Arne Coucheron
07931872be
msm8974-common: sepolicy: Resolve last_kmsg denials
...
Change-Id: Ib6a00d0c14eb03f1e16b24471736a0b84371152c
2020-12-30 07:58:37 -07:00
Kevin F. Haggerty
f3cd79f3ae
msm8974-common: sepolicy: Resurrect alarm_device
...
* Both our ril_daemon, via libsec-ril*.so, and our time_daemon
need access to this device node
Change-Id: Ib787f45596bb6aa606bab102a5bd1cb93eb645a4
2020-05-26 15:09:19 -06:00
Kevin F. Haggerty
9aa32ce3c9
msm8974-common: sepolicy: Adapt to global sepolicy merges
...
* Several items merged globally caused duplicate definition of paths
that were previously labeled here.
This reverts commit 27afbf1dc6
.
This reverts commit 7fb5a8c6cb
.
This partially reverts commit bb196ad94b
.
This partially reverts commit c39a735ab5
.
Change-Id: I901e5aa78058e1a465f110cde31fb7d76eaf3d51
2019-01-21 16:59:40 -07:00
Kevin F. Haggerty
afa0af84d6
msm8974-common: sepolicy: Clean up
...
* Group policy statements better
* Nuke unneeded allows
Change-Id: Ibc1fd4debe8c95005a6dd54e1428d6365248bd80
2018-12-26 22:06:35 +01:00
Kevin F. Haggerty
7fb5a8c6cb
msm8974-common: sepolicy: Label sysfs_usb_storage_gadget, resolve denials
...
* avc: denied { setattr } for name="file" dev="sysfs" ino=23591
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_storage_gadget:s0
tclass=file permissive=1
Change-Id: Ia96e3634cbe1a85bb7da3f24ecfa3fbaaa55baad
2018-11-30 14:14:59 -07:00
Kevin F. Haggerty
58cf5da15e
msm8974-common: sepolicy: Label sysfs_usb_otg, resolve denials
...
* avc: denied { setattr } for name="booster" dev="sysfs" ino=23129
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_otg:s0
tclass=file permissive=1
Change-Id: Iffb33bd7647026107473fb63e82d942ad027f9f9
2018-11-30 14:10:55 -07:00
Kevin F. Haggerty
071111d64d
msm8974-common: sepolicy: Label sysfs_sec_* types, resolve denials
...
* Rename sysfs_sec type to sysfs_sec_key
* Add additional sysfs_sec_* types as appropriate
* avc: denied { read } for name="temp_adc" dev="sysfs" ino=10538
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { open } for name="temp_adc" dev="sysfs" ino=10538
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { write } for name="ir_send" dev="sysfs" ino=21339
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_ir:s0
tclass=file permissive=1
* avc: denied { write } for name="led_blink" dev="sysfs" ino=25722
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_led:s0
tclass=file permissive=1
* avc: denied { write } for name="brightness" dev="sysfs" ino=23467
scontext=u:r:system_server:s0
tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=1
* avc: denied { setattr } for name="ir_send" dev="sysfs" ino=21339
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file
permissive=1
* avc: denied { setattr } for name="hall_irq_ctrl" dev="sysfs"
ino=29565 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
tclass=file permissive=1
* avc: denied { setattr } for name="epen_firm_update" dev="sysfs"
ino=23585 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_epen:s0
tclass=file permissive=1
* avc: denied { setattr } for name="cmd" dev="sysfs" ino=23756
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
tclass=file permissive=1
* avc: denied { write } for name="wakeup_keys" dev="sysfs" ino=29568
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
tclass=file permissive=1
* avc: denied { open } for name="wakeup_keys" dev="sysfs" ino=29568
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
tclass=file permissive=1
* avc: denied { read } for name="input" dev="sysfs" ino=24012
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
tclass=lnk_file permissive=0
* avc: denied { setattr } for name="waketime" dev="sysfs" ino=29035
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_bamdmux:s0
tclass=file permissive=0
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25719
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_led:s0
tclass=file permissive=0
* avc: denied { setattr } for name="usb_sel" dev="sysfs" ino=28162
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_switch:s0
tclass=file permissive=0
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=23468
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0
tclass=file permissive=0
* avc: denied { setattr } for name="temperature" dev="sysfs"
ino=10538 scontext=u:r:init:s0
tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file
permissive=0
* avc: denied { setattr } for name="barcode_send" dev="sysfs"
ino=19231 scontext=u:r:init:s0
tcontext=u:object_r:sysfs_sec_barcode_emul:s0 tclass=file
permissive=0
Change-Id: I66b6d2aab875a2706f2730be9755e8d9805ffb6e
2018-11-27 08:12:28 -07:00
Kevin F. Haggerty
1357777a0f
msm8974-common: sepolicy: Label sysfs_input, resolve denials
...
* avc: denied { read write } for name="poll_delay" dev="sysfs"
ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0
tclass=file permissive=1
* avc: denied { open } for name="poll_delay" dev="sysfs" ino=27687
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file
permissive=1
* avc: denied { search } for name="input" dev="sysfs" ino=13030
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="input6" dev="sysfs" ino=26725
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="device" dev="sysfs" ino=26717
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_input:s0 tclass=lnk_file permissive=0
* avc: denied { read write } for name="poll_delay" dev="sysfs"
ino=26946 scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=0
Change-Id: Id46a02a44e773b99ff61f9a8ff18394c74c80f90
2018-11-27 06:41:19 -07:00
Kevin F. Haggerty
8d6d6a1f00
msm8974-common: sepolicy: Label sysfs_iio, resolve denials
...
* avc: denied { read } for name="devices" dev="sysfs" ino=7783
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { open } for name="devices" dev="sysfs" ino=7783
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { write } for name="length" dev="sysfs" ino=26482
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="sysfs" ino=26489
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
tclass=lnk_file permissive=0
* avc: denied { read } for name="iio:device0" dev="sysfs" ino=26350
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0
tclass=lnk_file permissive=1
* avc: denied { setattr } for name="length" dev="sysfs" ino=26343
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file
permissive=1
Change-Id: If9b3e9efe4f7c6eec3faf973e0b7aebd96d76ef3
2018-11-27 06:40:47 -07:00
Kevin F. Haggerty
d766a7e028
msm8974-common: sepolicy: Resolve misc denials
...
avc: denied { chown } for capability=0 scontext=u:r:thermal-engine:s0
tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0
avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider
pid=1315 scontext=u:r:mediaserver:s0 tcontext=u:object_r:hal_camera_hwservice:s0
tclass=hwservice_manager permissive=0
avc: denied { getattr } for pid=1940 comm="mount.ntfs"
path="/dev/block/mmcblk0p23" dev="tmpfs" ino=6957 scontext=u:r:vold:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0
avc: denied { read write } for pid=1370 comm="mm-qcamera-daem" name="rear_corever"
dev="sysfs" ino=24696 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0
avc: denied { search } for pid=561 comm="mm-qcamera-daem" name="camera"
dev="sysfs" ino=24680 scontext=u:r:mm-qcamerad:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=1950 comm="mount.ntfs"
path="/dev/block/mmcblk0p24" dev="tmpfs" ino=8134 scontext=u:r:vold:s0
tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0
avc: denied { getattr } for pid=1926 comm="fsck.ntfs" path="/dev/block"
dev="tmpfs" ino=6956 scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=1948 comm="mount.ntfs"
path="/dev/block/mmcblk0p12" dev="tmpfs" ino=8090 scontext=u:r:vold:s0
tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=0
avc: denied { read } for pid=339 comm="mediaserver" name="rear_camfw_load"
dev="sysfs" ino=24694 scontext=u:r:mediaserver:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file permissive=0
Change-Id: Ieb941d135d9f245f4a2bb9abb78e1b84bbef4b38
2018-03-31 09:25:48 -06:00
Kevin F. Haggerty
778c310204
msm8974-common: sepolicy: Add policy statements for power HAL
...
Change-Id: I5fbf737a2dddf4e70a1a51e23b2e06a153a6f769
2018-02-28 07:17:50 -07:00
Paul Keith
a6a77f987c
msm8974-common: Wire up mDNIe features
...
Change-Id: Ib5d2825bb50c90b6743157bd624e7156c6d5ad01
2018-02-22 23:27:10 +01:00
Kevin F. Haggerty
68b75f9105
msm8974-common: sepolicy: Import common sepolicy from klte-common
...
* The bulk of the device family policy was common and applicable
to all Samsung msm8974-devices. Move that common stuff here to
ease maintenance.
Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8
2018-02-03 15:07:03 -07:00