c sdm660-common: sepolicy: let camera hal access /data/misc files 
Removed from system_sepolicy, but still needed by our old camera stack.

Solves the following denials.
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0

Change-Id: I497bade68e6a5b2f60cd8ec90a97a81986d971af
Signed-off-by: Hadad <repo-sync@outlook.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 15:27:37 +02:00
pix106
7c4bba77a9 sdm660-common: sepolicy: Label more camera props 2022-05-07 15:27:37 +02:00
pix106
b802fbff4b sdm660-common: sepolicy: fix sepolicy to use vendor_camera_prop 2022-05-06 23:52:59 +02:00
clarencelol
7c134c0715 sdm660-common: sepolicy: Address more denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00