MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4568 commits 1 branch 0 tags 12 MiB
Commit graph

306 commits

Author SHA1 Message Date
pix106
998d8a03be sdm660-common: sepolicy: address hal_bluetooth_qti diag_device chr_file denial 2022-08-08 22:52:29 +02:00
pix106
ce09f0e3af sdm660-common: DeviceSettings: Adapt vibration control to QTI Haptics 
* needs kernel support
 2022-07-29 13:48:08 +02:00
Kevin F. Haggerty
1f7abf2f4e sdm660-common: sepolicy: Allow system_app to read /proc/pagetypeinfo 
avc: denied { read } for name="pagetypeinfo" dev="proc" ino=4026543033
scontext=u:r:system_app:s0 tcontext=u:object_r:proc_pagetypeinfo:s0
tclass=file permissive=0

Change-Id: I16465eb9acca9ff64a755d47f86f4ff424ebe4de
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-07-29 13:48:08 +02:00
pix106
fdf6fbbe8d sdm660-common: sepolicy: rename 'bluetooth.te ' 2022-07-29 13:48:08 +02:00
Adithya R
cff5bdbd3b sdm660-common: sepolicy: Allow vendor_init to set ssr prop 
E init    : Do not have permissions to set 'persist.vendor.ssr.restart_level' to 'ALL_ENABLE' in property file '/vendor/build.prop': SELinux permission check failed

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-07-04 07:40:35 +02:00
pix106
ff88467668 sdm660-common: sepolicy: Address installd kill capability denial 
11-19 18:40:50.303 14813 14813 W cp      : type=1400 audit(0.0:45): avc: denied { kill } for capability=5 scontext=u:r:installd:s0 tcontext=u:r:installd:s0 tclass=capability permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-19 21:37:31 +02:00
pix106
99f4032d92 sdm660-common: sepolicy: Adress qti_init_shell persist_file denials 2022-06-19 21:37:26 +02:00
pix106
9f73958b59 sdm660-common: sepolicy: Address hal_audio_default persist_file denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-16 06:18:31 +02:00
pix106
8600a1d97f sdm660-common: sepolicy: Address zygote unix_stream_socket denials 2022-06-16 06:18:31 +02:00
pix106
f8c33f55be sdm660-common: sepolicy: allow hal_wifi_default to get persist_vendor_debug_wifi_prop props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 17:58:45 +02:00
pix106
837f5ca200 sdm660-common: sepolicy: Address vendor_init persist_file denials 
avc: denied { read } for comm="init" name="persist" dev="mmcblk0p13" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 17:52:42 +02:00
pix106
8193f9632b Revert "sdm660-common: sepolicy: cleanup sepolicy/vendor/tee.te" 
This reverts commit aea288de3b.
 2022-06-06 17:45:39 +02:00
Rahul Krishna
0bb3001be2 sem660-common: sepolicy: Label notification led nodes 
* adapt to 4.19 sysfs path

Change-Id: Id4b74a3e61525810698ef0d4477856620c2a5490
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 12:41:59 +02:00
pix106
f5050df60f sdm660-common: sepolicy: drop Mlipay sepolicy 2022-06-06 12:41:59 +02:00
Adithya R
dd6db97ea5 sdm660-common: drop IFAA/mliplay completely 
* no one actually uses this

Signed-off-by: SparXFusion <s2234nadar@gmail.com>
Signed-off-by: faham1997 <nafidfaham08@gmail.com>
Signed-off-by: ImPrashantt <prashant33968@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-06-06 12:41:59 +02:00
Edwin Moquete
097c21d39f sdm660-common: Update radio blobs from ginkgo 
* Cleanup and disable ATFWD

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 10:25:30 +02:00
pix106
5b7ba9c20b sdm660-common: sepolicy: Address system_app sysfs_graphics denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 07:07:31 +02:00
pix106
3b1238fc93 sdm660-common: sepolicy: Address vendor_pd_locater_dbg_prop denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:41:37 +02:00
pix106
89c611bb8d sdm660-common: sepolicy: Label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:37:16 +02:00
clarencelol
a26372805e sdm660-common: sepolicy: Address hal_wifi_default denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:36:18 +02:00
iusmac
b0841be519 sdm660-common: sepolicy: Adress IORap usap_pool denial 
W FinalizerDaemon: type=1400 audit(0.0:532): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:rradios0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-15 06:36:18 +02:00
pix106
71a635149b sdm660-common: sepolicy: address gmscore_app traced denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 18:10:19 +02:00
ChengYou Ho
523f856d9e sdm660-common: sepolicy: Allow surfaceflinger to search hal_graphics_composer_default 
[log]
avc: denied { search } dev="proc" scontext=u:r:surfaceflinger:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=dir permissive=0

Bug: 154688047
Change-Id: Ia9735f2b938f57c37f741d6f0526cf29df180fcb
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 15:27:37 +02:00
pix106
b07ef1d515 sdm660-common: sepolicy: address hal_bluetooth_qti qipcrtr_socket denials 2022-05-07 15:27:37 +02:00
Demon Singur
81083ebf5c sdm660-common: sepolicy: let camera hal access /data/misc files 
Removed from system_sepolicy, but still needed by our old camera stack.

Solves the following denials.
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0

Change-Id: I497bade68e6a5b2f60cd8ec90a97a81986d971af
Signed-off-by: Hadad <repo-sync@outlook.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-07 15:27:37 +02:00
pix106
7c4bba77a9 sdm660-common: sepolicy: Label more camera props 2022-05-07 15:27:37 +02:00
pix106
b802fbff4b sdm660-common: sepolicy: fix sepolicy to use vendor_camera_prop 2022-05-06 23:52:59 +02:00
clarencelol
7c134c0715 sdm660-common: sepolicy: Address more denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
clarencelol
ee42318baf sdm660-common: sepolicy: Address some camera denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Co-authored-by: pix106 <sbordenave@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
Kshitij Gupta
b6f2052cd7 sdm660-common: sepolicy: dontaudit untrusted_app to open ashmem_device 
- Fixes scroll lag in many apps, such as Twitter:
    W RenderThread: type=1400 audit(0.0:12371): avc: denied { open } for path=/dev/ashmem dev=tmpfs ino=10848 scontext=u:r:untrusted_app:s0:c123,c256,c512,c768 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file permissive=0 app=com.twitter.android
- Apps are no longer allowed open access to /dev/ashmem, unless they
  target API level < Q.
  (8b12ff5f21)

Change-Id: I6405786fea05891642d8437acafcd8c891d75912
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-05-06 23:52:59 +02:00
clarencelol
68b51b59ee sdm660-common: Nuke powerstats HAL 
* Powerstats are so buggy lmao, it keeps error  android.hardware.power.stats@1.0-service.xiaomi_sdm660: Failed to getEnergyData

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
ba258d8957 sdm660-common: clover: sepolicy: change dt2w path for 4.19 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
Max Weffers
bfd5bb16ae sdm660-common: clover: sepolicy: Label dt2w nodes 
Co-authored-by: pix106 <sbordenave@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
347bc3181e sdm660-common: clover: sepolicy: Adress no fingerprint denials 
avc: denied { mounton } for comm="init" path="/vendor/etc/permissions/android.hardware.fingerprint.xml" dev="mmcblk0p14" ino=513 scontext=u:r:init:s0 tcontext=u:object_r:vendor_configs_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/framework/com.fingerprints.extension.jar" dev="mmcblk0p14" ino=651 scontext=u:r:init:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/etc/permissions/com.fingerprints.extension.xml" dev="mmcblk0p14" ino=546 scontext=u:r:init:s0 tcontext=u:object_r:vendor_configs_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/app/FingerprintExtensionService/FingerprintExtensionService.apk" dev="mmcblk0p14" ino=20 scontext=u:r:init:s0 tcontext=u:object_r:vendor_app_file:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
8d5ad52d17 sdm660-common: clover: sepolicy: Address noril denials 
avc: denied { mounton } for comm="init" path="/system/app/CarrierDefaultApp/CarrierDefaultApp.apk" dev="mmcblk0p13" ino=118 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/product/app/messaging/messaging.apk" dev="mmcblk0p13" ino=2818 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/product/priv-app/Dialer/Dialer.apk" dev="mmcblk0p13" ino=3324 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/system_ext/priv-app/CarrierConfig/CarrierConfig.apk" dev="mmcblk0p13" ino=3648 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/priv-app/CallLogBackup/CallLogBackup.apk" dev="mmcblk0p13" ino=2549 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/priv-app/CellBroadcastLegacyApp/CellBroadcastLegacyApp.apk" dev="mmcblk0p13" ino=2555 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/system_ext/priv-app/EmergencyInfo/EmergencyInfo.apk" dev="mmcblk0p13" ino=3666 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
7f5c98e112 sdm660-common: Bring back folio daemon and userspace hall switcher 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
clarencelol
dabe131677 sdm660-common: sepolicy: Recover back some wakeup nodes 
* Got deleted in bfa5307238

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:34 +01:00
clarencelol
dab63c3e87 sdm660-common: sepolicy: Fix neverallows 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:34 +01:00
pix106
03af5cd52d sdm660-common: sepolicy: Address hal_camera_default bootanim_system_prop denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
3a94fe2218 sdm660-common: sepolicy: Address hal_camera_default persist_camera_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Nolen Johnson
6738906339 sdm660-common: sepolicy: Allow hal_camera_default to set camera properties 
Change-Id: I69f4d1039c3ccae4d21aaddb35d09ae575bd3979
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
f2daf4bd2f sdm660-common: sepolicy: Clean camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
4ad2b0e7e1 sdm660-common: sepolicy: Address pixel powerstats rules 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
pix106
e22941eedf sdm660-common: sepolicy: Drop neverallows 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
e63aed4ff1 sdm660-common: sepolicy: Goodbye neverallows 
* Drop some neverallows along the way

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Adithya R
fbd91b6f05 sdm660-common: init: Add MIUI camera flag from stock 
* Prebuilt libcameraservice sets this prop to 1 if the running camera
   app is MIUI/ANX camera, and 0 otherwise

 * This is needed to unlock all functions of MIUI/ANX camera in
   the camera HAL, such as pro mode controls, beauty modes, portrait
   depth slider and much more, and mainly fixes excess noise in
   camera shots taken with our ultrawide lens

 * We won't keep the prop enabled by default because as long as its
   enabled, gcam/mods crash immediately on launch and we don't want
   that. So let's retain the stock behaviour instead.

[clarencelol]: * avc: denied { set } for property=sys.camera.miui.apk pid=1008 uid=1047 gid=1005 scontext=u:object_r:system_prop:s0 tclass=property_service permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
5514002bef sdm660-common: Cleanup sepolicy 
* Fix neverallows

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
1426027286 sdm660-common: sepolicy: unknown type exported_audio_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Kunmun
10087c76b8 sdm660-common: sepolicy: Label more sepolicies for k4.19 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Kyle Harrison
9730b3c65c sdm660-common: sepolicy: Fix exported_camera_prop denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Anush02198
72d6549660 sdm660-common: Address some more denials 
Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Pulkit077
ea39254a1c sdm660-common: sepolicy: Allow gpuservice read graphics_config_prop 
avc: denied { read } for comm="Binder:594_1" name="u:object_r:graphics_config_prop:s0" dev="tmpfs" ino=15716 scontext=u:r:gpuservice:s0 tcontext=u:object_r:graphics_config_prop:s0 tclass=file permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
clarencelol
f30354722b sdm660-common: sepolicy: Address more denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Chenyang Zhong
d64b0b54a9 sdm660-common: sepolicy: Address init denial 
Change-Id: Id0d0c88bbedde6b6586e3a6f04704457d910d8a0
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
pix106
f6c3a49bb9 sdm660-common: sepolicy: Cleanup after LA.UM.10.2.1.r1-03200-sdm660.0 merge 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
pix106
a3055ff0ea sdm660-common: sepolicy: Label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:58:05 +01:00
Inseob Kim
1b8a185822 sdm660-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

[Ratoriku: Adapted to xiaomi sdm660]

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Merged-In: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5d9ffeff77 sdm660-common: sepolicy: cleanup sepolicy/vendor/vendor_init.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
aea288de3b sdm660-common: sepolicy: cleanup sepolicy/vendor/tee.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5d12996503 sdm660-common: sepolicy: cleanup sepolicy/vendor/system_server.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
5b91ac6f34 sdm660-common: sepolicy: cleanup sepolicy/vendor/system_app.te 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
34bcdb600a sdm660-common: sepolicy: cleanup sepolicy/vendor/property_contexts 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
85356b81c5 sdm660-common: sepolicy: drop some gmscore_app rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
e5cf3162cb sdm660-common: sepolicy: drop installd public rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
e2366e40e8 sdm660-common: sepolicy: clean ssgtzd rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
3ecd23c72e Revert "sdm660-common: sepolicy: Address hal_camera_default diag_device denials" 
This reverts commit 86a8976fed64394818e4f61787160aff822e122d.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
2c07bbc96e Revert "sdm660-common: sepolicy: Add permission to access proc_energy_aware file node" 
This reverts commit 15d2b27649b63a2c3fde9a0a1db4f41d733e3c13.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
968d356efe sdm660-common: sepolicy: rework wakeup nodes 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
Max Weffers
bbc6ad98ce sdm660-common: sepolicy: Add Hardware Info permssions and sepolicy rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
d3dcfacce6 sdm660-common: sepolicy: label more camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
f57c4848a5 Revert "sdm660-common: sepolicy: Fix Camera Denials" 
This reverts commit c1713821ef3bd923c888f850559231fef0ddcfc7.
 2022-02-16 20:55:38 +01:00
daniml3
56d437a773 sdm660-common: sepolicy: Allow hal_audio_default to interact with audio props 
Signed-off-by: daniml3 <daniel@danielml.dev>
Change-Id: I573852e491e781ef60158ede160a7929a33d62a4
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
Edwin Moquete
db5b05330d sdm660-common: sepolicy: Address healthd denials 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
Edwin Moquete
65b5513c79 sdm660-common: sepolicy: Label some wakeup nodes 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
clarencelol
1284e340a0 sdm660-common: sepolicy: Label wakeup nodes for 4.19 
- also resolve arbitrary sysfs paths for system_suspend

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
clarencelol
4f5d077936 sdm660-common: sepolicy: Address some denials 
* avc: denied { search } for name="data" dev="mmcblk0p69" ino=3072001 scontext=u:r:vendor_dataservice_app:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
clarencelol
819130673b sdm660-common: sepolicy: Fix some PowerHAL denials 
* Let powerhal reads and writes
* device_latency -> latency_device

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Rick Yiu
5183d7fb36 sdm660-common: sepolicy: Add permission to access proc_energy_aware file node 
Energy aware feature control is previously done through debugfs,
which will be deprecated, so move the control to sysctl. Added
permisson for it, and removed the one unused.

[    1.460128] audit: type=1400 audit(2753763.033:8): avc:  denied  { write } for  pid=537 comm="init" name="energy_aware" dev="proc" ino=21663 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

10-05 16:49:18.933   820   820 W NodeLooperThrea: type=1400 audit(0.0:1097): avc: denied { write } for name="energy_aware" dev="proc" ino=66567 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

10-05 17:00:15.726   822   822 W NodeLooperThrea: type=1400 audit(0.0:262): avc: denied { open } for path="/proc/sys/kernel/energy_aware" dev="proc" ino=51228 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

Bug: 141333728
Test: function works as expected
Change-Id: I2b4eda73bfa34824244e21d804b48eee49a71eae
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
DillerOFire
c825b9bdb8 sdm660-common: sepolicy: Allow kernel to create qipcrtr_socket 
* Fixes modem crashes in user build

Change-Id: I1f69408dd1e0289ccd9bb0a6a39ffcc0f289fabd
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
cede39d305 Revert "sdm660-common: sepolicy: Label sys.use_fifo_ui and address system_server vendor_video_prop denial" 
This reverts commit ee3fa3b300.
 2021-12-31 07:51:33 +01:00
pix106
653c608694 Revert "sdm660-common: sepolicy: Address many sys_admin and kill denials" 
This reverts commit d05ecaa812.
 2021-12-31 07:51:33 +01:00
pix106
87ec9f49d1 Revert "sdm660-common: sepolicy: dontaudit netutils_wrapper sys_admin denials" 
This reverts commit f475ccf892.
 2021-12-31 07:51:33 +01:00
pix106
4c65fc4ecf sdm660-common: sepolicy: Clean SEPolicy after LA.UM.10.2.1.r1-02700-sdm660.0 merge 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
b6cfa81507 sdm660-common: sepolicy: drop netmgrd vendor_data_qmipriod_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
clarencelol
ac362f97eb sdm660-common: sepolicy: Address denials 
* init: Unable to set property 'persist.vendor.data.shsusr_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed
* init: Unable to set property 'persist.vendor.data.offload_ko_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed
* init: Unable to set property 'persist.vendor.data.qmipriod_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
clarencelol
68d9ac06ce sdm660-common: sepolicy: unknown type exported_audio_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
clarencelol
cdaf69248d sdm660-common: sepolicy: Address pixel powerstats rules 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
4dc2cf5d58 sdm660-common: sepolicy: Label some camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
4a43432067 sdm660-common: sepolicy: Address hal_camera_default diag_device denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
iamehsangh
509307f0ec sdm660-common: sepolicy: Fix Camera Denials 
W HwBinder: type=1400 audit(0.0:5750): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_video_prop:s0" dev="tmpfs" ino=17412 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_video_prop:s0 tclass=file permissive=0
E libc    : Access denied finding property "vendor.video.disable.ubwc"

W/CAM_cpp: type=1400 audit(0.0:5733): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=19517 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
E/libc    :Access denied finding property "ubwc.no.compression"

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
0525c2a968 sdm660-common: sepolicy: Adress vendor_init fingerprint denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Chitti Babu Theegala
c0b410af36 sdm660-common: sepolicy: adding proc-fs rw permission for hal_power_default 
Change-Id: Ib8c69ca6ca9de3d54f352520412f508dcb1af079
Signed-off-by: Ratoriku <a1063021545@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Wei Wang
ffc9445207 sdm660-common: sepolicy: Allow PowerHAL to change sched for ADPF 
Test: build
Bug: 177492680
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I71d4f6e2d160caad03243295003743f27b4e1736
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Jimmy Shiu
31a8b54659 sdm660-common: sepolicy: Allow PowerHAL to set sched 
system_server also creates UI sometimes.
Ex: ANR Dialog, the Pointer Location in developer options.

Bug: 194775170
Test: build and enable Pointer Location debug option
Merged-In: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Change-Id: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Rick Yiu
4668e4c349 sdm660-common: sepolicy: Grant hal_power_default cgroup read file permission 
It is a cross-platform need.

Bug: 176868402
Bug: 177780314
Test: build selinux_policy pass
Change-Id: If63b205921bd95d82c52e0193947ab8304c1e064
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
daniml3
96086b8408 sdm660-common: sepolicy: Solve radio denials 
Signed-off-by: daniml3 <danimoral1001@gmail.com>
Change-Id: I78db6c6a557c76b9f6b3cc8f983cdc70a2a09ce7
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Inseob Kim
57cca627b1 sdm660-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Ratoriku
a80975c3d7 sdm660-common: Switch to AIDL Light HAL 
Signed-off-by: Ratoriku <a1063021545@gmail.com>
Change-Id: I2618bcb81902688b9b9b975f612c653707787202
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Inseob Kim
abe3f86cf3 sdm660-common: sepolicy: Add contexts for exported telephony props 
To remove bad context names, two contexts are added.

- telephony_config_prop
- telephony_status_prop

exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.

Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Change-Id: Ica687a750af61f2d3386691ce6df220b180fb993
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Omar Hamad
825920e610 sdm660-common: sepolicy: unknown type exported_wifi_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:32 +01:00