MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3917 commits 1 branch 0 tags 12 MiB
Commit graph

143 commits

Author SHA1 Message Date
Rick Yiu
4668e4c349 sdm660-common: sepolicy: Grant hal_power_default cgroup read file permission 
It is a cross-platform need.

Bug: 176868402
Bug: 177780314
Test: build selinux_policy pass
Change-Id: If63b205921bd95d82c52e0193947ab8304c1e064
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
daniml3
96086b8408 sdm660-common: sepolicy: Solve radio denials 
Signed-off-by: daniml3 <danimoral1001@gmail.com>
Change-Id: I78db6c6a557c76b9f6b3cc8f983cdc70a2a09ce7
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Inseob Kim
57cca627b1 sdm660-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Ratoriku
a80975c3d7 sdm660-common: Switch to AIDL Light HAL 
Signed-off-by: Ratoriku <a1063021545@gmail.com>
Change-Id: I2618bcb81902688b9b9b975f612c653707787202
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Inseob Kim
abe3f86cf3 sdm660-common: sepolicy: Add contexts for exported telephony props 
To remove bad context names, two contexts are added.

- telephony_config_prop
- telephony_status_prop

exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.

Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Change-Id: Ica687a750af61f2d3386691ce6df220b180fb993
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Omar Hamad
825920e610 sdm660-common: sepolicy: unknown type exported_wifi_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:32 +01:00
pix106
541f980ac2 sdm660-common: sepolicy: label compatible_all fpc1020 node 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
derfelot
db5bbd5642 sdm660-common: sepolicy: Allow vold to write mmcblk0 read_ahead_kb 
avc: denied { write } for name="read_ahead_kb" dev="sysfs" ino=51203 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_mmc_host:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
clarencelol
234a6cfeec sdm660-common: sepolicy: Address more denials 
* Fixed vibrate level in DeviceSettings

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-11-13 11:31:51 +01:00
pix106
f475ccf892 sdm660-common: sepolicy: dontaudit netutils_wrapper sys_admin denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
d05ecaa812 sdm660-common: sepolicy: Address many sys_admin and kill denials 
sdm660-common: sepolicy: Address qti_init_shell kill denial
avc: denied { kill } for comm="init.class_main" capability=5 scontext=u:r:qti_init_shell:s0 tcontext=u:r:qti_init_shell:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hal_power_default kill and sys_admin denial
avc: denied { sys_admin } for comm="android.hardwar" capability=21 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0
avc: denied { kill } for comm="android.hardwar" capability=5 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vdc sys_admin denial
avc: denied { sys_admin } for comm="vdc" capability=21 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vold_prepare_subdirs sys_admin denial
avc: denied { sys_admin } for comm="vold_prepare_su" capability=21 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address fsck sys_admin denial
avc: denied { sys_admin } for comm="e2fsck" capability=21 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0

sdm660-common: sepolicy: address toolbox sys_admin, kill denial
avc: denied { sys_admin } for comm="mkswap" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0
avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address ueventd kill and sys_admin denials
avc:  denied  { sys_admin } for  pid=460 comm="ueventd" capability=21  scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0
avc: denied { kill } for comm="ueventd" capability=5 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address irsc_util sys_admin denial
avc: denied { sys_admin } for comm="irsc_util" capability=21 scontext=u:r:irsc_util:s0 tcontext=u:r:irsc_util:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address rfs_access sys_admin denial
avc: denied { sys_admin } for comm="tftp_server" capability=21 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address rmt_storage sys_admin denial
avc: denied { sys_admin } for comm="rmt_storage" capability=21 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_pd_mapper sys_admin denial

sdm660-common: sepolicy: Address vendor_modprobe sys_admin denial
avc: denied { sys_admin } for comm="modprobe" capability=21 scontext=u:r:vendor_modprobe:s0 tcontext=u:r:vendor_modprobe:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address adbd sys_admin denial
avc: denied { sys_admin } for comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_dpmd sys_admin denial
avc: denied { sys_admin } for comm="dpmd" capability=21 scontext=u:r:vendor_dpmd:s0 tcontext=u:r:vendor_dpmd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address thermal-engine sys_admin denial
avc: denied { sys_admin } for comm="thermal-engine" capability=21 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address usbd sys_admin denial
avc: denied { sys_admin } for comm="usbd" capability=21 scontext=u:r:usbd:s0 tcontext=u:r:usbd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_msm_irqbalanced sys_admin denial
avc: denied { sys_admin } for comm="msm_irqbalance" capability=21 scontext=u:r:vendor_msm_irqbalanced:s0 tcontext=u:r:vendor_msm_irqbalanced:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hal_wifi_supplicant_default sys_admin denial
avc: denied { sys_admin } for comm="wpa_supplicant" capability=21 scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:hal_wifi_supplicant_default:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address boringssl_self_test sys_admin denial
avc:  denied  { sys_admin } for  pid=460 comm="boringssl_self_" capability=21  scontext=u:r:boringssl_self_test:s0 tcontext=u:r:boringssl_self_test:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_boringssl_self_test sys_admin denial
avc:  denied  { sys_admin } for  pid=462 comm="boringssl_self_" capability=21  scontext=u:r:vendor_boringssl_self_test:s0 tcontext=u:r:vendor_boringssl_self_test:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address linkerconfig sys_admin denial
avc:  denied  { sys_admin } for  pid=459 comm="linkerconfig" capability=21  scontext=u:r:linkerconfig:s0 tcontext=u:r:linkerconfig:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address fsverity_init sys_admin denial
avc: denied { sys_admin } for comm="fsverity_init" capability=21 scontext=u:r:fsverity_init:s0 tcontext=u:r:fsverity_init:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address migrate_legacy_obb_data sys_admin denial
avc: denied { sys_admin } for comm="migrate_legacy_" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="mkdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="touch" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rmdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="log" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hvdcp sys_admin denial
avc: denied { sys_admin } for comm="hvdcp_opti" capability=21 scontext=u:r:hvdcp:s0 tcontext=u:r:hvdcp:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address netmgrd sys_admin denial
avc: denied { sys_admin } for comm="netmgrd" capability=21 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address adbroot sys_admin denial
avc: denied { sys_admin } for comm="adb_root" capability=21 scontext=u:r:adbroot:s0 tcontext=u:r:adbroot:s0 tclass=capability permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
738dff294a sdm660-common: sepolicy: Address many denials 
sdm660-common: sepolicy: Address vendor_init persist_file read denial
avc: denied { read } for comm="init" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address tee persist_file read denial
avc: denied { read } for comm="qseecomd" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:tee:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address installd mnt_user_file denial
avc: denied { search } for comm="Binder:1018_6" name="0" dev="tmpfs" ino=5541 scontext=u:r:installd:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=0

sdm660-common: sepolicy: Address ssgtzd qipcrtr_socket denial

sdm660-common: sepolicy: Address platform_app denials
avc: denied { read } for comm="emui:screenshot" name="u:object_r:exported_audio_prop:s0" dev="tmpfs" ino=4254 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:exported_audio_prop:s0 tclass=file permissive=0 app=com.android.systemui

sdm660-common: sepolicy: Address init sysfs_graphics denial
avc: denied { read } for comm="init" name="device" dev="sysfs" ino=44569 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address system_app sysfs_graphics denials
avc: denied { write } for comm="settings.device" name="max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
avc: denied { open } for comm="settings.device" path="/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red/max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address system_server sysfs_rtc denial
avc: denied { read } for comm="system_server" name="hctosys" dev="sysfs" ino=41512 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address gmscore_app getattr denials
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/linkerconfig" dev="tmpfs" ino=3474 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/persist" dev="mmcblk0p63" ino=47 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/init" dev="mmcblk0p63" ino=28 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:init_exec:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/metadata" dev="mmcblk0p63" ino=32 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/postinstall" dev="mmcblk0p63" ino=48 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware_mnt" dev="mmcblk0p58" ino=1 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware" dev="mmcblk0p64" ino=1216 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:vendor_firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms

sdm660-common: sepolicy: Address vendor_mutualex create denial
avc: denied { create } for comm="mutualex" scontext=u:r:vendor_mutualex:s0 tcontext=u:r:vendor_mutualex:s0 tclass=qipcrtr_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
ee3fa3b300 sdm660-common: sepolicy: Label sys.use_fifo_ui and address system_server vendor_video_prop denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
5499c4027c sdm660-common: sepolicy: Label rild.libpath 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
eee54d6e20 sdm660-common: sepolicy: Label some camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
58bbd5db55 sdm660-common: sepolicy: Label sysfs wakeup nodes 
avc: denied { read } for comm="Binder:514_1" name="event_count" dev="sysfs" ino=53144 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="max_time_ms" dev="sysfs" ino=53149 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="wakeup_count" dev="sysfs" ino=53145 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="total_time_ms" dev="sysfs" ino=53148 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="expire_count" dev="sysfs" ino=53146 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="active_count" dev="sysfs" ino=53143 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="last_change_ms" dev="sysfs" ino=53150 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="prevent_suspend_time_ms" dev="sysfs" ino=53151 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="name" dev="sysfs" ino=53142 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="active_time_ms" dev="sysfs" ino=53147 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
5de9bdae50 Revert "sdm660-common: sepolicy: Adjust sepolicy for qti thermal" 
This reverts commit 77c4792ac9.
 2021-11-13 11:31:51 +01:00
pix106
9d53e14cc8 sdm660-common: sepolicy: Remove netmgrd set_prop vendor_data_ko_prop 
* No need after sepolicy update from LA.UM.9.2.1.r1-07200-sdm660.0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
Anush02198
6d46319a55 sdm660-common: sepolicy: Remove some wakeup nodes 
* As we have merged LA.UM.9.2.1.r1-07000-sdm660.0 sepolicy tag to source this is handeld by source

Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
Sebastiano Barezzi
fa7fa65ffb sdm660-common: ir: Rebrand to Xiaomi SDM660 
Change-Id: I20146c0bc065a460f5a86455ed9a21abce5f9417
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-11-13 11:31:51 +01:00
ghostrider-reborn
79c64bc007 sdm660-common: Introduce kernelspace battery saver 
* Needs Kernel side support
 * This activates kernelspace battery saver via powerhal whenever
   battery saver is enabled in userspace, thereby lowering power
   consumption at kernel-level by disabling boosts and such

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Change-Id: I2623503db27d7518de519bcaa3f5af6ab83879d0
 2021-11-13 11:31:49 +01:00
OdSazib
b8c814713d
sdm660-common: DeviceSettings: Add earpiece gain 
- Requires kernel support

Signed-off-by: OdSazib <odsazib@gmail.com>
Change-Id: If28b4dff421cbba5f17cd2ccfab02f2aa616a9f8
 2021-07-22 13:21:03 +06:00
OdSazib
5351cc35f9
sdm66-common: sepolicy: Fix labeling sysfs nodes for K4.19 
- Address more denials and label some new nodes

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-07-16 15:56:07 +06:00
StyloGey
4ec9f92ace
sdm660-common: Update RIL from AOSPA 
- update radio from LA.UM.9.12.r1-10800-SMxx50.0
- update telephony from qcom-common-AOSPA

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-07-15 17:00:40 +06:00
OdSazib
0a263a5716
sdm660-common: sepolicy: Update sepolicy for 4.19 2021-07-13 11:56:43 +06:00
clarencelol
20efaf472b
sdm660-common: Switch to Thermal 2.0 mock 
* QTI Thermal couldn't read the temperature for some reason
 2021-06-15 21:48:17 +06:00
sairam1411
77c4792ac9
sdm660-common: sepolicy: Adjust sepolicy for qti thermal 
Change-Id: Ib8493f164f12614e6d0a7ea5bd060d05991822b8
 2021-06-15 17:32:47 +06:00
Wilson Chan
2880603f27
sdm660-common: power-libperfmgr: Add Flipendo powerhint 
- Add sepolicy for dex2oat powerhal props to vendor_power_prop

Test: boot and check powerhint parse logs
Test: enabled extreme battery saver and check scaling_max_freq

[clarencelol]: Adapt to sdm660 freq
 2021-06-15 17:32:47 +06:00
clarencelol
5ae45246d0
sdm660-common: power-libperfmgr: Add back audio hints 
* It works as intended

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-06-15 17:32:47 +06:00
clarencelol
7b3df1cb47
sdm660-common: sepolicy: Label wakeup nodes for 4.19 
- also resolve arbitrary sysfs paths for system_suspend
 2021-06-07 09:21:11 +06:00
Quallenauge
f9d71135ea
sdm660-common: sepolicy: Add swapper to kill 
Fixes:
W swapper/6: type=1400 audit(0.0:63): avc: denied { kill } for capability=5 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0

Change-Id: Ib3b5c2a173528cb9f63a4dd750634968c060f471
 2021-06-07 09:21:11 +06:00
Subhajeet Muhuri
1da7c15388
sdm660-common: /sys/devices/soc -> /sys/devices/platform/soc 
Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2021-06-07 09:21:11 +06:00
OdSazib
478a2b33b6
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) 
- Thanks to LineageOS and our sdm660 community

Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c
 2021-05-18 05:03:51 +06:00
OdSazib
ef00e5f20b
sdm660-common: DeviceSettings: Import in-app Dirac 
- Improve code with reference and split gain category

This reverts commits
- 471da74
- de7135d
- f6c011d

All credit goes to Stylog, this is just revert commits with few improvement

Co-authored-by: clarencelol <clarencekuiek@icloud.com>
 2021-04-10 02:24:09 +06:00
Sebastiano Barezzi
973fa8d111
sdm660-common: Fix some camera denials 
Change-Id: I172349433946883aa1035e91ab3ab703a96e7912
 2021-04-04 12:35:05 +06:00
OdSazib
6166317281
sdm660-common: Build power stats and label it 2021-03-15 12:21:09 +06:00
Subhajeet Muhuri
7c3beb85c9
sdm660-common: power-libperfmgr: Switch to AIDL Power HAL 
hardware/google/pixel/power-libperfmgr from android-11.0.0_r25

SQUASHED:
Revert all HIDL interface and nuke previous changes
Import Pixel libperfmgr AIDL Power HAL
Adapt and rebrand for xiaomi_sdm660
Remove Google-specific display LPM control
Remove Google-specific camera and audio hints
Remove VR hints handling
Remove audio hints handling
Remove dumpstate support
Initialize powerHAL when boot is completed
Add support for tap-to-wake feature control
Add sepolicy rules for power-libperfmgr
Enable power-libperfmgr

Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2021-03-10 12:37:27 +06:00
orgesified
373e2fc7e2
sdm660-common: sepolicy: Silence logspam 
Co-authored-by: Jarl-Penguin <jarlpenguin@outlook.com>
Change-Id: Iea2d0ec097c4e33a038ce05fba801364c2e8a381
 2021-03-07 01:51:46 +06:00
Jeferson
2632c4a4b8
sdm660-common: sepolicy: Adress system_server denials 
Change-Id: I7ec0ccc4004a7cf74988e7994ec981e064ba0412
 2021-03-07 01:49:33 +06:00
PIPIPIG233666
206f51bad0
sm660-common: Create socket for /dev/socket/audio_hw_socket 
Change-Id: If4c5b944efb8dde3093ccb7b8f1dca746a02e043
 2021-03-02 23:43:22 +06:00
Bruno Martins
a5de89d28b
sdm660-common: sepolicy: Add rules for older IMS blobs 
Since Android 10 blobs are being used, org.codeaurora.ims still runs
as phone UID as seen by these denials:

  m.android.phone: type=1400 audit(0.0:2914): avc: denied { read } for name="u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=13660 scontext=u:r:radio:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=0
  m.android.phone: type=1400 audit(0.0:473): avc: denied { call } for scontext=u:r:radio:s0 tcontext=u:r:hal_imsrtp:s0 tclass=binder permissive=0

Change-Id: Ic8c1b7996b9e0e7b63ba2a153441c9e8467a8a31
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-02-20 11:55:48 +06:00
Subhajeet Muhuri
7d8fc30985
sdm660-common: Kang more pixel power HAL sepolicy 
* Kanged from mata (with all available nodes on msm4.4)
 2021-02-20 11:55:25 +06:00
Chenyang Zhong
851d88070e
sdm660-common: create and symlink a dummy /metadata/apex 
Google moved apex sessions directory from /data/apex/sessions to
/metadata/apex/sessions after commit:

"Move apex sessions directory to /metadata"
36cf4bbac6

Devices with a mounted metadata partition will have the needed
directories set up by system/core/rootdir/init.rc. Xiaomi devices
on sm6125 do not have a metadata partition out of the box, so things
like "Google Play system update" will fail to install the update.

Therefore, create a dummy directory under /data/vendor/metadata_apex
and symlink it to /metadata/apex.

The reason why the old /data/apex/sessions directory is not used
for the symlink is that apexd will call migrateSessionsDirIfNeeded()
to recursively copy things from the old directory to the new one.
Creating the symlink from /data/apex/sessions may result in
unintended behaviors.

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-02-09 20:53:35 +06:00
OdSazib
2135c18643
sdm660-common: DeviceSettings: Drop userspace hall switcher 
* The sensor works as it is, hence not needed anymore
 2021-02-03 23:05:50 +06:00
Michael Bestas
0f110dcda2
sdm660-common: sepolicy: Resolve camera HAL denials 
Change-Id: I47490bfa19bfb6162d161ba0c5e9f48556ab6eff
 2021-01-21 03:26:33 +06:00
Jeff Vander Stoep
e48e418541
sdm660-common: sepolicy: camera HAL is a client of configstore 
Addresses:
avc:  denied  { find } for
interface=android.hardware.configstore::ISurfaceFlingerConfigs pid=817
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
tclass=hwservice_manager permissive=0

Bug: 65454046
Test: camera app
Change-Id: I84b92e5809b89b7f755322d485b92f5e7175a06a
 2021-01-21 03:26:33 +06:00
OdSazib
f2fa84055e
sdm660-common: sepolicy: Address more denials 2020-12-30 22:06:56 +06:00
OdSazib
f6cb7bb46a
sdm660-common: Nuke lineage livedisplay 
* Better version is already exist in device settings

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:05 +06:00
Subhajeet Muhuri
06dfda6946
sdm660-common: Add sepolicy rules for power-libperfmgr 
Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:05 +06:00
OdSazib
928c7ac4f5
sdm660-common: Remove qti IOP stack 
* Useless in EAS

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:04 +06:00