24fedfac2a
msm8974-common: sepolicy
2023-01-08 14:20:24 +01:00
Vladimir Oltean
1a7d87aba7
msm8974-common: sepolicy: allow uevent to control sysfs_mmc_host via vold
...
Change-Id: Iafea09efae38fb82f4019c6d3b3b4bb756cdca0b
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
2020-12-30 09:19:01 -07:00
Kevin F. Haggerty
a586ba7d50
msm8974-common: sepolicy: Quiet vold finding the bootctl hwservice
...
* We don't have this
Change-Id: I879f9b30e94c153dfec30ef369ae0ca31e3ab3d7
2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
7bfaa1d75f
msm8974-common: sepolicy: Allow ioctls necessary for physical sdcard operations
...
* Note: 0x1271 is note defined in system/sepolicy/public/ioctl_defines
avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=19222 ioctlcmd=125e scontext=u:r:vold:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=20176 ioctlcmd=1271 scontext=u:r:vold:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=27110 ioctlcmd=125e scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=27110 ioctlcmd=1271 scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
Change-Id: I7bf2346b9517196160e4dde51baa550fb343bfdf
2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
afa0af84d6
msm8974-common: sepolicy: Clean up
...
* Group policy statements better
* Nuke unneeded allows
Change-Id: Ibc1fd4debe8c95005a6dd54e1428d6365248bd80
2018-12-26 22:06:35 +01:00
Kevin F. Haggerty
d766a7e028
msm8974-common: sepolicy: Resolve misc denials
...
avc: denied { chown } for capability=0 scontext=u:r:thermal-engine:s0
tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0
avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider
pid=1315 scontext=u:r:mediaserver:s0 tcontext=u:object_r:hal_camera_hwservice:s0
tclass=hwservice_manager permissive=0
avc: denied { getattr } for pid=1940 comm="mount.ntfs"
path="/dev/block/mmcblk0p23" dev="tmpfs" ino=6957 scontext=u:r:vold:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0
avc: denied { read write } for pid=1370 comm="mm-qcamera-daem" name="rear_corever"
dev="sysfs" ino=24696 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0
avc: denied { search } for pid=561 comm="mm-qcamera-daem" name="camera"
dev="sysfs" ino=24680 scontext=u:r:mm-qcamerad:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=1950 comm="mount.ntfs"
path="/dev/block/mmcblk0p24" dev="tmpfs" ino=8134 scontext=u:r:vold:s0
tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0
avc: denied { getattr } for pid=1926 comm="fsck.ntfs" path="/dev/block"
dev="tmpfs" ino=6956 scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=1948 comm="mount.ntfs"
path="/dev/block/mmcblk0p12" dev="tmpfs" ino=8090 scontext=u:r:vold:s0
tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=0
avc: denied { read } for pid=339 comm="mediaserver" name="rear_camfw_load"
dev="sysfs" ino=24694 scontext=u:r:mediaserver:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file permissive=0
Change-Id: Ieb941d135d9f245f4a2bb9abb78e1b84bbef4b38
2018-03-31 09:25:48 -06:00
Kevin F. Haggerty
68b75f9105
msm8974-common: sepolicy: Import common sepolicy from klte-common
...
* The bulk of the device family policy was common and applicable
to all Samsung msm8974-devices. Move that common stuff here to
ease maintenance.
Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8
2018-02-03 15:07:03 -07:00
