MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4377 commits 1 branch 0 tags 12 MiB
Commit graph

24 commits

Author SHA1 Message Date
Rick Yiu
e279964f3c sdm660-common: sepolicy: Add permission to access proc_energy_aware file node 
This reverts commit 2c07bbc96e.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-10-11 08:47:30 +02:00
pix106
9188e83cbd sdm660-common: sepolicy: drop and dontaudit kill and sys_admin permissions. 2022-09-12 22:41:46 +02:00
pix106
2c07bbc96e Revert "sdm660-common: sepolicy: Add permission to access proc_energy_aware file node" 
This reverts commit 15d2b27649b63a2c3fde9a0a1db4f41d733e3c13.

Signed-off-by: pix106 <sbordenave@gmail.com>
 2022-02-16 20:55:38 +01:00
clarencelol
819130673b sdm660-common: sepolicy: Fix some PowerHAL denials 
* Let powerhal reads and writes
* device_latency -> latency_device

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Rick Yiu
5183d7fb36 sdm660-common: sepolicy: Add permission to access proc_energy_aware file node 
Energy aware feature control is previously done through debugfs,
which will be deprecated, so move the control to sysctl. Added
permisson for it, and removed the one unused.

[    1.460128] audit: type=1400 audit(2753763.033:8): avc:  denied  { write } for  pid=537 comm="init" name="energy_aware" dev="proc" ino=21663 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

10-05 16:49:18.933   820   820 W NodeLooperThrea: type=1400 audit(0.0:1097): avc: denied { write } for name="energy_aware" dev="proc" ino=66567 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

10-05 17:00:15.726   822   822 W NodeLooperThrea: type=1400 audit(0.0:262): avc: denied { open } for path="/proc/sys/kernel/energy_aware" dev="proc" ino=51228 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

Bug: 141333728
Test: function works as expected
Change-Id: I2b4eda73bfa34824244e21d804b48eee49a71eae
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
653c608694 Revert "sdm660-common: sepolicy: Address many sys_admin and kill denials" 
This reverts commit d05ecaa812.
 2021-12-31 07:51:33 +01:00
Chitti Babu Theegala
c0b410af36 sdm660-common: sepolicy: adding proc-fs rw permission for hal_power_default 
Change-Id: Ib8c69ca6ca9de3d54f352520412f508dcb1af079
Signed-off-by: Ratoriku <a1063021545@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Wei Wang
ffc9445207 sdm660-common: sepolicy: Allow PowerHAL to change sched for ADPF 
Test: build
Bug: 177492680
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I71d4f6e2d160caad03243295003743f27b4e1736
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Jimmy Shiu
31a8b54659 sdm660-common: sepolicy: Allow PowerHAL to set sched 
system_server also creates UI sometimes.
Ex: ANR Dialog, the Pointer Location in developer options.

Bug: 194775170
Test: build and enable Pointer Location debug option
Merged-In: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Change-Id: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
Rick Yiu
4668e4c349 sdm660-common: sepolicy: Grant hal_power_default cgroup read file permission 
It is a cross-platform need.

Bug: 176868402
Bug: 177780314
Test: build selinux_policy pass
Change-Id: If63b205921bd95d82c52e0193947ab8304c1e064
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-12-31 07:51:33 +01:00
pix106
d05ecaa812 sdm660-common: sepolicy: Address many sys_admin and kill denials 
sdm660-common: sepolicy: Address qti_init_shell kill denial
avc: denied { kill } for comm="init.class_main" capability=5 scontext=u:r:qti_init_shell:s0 tcontext=u:r:qti_init_shell:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hal_power_default kill and sys_admin denial
avc: denied { sys_admin } for comm="android.hardwar" capability=21 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0
avc: denied { kill } for comm="android.hardwar" capability=5 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vdc sys_admin denial
avc: denied { sys_admin } for comm="vdc" capability=21 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vold_prepare_subdirs sys_admin denial
avc: denied { sys_admin } for comm="vold_prepare_su" capability=21 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address fsck sys_admin denial
avc: denied { sys_admin } for comm="e2fsck" capability=21 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0

sdm660-common: sepolicy: address toolbox sys_admin, kill denial
avc: denied { sys_admin } for comm="mkswap" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0
avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address ueventd kill and sys_admin denials
avc:  denied  { sys_admin } for  pid=460 comm="ueventd" capability=21  scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0
avc: denied { kill } for comm="ueventd" capability=5 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address irsc_util sys_admin denial
avc: denied { sys_admin } for comm="irsc_util" capability=21 scontext=u:r:irsc_util:s0 tcontext=u:r:irsc_util:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address rfs_access sys_admin denial
avc: denied { sys_admin } for comm="tftp_server" capability=21 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address rmt_storage sys_admin denial
avc: denied { sys_admin } for comm="rmt_storage" capability=21 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_pd_mapper sys_admin denial

sdm660-common: sepolicy: Address vendor_modprobe sys_admin denial
avc: denied { sys_admin } for comm="modprobe" capability=21 scontext=u:r:vendor_modprobe:s0 tcontext=u:r:vendor_modprobe:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address adbd sys_admin denial
avc: denied { sys_admin } for comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_dpmd sys_admin denial
avc: denied { sys_admin } for comm="dpmd" capability=21 scontext=u:r:vendor_dpmd:s0 tcontext=u:r:vendor_dpmd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address thermal-engine sys_admin denial
avc: denied { sys_admin } for comm="thermal-engine" capability=21 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address usbd sys_admin denial
avc: denied { sys_admin } for comm="usbd" capability=21 scontext=u:r:usbd:s0 tcontext=u:r:usbd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_msm_irqbalanced sys_admin denial
avc: denied { sys_admin } for comm="msm_irqbalance" capability=21 scontext=u:r:vendor_msm_irqbalanced:s0 tcontext=u:r:vendor_msm_irqbalanced:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hal_wifi_supplicant_default sys_admin denial
avc: denied { sys_admin } for comm="wpa_supplicant" capability=21 scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:hal_wifi_supplicant_default:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address boringssl_self_test sys_admin denial
avc:  denied  { sys_admin } for  pid=460 comm="boringssl_self_" capability=21  scontext=u:r:boringssl_self_test:s0 tcontext=u:r:boringssl_self_test:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address vendor_boringssl_self_test sys_admin denial
avc:  denied  { sys_admin } for  pid=462 comm="boringssl_self_" capability=21  scontext=u:r:vendor_boringssl_self_test:s0 tcontext=u:r:vendor_boringssl_self_test:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address linkerconfig sys_admin denial
avc:  denied  { sys_admin } for  pid=459 comm="linkerconfig" capability=21  scontext=u:r:linkerconfig:s0 tcontext=u:r:linkerconfig:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address fsverity_init sys_admin denial
avc: denied { sys_admin } for comm="fsverity_init" capability=21 scontext=u:r:fsverity_init:s0 tcontext=u:r:fsverity_init:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address migrate_legacy_obb_data sys_admin denial
avc: denied { sys_admin } for comm="migrate_legacy_" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="mkdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="touch" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="rmdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0
avc: denied { sys_admin } for comm="log" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address hvdcp sys_admin denial
avc: denied { sys_admin } for comm="hvdcp_opti" capability=21 scontext=u:r:hvdcp:s0 tcontext=u:r:hvdcp:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address netmgrd sys_admin denial
avc: denied { sys_admin } for comm="netmgrd" capability=21 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability permissive=0

sdm660-common: sepolicy: Address adbroot sys_admin denial
avc: denied { sys_admin } for comm="adb_root" capability=21 scontext=u:r:adbroot:s0 tcontext=u:r:adbroot:s0 tclass=capability permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
 2021-11-13 11:31:51 +01:00
ghostrider-reborn
79c64bc007 sdm660-common: Introduce kernelspace battery saver 
* Needs Kernel side support
 * This activates kernelspace battery saver via powerhal whenever
   battery saver is enabled in userspace, thereby lowering power
   consumption at kernel-level by disabling boosts and such

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Change-Id: I2623503db27d7518de519bcaa3f5af6ab83879d0
 2021-11-13 11:31:49 +01:00
OdSazib
478a2b33b6
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) 
- Thanks to LineageOS and our sdm660 community

Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c
 2021-05-18 05:03:51 +06:00
Subhajeet Muhuri
7c3beb85c9
sdm660-common: power-libperfmgr: Switch to AIDL Power HAL 
hardware/google/pixel/power-libperfmgr from android-11.0.0_r25

SQUASHED:
Revert all HIDL interface and nuke previous changes
Import Pixel libperfmgr AIDL Power HAL
Adapt and rebrand for xiaomi_sdm660
Remove Google-specific display LPM control
Remove Google-specific camera and audio hints
Remove VR hints handling
Remove audio hints handling
Remove dumpstate support
Initialize powerHAL when boot is completed
Add support for tap-to-wake feature control
Add sepolicy rules for power-libperfmgr
Enable power-libperfmgr

Signed-off-by: Subhajeet Muhuri <subhajeet.muhuri@aosip.dev>
 2021-03-10 12:37:27 +06:00
Subhajeet Muhuri
7d8fc30985
sdm660-common: Kang more pixel power HAL sepolicy 
* Kanged from mata (with all available nodes on msm4.4)
 2021-02-20 11:55:25 +06:00
Subhajeet Muhuri
06dfda6946
sdm660-common: Add sepolicy rules for power-libperfmgr 
Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-22 20:57:05 +06:00
OdSazib
9a192b7de0
sdm660-common: sepolicy: Update sepolicy and cleanup 
* Address some denials from android 11
* Fix video recording
* Sort in alphabetic order

Signed-off-by: OdSazib <odsazib@gmail.com>
 2020-12-21 09:16:25 +06:00
Max Weffers
a502a3904b
sdm660: sepolicy: Adjust sepolicy for new tap to wake nodes 2020-08-12 02:02:40 +06:00
dianlujitao
684521256a
sdm660-common: sepolicy: Label new TP node 
Change-Id: Id55db9b6614320650c8c61e698f71ddc9f04d086
 2020-08-12 02:02:38 +06:00
Max Weffers
eb97b49f0c
sdm660-common: Address SELiunx denials and clean up 
Change-Id: I997a268c9ce23eab80f1981293720e17d21bbb7a
 2020-08-12 02:02:38 +06:00
dianlujitao
6df111fbc1
sdm660-common: sepolicy: Adjust for lavender dt2w node 
Signed-off-by: Sebita <kjjjnob.seba@gmail.com>
Change-Id: If08946adbf5c2fa619178b3f15ae0635bacdf8a8
 2020-03-10 09:41:52 +01:00
Michael Bestas
559890d4f6
sdm660-common: sepolicy: Remove deprecated power HAL stats policies 2019-12-07 18:49:55 +01:00
Max Weffers
5bf9fe7f2c
sdm660-common: sepolicy: Grant power hal permission for dt2w 2019-08-15 15:31:17 +02:00
Dan Cashman
b1f434c446
wayne-common: Add BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIR 
Move vendor policy to vendor and add a place for system extensions.
Also add such an extension: a labeling of the qti.ims.ext service.

Bug: 38151691
Bug: 62041272
Test: Policy binary identical before and after, except plat_service_contexts
has new service added.
Change-Id: Ie4e8527649787dcf2391b326daa80cf1c9bd9d2f

Change-Id: I1493c4c8876c4446a1de46b39942098bf49c79f8
 2019-08-14 10:04:10 +02:00
Renamed from sepolicy/hal_power_default.te (Browse further)