lineage/android_device_samsung_msm8974-common
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
432 Commits 3 Branches 0 Tags 3.2 MiB
5d18b27d50
Commit Graph

22 Commits

Author SHA1 Message Date
Arne Coucheron
07931872be
msm8974-common: sepolicy: Resolve last_kmsg denials 
Change-Id: Ib6a00d0c14eb03f1e16b24471736a0b84371152c
 2020-12-30 07:58:37 -07:00
Kevin F. Haggerty
631007d58c
msm8974-common: sepolicy: Update for move of init.{qcom,target}.rc to /vendor 
Change-Id: Ic0042ed52e7aeb3faba856411fd0a1b298446125
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
9aa32ce3c9
msm8974-common: sepolicy: Adapt to global sepolicy merges 
* Several items merged globally caused duplicate definition of paths
  that were previously labeled here.

This reverts commit 27afbf1dc6.
This reverts commit 7fb5a8c6cb.
This partially reverts commit bb196ad94b.
This partially reverts commit c39a735ab5.

Change-Id: I901e5aa78058e1a465f110cde31fb7d76eaf3d51
 2019-01-21 16:59:40 -07:00
Kevin F. Haggerty
afa0af84d6 msm8974-common: sepolicy: Clean up 
* Group policy statements better
* Nuke unneeded allows

Change-Id: Ibc1fd4debe8c95005a6dd54e1428d6365248bd80
 2018-12-26 22:06:35 +01:00
Kevin F. Haggerty
7e3f9a566d
msm8974-common: sepolicy: Resolve init denials 
* avc: denied { write } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file permissive=1
* avc: denied { open } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="firmware_path" dev="sysfs"
  ino=6423 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_wifi_writeable:s0 tclass=file
  permissive=1
* avc: denied { write } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { open } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { write } for name="enabled" dev="sysfs" ino=29716
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_thermal:s0
  tclass=file permissive=1
* avc: denied { write } for name="online" dev="sysfs" ino=5871
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0
  tclass=file permissive=1
* avc: denied { write } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { open } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="min_pwrlevel" dev="sysfs"
  ino=19546 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_kgsl:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="enabled" dev="sysfs" ino=23417
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_hal_pwr:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="rear_camfw" dev="sysfs" ino=24404
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_camera:s0
  tclass=file permissive=1
* avc: denied { check_context } for scontext=u:r:init:s0
  tcontext=u:object_r:kernel:s0 tclass=security permissive=0

Change-Id: Id7f78abedea2209f84527b1b83259574d06a0900
 2018-11-30 14:29:49 -07:00
Kevin F. Haggerty
7fb5a8c6cb
msm8974-common: sepolicy: Label sysfs_usb_storage_gadget, resolve denials 
* avc: denied { setattr } for name="file" dev="sysfs" ino=23591
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_storage_gadget:s0
  tclass=file permissive=1

Change-Id: Ia96e3634cbe1a85bb7da3f24ecfa3fbaaa55baad
 2018-11-30 14:14:59 -07:00
Kevin F. Haggerty
58cf5da15e
msm8974-common: sepolicy: Label sysfs_usb_otg, resolve denials 
* avc: denied { setattr } for name="booster" dev="sysfs" ino=23129
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_otg:s0
  tclass=file permissive=1

Change-Id: Iffb33bd7647026107473fb63e82d942ad027f9f9
 2018-11-30 14:10:55 -07:00
Kevin F. Haggerty
a0c32871a9
msm8974-common: sepolicy: Broaden sysfs_bluetooth_writable, resolve denials 
Change-Id: Iff3645e36ece2126f3697bb0389394415be16529
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
5c15bb5833
msm8974-common: sepolicy: Label sysfs_msmuart_file, resolve denials 
* avc: denied { setattr } for name="clock" dev="sysfs" ino=18914
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msmuart_file:s0
  tclass=file permissive=1

Change-Id: Iaf5fe6791344dcf419242599eb6c9272c61cd707
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
5d817ed103
msm8974-common: sepolicy: Label sysfs_mmc_host, resolve denials 
* avc: denied { write } for name="control" dev="sysfs" ino=25383
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=1
* avc: denied { open } for name="control" dev="sysfs" ino=25383
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=1

Change-Id: I876d025db9cf1fe67faeccca830ffd53dbf92904
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
6189adadd4
msm8974-common: sepolicy: Label sysfs_socinfo, resolve denials 
* avc: denied { setattr } for name="soc_iddq" dev="sysfs" ino=5543
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_socinfo:s0 tclass=file
  permissive=0

Change-Id: Ife248a9cccea19b09b931525606cf4c34344fd9f
 2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
1f52307ccb
msm8974-common: sepolicy: Label sysfs_sensors, resolve denials 
* avc: denied { read } for name="ssp_sensor" dev="sysfs" ino=27809
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="temperature" dev="sysfs" ino=10861
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
  tclass=file permissive=0

Change-Id: I2e4a436704ed019af153da880d7becbde4b0ab11
 2018-11-29 21:57:48 -07:00
Kevin F. Haggerty
c39a735ab5
msm8974-common: sepolicy: Label sysfs_msm_perf, resolve denials 
* avc: denied { write } for name="suspend_enabled" dev="sysfs"
  ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
  tclass=file permissive=1
* avc: denied { open } for name="suspend_enabled" dev="sysfs"
  ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
  tclass=file permissive=1

Change-Id: I23d69f0442d126b2a6ac3aaeda5032856a4483f2
 2018-11-29 19:17:53 -07:00
Kevin F. Haggerty
071111d64d
msm8974-common: sepolicy: Label sysfs_sec_* types, resolve denials 
* Rename sysfs_sec type to sysfs_sec_key
* Add additional sysfs_sec_* types as appropriate

* avc: denied { read } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { open } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { write } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_ir:s0
  tclass=file permissive=1
* avc: denied { write } for name="led_blink" dev="sysfs" ino=25722
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=1
* avc: denied { write } for name="brightness" dev="sysfs" ino=23467
  scontext=u:r:system_server:s0
  tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=1
* avc: denied { setattr } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="hall_irq_ctrl" dev="sysfs"
  ino=29565 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="epen_firm_update" dev="sysfs"
  ino=23585 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_epen:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="cmd" dev="sysfs" ino=23756
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=file permissive=1
* avc: denied { write } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { open } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { read } for name="input" dev="sysfs" ino=24012
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=lnk_file permissive=0
* avc: denied { setattr } for name="waketime" dev="sysfs" ino=29035
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_bamdmux:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25719
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="usb_sel" dev="sysfs" ino=28162
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_switch:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=23468
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="temperature" dev="sysfs"
  ino=10538 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file
  permissive=0
* avc: denied { setattr } for name="barcode_send" dev="sysfs"
  ino=19231 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_barcode_emul:s0 tclass=file
  permissive=0

Change-Id: I66b6d2aab875a2706f2730be9755e8d9805ffb6e
 2018-11-27 08:12:28 -07:00
Kevin F. Haggerty
bb196ad94b
msm8974-common: sepolicy: Label sysfs_leds, resolve denials 
* avc: denied { search } for name="leds" dev="sysfs" ino=7437
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25718
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=1

Change-Id: I8840e28b3aa72e60d5c15cad66f043a36a15c771
 2018-11-27 07:00:57 -07:00
Kevin F. Haggerty
0e66ee2593
msm8974-common: sepolicy: Label sysfs_batteryinfo, resolve denials 
* avc: denied { setattr } for name="siop_level" dev="sysfs" ino=29912
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_batteryinfo:s0
  tclass=file permissive=1
* avc: denied { search } for name="battery.95" dev="sysfs" ino=3264
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
* avc: denied { read } for name="batt_temp_adc" dev="sysfs" ino=28739
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
* avc: denied { open } for name="batt_temp_adc" dev="sysfs" ino=28739
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1

Change-Id: Ie3098da96eeed27a9403e3c311fe011c1f359561
 2018-11-27 06:50:04 -07:00
Kevin F. Haggerty
1357777a0f
msm8974-common: sepolicy: Label sysfs_input, resolve denials 
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0
  tclass=file permissive=1
* avc: denied { open } for name="poll_delay" dev="sysfs" ino=27687
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file
  permissive=1
* avc: denied { search } for name="input" dev="sysfs" ino=13030
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="input6" dev="sysfs" ino=26725
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="device" dev="sysfs" ino=26717
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=lnk_file permissive=0
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=26946 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=0

Change-Id: Id46a02a44e773b99ff61f9a8ff18394c74c80f90
 2018-11-27 06:41:19 -07:00
Kevin F. Haggerty
8d6d6a1f00
msm8974-common: sepolicy: Label sysfs_iio, resolve denials 
* avc: denied { read } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { open } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { write } for name="length" dev="sysfs" ino=26482
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="sysfs" ino=26489
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=0
* avc: denied { read } for name="iio:device0" dev="sysfs" ino=26350
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="length" dev="sysfs" ino=26343
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file
  permissive=1

Change-Id: If9b3e9efe4f7c6eec3faf973e0b7aebd96d76ef3
 2018-11-27 06:40:47 -07:00
Kevin F. Haggerty
4cea2fcca2
msm8974-common: sepolicy: More sysfs_graphics, resolve denials 
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=12913
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0
  tclass=file permissive=1
* avc: denied { read } for name="window_type" dev="sysfs" ino=12710
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file
  permissive=1
* avc: denied { read } for name="window_type" dev="sysfs" ino=12710
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
* avc: denied { search } for name="panel" dev="sysfs" ino=12358
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_graphics:s0 tclass=dir permissive=0

Change-Id: I8597d7be6217816924a8fee854341e4f2fb18562
 2018-11-26 22:18:08 -07:00
Kevin F. Haggerty
241d260828
msm8974-common: sepolicy: Update sysfs_mdnie, resolve denials 
* avc: denied { setattr } for name="scenario" dev="sysfs" ino=12753
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mdnie:s0 tclass=file
  permissive=0
* avc: denied { search } for name="mdnie" dev="sysfs" ino=12743i
  scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_mdnie:s0
  tclass=dir permissive=0

Change-Id: I4a0530136d7d1e6ee8ede0733e70de813382372b
 2018-11-26 21:00:04 -07:00
Paul Keith
d5d83cb89e msm8974-common: Remove noatsecure 
* Shims have been moved to a board flag, so we no longer need
  noatsecure to make LD_SHIM_LIBS persist through services

Change-Id: I94b8c30e28e6dd297e0020ddfb46b2af21068721
 2018-02-17 13:20:49 +00:00
Kevin F. Haggerty
68b75f9105 msm8974-common: sepolicy: Import common sepolicy from klte-common 
* The bulk of the device family policy was common and applicable
  to all Samsung msm8974-devices. Move that common stuff here to
  ease maintenance.

Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8
 2018-02-03 15:07:03 -07:00