android_device_xiaomi_sdm660-common

MiPad4/android_device_xiaomi_sdm660-common

Author	SHA1	Message	Date
Chenyang Zhong	d64b0b54a9	sdm660-common: sepolicy: Address init denial Change-Id: Id0d0c88bbedde6b6586e3a6f04704457d910d8a0 Signed-off-by: pix106 <sbordenave@gmail.com>	2022-02-16 20:58:05 +01:00
pix106	653c608694	Revert "sdm660-common: sepolicy: Address many sys_admin and kill denials" This reverts commit `d05ecaa812`.	2021-12-31 07:51:33 +01:00
pix106	d05ecaa812	sdm660-common: sepolicy: Address many sys_admin and kill denials sdm660-common: sepolicy: Address qti_init_shell kill denial avc: denied { kill } for comm="init.class_main" capability=5 scontext=u:r:qti_init_shell:s0 tcontext=u:r:qti_init_shell:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address hal_power_default kill and sys_admin denial avc: denied { sys_admin } for comm="android.hardwar" capability=21 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 avc: denied { kill } for comm="android.hardwar" capability=5 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vdc sys_admin denial avc: denied { sys_admin } for comm="vdc" capability=21 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vold_prepare_subdirs sys_admin denial avc: denied { sys_admin } for comm="vold_prepare_su" capability=21 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address fsck sys_admin denial avc: denied { sys_admin } for comm="e2fsck" capability=21 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 sdm660-common: sepolicy: address toolbox sys_admin, kill denial avc: denied { sys_admin } for comm="mkswap" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0 avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address ueventd kill and sys_admin denials avc: denied { sys_admin } for pid=460 comm="ueventd" capability=21 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0 avc: denied { kill } for comm="ueventd" capability=5 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address irsc_util sys_admin denial avc: denied { sys_admin } for comm="irsc_util" capability=21 scontext=u:r:irsc_util:s0 tcontext=u:r:irsc_util:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address rfs_access sys_admin denial avc: denied { sys_admin } for comm="tftp_server" capability=21 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address rmt_storage sys_admin denial avc: denied { sys_admin } for comm="rmt_storage" capability=21 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vendor_pd_mapper sys_admin denial sdm660-common: sepolicy: Address vendor_modprobe sys_admin denial avc: denied { sys_admin } for comm="modprobe" capability=21 scontext=u:r:vendor_modprobe:s0 tcontext=u:r:vendor_modprobe:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address adbd sys_admin denial avc: denied { sys_admin } for comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vendor_dpmd sys_admin denial avc: denied { sys_admin } for comm="dpmd" capability=21 scontext=u:r:vendor_dpmd:s0 tcontext=u:r:vendor_dpmd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address thermal-engine sys_admin denial avc: denied { sys_admin } for comm="thermal-engine" capability=21 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address usbd sys_admin denial avc: denied { sys_admin } for comm="usbd" capability=21 scontext=u:r:usbd:s0 tcontext=u:r:usbd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vendor_msm_irqbalanced sys_admin denial avc: denied { sys_admin } for comm="msm_irqbalance" capability=21 scontext=u:r:vendor_msm_irqbalanced:s0 tcontext=u:r:vendor_msm_irqbalanced:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address hal_wifi_supplicant_default sys_admin denial avc: denied { sys_admin } for comm="wpa_supplicant" capability=21 scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:hal_wifi_supplicant_default:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address boringssl_self_test sys_admin denial avc: denied { sys_admin } for pid=460 comm="boringssl_self_" capability=21 scontext=u:r:boringssl_self_test:s0 tcontext=u:r:boringssl_self_test:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vendor_boringssl_self_test sys_admin denial avc: denied { sys_admin } for pid=462 comm="boringssl_self_" capability=21 scontext=u:r:vendor_boringssl_self_test:s0 tcontext=u:r:vendor_boringssl_self_test:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address linkerconfig sys_admin denial avc: denied { sys_admin } for pid=459 comm="linkerconfig" capability=21 scontext=u:r:linkerconfig:s0 tcontext=u:r:linkerconfig:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address fsverity_init sys_admin denial avc: denied { sys_admin } for comm="fsverity_init" capability=21 scontext=u:r:fsverity_init:s0 tcontext=u:r:fsverity_init:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address migrate_legacy_obb_data sys_admin denial avc: denied { sys_admin } for comm="migrate_legacy_" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="mkdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="touch" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="rmdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="log" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address hvdcp sys_admin denial avc: denied { sys_admin } for comm="hvdcp_opti" capability=21 scontext=u:r:hvdcp:s0 tcontext=u:r:hvdcp:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address netmgrd sys_admin denial avc: denied { sys_admin } for comm="netmgrd" capability=21 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address adbroot sys_admin denial avc: denied { sys_admin } for comm="adb_root" capability=21 scontext=u:r:adbroot:s0 tcontext=u:r:adbroot:s0 tclass=capability permissive=0 Signed-off-by: pix106 <sbordenave@gmail.com>	2021-11-13 11:31:51 +01:00
raiyanbinmohsin	d995aabb68	Revert "sdm660-common: Awaken-ify" This reverts commit `635c08ae00`. * also drop awaken ota sepolicy	2021-11-13 11:31:51 +01:00
OdSazib	5351cc35f9	sdm66-common: sepolicy: Fix labeling sysfs nodes for K4.19 - Address more denials and label some new nodes Signed-off-by: OdSazib <odsazib@gmail.com>	2021-07-16 15:56:07 +06:00
OdSazib	0a263a5716	sdm660-common: sepolicy: Update sepolicy for 4.19	2021-07-13 11:56:43 +06:00
clarencelol	7b3df1cb47	sdm660-common: sepolicy: Label wakeup nodes for 4.19 - also resolve arbitrary sysfs paths for system_suspend	2021-06-07 09:21:11 +06:00
OdSazib	478a2b33b6	sdm660-common: sepolicy: Rework sepolicy (No more neverallow) - Thanks to LineageOS and our sdm660 community Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c	2021-05-18 05:03:51 +06:00
OdSazib	1edf16f04c	sdm660-common: apex: Symlink metadata to existing sessions * Better we do this instead of creating extra dir	2021-02-16 18:50:35 +06:00
Chenyang Zhong	851d88070e	sdm660-common: create and symlink a dummy /metadata/apex Google moved apex sessions directory from /data/apex/sessions to /metadata/apex/sessions after commit: "Move apex sessions directory to /metadata" `36cf4bbac6` Devices with a mounted metadata partition will have the needed directories set up by system/core/rootdir/init.rc. Xiaomi devices on sm6125 do not have a metadata partition out of the box, so things like "Google Play system update" will fail to install the update. Therefore, create a dummy directory under /data/vendor/metadata_apex and symlink it to /metadata/apex. The reason why the old /data/apex/sessions directory is not used for the symlink is that apexd will call migrateSessionsDirIfNeeded() to recursively copy things from the old directory to the new one. Creating the symlink from /data/apex/sessions may result in unintended behaviors. Signed-off-by: OdSazib <odsazib@gmail.com>	2021-02-09 20:53:35 +06:00
OdSazib	2135c18643	sdm660-common: DeviceSettings: Drop userspace hall switcher * The sensor works as it is, hence not needed anymore	2021-02-03 23:05:50 +06:00
OdSazib	dd30ca9b1e	sdm660-common: sepolicy: Allow ota updater to access package file	2021-01-27 20:41:45 +06:00
OdSazib	9492d1fa58	sdm660-common: Use stock poweroff charging animation * It's best animation out there with battery level This reverts commit `9271fec5a4`. Signed-off-by: OdSazib <odsazib@gmail.com>	2020-12-21 09:19:25 +06:00
OdSazib	9a192b7de0	sdm660-common: sepolicy: Update sepolicy and cleanup * Address some denials from android 11 * Fix video recording * Sort in alphabetic order Signed-off-by: OdSazib <odsazib@gmail.com>	2020-12-21 09:16:25 +06:00
OdSazib	f614ba1ce6	sdm660-common: Clean up sepolicy for Android 11 checkpolicy: error(s) encountered while parsing configuration Changes in Android 11 * dpmd > vendor_dpmd * persist_camera_prop > vendor_persist_camera_prop * persist_dpm_prop > vendor_persist_dpm_prop Signed-off-by: OdSazib <odsazib@gmail.com>	2020-12-13 18:38:07 +06:00
Michael Bestas	5fcfc725ef	sdm660-common: sepolicy: Allow dpmd set ctl_stop_prop Change-Id: Id24b6370e907cc153b07383c65416aa9226e65a8	2020-08-12 02:11:34 +06:00
chandra chaganti	691a8c6843	sdm660-common: sepolicy: allow appdomain to get persist_camera_prop * E libc : Access denied finding property "vendor.camera.aux.packagelist" Change-Id: I06feb5bd6a2321880065585395101c349c741909	2020-01-28 16:59:19 +01:00
dianlujitao	e427647713	sdm660-common: sepolicy: Label vendor.camera.aux.packageblacklist Change-Id: I07b82e0ba4a8e16faf67c64e0ffe73a690b38064 Signed-off-by: Sebita <kjjjnob.seba@gmail.com>	2020-01-06 10:50:34 +01:00
Nick Kralevich	160b13b9df	sdm660: folio_daemon: Add system_file_type in sepolicy This file resides on /system, so must be annotated with the system_file_type attribute. Test: Policy compiles. Change-Id: Ic834caefe1417465ac842ddce909e968511f45b2	2019-10-19 20:51:10 +02:00
Jeff Vander Stoep	c145e57b0f	sdm660: Move folio_daemon to system in sepolicy Remove Treble violations. Bug: 36867326 Bug: 62387246 Test: loaded on taimen, checked dmesg, and tested daemon with magnet Change-Id: I4662b41206b94cae6ac9843b5dc7e1452003c63c	2019-10-19 20:50:52 +02:00
Kevin F. Haggerty	d34b30b2e6	sdm660-common: Allow dnsmasq to getattr netd unix_stream_socket * Noted upon starting wifi tether * avc: denied { getattr } for path="socket:[11154]" dev="sockfs" ino=11154 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket permissive=0 Change-Id: I98afc740fda3eb87a627abc414525b05f6877e33	2019-08-15 15:31:32 +02:00
Max Weffers	20f13a6298	sdm660: sepolicy: Label sys.listeners.registered as tee_listener_prop	2019-08-15 15:31:17 +02:00
GuaiYiHu	05085a02e2	sdm660: sepolicy: Address denials Change-Id: I8fad5d60ca066b758c526f2027985b63662180cc	2019-08-14 10:04:13 +02:00

23 commits