MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4188 commits 1 branch 0 tags 12 MiB
Commit graph

235 commits

Author SHA1 Message Date
pix106
71a635149b sdm660-common: sepolicy: address gmscore_app traced denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 18:10:19 +02:00
ChengYou Ho
523f856d9e sdm660-common: sepolicy: Allow surfaceflinger to search hal_graphics_composer_default 
[log]
avc: denied { search } dev="proc" scontext=u:r:surfaceflinger:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=dir permissive=0

Bug: 154688047
Change-Id: Ia9735f2b938f57c37f741d6f0526cf29df180fcb
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 15:27:37 +02:00
pix106
b07ef1d515 sdm660-common: sepolicy: address hal_bluetooth_qti qipcrtr_socket denials 2022-05-07 15:27:37 +02:00
Demon Singur
81083ebf5c sdm660-common: sepolicy: let camera hal access /data/misc files 
Removed from system_sepolicy, but still needed by our old camera stack.

Solves the following denials.
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0

Change-Id: I497bade68e6a5b2f60cd8ec90a97a81986d971af
Signed-off-by: Hadad <repo-sync@outlook.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 15:27:37 +02:00
pix106
7c4bba77a9 sdm660-common: sepolicy: Label more camera props 2022-05-07 15:27:37 +02:00
pix106
b802fbff4b sdm660-common: sepolicy: fix sepolicy to use vendor_camera_prop 2022-05-06 23:52:59 +02:00
clarencelol
7c134c0715 sdm660-common: sepolicy: Address more denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
clarencelol
ee42318baf sdm660-common: sepolicy: Address some camera denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Co-authored-by: pix106 <sbordenave@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
Kshitij Gupta
b6f2052cd7 sdm660-common: sepolicy: dontaudit untrusted_app to open ashmem_device 
- Fixes scroll lag in many apps, such as Twitter:
    W RenderThread: type=1400 audit(0.0:12371): avc: denied { open } for path=/dev/ashmem dev=tmpfs ino=10848 scontext=u:r:untrusted_app:s0:c123,c256,c512,c768 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file permissive=0 app=com.twitter.android
- Apps are no longer allowed open access to /dev/ashmem, unless they
  target API level < Q.
  (8b12ff5f21)

Change-Id: I6405786fea05891642d8437acafcd8c891d75912
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
clarencelol
68b51b59ee sdm660-common: Nuke powerstats HAL 
* Powerstats are so buggy lmao, it keeps error  android.hardware.power.stats@1.0-service.xiaomi_sdm660: Failed to getEnergyData

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
ba258d8957 sdm660-common: clover: sepolicy: change dt2w path for 4.19 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
Max Weffers
bfd5bb16ae sdm660-common: clover: sepolicy: Label dt2w nodes 
Co-authored-by: pix106 <sbordenave@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
347bc3181e sdm660-common: clover: sepolicy: Adress no fingerprint denials 
avc: denied { mounton } for comm="init" path="/vendor/etc/permissions/android.hardware.fingerprint.xml" dev="mmcblk0p14" ino=513 scontext=u:r:init:s0 tcontext=u:object_r:vendor_configs_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/framework/com.fingerprints.extension.jar" dev="mmcblk0p14" ino=651 scontext=u:r:init:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/etc/permissions/com.fingerprints.extension.xml" dev="mmcblk0p14" ino=546 scontext=u:r:init:s0 tcontext=u:object_r:vendor_configs_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/app/FingerprintExtensionService/FingerprintExtensionService.apk" dev="mmcblk0p14" ino=20 scontext=u:r:init:s0 tcontext=u:object_r:vendor_app_file:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
8d5ad52d17 sdm660-common: clover: sepolicy: Address noril denials 
avc: denied { mounton } for comm="init" path="/system/app/CarrierDefaultApp/CarrierDefaultApp.apk" dev="mmcblk0p13" ino=118 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/product/app/messaging/messaging.apk" dev="mmcblk0p13" ino=2818 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/product/priv-app/Dialer/Dialer.apk" dev="mmcblk0p13" ino=3324 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/system_ext/priv-app/CarrierConfig/CarrierConfig.apk" dev="mmcblk0p13" ino=3648 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/priv-app/CallLogBackup/CallLogBackup.apk" dev="mmcblk0p13" ino=2549 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/priv-app/CellBroadcastLegacyApp/CellBroadcastLegacyApp.apk" dev="mmcblk0p13" ino=2555 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/system_ext/priv-app/EmergencyInfo/EmergencyInfo.apk" dev="mmcblk0p13" ino=3666 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
7f5c98e112 sdm660-common: Bring back folio daemon and userspace hall switcher 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
clarencelol
dabe131677 sdm660-common: sepolicy: Recover back some wakeup nodes 
* Got deleted in bfa5307238

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:34 +01:00
clarencelol
dab63c3e87 sdm660-common: sepolicy: Fix neverallows 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:34 +01:00
pix106
03af5cd52d sdm660-common: sepolicy: Address hal_camera_default bootanim_system_prop denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
3a94fe2218 sdm660-common: sepolicy: Address hal_camera_default persist_camera_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Nolen Johnson
6738906339 sdm660-common: sepolicy: Allow hal_camera_default to set camera properties 
Change-Id: I69f4d1039c3ccae4d21aaddb35d09ae575bd3979
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
f2daf4bd2f sdm660-common: sepolicy: Clean camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
4ad2b0e7e1 sdm660-common: sepolicy: Address pixel powerstats rules 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
e22941eedf sdm660-common: sepolicy: Drop neverallows 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
e63aed4ff1 sdm660-common: sepolicy: Goodbye neverallows 
* Drop some neverallows along the way

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Adithya R
fbd91b6f05 sdm660-common: init: Add MIUI camera flag from stock 
* Prebuilt libcameraservice sets this prop to 1 if the running camera
   app is MIUI/ANX camera, and 0 otherwise

 * This is needed to unlock all functions of MIUI/ANX camera in
   the camera HAL, such as pro mode controls, beauty modes, portrait
   depth slider and much more, and mainly fixes excess noise in
   camera shots taken with our ultrawide lens

 * We won't keep the prop enabled by default because as long as its
   enabled, gcam/mods crash immediately on launch and we don't want
   that. So let's retain the stock behaviour instead.

[clarencelol]: * avc: denied { set } for property=sys.camera.miui.apk pid=1008 uid=1047 gid=1005 scontext=u:object_r:system_prop:s0 tclass=property_service permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
5514002bef sdm660-common: Cleanup sepolicy 
* Fix neverallows

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
1426027286 sdm660-common: sepolicy: unknown type exported_audio_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Kunmun
10087c76b8 sdm660-common: sepolicy: Label more sepolicies for k4.19 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Kyle Harrison
9730b3c65c sdm660-common: sepolicy: Fix exported_camera_prop denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Anush02198
72d6549660 sdm660-common: Address some more denials 
Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Pulkit077
ea39254a1c sdm660-common: sepolicy: Allow gpuservice read graphics_config_prop 
avc: denied { read } for comm="Binder:594_1" name="u:object_r:graphics_config_prop:s0" dev="tmpfs" ino=15716 scontext=u:r:gpuservice:s0 tcontext=u:object_r:graphics_config_prop:s0 tclass=file permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
f30354722b sdm660-common: sepolicy: Address more denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Chenyang Zhong
d64b0b54a9 sdm660-common: sepolicy: Address init denial 
Change-Id: Id0d0c88bbedde6b6586e3a6f04704457d910d8a0
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
pix106
f6c3a49bb9 sdm660-common: sepolicy: Cleanup after LA.UM.10.2.1.r1-03200-sdm660.0 merge 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
pix106
a3055ff0ea sdm660-common: sepolicy: Label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
Inseob Kim
1b8a185822 sdm660-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

[Ratoriku: Adapted to xiaomi sdm660]

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Merged-In: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5d9ffeff77 sdm660-common: sepolicy: cleanup sepolicy/vendor/vendor_init.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
aea288de3b sdm660-common: sepolicy: cleanup sepolicy/vendor/tee.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5d12996503 sdm660-common: sepolicy: cleanup sepolicy/vendor/system_server.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5b91ac6f34 sdm660-common: sepolicy: cleanup sepolicy/vendor/system_app.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
34bcdb600a sdm660-common: sepolicy: cleanup sepolicy/vendor/property_contexts 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
85356b81c5 sdm660-common: sepolicy: drop some gmscore_app rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
e5cf3162cb sdm660-common: sepolicy: drop installd public rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
e2366e40e8 sdm660-common: sepolicy: clean ssgtzd rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
3ecd23c72e Revert "sdm660-common: sepolicy: Address hal_camera_default diag_device denials" 
This reverts commit 86a8976fed64394818e4f61787160aff822e122d.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
2c07bbc96e Revert "sdm660-common: sepolicy: Add permission to access proc_energy_aware file node" 
This reverts commit 15d2b27649b63a2c3fde9a0a1db4f41d733e3c13.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
968d356efe sdm660-common: sepolicy: rework wakeup nodes 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
Max Weffers
bbc6ad98ce sdm660-common: sepolicy: Add Hardware Info permssions and sepolicy rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
d3dcfacce6 sdm660-common: sepolicy: label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
f57c4848a5 Revert "sdm660-common: sepolicy: Fix Camera Denials" 
This reverts commit c1713821ef3bd923c888f850559231fef0ddcfc7.
 2022-02-16 20:55:38 +01:00