Commit Graph

13 Commits

Author SHA1 Message Date
Arne Coucheron
07931872be
msm8974-common: sepolicy: Resolve last_kmsg denials
Change-Id: Ib6a00d0c14eb03f1e16b24471736a0b84371152c
2020-12-30 07:58:37 -07:00
Kevin F. Haggerty
f3cd79f3ae
msm8974-common: sepolicy: Resurrect alarm_device
* Both our ril_daemon, via libsec-ril*.so, and our time_daemon
  need access to this device node

Change-Id: Ib787f45596bb6aa606bab102a5bd1cb93eb645a4
2020-05-26 15:09:19 -06:00
Kevin F. Haggerty
9aa32ce3c9
msm8974-common: sepolicy: Adapt to global sepolicy merges
* Several items merged globally caused duplicate definition of paths
  that were previously labeled here.

This reverts commit 27afbf1dc6.
This reverts commit 7fb5a8c6cb.
This partially reverts commit bb196ad94b.
This partially reverts commit c39a735ab5.

Change-Id: I901e5aa78058e1a465f110cde31fb7d76eaf3d51
2019-01-21 16:59:40 -07:00
Kevin F. Haggerty
afa0af84d6 msm8974-common: sepolicy: Clean up
* Group policy statements better
* Nuke unneeded allows

Change-Id: Ibc1fd4debe8c95005a6dd54e1428d6365248bd80
2018-12-26 22:06:35 +01:00
Kevin F. Haggerty
7fb5a8c6cb
msm8974-common: sepolicy: Label sysfs_usb_storage_gadget, resolve denials
* avc: denied { setattr } for name="file" dev="sysfs" ino=23591
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_storage_gadget:s0
  tclass=file permissive=1

Change-Id: Ia96e3634cbe1a85bb7da3f24ecfa3fbaaa55baad
2018-11-30 14:14:59 -07:00
Kevin F. Haggerty
58cf5da15e
msm8974-common: sepolicy: Label sysfs_usb_otg, resolve denials
* avc: denied { setattr } for name="booster" dev="sysfs" ino=23129
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_otg:s0
  tclass=file permissive=1

Change-Id: Iffb33bd7647026107473fb63e82d942ad027f9f9
2018-11-30 14:10:55 -07:00
Kevin F. Haggerty
071111d64d
msm8974-common: sepolicy: Label sysfs_sec_* types, resolve denials
* Rename sysfs_sec type to sysfs_sec_key
* Add additional sysfs_sec_* types as appropriate

* avc: denied { read } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { open } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { write } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_ir:s0
  tclass=file permissive=1
* avc: denied { write } for name="led_blink" dev="sysfs" ino=25722
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=1
* avc: denied { write } for name="brightness" dev="sysfs" ino=23467
  scontext=u:r:system_server:s0
  tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=1
* avc: denied { setattr } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="hall_irq_ctrl" dev="sysfs"
  ino=29565 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="epen_firm_update" dev="sysfs"
  ino=23585 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_epen:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="cmd" dev="sysfs" ino=23756
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=file permissive=1
* avc: denied { write } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { open } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { read } for name="input" dev="sysfs" ino=24012
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=lnk_file permissive=0
* avc: denied { setattr } for name="waketime" dev="sysfs" ino=29035
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_bamdmux:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25719
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="usb_sel" dev="sysfs" ino=28162
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_switch:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=23468
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="temperature" dev="sysfs"
  ino=10538 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file
  permissive=0
* avc: denied { setattr } for name="barcode_send" dev="sysfs"
  ino=19231 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_barcode_emul:s0 tclass=file
  permissive=0

Change-Id: I66b6d2aab875a2706f2730be9755e8d9805ffb6e
2018-11-27 08:12:28 -07:00
Kevin F. Haggerty
1357777a0f
msm8974-common: sepolicy: Label sysfs_input, resolve denials
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0
  tclass=file permissive=1
* avc: denied { open } for name="poll_delay" dev="sysfs" ino=27687
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file
  permissive=1
* avc: denied { search } for name="input" dev="sysfs" ino=13030
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="input6" dev="sysfs" ino=26725
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="device" dev="sysfs" ino=26717
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=lnk_file permissive=0
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=26946 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=0

Change-Id: Id46a02a44e773b99ff61f9a8ff18394c74c80f90
2018-11-27 06:41:19 -07:00
Kevin F. Haggerty
8d6d6a1f00
msm8974-common: sepolicy: Label sysfs_iio, resolve denials
* avc: denied { read } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { open } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { write } for name="length" dev="sysfs" ino=26482
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="sysfs" ino=26489
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=0
* avc: denied { read } for name="iio:device0" dev="sysfs" ino=26350
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="length" dev="sysfs" ino=26343
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file
  permissive=1

Change-Id: If9b3e9efe4f7c6eec3faf973e0b7aebd96d76ef3
2018-11-27 06:40:47 -07:00
Kevin F. Haggerty
d766a7e028 msm8974-common: sepolicy: Resolve misc denials
avc: denied { chown } for capability=0 scontext=u:r:thermal-engine:s0
tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0

avc: denied  { find } for interface=android.hardware.camera.provider::ICameraProvider
pid=1315 scontext=u:r:mediaserver:s0 tcontext=u:object_r:hal_camera_hwservice:s0
tclass=hwservice_manager permissive=0

avc: denied { getattr } for pid=1940 comm="mount.ntfs"
path="/dev/block/mmcblk0p23" dev="tmpfs" ino=6957 scontext=u:r:vold:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0

avc: denied { read write } for pid=1370 comm="mm-qcamera-daem" name="rear_corever"
dev="sysfs" ino=24696 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0

avc: denied { search } for pid=561 comm="mm-qcamera-daem" name="camera"
dev="sysfs" ino=24680 scontext=u:r:mm-qcamerad:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=dir permissive=0

avc: denied { getattr } for pid=1950 comm="mount.ntfs"
path="/dev/block/mmcblk0p24" dev="tmpfs" ino=8134 scontext=u:r:vold:s0
tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0

avc: denied { getattr } for pid=1926 comm="fsck.ntfs" path="/dev/block"
dev="tmpfs" ino=6956 scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=0

avc: denied { getattr } for pid=1948 comm="mount.ntfs"
path="/dev/block/mmcblk0p12" dev="tmpfs" ino=8090 scontext=u:r:vold:s0
tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=0

avc: denied { read } for pid=339 comm="mediaserver" name="rear_camfw_load"
dev="sysfs" ino=24694 scontext=u:r:mediaserver:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file permissive=0

Change-Id: Ieb941d135d9f245f4a2bb9abb78e1b84bbef4b38
2018-03-31 09:25:48 -06:00
Kevin F. Haggerty
778c310204 msm8974-common: sepolicy: Add policy statements for power HAL
Change-Id: I5fbf737a2dddf4e70a1a51e23b2e06a153a6f769
2018-02-28 07:17:50 -07:00
Paul Keith
a6a77f987c msm8974-common: Wire up mDNIe features
Change-Id: Ib5d2825bb50c90b6743157bd624e7156c6d5ad01
2018-02-22 23:27:10 +01:00
Kevin F. Haggerty
68b75f9105 msm8974-common: sepolicy: Import common sepolicy from klte-common
* The bulk of the device family policy was common and applicable
  to all Samsung msm8974-devices. Move that common stuff here to
  ease maintenance.

Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8
2018-02-03 15:07:03 -07:00