lineage/android_device_samsung_msm8974-common
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
343 Commits 3 Branches 0 Tags 3.2 MiB
5404fa9536
Commit Graph

66 Commits

Author SHA1 Message Date
Kevin F. Haggerty
5404fa9536
msm8974-common: sepolicy: Quiet system_app attempts to find disallowed services 
Change-Id: I6a17bef88c3b9fe9f075dc0ef3de5e203f5d9ce3
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
d6e781307f
msm8974-common: sepolicy: Quiet priv_app opening sysfs_android_usb files 
* Reading these is disallowed globally, no need to see logspam of
  open attempts

Change-Id: I4c0094097d39456c65720cbdfb949d14439ce5f4
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
3377f79b53
msm8974-common: sepolicy: Allow system_app to access zram sysfs nodes 
avc: denied { search } for name="zram0" dev="sysfs" ino=20744
scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir
permissive=0

avc: denied { open } for name="mem_used_total" dev="sysfs" ino=20804
scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file
permissive=0

avc: denied { read } for name="mem_used_total" dev="sysfs" ino=20804
scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file
permissive=0

Change-Id: Ide9b1a9488b26fa69e7a2c8e73a8e657c8b28beb
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
a586ba7d50
msm8974-common: sepolicy: Quiet vold finding the bootctl hwservice 
* We don't have this

Change-Id: I879f9b30e94c153dfec30ef369ae0ca31e3ab3d7
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
135f55810f
msm8974-common: sepolicy: Quiet zygote reading cmdline 
Change-Id: I3fad2a7a3a7e2200453fd40ef325a9f98bce5506
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
39c71a0276
msm8974-common: sepolicy: Allow platform_app to getattr radio_data_file 
avc: denied { getattr } for path="/data/user_de/0/com.android.phone"
dev="dm-0" ino=1545357 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:radio_data_file:s0 tclass=dir permissive=0
app=com.android.systemui

Change-Id: I74744dde2a3af01a4f30e0898889cad13f95d563
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
98dd537e3c
msm8974-common: sepolicy: Allow the BT HAL to read /efs 
avc: denied { search } for name="/" dev="mmcblk0p11" ino=2
scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:efs_file:s0
tclass=dir permissive=0

Change-Id: I1a8abfb3d02c5cb3c63c93ff20a2974ff70ecb87
 2020-09-06 04:12:09 -06:00
Arne Coucheron
8462d2ec5b
msm8974-common: sepolicy: Allow ueventd to set sys_nice capability 
avc: denied { sys_nice } for capability=23 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0

Change-Id: Icfa56283a9b4c67456bd4e714aa3922fece59436
 2020-09-06 04:12:09 -06:00
Arne Coucheron
66dcc79709
msm8974-common: sepolicy: Allow gpuservice to read opengles_prop 
avc: denied { read } for name="u:object_r:opengles_prop:s0" dev="tmpfs" ino=6353 scontext=u:r:gpuservice:s0 tcontext=u:object_r:opengles_prop:s0 tclass=file permissive=0

Change-Id: I455c5d681e301451ad11210e91d0a71b4b80239a
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
065046fd6d
msm8974-common: sepolicy: Allow fsck_untrusted appropriate access to sysfs_dm 
avc: denied { search } for name="dm-0" dev="sysfs" ino=33209
scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:sysfs_dm:s0
tclass=dir permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=33374
scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:sysfs_dm:s0
tclass=file permissive=0

Change-Id: I38d74974d23f94ddac4c45f1d5470288d4ee8a6f
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
7bfaa1d75f
msm8974-common: sepolicy: Allow ioctls necessary for physical sdcard operations 
* Note: 0x1271 is note defined in system/sepolicy/public/ioctl_defines

avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=19222 ioctlcmd=125e scontext=u:r:vold:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=20176 ioctlcmd=1271 scontext=u:r:vold:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=27110 ioctlcmd=125e scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=27110 ioctlcmd=1271 scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

Change-Id: I7bf2346b9517196160e4dde51baa550fb343bfdf
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
61d3a4eafa
msm8974-common: sepolicy: Allow untrusted fsck to getattr block_device dirs 
avc: denied { getattr } for path="/dev/block" dev="tmpfs" ino=6914
scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:block_device:s0
tclass=dir permissive=0

Change-Id: I03c1086a21edba4e193f81b473e6785aac890364
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
631007d58c
msm8974-common: sepolicy: Update for move of init.{qcom,target}.rc to /vendor 
Change-Id: Ic0042ed52e7aeb3faba856411fd0a1b298446125
 2020-09-06 04:12:09 -06:00
Bruno Martins
eac9496d05
msm8974-common: Binderize them all 
* Switch to binderized HAL services as possible and update
   HIDL manifest accordingly.

Change-Id: Id50291488d655187aa013c51bdd6890dca010564
 2020-05-29 12:14:16 -06:00
Elektroschmock
e9a18e2d9e
msm8974-common: sepolicy: label /dev/stune(/.*) as cgroup 
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:gsid:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1

Change-Id: Idc69978328640ff40ad5efe2f0abd79304e75893
 2020-05-29 12:14:16 -06:00
Kevin F. Haggerty
f3cd79f3ae
msm8974-common: sepolicy: Resurrect alarm_device 
* Both our ril_daemon, via libsec-ril*.so, and our time_daemon
  need access to this device node

Change-Id: Ib787f45596bb6aa606bab102a5bd1cb93eb645a4
 2020-05-26 15:09:19 -06:00
Kevin F. Haggerty
8b07abf736
msm8974-common: sepolicy: Put fastbootd.te in correct place 
Change-Id: I7e65f7835e1ee37aee90aa84dfc431fc0d434231
 2020-05-15 10:43:56 -06:00
Alessandro Astone
53fd5b0828 msm8974-common: Build and enable fastbootd 
Change-Id: I0b20600fe7203a7aec19cbea8f6849052585c6ab
 2020-04-27 18:49:42 -04:00
Kevin F. Haggerty
64ed0d4ffc
msm8974-common: sepolicy: Resolve hal_lineage_touch_default denials 
* avc: denied { search } for name="sec_epen" dev="sysfs" ino=23534
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=dir permissive=1
* avc: denied { search } for name="sec_touchkey" dev="sysfs" ino=23413
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=dir permissive=1

* avc: denied { read } for name="epen_gestures" dev="sysfs" ino=23559
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1
* avc: denied { open } for name="epen_gestures" dev="sysfs" ino=23559
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1
* avc: denied { read write } for name="epen_gestures" dev="sysfs"
  ino=23559 scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1

Change-Id: Ie62004f9ca8e93cb8e1dfe45fcff0a9e74f3c44d
 2020-04-25 14:27:00 -06:00
Kevin F. Haggerty
5eb54f4a81
msm8974-common: sepolicy: Label rootfs tombstones symlink 
Change-Id: Ic9960d487b37521c8c1d730bb4f3bb69ed8b53e2
 2020-04-24 16:20:42 -06:00
Kevin F. Haggerty
0cfb50a823
msm8974-common: sepolicy: Label .psm.info file 
Change-Id: Id2e6cf9706262bac877deca0d692d81ef637b0fb
 2020-04-24 16:20:42 -06:00
Kevin F. Haggerty
b46d020e98
msm8974-common: Build the Samsung hwbinder light service 
Change-Id: I33c259766914a5a714b05b59735ee2a8d70b0a5c
 2020-04-24 15:44:37 -06:00
Kevin F. Haggerty
d68795bd7f
msm8974-common: sepolicy: Label /firmware-modem mountpoint 
Change-Id: I08720daf701235f9209b7e6fd66d6432a5684ec2
 2020-04-24 14:22:24 -06:00
Paul Keith
50045fa46e msm8974-common: Transition to consumerir HIDL hal 
Change-Id: I85950a46eebec0e9a4b34681b2042467231b33b3
 2020-01-31 15:08:24 +01:00
LuK1337
756a4e4063
msm8974-common: hal_lineage_livedisplay_default -> hal_lineage_livedisplay_sysfs 
Change-Id: If8954290c41913b7453a1cba4d67f7a63d08d2dd
 2019-06-16 09:01:58 -06:00
Kevin F. Haggerty
66b282da2e
msm8974-common: Build Samsung LiveDisplay service 
Change-Id: I74d38aa0df3179bb00b942135e8ff055aa8a5658
 2019-05-07 07:20:49 -06:00
Paul Keith
c036f18fe2
msm8974-common: Build vendor.lineage.touch HAL from hardware/samsung 
Change-Id: I6eca1e9875cb5793a3a45c6e77bc201946ebd897
 2019-04-10 06:45:59 -06:00
Kevin F. Haggerty
4b086d485b
Revert "msm8974-common: sepolicy: Label sysfs_net, resolve denials" 
This reverts commit 97ff0e6d32.

Change-Id: Ib609a1a9987598be26e2fe32cc77ea9f57c9c63d
 2019-02-19 07:42:09 -07:00
Kevin F. Haggerty
9aa32ce3c9
msm8974-common: sepolicy: Adapt to global sepolicy merges 
* Several items merged globally caused duplicate definition of paths
  that were previously labeled here.

This reverts commit 27afbf1dc6.
This reverts commit 7fb5a8c6cb.
This partially reverts commit bb196ad94b.
This partially reverts commit c39a735ab5.

Change-Id: I901e5aa78058e1a465f110cde31fb7d76eaf3d51
 2019-01-21 16:59:40 -07:00
Kevin F. Haggerty
f823b51508
msm8974-common: sepolicy: Eliminate qemu_hw_mainkeys_prop entries 
* Specific definition of this is dropped from qcom/sepolicy-legacy

Change-Id: I429abf7dddd2de4443349366b932149f30b87206
 2018-12-31 15:21:52 -07:00
Kevin F. Haggerty
afa0af84d6 msm8974-common: sepolicy: Clean up 
* Group policy statements better
* Nuke unneeded allows

Change-Id: Ibc1fd4debe8c95005a6dd54e1428d6365248bd80
 2018-12-26 22:06:35 +01:00
Kevin F. Haggerty
7e3f9a566d
msm8974-common: sepolicy: Resolve init denials 
* avc: denied { write } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file permissive=1
* avc: denied { open } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="firmware_path" dev="sysfs"
  ino=6423 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_wifi_writeable:s0 tclass=file
  permissive=1
* avc: denied { write } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { open } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { write } for name="enabled" dev="sysfs" ino=29716
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_thermal:s0
  tclass=file permissive=1
* avc: denied { write } for name="online" dev="sysfs" ino=5871
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0
  tclass=file permissive=1
* avc: denied { write } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { open } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="min_pwrlevel" dev="sysfs"
  ino=19546 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_kgsl:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="enabled" dev="sysfs" ino=23417
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_hal_pwr:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="rear_camfw" dev="sysfs" ino=24404
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_camera:s0
  tclass=file permissive=1
* avc: denied { check_context } for scontext=u:r:init:s0
  tcontext=u:object_r:kernel:s0 tclass=security permissive=0

Change-Id: Id7f78abedea2209f84527b1b83259574d06a0900
 2018-11-30 14:29:49 -07:00
Kevin F. Haggerty
7fb5a8c6cb
msm8974-common: sepolicy: Label sysfs_usb_storage_gadget, resolve denials 
* avc: denied { setattr } for name="file" dev="sysfs" ino=23591
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_storage_gadget:s0
  tclass=file permissive=1

Change-Id: Ia96e3634cbe1a85bb7da3f24ecfa3fbaaa55baad
 2018-11-30 14:14:59 -07:00
Kevin F. Haggerty
58cf5da15e
msm8974-common: sepolicy: Label sysfs_usb_otg, resolve denials 
* avc: denied { setattr } for name="booster" dev="sysfs" ino=23129
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_otg:s0
  tclass=file permissive=1

Change-Id: Iffb33bd7647026107473fb63e82d942ad027f9f9
 2018-11-30 14:10:55 -07:00
Kevin F. Haggerty
a0c32871a9
msm8974-common: sepolicy: Broaden sysfs_bluetooth_writable, resolve denials 
Change-Id: Iff3645e36ece2126f3697bb0389394415be16529
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
5c15bb5833
msm8974-common: sepolicy: Label sysfs_msmuart_file, resolve denials 
* avc: denied { setattr } for name="clock" dev="sysfs" ino=18914
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msmuart_file:s0
  tclass=file permissive=1

Change-Id: Iaf5fe6791344dcf419242599eb6c9272c61cd707
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
5d817ed103
msm8974-common: sepolicy: Label sysfs_mmc_host, resolve denials 
* avc: denied { write } for name="control" dev="sysfs" ino=25383
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=1
* avc: denied { open } for name="control" dev="sysfs" ino=25383
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=1

Change-Id: I876d025db9cf1fe67faeccca830ffd53dbf92904
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
6189adadd4
msm8974-common: sepolicy: Label sysfs_socinfo, resolve denials 
* avc: denied { setattr } for name="soc_iddq" dev="sysfs" ino=5543
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_socinfo:s0 tclass=file
  permissive=0

Change-Id: Ife248a9cccea19b09b931525606cf4c34344fd9f
 2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
b98cef71f1
msm8974-common: sepolicy: Label additional sysfs_io_sched_tuneable node 
Change-Id: I2b416123c7d925443df20f518cb2a0bd02935229
 2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
dbcc41c888
msm8974-common: sepolicy: Resolve additional sensors HAL denials 
* avc: denied { search } for name="sec-thermistor" dev="sysfs"
  ino=5485 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=dir permissive=0

Change-Id: I4d77e87b2662bca081cc5b934161347fed6a157d
 2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
1f52307ccb
msm8974-common: sepolicy: Label sysfs_sensors, resolve denials 
* avc: denied { read } for name="ssp_sensor" dev="sysfs" ino=27809
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="temperature" dev="sysfs" ino=10861
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
  tclass=file permissive=0

Change-Id: I2e4a436704ed019af153da880d7becbde4b0ab11
 2018-11-29 21:57:48 -07:00
Kevin F. Haggerty
c39a735ab5
msm8974-common: sepolicy: Label sysfs_msm_perf, resolve denials 
* avc: denied { write } for name="suspend_enabled" dev="sysfs"
  ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
  tclass=file permissive=1
* avc: denied { open } for name="suspend_enabled" dev="sysfs"
  ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
  tclass=file permissive=1

Change-Id: I23d69f0442d126b2a6ac3aaeda5032856a4483f2
 2018-11-29 19:17:53 -07:00
Kevin F. Haggerty
27afbf1dc6
msm8974-common: sepolicy: Label sysfs_disk_stat nodes 
* avc: denied { read } for name="stat" dev="sysfs" ino=26461
  scontext=u:r:storaged:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=1

Change-Id: I4b7258d069801f542da8c7f5ca8242ea32f12bca
 2018-11-29 19:17:52 -07:00
Kevin F. Haggerty
97ff0e6d32
msm8974-common: sepolicy: Label sysfs_net, resolve denials 
* avc: denied { getattr } for path="/sys/devices/msm_sdcc.2/mmc_host/
  mmc0/mmc0:0001/mmc0:0001:2/net/wlan0/phy80211" dev="sysfs"
  ino=29873 scontext=u:r:hal_wifi_hostapd_default:s0
  tcontext=u:object_r:sysfs_net:s0 tclass=lnk_file permissive=0
* avc: denied { read } for name="phy80211" dev="sysfs" ino=29823
  scontext=u:r:hal_wifi_hostapd_default:s0
  tcontext=u:object_r:sysfs_net:s0 tclass=lnk_file permissive=0

Change-Id: I6f40b8bdac2537b7000c02af6fac8277acb2a718
 2018-11-29 19:17:52 -07:00
Kevin F. Haggerty
a7c4bcc98e
msm8974-common: sepolicy: Label our custom sensors service 
Change-Id: I331abeac851cd92b32990ff797dff506dd67e503
 2018-11-27 08:12:35 -07:00
Kevin F. Haggerty
4b1a3c2134
msm8974-common: sepolicy: Resolve hal_sensors_default denials 
* avc: denied { read } for name="name" dev="sysfs" ino=26468i
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs:s0
  tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="tmpfs" ino=7276
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:iio_device:s0 tclass=chr_file permissive=0
* avc: denied { open } for name="iio:device0" dev="tmpfs" ino=7275
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:iio_device:s0 tclass=chr_file permissive=0
* avc: denied { search } for name="/" dev="mmcblk0p12" ino=2
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:efs_file:s0
  tclass=dir permissive=0
* avc: denied { read } for name="gyro_cal_data" dev="mmcblk0p12"
  ino=41 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:efs_file:s0 tclass=file permissive=0
* avc: denied { read } for name="shtc1_sensor" dev="tmpfs" ino=8378
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sensors_device:s0 tclass=chr_file permissive=1
* avc: denied { open } for name="shtc1_sensor" dev="tmpfs" ino=8378
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sensors_device:s0 tclass=chr_file permissive=1

Change-Id: Iad7e41e5e250eb1511d5838bd42b2b07843d220b
 2018-11-27 08:12:35 -07:00
Kevin F. Haggerty
071111d64d
msm8974-common: sepolicy: Label sysfs_sec_* types, resolve denials 
* Rename sysfs_sec type to sysfs_sec_key
* Add additional sysfs_sec_* types as appropriate

* avc: denied { read } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { open } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { write } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_ir:s0
  tclass=file permissive=1
* avc: denied { write } for name="led_blink" dev="sysfs" ino=25722
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=1
* avc: denied { write } for name="brightness" dev="sysfs" ino=23467
  scontext=u:r:system_server:s0
  tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=1
* avc: denied { setattr } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="hall_irq_ctrl" dev="sysfs"
  ino=29565 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="epen_firm_update" dev="sysfs"
  ino=23585 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_epen:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="cmd" dev="sysfs" ino=23756
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=file permissive=1
* avc: denied { write } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { open } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { read } for name="input" dev="sysfs" ino=24012
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=lnk_file permissive=0
* avc: denied { setattr } for name="waketime" dev="sysfs" ino=29035
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_bamdmux:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25719
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="usb_sel" dev="sysfs" ino=28162
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_switch:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=23468
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="temperature" dev="sysfs"
  ino=10538 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file
  permissive=0
* avc: denied { setattr } for name="barcode_send" dev="sysfs"
  ino=19231 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_barcode_emul:s0 tclass=file
  permissive=0

Change-Id: I66b6d2aab875a2706f2730be9755e8d9805ffb6e
 2018-11-27 08:12:28 -07:00
Kevin F. Haggerty
bb196ad94b
msm8974-common: sepolicy: Label sysfs_leds, resolve denials 
* avc: denied { search } for name="leds" dev="sysfs" ino=7437
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25718
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=1

Change-Id: I8840e28b3aa72e60d5c15cad66f043a36a15c771
 2018-11-27 07:00:57 -07:00
Kevin F. Haggerty
0e66ee2593
msm8974-common: sepolicy: Label sysfs_batteryinfo, resolve denials 
* avc: denied { setattr } for name="siop_level" dev="sysfs" ino=29912
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_batteryinfo:s0
  tclass=file permissive=1
* avc: denied { search } for name="battery.95" dev="sysfs" ino=3264
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
* avc: denied { read } for name="batt_temp_adc" dev="sysfs" ino=28739
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
* avc: denied { open } for name="batt_temp_adc" dev="sysfs" ino=28739
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1

Change-Id: Ie3098da96eeed27a9403e3c311fe011c1f359561
 2018-11-27 06:50:04 -07:00
Kevin F. Haggerty
1357777a0f
msm8974-common: sepolicy: Label sysfs_input, resolve denials 
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0
  tclass=file permissive=1
* avc: denied { open } for name="poll_delay" dev="sysfs" ino=27687
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file
  permissive=1
* avc: denied { search } for name="input" dev="sysfs" ino=13030
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="input6" dev="sysfs" ino=26725
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="device" dev="sysfs" ino=26717
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=lnk_file permissive=0
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=26946 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=0

Change-Id: Id46a02a44e773b99ff61f9a8ff18394c74c80f90
 2018-11-27 06:41:19 -07:00