lineage/android_device_samsung_msm8974-common
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
332 Commits 3 Branches 0 Tags 3.2 MiB
61d3a4eafa
Commit Graph

55 Commits

Author SHA1 Message Date
Kevin F. Haggerty
61d3a4eafa
msm8974-common: sepolicy: Allow untrusted fsck to getattr block_device dirs 
avc: denied { getattr } for path="/dev/block" dev="tmpfs" ino=6914
scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:block_device:s0
tclass=dir permissive=0

Change-Id: I03c1086a21edba4e193f81b473e6785aac890364
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
631007d58c
msm8974-common: sepolicy: Update for move of init.{qcom,target}.rc to /vendor 
Change-Id: Ic0042ed52e7aeb3faba856411fd0a1b298446125
 2020-09-06 04:12:09 -06:00
Bruno Martins
eac9496d05
msm8974-common: Binderize them all 
* Switch to binderized HAL services as possible and update
   HIDL manifest accordingly.

Change-Id: Id50291488d655187aa013c51bdd6890dca010564
 2020-05-29 12:14:16 -06:00
Elektroschmock
e9a18e2d9e
msm8974-common: sepolicy: label /dev/stune(/.*) as cgroup 
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:gsid:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1

Change-Id: Idc69978328640ff40ad5efe2f0abd79304e75893
 2020-05-29 12:14:16 -06:00
Kevin F. Haggerty
f3cd79f3ae
msm8974-common: sepolicy: Resurrect alarm_device 
* Both our ril_daemon, via libsec-ril*.so, and our time_daemon
  need access to this device node

Change-Id: Ib787f45596bb6aa606bab102a5bd1cb93eb645a4
 2020-05-26 15:09:19 -06:00
Kevin F. Haggerty
8b07abf736
msm8974-common: sepolicy: Put fastbootd.te in correct place 
Change-Id: I7e65f7835e1ee37aee90aa84dfc431fc0d434231
 2020-05-15 10:43:56 -06:00
Alessandro Astone
53fd5b0828 msm8974-common: Build and enable fastbootd 
Change-Id: I0b20600fe7203a7aec19cbea8f6849052585c6ab
 2020-04-27 18:49:42 -04:00
Kevin F. Haggerty
64ed0d4ffc
msm8974-common: sepolicy: Resolve hal_lineage_touch_default denials 
* avc: denied { search } for name="sec_epen" dev="sysfs" ino=23534
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=dir permissive=1
* avc: denied { search } for name="sec_touchkey" dev="sysfs" ino=23413
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=dir permissive=1

* avc: denied { read } for name="epen_gestures" dev="sysfs" ino=23559
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1
* avc: denied { open } for name="epen_gestures" dev="sysfs" ino=23559
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1
* avc: denied { read write } for name="epen_gestures" dev="sysfs"
  ino=23559 scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1

Change-Id: Ie62004f9ca8e93cb8e1dfe45fcff0a9e74f3c44d
 2020-04-25 14:27:00 -06:00
Kevin F. Haggerty
5eb54f4a81
msm8974-common: sepolicy: Label rootfs tombstones symlink 
Change-Id: Ic9960d487b37521c8c1d730bb4f3bb69ed8b53e2
 2020-04-24 16:20:42 -06:00
Kevin F. Haggerty
0cfb50a823
msm8974-common: sepolicy: Label .psm.info file 
Change-Id: Id2e6cf9706262bac877deca0d692d81ef637b0fb
 2020-04-24 16:20:42 -06:00
Kevin F. Haggerty
b46d020e98
msm8974-common: Build the Samsung hwbinder light service 
Change-Id: I33c259766914a5a714b05b59735ee2a8d70b0a5c
 2020-04-24 15:44:37 -06:00
Kevin F. Haggerty
d68795bd7f
msm8974-common: sepolicy: Label /firmware-modem mountpoint 
Change-Id: I08720daf701235f9209b7e6fd66d6432a5684ec2
 2020-04-24 14:22:24 -06:00
Paul Keith
50045fa46e msm8974-common: Transition to consumerir HIDL hal 
Change-Id: I85950a46eebec0e9a4b34681b2042467231b33b3
 2020-01-31 15:08:24 +01:00
LuK1337
756a4e4063
msm8974-common: hal_lineage_livedisplay_default -> hal_lineage_livedisplay_sysfs 
Change-Id: If8954290c41913b7453a1cba4d67f7a63d08d2dd
 2019-06-16 09:01:58 -06:00
Kevin F. Haggerty
66b282da2e
msm8974-common: Build Samsung LiveDisplay service 
Change-Id: I74d38aa0df3179bb00b942135e8ff055aa8a5658
 2019-05-07 07:20:49 -06:00
Paul Keith
c036f18fe2
msm8974-common: Build vendor.lineage.touch HAL from hardware/samsung 
Change-Id: I6eca1e9875cb5793a3a45c6e77bc201946ebd897
 2019-04-10 06:45:59 -06:00
Kevin F. Haggerty
4b086d485b
Revert "msm8974-common: sepolicy: Label sysfs_net, resolve denials" 
This reverts commit 97ff0e6d32.

Change-Id: Ib609a1a9987598be26e2fe32cc77ea9f57c9c63d
 2019-02-19 07:42:09 -07:00
Kevin F. Haggerty
9aa32ce3c9
msm8974-common: sepolicy: Adapt to global sepolicy merges 
* Several items merged globally caused duplicate definition of paths
  that were previously labeled here.

This reverts commit 27afbf1dc6.
This reverts commit 7fb5a8c6cb.
This partially reverts commit bb196ad94b.
This partially reverts commit c39a735ab5.

Change-Id: I901e5aa78058e1a465f110cde31fb7d76eaf3d51
 2019-01-21 16:59:40 -07:00
Kevin F. Haggerty
f823b51508
msm8974-common: sepolicy: Eliminate qemu_hw_mainkeys_prop entries 
* Specific definition of this is dropped from qcom/sepolicy-legacy

Change-Id: I429abf7dddd2de4443349366b932149f30b87206
 2018-12-31 15:21:52 -07:00
Kevin F. Haggerty
afa0af84d6 msm8974-common: sepolicy: Clean up 
* Group policy statements better
* Nuke unneeded allows

Change-Id: Ibc1fd4debe8c95005a6dd54e1428d6365248bd80
 2018-12-26 22:06:35 +01:00
Kevin F. Haggerty
7e3f9a566d
msm8974-common: sepolicy: Resolve init denials 
* avc: denied { write } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file permissive=1
* avc: denied { open } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="firmware_path" dev="sysfs"
  ino=6423 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_wifi_writeable:s0 tclass=file
  permissive=1
* avc: denied { write } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { open } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { write } for name="enabled" dev="sysfs" ino=29716
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_thermal:s0
  tclass=file permissive=1
* avc: denied { write } for name="online" dev="sysfs" ino=5871
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0
  tclass=file permissive=1
* avc: denied { write } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { open } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="min_pwrlevel" dev="sysfs"
  ino=19546 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_kgsl:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="enabled" dev="sysfs" ino=23417
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_hal_pwr:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="rear_camfw" dev="sysfs" ino=24404
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_camera:s0
  tclass=file permissive=1
* avc: denied { check_context } for scontext=u:r:init:s0
  tcontext=u:object_r:kernel:s0 tclass=security permissive=0

Change-Id: Id7f78abedea2209f84527b1b83259574d06a0900
 2018-11-30 14:29:49 -07:00
Kevin F. Haggerty
7fb5a8c6cb
msm8974-common: sepolicy: Label sysfs_usb_storage_gadget, resolve denials 
* avc: denied { setattr } for name="file" dev="sysfs" ino=23591
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_storage_gadget:s0
  tclass=file permissive=1

Change-Id: Ia96e3634cbe1a85bb7da3f24ecfa3fbaaa55baad
 2018-11-30 14:14:59 -07:00
Kevin F. Haggerty
58cf5da15e
msm8974-common: sepolicy: Label sysfs_usb_otg, resolve denials 
* avc: denied { setattr } for name="booster" dev="sysfs" ino=23129
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_otg:s0
  tclass=file permissive=1

Change-Id: Iffb33bd7647026107473fb63e82d942ad027f9f9
 2018-11-30 14:10:55 -07:00
Kevin F. Haggerty
a0c32871a9
msm8974-common: sepolicy: Broaden sysfs_bluetooth_writable, resolve denials 
Change-Id: Iff3645e36ece2126f3697bb0389394415be16529
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
5c15bb5833
msm8974-common: sepolicy: Label sysfs_msmuart_file, resolve denials 
* avc: denied { setattr } for name="clock" dev="sysfs" ino=18914
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msmuart_file:s0
  tclass=file permissive=1

Change-Id: Iaf5fe6791344dcf419242599eb6c9272c61cd707
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
5d817ed103
msm8974-common: sepolicy: Label sysfs_mmc_host, resolve denials 
* avc: denied { write } for name="control" dev="sysfs" ino=25383
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=1
* avc: denied { open } for name="control" dev="sysfs" ino=25383
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=1

Change-Id: I876d025db9cf1fe67faeccca830ffd53dbf92904
 2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
6189adadd4
msm8974-common: sepolicy: Label sysfs_socinfo, resolve denials 
* avc: denied { setattr } for name="soc_iddq" dev="sysfs" ino=5543
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_socinfo:s0 tclass=file
  permissive=0

Change-Id: Ife248a9cccea19b09b931525606cf4c34344fd9f
 2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
b98cef71f1
msm8974-common: sepolicy: Label additional sysfs_io_sched_tuneable node 
Change-Id: I2b416123c7d925443df20f518cb2a0bd02935229
 2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
dbcc41c888
msm8974-common: sepolicy: Resolve additional sensors HAL denials 
* avc: denied { search } for name="sec-thermistor" dev="sysfs"
  ino=5485 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=dir permissive=0

Change-Id: I4d77e87b2662bca081cc5b934161347fed6a157d
 2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
1f52307ccb
msm8974-common: sepolicy: Label sysfs_sensors, resolve denials 
* avc: denied { read } for name="ssp_sensor" dev="sysfs" ino=27809
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="temperature" dev="sysfs" ino=10861
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
  tclass=file permissive=0

Change-Id: I2e4a436704ed019af153da880d7becbde4b0ab11
 2018-11-29 21:57:48 -07:00
Kevin F. Haggerty
c39a735ab5
msm8974-common: sepolicy: Label sysfs_msm_perf, resolve denials 
* avc: denied { write } for name="suspend_enabled" dev="sysfs"
  ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
  tclass=file permissive=1
* avc: denied { open } for name="suspend_enabled" dev="sysfs"
  ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
  tclass=file permissive=1

Change-Id: I23d69f0442d126b2a6ac3aaeda5032856a4483f2
 2018-11-29 19:17:53 -07:00
Kevin F. Haggerty
27afbf1dc6
msm8974-common: sepolicy: Label sysfs_disk_stat nodes 
* avc: denied { read } for name="stat" dev="sysfs" ino=26461
  scontext=u:r:storaged:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=1

Change-Id: I4b7258d069801f542da8c7f5ca8242ea32f12bca
 2018-11-29 19:17:52 -07:00
Kevin F. Haggerty
97ff0e6d32
msm8974-common: sepolicy: Label sysfs_net, resolve denials 
* avc: denied { getattr } for path="/sys/devices/msm_sdcc.2/mmc_host/
  mmc0/mmc0:0001/mmc0:0001:2/net/wlan0/phy80211" dev="sysfs"
  ino=29873 scontext=u:r:hal_wifi_hostapd_default:s0
  tcontext=u:object_r:sysfs_net:s0 tclass=lnk_file permissive=0
* avc: denied { read } for name="phy80211" dev="sysfs" ino=29823
  scontext=u:r:hal_wifi_hostapd_default:s0
  tcontext=u:object_r:sysfs_net:s0 tclass=lnk_file permissive=0

Change-Id: I6f40b8bdac2537b7000c02af6fac8277acb2a718
 2018-11-29 19:17:52 -07:00
Kevin F. Haggerty
a7c4bcc98e
msm8974-common: sepolicy: Label our custom sensors service 
Change-Id: I331abeac851cd92b32990ff797dff506dd67e503
 2018-11-27 08:12:35 -07:00
Kevin F. Haggerty
4b1a3c2134
msm8974-common: sepolicy: Resolve hal_sensors_default denials 
* avc: denied { read } for name="name" dev="sysfs" ino=26468i
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs:s0
  tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="tmpfs" ino=7276
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:iio_device:s0 tclass=chr_file permissive=0
* avc: denied { open } for name="iio:device0" dev="tmpfs" ino=7275
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:iio_device:s0 tclass=chr_file permissive=0
* avc: denied { search } for name="/" dev="mmcblk0p12" ino=2
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:efs_file:s0
  tclass=dir permissive=0
* avc: denied { read } for name="gyro_cal_data" dev="mmcblk0p12"
  ino=41 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:efs_file:s0 tclass=file permissive=0
* avc: denied { read } for name="shtc1_sensor" dev="tmpfs" ino=8378
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sensors_device:s0 tclass=chr_file permissive=1
* avc: denied { open } for name="shtc1_sensor" dev="tmpfs" ino=8378
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sensors_device:s0 tclass=chr_file permissive=1

Change-Id: Iad7e41e5e250eb1511d5838bd42b2b07843d220b
 2018-11-27 08:12:35 -07:00
Kevin F. Haggerty
071111d64d
msm8974-common: sepolicy: Label sysfs_sec_* types, resolve denials 
* Rename sysfs_sec type to sysfs_sec_key
* Add additional sysfs_sec_* types as appropriate

* avc: denied { read } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { open } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { write } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_ir:s0
  tclass=file permissive=1
* avc: denied { write } for name="led_blink" dev="sysfs" ino=25722
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=1
* avc: denied { write } for name="brightness" dev="sysfs" ino=23467
  scontext=u:r:system_server:s0
  tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=1
* avc: denied { setattr } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="hall_irq_ctrl" dev="sysfs"
  ino=29565 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="epen_firm_update" dev="sysfs"
  ino=23585 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_epen:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="cmd" dev="sysfs" ino=23756
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=file permissive=1
* avc: denied { write } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { open } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { read } for name="input" dev="sysfs" ino=24012
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=lnk_file permissive=0
* avc: denied { setattr } for name="waketime" dev="sysfs" ino=29035
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_bamdmux:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25719
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="usb_sel" dev="sysfs" ino=28162
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_switch:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=23468
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="temperature" dev="sysfs"
  ino=10538 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file
  permissive=0
* avc: denied { setattr } for name="barcode_send" dev="sysfs"
  ino=19231 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_barcode_emul:s0 tclass=file
  permissive=0

Change-Id: I66b6d2aab875a2706f2730be9755e8d9805ffb6e
 2018-11-27 08:12:28 -07:00
Kevin F. Haggerty
bb196ad94b
msm8974-common: sepolicy: Label sysfs_leds, resolve denials 
* avc: denied { search } for name="leds" dev="sysfs" ino=7437
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25718
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=1

Change-Id: I8840e28b3aa72e60d5c15cad66f043a36a15c771
 2018-11-27 07:00:57 -07:00
Kevin F. Haggerty
0e66ee2593
msm8974-common: sepolicy: Label sysfs_batteryinfo, resolve denials 
* avc: denied { setattr } for name="siop_level" dev="sysfs" ino=29912
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_batteryinfo:s0
  tclass=file permissive=1
* avc: denied { search } for name="battery.95" dev="sysfs" ino=3264
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
* avc: denied { read } for name="batt_temp_adc" dev="sysfs" ino=28739
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
* avc: denied { open } for name="batt_temp_adc" dev="sysfs" ino=28739
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1

Change-Id: Ie3098da96eeed27a9403e3c311fe011c1f359561
 2018-11-27 06:50:04 -07:00
Kevin F. Haggerty
1357777a0f
msm8974-common: sepolicy: Label sysfs_input, resolve denials 
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0
  tclass=file permissive=1
* avc: denied { open } for name="poll_delay" dev="sysfs" ino=27687
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file
  permissive=1
* avc: denied { search } for name="input" dev="sysfs" ino=13030
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="input6" dev="sysfs" ino=26725
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="device" dev="sysfs" ino=26717
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=lnk_file permissive=0
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=26946 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=0

Change-Id: Id46a02a44e773b99ff61f9a8ff18394c74c80f90
 2018-11-27 06:41:19 -07:00
Kevin F. Haggerty
8d6d6a1f00
msm8974-common: sepolicy: Label sysfs_iio, resolve denials 
* avc: denied { read } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { open } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { write } for name="length" dev="sysfs" ino=26482
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="sysfs" ino=26489
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=0
* avc: denied { read } for name="iio:device0" dev="sysfs" ino=26350
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="length" dev="sysfs" ino=26343
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file
  permissive=1

Change-Id: If9b3e9efe4f7c6eec3faf973e0b7aebd96d76ef3
 2018-11-27 06:40:47 -07:00
Kevin F. Haggerty
4cea2fcca2
msm8974-common: sepolicy: More sysfs_graphics, resolve denials 
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=12913
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0
  tclass=file permissive=1
* avc: denied { read } for name="window_type" dev="sysfs" ino=12710
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file
  permissive=1
* avc: denied { read } for name="window_type" dev="sysfs" ino=12710
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
* avc: denied { search } for name="panel" dev="sysfs" ino=12358
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_graphics:s0 tclass=dir permissive=0

Change-Id: I8597d7be6217816924a8fee854341e4f2fb18562
 2018-11-26 22:18:08 -07:00
Kevin F. Haggerty
241d260828
msm8974-common: sepolicy: Update sysfs_mdnie, resolve denials 
* avc: denied { setattr } for name="scenario" dev="sysfs" ino=12753
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mdnie:s0 tclass=file
  permissive=0
* avc: denied { search } for name="mdnie" dev="sysfs" ino=12743i
  scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_mdnie:s0
  tclass=dir permissive=0

Change-Id: I4a0530136d7d1e6ee8ede0733e70de813382372b
 2018-11-26 21:00:04 -07:00
Kevin F. Haggerty
b14c7f0152
msm8974-common: sepolicy: Sort sysfs block of file_contexts sanely 
Change-Id: I421f1c97db0f5c2919d99293d75d3f6e09f52340
 2018-11-21 23:10:10 -07:00
Kevin F. Haggerty
a60dc07555
msm8974-common: sepolicy: Drop our mediaextractor additions 
* LineageOS/android_system_sepolicy@2a67349574 covers this for us

Change-Id: I55a92c1580d4943f72f17ba8991fcbb5c8167c8d
 2018-11-21 23:10:09 -07:00
Bruno Martins
7bf8dd9506
msm8974-common: Only include legacy QC sepolicy 
* This has now turned into a separate repository (maintained only
   for legacy devices, those that never got official Orea updates).

Change-Id: I981b452b697bc3610d7aa97b74ed182c6b70ca30
 2018-10-21 08:25:19 -06:00
Kevin F. Haggerty
d766a7e028 msm8974-common: sepolicy: Resolve misc denials 
avc: denied { chown } for capability=0 scontext=u:r:thermal-engine:s0
tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0

avc: denied  { find } for interface=android.hardware.camera.provider::ICameraProvider
pid=1315 scontext=u:r:mediaserver:s0 tcontext=u:object_r:hal_camera_hwservice:s0
tclass=hwservice_manager permissive=0

avc: denied { getattr } for pid=1940 comm="mount.ntfs"
path="/dev/block/mmcblk0p23" dev="tmpfs" ino=6957 scontext=u:r:vold:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0

avc: denied { read write } for pid=1370 comm="mm-qcamera-daem" name="rear_corever"
dev="sysfs" ino=24696 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0

avc: denied { search } for pid=561 comm="mm-qcamera-daem" name="camera"
dev="sysfs" ino=24680 scontext=u:r:mm-qcamerad:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=dir permissive=0

avc: denied { getattr } for pid=1950 comm="mount.ntfs"
path="/dev/block/mmcblk0p24" dev="tmpfs" ino=8134 scontext=u:r:vold:s0
tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0

avc: denied { getattr } for pid=1926 comm="fsck.ntfs" path="/dev/block"
dev="tmpfs" ino=6956 scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=0

avc: denied { getattr } for pid=1948 comm="mount.ntfs"
path="/dev/block/mmcblk0p12" dev="tmpfs" ino=8090 scontext=u:r:vold:s0
tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=0

avc: denied { read } for pid=339 comm="mediaserver" name="rear_camfw_load"
dev="sysfs" ino=24694 scontext=u:r:mediaserver:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file permissive=0

Change-Id: Ieb941d135d9f245f4a2bb9abb78e1b84bbef4b38
 2018-03-31 09:25:48 -06:00
Kevin F. Haggerty
e405ae831d msm8974-common: sepolicy: Allow mediaextractor r_file_perms to fuse:file 
* This is necessary for the built-in music player to play files off
  of fuse (NTFS, in our case, for the most part) volumes

Change-Id: Ib6fffb5c2b5c8c514979a7aabce949d82902b2d1
 2018-03-18 17:23:30 -06:00
Kevin F. Haggerty
778c310204 msm8974-common: sepolicy: Add policy statements for power HAL 
Change-Id: I5fbf737a2dddf4e70a1a51e23b2e06a153a6f769
 2018-02-28 07:17:50 -07:00
Paul Keith
f159447f74 msm8974-common: Remove exfat and ntfs sepolicies 
* They are labelled as vfat now

Change-Id: I1f1df3b7c1c294b2efb5ce9417838b9932eb08f1
 2018-02-22 23:27:10 +01:00
Paul Keith
a6a77f987c msm8974-common: Wire up mDNIe features 
Change-Id: Ib5d2825bb50c90b6743157bd624e7156c6d5ad01
 2018-02-22 23:27:10 +01:00