MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4801 commits 1 branch 0 tags 12 MiB
Commit graph

312 commits

Author SHA1 Message Date
clarencelol
1284e340a0 sdm660-common: sepolicy: Label wakeup nodes for 4.19 
- also resolve arbitrary sysfs paths for system_suspend

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
clarencelol
4f5d077936 sdm660-common: sepolicy: Address some denials 
* avc: denied { search } for name="data" dev="mmcblk0p69" ino=3072001 scontext=u:r:vendor_dataservice_app:s0 tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:34 +01:00
clarencelol
819130673b sdm660-common: sepolicy: Fix some PowerHAL denials 
* Let powerhal reads and writes
* device_latency -> latency_device

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Rick Yiu
5183d7fb36 sdm660-common: sepolicy: Add permission to access proc_energy_aware file node 
Energy aware feature control is previously done through debugfs,
which will be deprecated, so move the control to sysctl. Added
permisson for it, and removed the one unused.

[    1.460128] audit: type=1400 audit(2753763.033:8): avc:  denied  { write } for  pid=537 comm="init" name="energy_aware" dev="proc" ino=21663 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

10-05 16:49:18.933   820   820 W NodeLooperThrea: type=1400 audit(0.0:1097): avc: denied { write } for name="energy_aware" dev="proc" ino=66567 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

10-05 17:00:15.726   822   822 W NodeLooperThrea: type=1400 audit(0.0:262): avc: denied { open } for path="/proc/sys/kernel/energy_aware" dev="proc" ino=51228 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

Bug: 141333728
Test: function works as expected
Change-Id: I2b4eda73bfa34824244e21d804b48eee49a71eae
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
DillerOFire
c825b9bdb8 sdm660-common: sepolicy: Allow kernel to create qipcrtr_socket 
* Fixes modem crashes in user build

Change-Id: I1f69408dd1e0289ccd9bb0a6a39ffcc0f289fabd
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
cede39d305 Revert "sdm660-common: sepolicy: Label sys.use_fifo_ui and address system_server vendor_video_prop denial" 
This reverts commit ee3fa3b300.
 2021-12-31 07:51:33 +01:00
pix106
653c608694 Revert "sdm660-common: sepolicy: Address many sys_admin and kill denials" 
This reverts commit d05ecaa812.
 2021-12-31 07:51:33 +01:00
pix106
87ec9f49d1 Revert "sdm660-common: sepolicy: dontaudit netutils_wrapper sys_admin denials" 
This reverts commit f475ccf892.
 2021-12-31 07:51:33 +01:00
pix106
4c65fc4ecf sdm660-common: sepolicy: Clean SEPolicy after LA.UM.10.2.1.r1-02700-sdm660.0 merge 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
b6cfa81507 sdm660-common: sepolicy: drop netmgrd vendor_data_qmipriod_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
clarencelol
ac362f97eb sdm660-common: sepolicy: Address denials 
* init: Unable to set property 'persist.vendor.data.shsusr_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed
* init: Unable to set property 'persist.vendor.data.offload_ko_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed
* init: Unable to set property 'persist.vendor.data.qmipriod_load' from uid:1001 gid:1001 pid:971: SELinux permission check failed

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
clarencelol
cdaf69248d sdm660-common: sepolicy: Address pixel powerstats rules 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
4dc2cf5d58 sdm660-common: sepolicy: Label some camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
4a43432067 sdm660-common: sepolicy: Address hal_camera_default diag_device denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
iamehsangh
509307f0ec sdm660-common: sepolicy: Fix Camera Denials 
W HwBinder: type=1400 audit(0.0:5750): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_video_prop:s0" dev="tmpfs" ino=17412 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_video_prop:s0 tclass=file permissive=0
E libc    : Access denied finding property "vendor.video.disable.ubwc"

W/CAM_cpp: type=1400 audit(0.0:5733): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=19517 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
E/libc    :Access denied finding property "ubwc.no.compression"

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
0525c2a968 sdm660-common: sepolicy: Adress vendor_init fingerprint denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Chitti Babu Theegala
c0b410af36 sdm660-common: sepolicy: adding proc-fs rw permission for hal_power_default 
Change-Id: Ib8c69ca6ca9de3d54f352520412f508dcb1af079
Signed-off-by: Ratoriku <a1063021545@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Wei Wang
ffc9445207 sdm660-common: sepolicy: Allow PowerHAL to change sched for ADPF 
Test: build
Bug: 177492680
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I71d4f6e2d160caad03243295003743f27b4e1736
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Jimmy Shiu
31a8b54659 sdm660-common: sepolicy: Allow PowerHAL to set sched 
system_server also creates UI sometimes.
Ex: ANR Dialog, the Pointer Location in developer options.

Bug: 194775170
Test: build and enable Pointer Location debug option
Merged-In: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Change-Id: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Rick Yiu
4668e4c349 sdm660-common: sepolicy: Grant hal_power_default cgroup read file permission 
It is a cross-platform need.

Bug: 176868402
Bug: 177780314
Test: build selinux_policy pass
Change-Id: If63b205921bd95d82c52e0193947ab8304c1e064
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
daniml3
96086b8408 sdm660-common: sepolicy: Solve radio denials 
Signed-off-by: daniml3 <danimoral1001@gmail.com>
Change-Id: I78db6c6a557c76b9f6b3cc8f983cdc70a2a09ce7
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Inseob Kim
57cca627b1 sdm660-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Ratoriku
a80975c3d7 sdm660-common: Switch to AIDL Light HAL 
Signed-off-by: Ratoriku <a1063021545@gmail.com>
Change-Id: I2618bcb81902688b9b9b975f612c653707787202
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Inseob Kim
abe3f86cf3 sdm660-common: sepolicy: Add contexts for exported telephony props 
To remove bad context names, two contexts are added.

- telephony_config_prop
- telephony_status_prop

exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.

Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Change-Id: Ica687a750af61f2d3386691ce6df220b180fb993
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Omar Hamad
825920e610 sdm660-common: sepolicy: unknown type exported_wifi_prop 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:32 +01:00
pix106
541f980ac2 sdm660-common: sepolicy: label compatible_all fpc1020 node 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
derfelot
db5bbd5642 sdm660-common: sepolicy: Allow vold to write mmcblk0 read_ahead_kb 
avc: denied { write } for name="read_ahead_kb" dev="sysfs" ino=51203 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_mmc_host:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
clarencelol
234a6cfeec sdm660-common: sepolicy: Address more denials 
* Fixed vibrate level in DeviceSettings

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-11-13 11:31:51 +01:00
pix106
f475ccf892 sdm660-common: sepolicy: dontaudit netutils_wrapper sys_admin denials 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
d05ecaa812 sdm660-common: sepolicy: Address many sys_admin and kill denials 
sdm660-common: sepolicy: Address qti_init_shell kill denial
avc: denied { kill } for comm="init.class_main" capability=5 scontext=u:r:qti_init_shell:s0 tcontext=u:r:qti_init_shell:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hal_power_default kill and sys_admin denial
avc: denied { sys_admin } for comm="android.hardwar" capability=21 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0
avc: denied { kill } for comm="android.hardwar" capability=5 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vdc sys_admin denial
avc: denied { sys_admin } for comm="vdc" capability=21 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vold_prepare_subdirs sys_admin denial
avc: denied { sys_admin } for comm="vold_prepare_su" capability=21 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address fsck sys_admin denial
avc: denied { sys_admin } for comm="e2fsck" capability=21 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0

sdm660-common: sepolicy: address toolbox sys_admin, kill denial
avc: denied { sys_admin } for comm="mkswap" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0
avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address ueventd kill and sys_admin denials
avc:  denied  { sys_admin } for  pid=460 comm="ueventd" capability=21  scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0
avc: denied { kill } for comm="ueventd" capability=5 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address irsc_util sys_admin denial
avc: denied { sys_admin } for comm="irsc_util" capability=21 scontext=u:r:irsc_util:s0 tcontext=u:r:irsc_util:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address rfs_access sys_admin denial
avc: denied { sys_admin } for comm="tftp_server" capability=21 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address rmt_storage sys_admin denial
avc: denied { sys_admin } for comm="rmt_storage" capability=21 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_pd_mapper sys_admin denial

sdm660-common: sepolicy: Address vendor_modprobe sys_admin denial
avc: denied { sys_admin } for comm="modprobe" capability=21 scontext=u:r:vendor_modprobe:s0 tcontext=u:r:vendor_modprobe:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address adbd sys_admin denial
avc: denied { sys_admin } for comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_dpmd sys_admin denial
avc: denied { sys_admin } for comm="dpmd" capability=21 scontext=u:r:vendor_dpmd:s0 tcontext=u:r:vendor_dpmd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address thermal-engine sys_admin denial
avc: denied { sys_admin } for comm="thermal-engine" capability=21 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address usbd sys_admin denial
avc: denied { sys_admin } for comm="usbd" capability=21 scontext=u:r:usbd:s0 tcontext=u:r:usbd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_msm_irqbalanced sys_admin denial
avc: denied { sys_admin } for comm="msm_irqbalance" capability=21 scontext=u:r:vendor_msm_irqbalanced:s0 tcontext=u:r:vendor_msm_irqbalanced:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hal_wifi_supplicant_default sys_admin denial
avc: denied { sys_admin } for comm="wpa_supplicant" capability=21 scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:hal_wifi_supplicant_default:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address boringssl_self_test sys_admin denial
avc:  denied  { sys_admin } for  pid=460 comm="boringssl_self_" capability=21  scontext=u:r:boringssl_self_test:s0 tcontext=u:r:boringssl_self_test:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_boringssl_self_test sys_admin denial
avc:  denied  { sys_admin } for  pid=462 comm="boringssl_self_" capability=21  scontext=u:r:vendor_boringssl_self_test:s0 tcontext=u:r:vendor_boringssl_self_test:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address linkerconfig sys_admin denial
avc:  denied  { sys_admin } for  pid=459 comm="linkerconfig" capability=21  scontext=u:r:linkerconfig:s0 tcontext=u:r:linkerconfig:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address fsverity_init sys_admin denial
avc: denied { sys_admin } for comm="fsverity_init" capability=21 scontext=u:r:fsverity_init:s0 tcontext=u:r:fsverity_init:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address migrate_legacy_obb_data sys_admin denial
avc: denied { sys_admin } for comm="migrate_legacy_" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="mkdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="touch" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rmdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="log" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hvdcp sys_admin denial
avc: denied { sys_admin } for comm="hvdcp_opti" capability=21 scontext=u:r:hvdcp:s0 tcontext=u:r:hvdcp:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address netmgrd sys_admin denial
avc: denied { sys_admin } for comm="netmgrd" capability=21 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address adbroot sys_admin denial
avc: denied { sys_admin } for comm="adb_root" capability=21 scontext=u:r:adbroot:s0 tcontext=u:r:adbroot:s0 tclass=capability permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
738dff294a sdm660-common: sepolicy: Address many denials 
sdm660-common: sepolicy: Address vendor_init persist_file read denial
avc: denied { read } for comm="init" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address tee persist_file read denial
avc: denied { read } for comm="qseecomd" name="persist" dev="mmcblk0p63" ino=47 scontext=u:r:tee:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address installd mnt_user_file denial
avc: denied { search } for comm="Binder:1018_6" name="0" dev="tmpfs" ino=5541 scontext=u:r:installd:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=0

sdm660-common: sepolicy: Address ssgtzd qipcrtr_socket denial

sdm660-common: sepolicy: Address platform_app denials
avc: denied { read } for comm="emui:screenshot" name="u:object_r:exported_audio_prop:s0" dev="tmpfs" ino=4254 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:exported_audio_prop:s0 tclass=file permissive=0 app=com.android.systemui

sdm660-common: sepolicy: Address init sysfs_graphics denial
avc: denied { read } for comm="init" name="device" dev="sysfs" ino=44569 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=lnk_file permissive=0

sdm660-common: sepolicy: Address system_app sysfs_graphics denials
avc: denied { write } for comm="settings.device" name="max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
avc: denied { open } for comm="settings.device" path="/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red/max_brightness" dev="sysfs" ino=44572 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address system_server sysfs_rtc denial
avc: denied { read } for comm="system_server" name="hctosys" dev="sysfs" ino=41512 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

sdm660-common: sepolicy: Address gmscore_app getattr denials
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/linkerconfig" dev="tmpfs" ino=3474 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/persist" dev="mmcblk0p63" ino=47 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/init" dev="mmcblk0p63" ino=28 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:init_exec:s0 tclass=lnk_file permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/metadata" dev="mmcblk0p63" ino=32 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/postinstall" dev="mmcblk0p63" ino=48 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware_mnt" dev="mmcblk0p58" ino=1 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for comm="CTION_IDLE_MODE" path="/vendor/firmware" dev="mmcblk0p64" ino=1216 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:vendor_firmware_file:s0 tclass=dir permissive=0 app=com.google.android.gms

sdm660-common: sepolicy: Address vendor_mutualex create denial
avc: denied { create } for comm="mutualex" scontext=u:r:vendor_mutualex:s0 tcontext=u:r:vendor_mutualex:s0 tclass=qipcrtr_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
ee3fa3b300 sdm660-common: sepolicy: Label sys.use_fifo_ui and address system_server vendor_video_prop denial 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
5499c4027c sdm660-common: sepolicy: Label rild.libpath 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
eee54d6e20 sdm660-common: sepolicy: Label some camera props 
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
58bbd5db55 sdm660-common: sepolicy: Label sysfs wakeup nodes 
avc: denied { read } for comm="Binder:514_1" name="event_count" dev="sysfs" ino=53144 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="max_time_ms" dev="sysfs" ino=53149 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="wakeup_count" dev="sysfs" ino=53145 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="total_time_ms" dev="sysfs" ino=53148 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="expire_count" dev="sysfs" ino=53146 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="active_count" dev="sysfs" ino=53143 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="last_change_ms" dev="sysfs" ino=53150 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="prevent_suspend_time_ms" dev="sysfs" ino=53151 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="name" dev="sysfs" ino=53142 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
avc: denied { read } for comm="Binder:514_1" name="active_time_ms" dev="sysfs" ino=53147 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
pix106
5de9bdae50 Revert "sdm660-common: sepolicy: Adjust sepolicy for qti thermal" 
This reverts commit 77c4792ac9.
 2021-11-13 11:31:51 +01:00
pix106
9d53e14cc8 sdm660-common: sepolicy: Remove netmgrd set_prop vendor_data_ko_prop 
* No need after sepolicy update from LA.UM.9.2.1.r1-07200-sdm660.0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
Anush02198
6d46319a55 sdm660-common: sepolicy: Remove some wakeup nodes 
* As we have merged LA.UM.9.2.1.r1-07000-sdm660.0 sepolicy tag to source this is handeld by source

Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
Sebastiano Barezzi
fa7fa65ffb sdm660-common: ir: Rebrand to Xiaomi SDM660 
Change-Id: I20146c0bc065a460f5a86455ed9a21abce5f9417
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-11-13 11:31:51 +01:00
ghostrider-reborn
79c64bc007 sdm660-common: Introduce kernelspace battery saver 
* Needs Kernel side support
 * This activates kernelspace battery saver via powerhal whenever
   battery saver is enabled in userspace, thereby lowering power
   consumption at kernel-level by disabling boosts and such

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Change-Id: I2623503db27d7518de519bcaa3f5af6ab83879d0
 2021-11-13 11:31:49 +01:00
OdSazib
b8c814713d
sdm660-common: DeviceSettings: Add earpiece gain 
- Requires kernel support

Signed-off-by: OdSazib <odsazib@gmail.com>
Change-Id: If28b4dff421cbba5f17cd2ccfab02f2aa616a9f8
 2021-07-22 13:21:03 +06:00
OdSazib
5351cc35f9
sdm66-common: sepolicy: Fix labeling sysfs nodes for K4.19 
- Address more denials and label some new nodes

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-07-16 15:56:07 +06:00
StyloGey
4ec9f92ace
sdm660-common: Update RIL from AOSPA 
- update radio from LA.UM.9.12.r1-10800-SMxx50.0
- update telephony from qcom-common-AOSPA

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-07-15 17:00:40 +06:00
OdSazib
0a263a5716
sdm660-common: sepolicy: Update sepolicy for 4.19 2021-07-13 11:56:43 +06:00
clarencelol
20efaf472b
sdm660-common: Switch to Thermal 2.0 mock 
* QTI Thermal couldn't read the temperature for some reason
 2021-06-15 21:48:17 +06:00
sairam1411
77c4792ac9
sdm660-common: sepolicy: Adjust sepolicy for qti thermal 
Change-Id: Ib8493f164f12614e6d0a7ea5bd060d05991822b8
 2021-06-15 17:32:47 +06:00
Wilson Chan
2880603f27
sdm660-common: power-libperfmgr: Add Flipendo powerhint 
- Add sepolicy for dex2oat powerhal props to vendor_power_prop

Test: boot and check powerhint parse logs
Test: enabled extreme battery saver and check scaling_max_freq

[clarencelol]: Adapt to sdm660 freq
 2021-06-15 17:32:47 +06:00
clarencelol
5ae45246d0
sdm660-common: power-libperfmgr: Add back audio hints 
* It works as intended

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-06-15 17:32:47 +06:00
clarencelol
7b3df1cb47
sdm660-common: sepolicy: Label wakeup nodes for 4.19 
- also resolve arbitrary sysfs paths for system_suspend
 2021-06-07 09:21:11 +06:00
Quallenauge
f9d71135ea
sdm660-common: sepolicy: Add swapper to kill 
Fixes:
W swapper/6: type=1400 audit(0.0:63): avc: denied { kill } for capability=5 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0

Change-Id: Ib3b5c2a173528cb9f63a4dd750634968c060f471
 2021-06-07 09:21:11 +06:00
Subhajeet Muhuri
1da7c15388
sdm660-common: /sys/devices/soc -> /sys/devices/platform/soc 
Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2021-06-07 09:21:11 +06:00
OdSazib
478a2b33b6
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) 
- Thanks to LineageOS and our sdm660 community

Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c
 2021-05-18 05:03:51 +06:00
OdSazib
ef00e5f20b
sdm660-common: DeviceSettings: Import in-app Dirac 
- Improve code with reference and split gain category

This reverts commits
- 471da74
- de7135d
- f6c011d

All credit goes to Stylog, this is just revert commits with few improvement

Co-authored-by: clarencelol <clarencekuiek@icloud.com>
 2021-04-10 02:24:09 +06:00
Sebastiano Barezzi
973fa8d111
sdm660-common: Fix some camera denials 
Change-Id: I172349433946883aa1035e91ab3ab703a96e7912
 2021-04-04 12:35:05 +06:00
OdSazib
6166317281
sdm660-common: Build power stats and label it 2021-03-15 12:21:09 +06:00
Subhajeet Muhuri
7c3beb85c9
sdm660-common: power-libperfmgr: Switch to AIDL Power HAL 
hardware/google/pixel/power-libperfmgr from android-11.0.0_r25

SQUASHED:
Revert all HIDL interface and nuke previous changes
Import Pixel libperfmgr AIDL Power HAL
Adapt and rebrand for xiaomi_sdm660
Remove Google-specific display LPM control
Remove Google-specific camera and audio hints
Remove VR hints handling
Remove audio hints handling
Remove dumpstate support
Initialize powerHAL when boot is completed
Add support for tap-to-wake feature control
Add sepolicy rules for power-libperfmgr
Enable power-libperfmgr

Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2021-03-10 12:37:27 +06:00
orgesified
373e2fc7e2
sdm660-common: sepolicy: Silence logspam 
Co-authored-by: Jarl-Penguin <jarlpenguin@outlook.com>
Change-Id: Iea2d0ec097c4e33a038ce05fba801364c2e8a381
 2021-03-07 01:51:46 +06:00
Jeferson
2632c4a4b8
sdm660-common: sepolicy: Adress system_server denials 
Change-Id: I7ec0ccc4004a7cf74988e7994ec981e064ba0412
 2021-03-07 01:49:33 +06:00
PIPIPIG233666
206f51bad0
sm660-common: Create socket for /dev/socket/audio_hw_socket 
Change-Id: If4c5b944efb8dde3093ccb7b8f1dca746a02e043
 2021-03-02 23:43:22 +06:00
Bruno Martins
a5de89d28b
sdm660-common: sepolicy: Add rules for older IMS blobs 
Since Android 10 blobs are being used, org.codeaurora.ims still runs
as phone UID as seen by these denials:

  m.android.phone: type=1400 audit(0.0:2914): avc: denied { read } for name="u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=13660 scontext=u:r:radio:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=0
  m.android.phone: type=1400 audit(0.0:473): avc: denied { call } for scontext=u:r:radio:s0 tcontext=u:r:hal_imsrtp:s0 tclass=binder permissive=0

Change-Id: Ic8c1b7996b9e0e7b63ba2a153441c9e8467a8a31
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
 2021-02-20 11:55:48 +06:00
Subhajeet Muhuri
7d8fc30985
sdm660-common: Kang more pixel power HAL sepolicy 
* Kanged from mata (with all available nodes on msm4.4)
 2021-02-20 11:55:25 +06:00
Chenyang Zhong
851d88070e
sdm660-common: create and symlink a dummy /metadata/apex 
Google moved apex sessions directory from /data/apex/sessions to
/metadata/apex/sessions after commit:

"Move apex sessions directory to /metadata"
36cf4bbac6

Devices with a mounted metadata partition will have the needed
directories set up by system/core/rootdir/init.rc. Xiaomi devices
on sm6125 do not have a metadata partition out of the box, so things
like "Google Play system update" will fail to install the update.

Therefore, create a dummy directory under /data/vendor/metadata_apex
and symlink it to /metadata/apex.

The reason why the old /data/apex/sessions directory is not used
for the symlink is that apexd will call migrateSessionsDirIfNeeded()
to recursively copy things from the old directory to the new one.
Creating the symlink from /data/apex/sessions may result in
unintended behaviors.

Signed-off-by: OdSazib <odsazib@gmail.com>
 2021-02-09 20:53:35 +06:00
OdSazib
2135c18643
sdm660-common: DeviceSettings: Drop userspace hall switcher 
* The sensor works as it is, hence not needed anymore
 2021-02-03 23:05:50 +06:00
Michael Bestas
0f110dcda2
sdm660-common: sepolicy: Resolve camera HAL denials 
Change-Id: I47490bfa19bfb6162d161ba0c5e9f48556ab6eff
 2021-01-21 03:26:33 +06:00
Jeff Vander Stoep
e48e418541
sdm660-common: sepolicy: camera HAL is a client of configstore 
Addresses:
avc:  denied  { find } for
interface=android.hardware.configstore::ISurfaceFlingerConfigs pid=817
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
tclass=hwservice_manager permissive=0

Bug: 65454046
Test: camera app
Change-Id: I84b92e5809b89b7f755322d485b92f5e7175a06a
 2021-01-21 03:26:33 +06:00
OdSazib
f2fa84055e
sdm660-common: sepolicy: Address more denials 2020-12-30 22:06:56 +06:00
OdSazib
f6cb7bb46a
sdm660-common: Nuke lineage livedisplay 
* Better version is already exist in device settings

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:05 +06:00
Subhajeet Muhuri
06dfda6946
sdm660-common: Add sepolicy rules for power-libperfmgr 
Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:05 +06:00
OdSazib
928c7ac4f5
sdm660-common: Remove qti IOP stack 
* Useless in EAS

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:04 +06:00
OdSazib
9a192b7de0
sdm660-common: sepolicy: Update sepolicy and cleanup 
* Address some denials from android 11
* Fix video recording
* Sort in alphabetic order

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-21 09:16:25 +06:00
Aayush Gupta
ad4a731b53
sdm660-common: Address init denials regarding socket_device 
[    9.346918] type=1400 audit(71454275.960:7): avc: denied { create } for comm="init" name="dpmwrapper" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Ref:
[0]: https://source.codeaurora.org/quic/la/device/qcom/sepolicy/commit/?h=LA.UM.9.2.1.r1-03800-sdm660.0&id=79488292273efa5ab89bc405a5f6ae4dec5d011d

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I262b06821c0625978b3685d0666bd2cf599fbf98
 2020-12-13 18:38:07 +06:00
Aayush Gupta
8c68646954
sdm660-common: Allow qti_init_shell to start & stop ril-daemon 
[    9.057234] type=1107 audit(71454275.676:6): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=ctl.stop$ril-daemon pid=1122 uid=0 gid=0 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:ctl_stop_prop:s0 tclass=property_service permissive=0'

Ref:
[0]: https://source.codeaurora.org/quic/la/device/qcom/sepolicy/commit/?h=LA.UM.9.2.1.r1-03800-sdm660.0&id=79488292273efa5ab89bc405a5f6ae4dec5d011d

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I5f062f8c6be56380b40a9428358c5f6c93dd71c8
 2020-12-13 18:38:07 +06:00
LuK1337
bb066620d8
sdm660-common: sepolicy: Address radio denials 
Change-Id: If37262e6be3d31f51dcd482db04ce647ecd57e4d
Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2020-12-13 18:38:07 +06:00
Aayush Gupta
2ccf864f31
sdm660-common: Address denials regarding to access sysfs_kgsl 
[   22.419451] type=1400 audit(1601312073.698:17): avc: denied { search } for comm="ImageWallpaper" name="kgsl-3d0" dev="sysfs" ino=29220 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:sysfs_kgsl:s0 tclass=dir permissive=0 app=com.android.systemui
[    9.476242] type=1400 audit(1601312065.534:13): avc: denied { search } for comm="BootAnimation" name="kgsl-3d0" dev="sysfs" ino=29220 scontext=u:r:bootanim:s0 tcontext=u:object_r:sysfs_kgsl:s0 tclass=dir permissive=0

Change-Id: I80c5de2d9687b3127922d5bc55c26461a797d0f9
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2020-12-13 18:38:07 +06:00
Nolen Johnson
0d7a7d4ef5
sdm660-common: Move rtc contexts to device/qcom/sepolicy 
* In device/qcom/sepolicy-legacy-um now.

Change-Id: I80b877d4b65a3d22cf7a61d70e08e48edeb627de
 2020-12-13 18:38:07 +06:00
nebrassy
7821f6dc80
sdm660-common: sepolicy: drop seapp_contexts 
now labeled in sepolicy-legacy-um

Change-Id: I284d16905a7e67c3d86f300ac9bf73fa1b9490fc
 2020-12-13 18:38:07 +06:00
OdSazib
f614ba1ce6
sdm660-common: Clean up sepolicy for Android 11 
checkpolicy:  error(s) encountered while parsing configuration

Changes in Android 11
* dpmd > vendor_dpmd
* persist_camera_prop > vendor_persist_camera_prop
* persist_dpm_prop > vendor_persist_dpm_prop

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-13 18:38:07 +06:00
LuK1337
510d313d4e
sdm660-common: sepolicy: Label /persist 
Change-Id: I471c0d1fedb51eabc32b54ab35a9823db8efd034
 2020-12-13 18:37:01 +06:00
OdSazib
9bd430ff9b
sdm660-common: XiaomiParts: Add Headphone & Mic Gain 
* This is manually ported by me from Lavender tree on Corvus-Devices
* Thanks @StyloGey for reviewing the java code and giving me a better solution
* Original repo: https://github.com/Corvus-Devices/device_xiaomi_lavender.git

To get it working, you need these two commits in your kernel:
> c04d6d6e61
> 8e25ac3318

Signed-off-by: OdSazib <odsazib@gmail.com>
Change-Id: I1bb48ced1f23728daa2e5170647ce08a04347110
 2020-10-19 11:36:06 +06:00
OdSazib
7580f5f636
sdm660-common: XiamiParts: Add FPS Info Overlay 
* Ported from: https://github.com/Corvus-Devices/device_xiaomi_lavender.git

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-10-19 11:36:06 +06:00
OdSazib
471da74c21
sdm660-common: XiaomiParts: Remove dirac completely 
* Fix XiaomiPart crash while using audio mod like v4a/dolby

Signed-off-by: odsazib <odsazib@gmail.com>
 2020-10-19 11:36:06 +06:00
OdSazib
dd14ca3e30
sdm660-common: Address denials for Livedisplay 
Signed-off-by: odsazib <odsazib@gmail.com>
 2020-10-19 11:36:06 +06:00
Max Weffers
f1b43abf23
sdm660-common: Add IOP Hal blobs from LA.UM.8.2.r1-06500-sdm660.0 
Change-Id: I86bf8623dab2b5a5295bbebc602587b2347fdaf6
 2020-08-12 02:11:34 +06:00
Max Weffers
a502a3904b
sdm660: sepolicy: Adjust sepolicy for new tap to wake nodes 2020-08-12 02:02:40 +06:00
Christian Oder
9a26ceac4c
sdm660-common: remove neverallow 
Change-Id: I3a6a7c7e6f95947eaf807a0e6d8ab19144a9cee5
 2020-08-12 02:02:38 +06:00
Max Weffers
b7b7fae1ef
sdm660-common: sepolicy: unbreak sepolicy for carbon 
Change-Id: Ie324b974ceb741c524abe7ba53cadb4c2b01219e
 2020-08-12 02:02:38 +06:00
Dušan Uverić
3476f16be6
sdm660-common: XiaomiParts: add notification LED brightness slider 
Signed-off-by: Dušan Uverić <dusan.uveric9@gmail.com>
Change-Id: I86851420cca27d34e36f8e385859c5be63545bba
 2020-08-12 02:02:38 +06:00
Max Weffers
b0fa4e9f51
sdm660-common: sepolicy: Adress few denials 
Change-Id: I45c7af8087a8495e4e7902d74f7811c2d40f5197
 2020-08-12 02:02:38 +06:00
dianlujitao
684521256a
sdm660-common: sepolicy: Label new TP node 
Change-Id: Id55db9b6614320650c8c61e698f71ddc9f04d086
 2020-08-12 02:02:38 +06:00
erfanoabdi
7a514dc86e
sdm660-common: sepolicy: Label Video prop 
Change-Id: Id66a71d45ac8dc5a635bc0e208b45423bd9125e6
 2020-08-12 02:02:38 +06:00
dianlujitao
8d789ade9f
sdm660-common: sepolicy: Clean up sepolicy rules 
Change-Id: I9d7312e6aaafdde2c0751f4887f05d8d5029ee04
 2020-08-12 02:02:38 +06:00
Max Weffers
eb97b49f0c
sdm660-common: Address SELiunx denials and clean up 
Change-Id: I997a268c9ce23eab80f1981293720e17d21bbb7a
 2020-08-12 02:02:38 +06:00
Max Weffers
880ca53df2
sdm660-common: sepolicy: Address some denials 
Change-Id: Iaba642838e51a2c39c2961e30456148f9794f60e
 2020-08-12 02:02:38 +06:00
dianlujitao
06e3d383a2
sdm660-common: sepolicy: Label button backlight nodes 
Change-Id: I594a07fc3e68f1b50f181c4b254811814990c599
 2020-08-12 02:02:38 +06:00
dianlujitao
55f4d4eb18
sdm660-common: sepolicy: Drop unused sysfs_light 
Change-Id: I62bfac69bdcebaf7d484bbc39ea4e16f8beb8e6b
 2020-08-12 02:02:38 +06:00
dianlujitao
f735b1ab0c
sdm660-common: sepolicy: Label IR dev node for jason 
Change-Id: I7ba6af074485509a501f656587379fb0ba5b07d3
 2020-08-12 02:02:37 +06:00
Davide Garberi
4461490e45
sdm660-common: sepolicy: Label renamed white led node 
Change-Id: Ia7c3c47efb628f851dd377b2e09b6f8e150013e3
 2020-08-12 02:02:37 +06:00
Max Weffers
903525f9b0
sdm660: sepolicy: Allow vendor init to set few props 
Change-Id: I0b2574b0e2f5f9b84df1db9ea7386522361a2864
 2020-08-12 02:02:37 +06:00
Soul Trace
9b5bf8c210
ipacm: Fix WLAN tethering offload 
Fix reboot after 120 seconds on WLAN tethering enable.
Fix "target device is connected but no internet" issue.

Move ipacm-related sections from rootdir/etc/init.qcom.rc to data-ipa-cfg-mgr/ipacm/src/ipacm.rc
Make ipacm.rc look like vendor/qcom/opensource/data-ipa-cfg-mgr/ipacm/src/ipacm.rc but add
writepid /dev/cpuset/system-background/tasks to the service definition.
This let ipacm start after data decryption (it got killed on data decrypt and not respawned,
because was disabled).
This fixes following errors:
04-01 14:35:57.525   591 17586 W libc    : Unable to set property "ctl.interface_start" to "android.hardware.tetheroffload.config@1.0::IOffloadConfig/default": error code: 0x20
04-01 14:35:57.526  2665  3190 I ServiceManagement: getService: Trying again for android.hardware.tetheroffload.config@1.0::IOffloadConfig/default...
04-01 14:35:57.526   591 17586 E hwservicemanager: Failed to set property for starting android.hardware.tetheroffload.config@1.0::IOffloadConfig/default

Set wifi.active.interface context to exported_wifi_prop and allow hal_wifi_default to set it.
I don't know why context definition was not embedded to the contexts file, but now it is.
This fixes following errors:
[163263.846522] selinux: avc:  denied  { set } for property=wifi.active.interface pid=2733 uid=1010 gid=1010 scontext=u:r:hal_wifi_default:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=0

Change-Id: I735e7d8d8d07b9545ef16a6baa35a13aba3cd116
 2020-08-12 02:02:37 +06:00
Max Weffers
599a611dd8
sdm660: sepolicy: Grant Vendor Toolbox fingerprint file acces in persist 
Change-Id: I16afcc9bf2f822d741470ca5b741a4b283196575
 2020-08-12 02:02:37 +06:00
dianlujitao
6df111fbc1
sdm660-common: sepolicy: Adjust for lavender dt2w node 
Signed-off-by: Sebita <kjjjnob.seba@gmail.com>
Change-Id: If08946adbf5c2fa619178b3f15ae0635bacdf8a8
 2020-03-10 09:41:52 +01:00
LuK1337
2eb56727c3
sdm660-common: sepolicy: Add more /persist related contexts to toolbox rules 
Change-Id: If9b28d1196eb352422e5acb0a570f2e005c2dcdf
 2020-03-10 09:39:56 +01:00
LuK1337
1e7b6a0417
sdm660-common: sepolicy: Drop unnecessary rule 
* This is already granted through init_daemon_domain(domain).

Change-Id: I6c2f1b3e267256da958b40af5014972785617cbe
 2020-03-10 09:39:56 +01:00
Felix
ac571ee966
sdm660-common: Force restorecon for /mnt/vendor/persist 
The restorecon_recursive directive in init is only applied if the
file_contexts file changed between builds, but not necessarily if any
file or folder inside /mnt/vendor/persist/ has changed.

The restorecon code checks whether an xattr named
"security.sehash" contains a string that matches the current
combined hashes of the SELinux context files and skips restoring labels
if there is a match, see
https://android.googlesource.com/platform/external/selinux/+/refs/tags/android-9.0.0_r35/libselinux/src/android/android_platform.c#1546

Force wiping that xattr so that restorecon always runs since it's not
very expensive (there are currently only about 50 files on /persist).

The restorecon is needed to fix issues such as wrong stock labels on
/mnt/vendor/persist/sensors/:
sensors_persist_file -> persist_sensors_file

Change-Id: Ic0cd848836ee550499d9236f56ed6e939e35f01e
 2020-03-10 09:39:45 +01:00
Ethan Chen
89f5d20ec4
sdm660-common: Allow init to relabel persist link file 
Change-Id: I7872b8455a66e45826d86e0bb71faa1f28a2c7a3
 2020-02-27 17:01:34 +01:00
AmulyaX
f9e999cb0f
sdm660-common: Address QtiExtendedFP denial 
Signed-off-by: AmulyaX <amulya.b520@gmail.com>
 2020-01-31 16:42:36 +01:00
AmulyaX
0f03dbd079
sdm660-common: Address camera hal denial 
Signed-off-by: AmulyaX <amulya.b520@gmail.com>
 2020-01-31 16:42:28 +01:00
Max Weffers
3c13d5743f
sdm660-common: sepolicy: Add sysfs Label for Platinas Fpc Fingerprint 
Change-Id: I7423f84d6142b43818dfd2aa24ca935e6188c32f
 2020-01-28 16:59:14 +01:00
LuK1337
987436f592
sdm660-common: sepolicy: Address time_daemon denials 
Change-Id: I83947a673ed19cfc20c130fb133d1957aa44d284
 2020-01-13 22:08:51 +01:00
PIPIPIG233666
bae9198c4e
sdm660-common: Address fp denials 
Change-Id: Ie2abb5480d3442e5f64d532561ce657362f9f081
 2020-01-06 21:06:22 +01:00
PIPIPIG233666
9c6a56cef6
sdm660-common: Address thermal-engine denials 
Change-Id: I7d824f1066638ec6e73ae80093737b380436ba80
 2020-01-06 21:06:22 +01:00
Michael Bestas
7e257d0aea
sdm660-common: sepolicy: Silence harmless QCOM denials 
Change-Id: Iad1e2c0e654a4a46da76a57ece63dc4f35761d50
 2020-01-06 21:06:21 +01:00
Sebita
7f874140c7
sdm660-common: sepolicy: Label node for lavender dt2w 
Signed-off-by: Sebita <kjjjnob.seba@gmail.com>
Change-Id: I3df604f9025a3517d19468e8fffc750dbfe479ba
 2020-01-06 10:56:13 +01:00
Max Weffers
5d39827818
sdm660: parts: Rename hall prop to folio_daemon prop 
*needed to prevent neverallow in user builds
 2020-01-04 09:37:09 +01:00
Max Weffers
6bbcfb4c1d
sdm660: sepolicy: fix denials while fingerprint enrollment 2019-12-30 23:00:40 +01:00
Max Weffers
946a233a4b
sdm660: sepolicy: Add AuthSecret HAL service 2019-12-23 08:59:25 +01:00
Stylogey
25dadea83b
sdm660-common: XiaomiParts: Start folio_daemon only if a prop is set 2019-12-13 16:57:53 +01:00
Michael Bestas
559890d4f6
sdm660-common: sepolicy: Remove deprecated power HAL stats policies 2019-12-07 18:49:55 +01:00
Michael Bestas
f12fb26fcd
sdm660-common: sepolicy: Allow power off alarm app to set cpuset 
* P blob compatibility

Change-Id: I3b8c58ab917dcbf2f142729feb5e6f6adcfc9fdd
 2019-12-02 07:57:05 +01:00
Michael Bestas
ec75167d10
sdm660-common: sepolicy: Allow rmt_storage access sysfs_ssr 
* P blob compatibility

Change-Id: Ib88c81c8cb4a19c7afd322cfef9b812c2f029a34
 2019-12-02 07:57:05 +01:00
LuK1337
348b308650
sdm660-common: sepolicy: Address time_daemon denials 
Change-Id: I83947a673ed19cfc20c130fb133d1957aa44d284
 2019-12-02 07:56:49 +01:00
Michael Bestas
4f0e9000c9
sdm660-common: Build vendor variant of tinymix 
* Avoid SELinux neverallows, vendor services should use vendor tools

Change-Id: I2a97658db9a31dd0403f1b62386db2987bd9749c
 2019-12-01 10:27:53 +01:00
Jeff Vander Stoep
c145e57b0f
sdm660: Move folio_daemon to system in sepolicy 
Remove Treble violations.

Bug: 36867326
Bug: 62387246
Test: loaded on taimen, checked dmesg, and tested daemon with magnet
Change-Id: I4662b41206b94cae6ac9843b5dc7e1452003c63c
 2019-10-19 20:50:52 +02:00
Jeff Vander Stoep
494ee17d12
sdm660: Add folio_daemon in sepolicy 2019-10-19 16:29:57 +02:00
Andrew Lehmer
f08faed4c3
sdm660: Add support for folio cases 
Bug: 35243564
Test: Used magnet to wake and lock device. Also tested during suspend.
Change-Id: I4b819e12cc23a3d7a8ce048e208c15eac4f8d6c5
 2019-10-19 16:29:57 +02:00
dianlujitao
9cea8c75c9
sdm660-common: Set sys.post_boot.parsed on vendor.post_boot.parsed changed 
Change-Id: Ibb924cd28408d9688e18d64b5b22ab10f1fc5227
 2019-10-15 16:31:29 +02:00
Max Weffers
f3b7c8bb63
sdm660: sepolicy: Start Q Bringup 2019-10-01 14:24:08 +02:00
Volodymyr Zhdanov
850c987c27
sdm660-common: remove input devices policies 
* it's already fixed in system/sepolicy

Change-Id: If1bf165092df71cdc85a7a9118feb257e2bed350
 2019-10-01 14:24:07 +02:00
Volodymyr Zhdanov
dfd6d14563
sdm660-common: sepolicy: add firmware labels 
* Q sepolicy doesn't have labels for these root folders anymore

Change-Id: Ibc1f13968eb4de0868de149f1347ca07da1c581c
 2019-09-27 17:27:20 +02:00
Max Weffers
8d090cc4db
sdm660-common: sepolicy: fix Camera denials for access camera data 
* needed for clover oreo blobs
 2019-08-20 23:11:46 +02:00
Hexdecimal16
aefda184e2
sdm660-common: sepolicy: address vibrator denial 2019-08-20 10:39:43 +02:00
Max Weffers
fab35d3231
sdm660-common: sepolicy: Grant XiaomiParts access to thermal file 2019-08-20 10:39:43 +02:00
Henrique Silva
88f57be2a9
sdm660-common: dirac: Address denials 
Signed-off-by: Harsh Shandilya <msfjarvis@gmail.com>
 2019-08-20 10:39:43 +02:00
Max Weffers
e20f8804d6
sdm660-common: Adress denials for Hall Switch 2019-08-20 10:39:43 +02:00
SagarMakhar
409cd433a0
sdm660-common: Add sepolicy for kcal 
Signed-off-by: bablusss <baaswanthmadhav@gmail.com>
 2019-08-20 10:39:43 +02:00
Max Weffers
15ec448fb0
sdm660: sepolicy: Fix denial for smart charging 2019-08-20 10:39:43 +02:00
TheScarastic
71abd10485
sdm660-common: Add sepolicy rule for goodix script 
Change-Id: Ic8b7dba6a5660c17f5db1c743e5d22f31ae1b1b3
 2019-08-15 15:31:17 +02:00
Max Weffers
5bf9fe7f2c
sdm660-common: sepolicy: Grant power hal permission for dt2w 2019-08-15 15:31:17 +02:00
Max Weffers
782a520d58
sdm660: sepolicy: Fix more system_server denials 2019-08-15 15:31:17 +02:00
Max Weffers
6086052825
sdm660: sepolicy: Let fingerprint Hal setup properties 2019-08-15 15:31:17 +02:00
Max Weffers
4278ca6cf6
sdm660: sepolicy: Address rild denials 2019-08-15 15:31:17 +02:00
Max Weffers
7b049283ea
sdm660: sepolicy: Allow vendor_init to set props 2019-08-15 15:31:17 +02:00
Max Weffers
187b868fcc
sdm660: Add Hardware Info permssions and sepolicy rules 2019-08-15 15:31:17 +02:00
Max Weffers
1e1cbb13c4
sdm660-common: libinit: Set device specific changes via libinit 
Change-Id: I9a2dea3291b76d185d9ecda524a4234b6ed25412
 2019-08-15 15:31:07 +02:00
Ethan Chen
c0e0aee3a4
sdm660-common: Add basic USB HAL that reports no status change 
Change-Id: I6d130d324753c03ac514c4500c5764bfa46941dc
Signed-off-by: SakilMondal <mondalsakil@gmail.com>
 2019-08-15 15:27:20 +02:00
Artem Borisov
06d687c9db
sdm660-common: sepolicy: Resolve init_fingerprint denials 
Change-Id: Id82f4c6440aeed6a7be6182792c40513102c9f28
Signed-off-by: Akhil Narang <akhilnarang.1999@gmail.com>
 2019-08-14 10:04:14 +02:00
dianlujitao
50ae11d634
sdm660-common: sepolicy: Label RTC sysfs node 
Change-Id: I637df23926d307de028eb30e523ebb8e92ed2b43
 2019-08-14 10:04:14 +02:00
Subhajeet Muhuri
91a80aa4cc
sdm660-common: sepolicy: Address webview_zygote denials 2019-08-14 10:04:14 +02:00
Subhajeet Muhuri
84cbc85b66
sdm660-common: sepolicy: Label fingeprints extension 2019-08-14 10:04:14 +02:00
Subhajeet Muhuri
3dc8126a30
sdm660-common: sepolicy: Label battery_supply sysfs for hvdcp 2019-08-14 10:04:14 +02:00
GuaiYiHu
03a676c21c
sdm660-common: sepolicy: Clean up fingerprint sepolicy 
Change-Id: I19f90ba121ca79ea9e676d066ea857ea6ab7a385
 2019-08-14 10:04:14 +02:00
Henrique Silva
1de7f3c202
sdm660-common: sepolicy: Address debugfs_wlan denials 
Signed-off-by: Akhil Narang <akhilnarang.1999@gmail.com>
Signed-off-by: Subhajeet Muhuri <kenny3fcb@gmail.com>
 2019-08-14 10:04:14 +02:00
Subhajeet Muhuri
4c7cba649a
sdm660-common: sepolicy: Dontaudit few qti_init_shell neverallows 2019-08-14 10:04:14 +02:00
Subhajeet Muhuri
0e89ed5c61
sdm660-common: sepolicy: Address more vendor_init denials 2019-08-14 10:04:14 +02:00
Tom Cherry
f3aa8e3d2b
sdm660-common: sepolicy: Add restricted permissions to vendor_init 
The core SEPolicy for vendor_init is being restricted to the proper
Treble restrictions.  Since this is a legacy device, it is tagged as a
data_between_core_and_vendor_violators and the needed permissions are
added to its device specific vendor_init.te

Bug: 62875318
Test: boot walleye without audits
Change-Id: I13aaa2278e71092d740216d3978dc720afafe8ea
Signed-off-by: Subhajeet Muhuri <kenny3fcb@gmail.com>
 2019-08-14 10:04:13 +02:00
GuaiYiHu
36ef559156
sdm660-common: sepolicy: Lable gpu.stats.debug.level 
Change-Id: I01e010a33a52abc42c9da3977503fabcb7c30455
 2019-08-14 10:04:13 +02:00
GuaiYiHu
10c35314f7
sdm660-common: sepolicy: Label thermal-engine props 
Change-Id: I1bf975bd6f20e56bfb4ff558d2a55f7304ceec6f
 2019-08-14 10:04:13 +02:00
GuaiYiHu
d2ce22775d
sdm660-common: sepolicy: Address camera denials 
Change-Id: I052adadca396fb104af49daec1d83047d0809416
 2019-08-14 10:04:13 +02:00
GuaiYiHu
1ee97f41fc
sdm660-common: sepolicy: Clean up sepolicy 
Change-Id: I19f90ba121ca79ea9e676d066ea857ea6ab7a385
 2019-08-14 10:04:13 +02:00
GuaiYiHu
05085a02e2
sdm660: sepolicy: Address denials 
Change-Id: I8fad5d60ca066b758c526f2027985b63662180cc
 2019-08-14 10:04:13 +02:00
Max Weffers
cb1b743b8d
sdm660-common: Transform into common sdm660 tree 2019-08-14 10:04:10 +02:00
Dan Cashman
b1f434c446
wayne-common: Add BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIR 
Move vendor policy to vendor and add a place for system extensions.
Also add such an extension: a labeling of the qti.ims.ext service.

Bug: 38151691
Bug: 62041272
Test: Policy binary identical before and after, except plat_service_contexts
has new service added.
Change-Id: Ie4e8527649787dcf2391b326daa80cf1c9bd9d2f

Change-Id: I1493c4c8876c4446a1de46b39942098bf49c79f8
 2019-08-14 10:04:10 +02:00