MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4703 commits 1 branch 0 tags 12 MiB
Commit graph

20 commits

Author SHA1 Message Date
pix106
b941e52a77 sdm660-common: sepolicy: drop livedisplay sepolicy rule 2023-05-09 06:36:23 +02:00
Alcatraz323
e9aa976c93 sdm660-common: sepolicy: address newly discovered denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2023-04-02 13:44:41 +02:00
pix106
5d12996503 sdm660-common: sepolicy: cleanup sepolicy/vendor/system_server.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
cede39d305 Revert "sdm660-common: sepolicy: Label sys.use_fifo_ui and address system_server vendor_video_prop denial" 
This reverts commit ee3fa3b300.
 2021-12-31 07:51:33 +01:00
pix106
738dff294a sdm660-common: sepolicy: Address many denials 
sdm660-common: sepolicy: Address vendor_init persist_file read denial
avc: denied { read } for comm="init" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address tee persist_file read denial
avc: denied { read } for comm="qseecomd" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:tee:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address installd mnt_user_file denial
avc: denied { search } for comm="Binder:1018_6" name="0" dev="tmpfs" ino=5541 scontext=u:r:installd:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=0

sdm660-common: sepolicy: Address ssgtzd qipcrtr_socket denial

sdm660-common: sepolicy: Address platform_app denials
avc: denied { read } for comm="emui:screenshot" name="u:object_r:exported_audio_prop:s0" dev="tmpfs" ino=4254 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:exported_audio_prop:s0 tclass=file permissive=0 app=com.android.systemui

sdm660-common: sepolicy: Address init sysfs_graphics denial
avc: denied { read } for comm="init" name="device" dev="sysfs" ino=44569 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address system_app sysfs_graphics denials
avc: denied { write } for comm="settings.device" name="max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
avc: denied { open } for comm="settings.device" path="/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red/max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address system_server sysfs_rtc denial
avc: denied { read } for comm="system_server" name="hctosys" dev="sysfs" ino=41512 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address gmscore_app getattr denials
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/linkerconfig" dev="tmpfs" ino=3474 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/persist" dev="mmcblk0p63" ino=47 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/init" dev="mmcblk0p63" ino=28 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:init_exec:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/metadata" dev="mmcblk0p63" ino=32 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/postinstall" dev="mmcblk0p63" ino=48 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware_mnt" dev="mmcblk0p58" ino=1 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware" dev="mmcblk0p64" ino=1216 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:vendor_firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms

sdm660-common: sepolicy: Address vendor_mutualex create denial
avc: denied { create } for comm="mutualex" scontext=u:r:vendor_mutualex:s0 tcontext=u:r:vendor_mutualex:s0 tclass=qipcrtr_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
ee3fa3b300 sdm660-common: sepolicy: Label sys.use_fifo_ui and address system_server vendor_video_prop denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
OdSazib
0a263a5716
sdm660-common: sepolicy: Update sepolicy for 4.19 2021-07-13 11:56:43 +06:00
OdSazib
478a2b33b6
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) 
- Thanks to LineageOS and our sdm660 community

Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c
 2021-05-18 05:03:51 +06:00
orgesified
373e2fc7e2
sdm660-common: sepolicy: Silence logspam 
Co-authored-by: Jarl-Penguin <jarlpenguin@outlook.com>
Change-Id: Iea2d0ec097c4e33a038ce05fba801364c2e8a381
 2021-03-07 01:51:46 +06:00
Jeferson
2632c4a4b8
sdm660-common: sepolicy: Adress system_server denials 
Change-Id: I7ec0ccc4004a7cf74988e7994ec981e064ba0412
 2021-03-07 01:49:33 +06:00
OdSazib
f2fa84055e
sdm660-common: sepolicy: Address more denials 2020-12-30 22:06:56 +06:00
OdSazib
9a192b7de0
sdm660-common: sepolicy: Update sepolicy and cleanup 
* Address some denials from android 11
* Fix video recording
* Sort in alphabetic order

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-21 09:16:25 +06:00
dianlujitao
8d789ade9f
sdm660-common: sepolicy: Clean up sepolicy rules 
Change-Id: I9d7312e6aaafdde2c0751f4887f05d8d5029ee04
 2020-08-12 02:02:38 +06:00
Jeff Vander Stoep
c145e57b0f
sdm660: Move folio_daemon to system in sepolicy 
Remove Treble violations.

Bug: 36867326
Bug: 62387246
Test: loaded on taimen, checked dmesg, and tested daemon with magnet
Change-Id: I4662b41206b94cae6ac9843b5dc7e1452003c63c
 2019-10-19 20:50:52 +02:00
Jeff Vander Stoep
494ee17d12
sdm660: Add folio_daemon in sepolicy 2019-10-19 16:29:57 +02:00
Volodymyr Zhdanov
850c987c27
sdm660-common: remove input devices policies 
* it's already fixed in system/sepolicy

Change-Id: If1bf165092df71cdc85a7a9118feb257e2bed350
 2019-10-01 14:24:07 +02:00
Max Weffers
15ec448fb0
sdm660: sepolicy: Fix denial for smart charging 2019-08-20 10:39:43 +02:00
Max Weffers
782a520d58
sdm660: sepolicy: Fix more system_server denials 2019-08-15 15:31:17 +02:00
GuaiYiHu
05085a02e2
sdm660: sepolicy: Address denials 
Change-Id: I8fad5d60ca066b758c526f2027985b63662180cc
 2019-08-14 10:04:13 +02:00
Dan Cashman
b1f434c446
wayne-common: Add BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIR 
Move vendor policy to vendor and add a place for system extensions.
Also add such an extension: a labeling of the qti.ims.ext service.

Bug: 38151691
Bug: 62041272
Test: Policy binary identical before and after, except plat_service_contexts
has new service added.
Change-Id: Ie4e8527649787dcf2391b326daa80cf1c9bd9d2f

Change-Id: I1493c4c8876c4446a1de46b39942098bf49c79f8
 2019-08-14 10:04:10 +02:00
Renamed from sepolicy/system_server.te (Browse further)