MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4345 commits 1 branch 0 tags 12 MiB
Commit graph

18 commits

Author SHA1 Message Date
pix106
347bc3181e sdm660-common: clover: sepolicy: Adress no fingerprint denials 
avc: denied { mounton } for comm="init" path="/vendor/etc/permissions/android.hardware.fingerprint.xml" dev="mmcblk0p14" ino=513 scontext=u:r:init:s0 tcontext=u:object_r:vendor_configs_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/framework/com.fingerprints.extension.jar" dev="mmcblk0p14" ino=651 scontext=u:r:init:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/etc/permissions/com.fingerprints.extension.xml" dev="mmcblk0p14" ino=546 scontext=u:r:init:s0 tcontext=u:object_r:vendor_configs_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/vendor/app/FingerprintExtensionService/FingerprintExtensionService.apk" dev="mmcblk0p14" ino=20 scontext=u:r:init:s0 tcontext=u:object_r:vendor_app_file:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
pix106
8d5ad52d17 sdm660-common: clover: sepolicy: Address noril denials 
avc: denied { mounton } for comm="init" path="/system/app/CarrierDefaultApp/CarrierDefaultApp.apk" dev="mmcblk0p13" ino=118 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/product/app/messaging/messaging.apk" dev="mmcblk0p13" ino=2818 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/product/priv-app/Dialer/Dialer.apk" dev="mmcblk0p13" ino=3324 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/system_ext/priv-app/CarrierConfig/CarrierConfig.apk" dev="mmcblk0p13" ino=3648 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/priv-app/CallLogBackup/CallLogBackup.apk" dev="mmcblk0p13" ino=2549 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/priv-app/CellBroadcastLegacyApp/CellBroadcastLegacyApp.apk" dev="mmcblk0p13" ino=2555 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { mounton } for comm="init" path="/system/system_ext/priv-app/EmergencyInfo/EmergencyInfo.apk" dev="mmcblk0p13" ino=3666 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-03-26 11:56:35 +01:00
Kunmun
10087c76b8 sdm660-common: sepolicy: Label more sepolicies for k4.19 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Anush02198
72d6549660 sdm660-common: Address some more denials 
Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Pulkit077
ea39254a1c sdm660-common: sepolicy: Allow gpuservice read graphics_config_prop 
avc: denied { read } for comm="Binder:594_1" name="u:object_r:graphics_config_prop:s0" dev="tmpfs" ino=15716 scontext=u:r:gpuservice:s0 tcontext=u:object_r:graphics_config_prop:s0 tclass=file permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-21 06:52:18 +01:00
Max Weffers
bbc6ad98ce sdm660-common: sepolicy: Add Hardware Info permssions and sepolicy rules 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
pix106
738dff294a sdm660-common: sepolicy: Address many denials 
sdm660-common: sepolicy: Address vendor_init persist_file read denial
avc: denied { read } for comm="init" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address tee persist_file read denial
avc: denied { read } for comm="qseecomd" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:tee:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address installd mnt_user_file denial
avc: denied { search } for comm="Binder:1018_6" name="0" dev="tmpfs" ino=5541 scontext=u:r:installd:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=0

sdm660-common: sepolicy: Address ssgtzd qipcrtr_socket denial

sdm660-common: sepolicy: Address platform_app denials
avc: denied { read } for comm="emui:screenshot" name="u:object_r:exported_audio_prop:s0" dev="tmpfs" ino=4254 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:exported_audio_prop:s0 tclass=file permissive=0 app=com.android.systemui

sdm660-common: sepolicy: Address init sysfs_graphics denial
avc: denied { read } for comm="init" name="device" dev="sysfs" ino=44569 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address system_app sysfs_graphics denials
avc: denied { write } for comm="settings.device" name="max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
avc: denied { open } for comm="settings.device" path="/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red/max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address system_server sysfs_rtc denial
avc: denied { read } for comm="system_server" name="hctosys" dev="sysfs" ino=41512 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address gmscore_app getattr denials
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/linkerconfig" dev="tmpfs" ino=3474 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/persist" dev="mmcblk0p63" ino=47 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/init" dev="mmcblk0p63" ino=28 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:init_exec:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/metadata" dev="mmcblk0p63" ino=32 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/postinstall" dev="mmcblk0p63" ino=48 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware_mnt" dev="mmcblk0p58" ino=1 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware" dev="mmcblk0p64" ino=1216 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:vendor_firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms

sdm660-common: sepolicy: Address vendor_mutualex create denial
avc: denied { create } for comm="mutualex" scontext=u:r:vendor_mutualex:s0 tcontext=u:r:vendor_mutualex:s0 tclass=qipcrtr_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
OdSazib
5351cc35f9
sdm66-common: sepolicy: Fix labeling sysfs nodes for K4.19 
- Address more denials and label some new nodes

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-07-16 15:56:07 +06:00
OdSazib
0a263a5716
sdm660-common: sepolicy: Update sepolicy for 4.19 2021-07-13 11:56:43 +06:00
OdSazib
478a2b33b6
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) 
- Thanks to LineageOS and our sdm660 community

Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c
 2021-05-18 05:03:51 +06:00
OdSazib
9a192b7de0
sdm660-common: sepolicy: Update sepolicy and cleanup 
* Address some denials from android 11
* Fix video recording
* Sort in alphabetic order

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-21 09:16:25 +06:00
Aayush Gupta
ad4a731b53
sdm660-common: Address init denials regarding socket_device 
[    9.346918] type=1400 audit(71454275.960:7): avc: denied { create } for comm="init" name="dpmwrapper" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Ref:
[0]: https://source.codeaurora.org/quic/la/device/qcom/sepolicy/commit/?h=LA.UM.9.2.1.r1-03800-sdm660.0&id=79488292273efa5ab89bc405a5f6ae4dec5d011d

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I262b06821c0625978b3685d0666bd2cf599fbf98
 2020-12-13 18:38:07 +06:00
Max Weffers
b0fa4e9f51
sdm660-common: sepolicy: Adress few denials 
Change-Id: I45c7af8087a8495e4e7902d74f7811c2d40f5197
 2020-08-12 02:02:38 +06:00
Ethan Chen
89f5d20ec4
sdm660-common: Allow init to relabel persist link file 
Change-Id: I7872b8455a66e45826d86e0bb71faa1f28a2c7a3
 2020-02-27 17:01:34 +01:00
Max Weffers
f3b7c8bb63
sdm660: sepolicy: Start Q Bringup 2019-10-01 14:24:08 +02:00
Max Weffers
187b868fcc
sdm660: Add Hardware Info permssions and sepolicy rules 2019-08-15 15:31:17 +02:00
Max Weffers
1e1cbb13c4
sdm660-common: libinit: Set device specific changes via libinit 
Change-Id: I9a2dea3291b76d185d9ecda524a4234b6ed25412
 2019-08-15 15:31:07 +02:00
Dan Cashman
b1f434c446
wayne-common: Add BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIR 
Move vendor policy to vendor and add a place for system extensions.
Also add such an extension: a labeling of the qti.ims.ext service.

Bug: 38151691
Bug: 62041272
Test: Policy binary identical before and after, except plat_service_contexts
has new service added.
Change-Id: Ie4e8527649787dcf2391b326daa80cf1c9bd9d2f

Change-Id: I1493c4c8876c4446a1de46b39942098bf49c79f8
 2019-08-14 10:04:10 +02:00
Renamed from sepolicy/init.te (Browse further)