lineage/android_device_samsung_msm8974-common
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
448 Commits 3 Branches 0 Tags 3.2 MiB
82523dcb34
Commit Graph

94 Commits

Author SHA1 Message Date
nyyu
24fedfac2a msm8974-common: sepolicy 2023-01-08 14:20:24 +01:00
nyyu
3431b3798f msm8974-common: Build mock hidl power stats 
* Fix for hidl power stats errors.
- Now with this we fixing both errors:
BatteryStatsService: Unable to load Power Hal or power.stats HAL
hwservicemanager: getTransport: Cannot find entry android.hardware.power.stats@1.0::IPowerStats/default in either framework or device manifest.
hwservicemanager: getTransport: Cannot find entry android.hardware.power@1.0::IPower/default in either framework or device manifest.
 2022-12-02 21:24:38 +01:00
nyyu
c7f3de6465 msm8974-common: sepolicy 2022-11-28 20:13:07 +01:00
nyyu
6850a3ff78 msm8974-common: Add custom audio service 
with reverts of:
LineageOS/android_hardware_interfaces@3f8f599
LineageOS/android_hardware_interfaces@d90c474

Fixed bluetooth audio
 2022-11-26 19:42:50 +01:00
nyyu
a55aeeba2a msm8974-common: Switch to health AIDL HAL 
Change-Id: Icbb7194943388679abd25b2dbd105424c34496a1
 2022-10-09 11:57:25 +02:00
nyyu
c0f34f4d6c msm8974-common: Switch to SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS 
Fixes:
warning: BOARD_PLAT_PRIVATE_SEPOLICY_DIR has been deprecated.
    Use SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS instead.
Change-Id: I752602079de8ff4c5370fe3ec861b8746838d878
 2022-08-20 11:52:08 +02:00
nyyu
48a44601e0 msm8974-common: Kill sysfs_io_sched_tuneable 
Change-Id: I49bb16cd8539f80b50974ceb6af9fa6a92e7cbeb
 2022-08-18 20:45:25 +02:00
Kevin F. Haggerty
3cb55ae129
msm8974-common: sepolicy: Resolve hostapd HAL denials 
avc: denied { read } for name="phy80211" dev="sysfs" ino=30200
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:sysfs_net:s0 tclass=lnk_file permissive=0

avc: denied { open } for name="rfkill" dev="tmpfs" ino=8718
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:wlan_device:s0 tclass=chr_file permissive=0

Change-Id: Ie196e3fb2c5a9458a73444bb1de13f15a037532d
 2021-01-23 13:41:37 -07:00
Kevin F. Haggerty
1b4cc55e16
Revert "Revert "msm8974-common: Build and enable fastbootd"" 
This reverts commit fd7fe5dd86.

Change-Id: Ie729c8ecd70fe0a92f54be9f3f20d89de032b861
 2021-01-14 06:41:27 -07:00
Kyle Harrison
94878fa0bb
msm8974-common: sepolicy: Fix exported_camera_prop denials 
Change-Id: Ib3abf88a4c71fcd1510a9b1a3cd496b85379c8b2
 2020-12-30 09:19:05 -07:00
Kevin F. Haggerty
cb714bb23b
msm8974-common: sepolicy: Really quiet zygote reading cmdline 
Change-Id: I180f434225a966a25cf4f9577e81588c7b2df9d9
 2020-12-30 09:19:05 -07:00
Vladimir Oltean
1a7d87aba7
msm8974-common: sepolicy: allow uevent to control sysfs_mmc_host via vold 
Change-Id: Iafea09efae38fb82f4019c6d3b3b4bb756cdca0b
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
 2020-12-30 09:19:01 -07:00
Arne Coucheron
07931872be
msm8974-common: sepolicy: Resolve last_kmsg denials 
Change-Id: Ib6a00d0c14eb03f1e16b24471736a0b84371152c
 2020-12-30 07:58:37 -07:00
Kyle Harrison
ec4379ecd8
msm8974-common: sepolicy: Fix userspace_reboot prop denials 
- userspace_reboot_exported_prop
- userspace_reboot_config_prop

Change-Id: Ibec834df41345d1268b1eea4ae88b2fd5d37dd55
 2020-12-30 07:58:37 -07:00
Francescodario Cuzzocrea
fec1e0d49c
msm8974-common: sepolicy: allow rild read perms on proc_qtaguid_stat 
Change-Id: I7f7c872603d162849a4c1b07ec6b04a35f15ddcc
 2020-12-30 07:58:37 -07:00
Kevin F. Haggerty
393fdef68c
msm8974-common: sepolicy: Allow rild to set various radio props 
* avc: denied { set } for property=persist.ril.radiocapa.tdscdma pid=532
  uid=1001 gid=1001 scontext=u:r:rild:s0
  tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=1
* avc: denied { set } for property=persist.ril.modem.board pid=572
  uid=1001 gid=1001 scontext=u:r:rild:s0
  tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=1
* avc: denied { set } for property=persist.ril.ims.eutranParam pid=2745
  uid=1001 gid=1001 scontext=u:r:rild:s0
  tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=1

Change-Id: Ib64be5c213456f80f403c645655fbc502a50832d
 2020-12-30 07:58:17 -07:00
Paul Crowley
bd627e8b90
msm8974-common: sepolicy: allow tee system_data_root_file:dir r_dir_perms; 
aosp/1106014 introduces a new class system_data_root_file and
tee needs access to that as well as system_data_file.

09-09 20:26:53.639   645   645 I auditd  : type=1400 audit(0.0:9): avc: denied { read } for comm="qseecomd" name="/" dev="dm-2" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_root_file:s0 tclass=dir permissive=1
09-09 20:26:53.639   645   645 I qseecomd: type=1400 audit(0.0:9): avc: denied { read } for name="/" dev="dm-2" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_root_file:s0 tclass=dir permissive=1
09-09 20:26:53.639   645   645 I auditd  : type=1400 audit(0.0:10): avc: denied { open } for comm="qseecomd" path="/data" dev="dm-2" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_root_file:s0 tclass=dir permissive=1
09-09 20:26:53.639   645   645 I qseecomd: type=1400 audit(0.0:10): avc: denied { open } for path="/data" dev="dm-2" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_root_file:s0 tclass=dir permissive=1

Bug: 140402208
Test: Flash Taimen device, enroll fingerprint, check log for denials
Change-Id: Ie976d7bbe4aeba875b96b6b82a94734b71ba1cb9
 2020-12-30 07:52:16 -07:00
Kevin F. Haggerty
e28494bb9f
msm8974-common: sepolicy: macloader updates for new root label 
Change-Id: I3526593a73b80c1ec1203734289cb5a2c8faad89
 2020-12-30 07:52:16 -07:00
Bruno Martins
2bea09d812
msm8974-common: sepolicy: Deduplicate camera rule 
No longer needed to keep it locally, since it has been recently
added globally.

Change-Id: Ia41e85d74da0937fddb4fe34d5b0bf15555d0ea1
 2020-12-30 07:49:18 -07:00
Alessandro Astone
269d4721aa
msm8974-common: sepolicy: Camera rules for new root label 
Change-Id: Iae2171eaf2acb77acabba626b7bcf017725ab81a
 2020-12-30 07:48:16 -07:00
Kevin F. Haggerty
450f437728
Revert "msm8974-common: sepolicy: Allow mediaswcodec to use binder IPC" 
* This is not needed with appropriate binder updates

This reverts commit b17d75621e.

Change-Id: Ic5cabb16313e68b7a1cefa6e23fc9a9d43dc6c31
 2020-12-30 07:47:37 -07:00
Kevin F. Haggerty
fd7fe5dd86
Revert "msm8974-common: Build and enable fastbootd" 
* This seems to be wholly dead for legacy functionfs. Pour one out,
  she led a great, yet short-lived, life.

This reverts commit 53fd5b0828.
This reverts commit 8b07abf736.

Change-Id: I494769c2106638d8e442f43dfedf399e7f90aa9e
 2020-12-30 07:42:55 -07:00
Amit Pundir
85a6137a28
msm8974-common: Add gatekeeper software HIDL service. 
Use the default software implementation of gatekeeper.

Change-Id: Id696752ad78047155cad6a5dafe7ca1b4fe86345
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
 2020-12-12 10:00:39 -07:00
Wang Han
b9a1d97191
msm8974-common: Switch to TimeKeep 
* SE policies are imported and modified from
   https://github.com/sonyxperiadev/device-sony-sepolicy.
   Modifications are needed because qcom legacy policy
   contains conflicting labels and rules.

Change-Id: Id04a824dea69976f6fc9d48bef77859cc82971ed
 2020-09-07 05:28:51 -06:00
Kevin F. Haggerty
16a190dd28
msm8974-common: sepolicy: Allow system_app to access storaged via IPC 
avc: denied { call } for comm=4173796E635461736B202333
scontext=u:r:system_app:s0 tcontext=u:r:storaged:s0 tclass=binder
permissive=t0

Change-Id: I933dcebf2f5960d639ce47be379f62636e4ddd69
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
9f313b3cee
msm8974-common: sepolicy: Allow system_app to access wificond via IPC 
avc: denied { call } for comm=4173796E635461736B202334
scontext=u:r:system_app:s0 tcontext=u:r:wificond:s0 tclass=binder
permissive=0

Change-Id: I5fed7bfa2362bce7fa26d22618b2584a145f5385
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
b17d75621e
msm8974-common: sepolicy: Allow mediaswcodec to use binder IPC 
Change-Id: I866c7b0843cd0e64f9f0f2e743b571c87281b086
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
8326e1562c
msm8974-common: sepolicy: Allow system_app to read /proc/pagetypeinfo 
avc: denied { read } for name="pagetypeinfo" dev="proc" ino=4026543033
scontext=u:r:system_app:s0 tcontext=u:object_r:proc_pagetypeinfo:s0
tclass=file permissive=0

Change-Id: I16465eb9acca9ff64a755d47f86f4ff424ebe4de
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
5404fa9536
msm8974-common: sepolicy: Quiet system_app attempts to find disallowed services 
Change-Id: I6a17bef88c3b9fe9f075dc0ef3de5e203f5d9ce3
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
d6e781307f
msm8974-common: sepolicy: Quiet priv_app opening sysfs_android_usb files 
* Reading these is disallowed globally, no need to see logspam of
  open attempts

Change-Id: I4c0094097d39456c65720cbdfb949d14439ce5f4
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
3377f79b53
msm8974-common: sepolicy: Allow system_app to access zram sysfs nodes 
avc: denied { search } for name="zram0" dev="sysfs" ino=20744
scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir
permissive=0

avc: denied { open } for name="mem_used_total" dev="sysfs" ino=20804
scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file
permissive=0

avc: denied { read } for name="mem_used_total" dev="sysfs" ino=20804
scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file
permissive=0

Change-Id: Ide9b1a9488b26fa69e7a2c8e73a8e657c8b28beb
 2020-09-06 04:12:10 -06:00
Kevin F. Haggerty
a586ba7d50
msm8974-common: sepolicy: Quiet vold finding the bootctl hwservice 
* We don't have this

Change-Id: I879f9b30e94c153dfec30ef369ae0ca31e3ab3d7
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
135f55810f
msm8974-common: sepolicy: Quiet zygote reading cmdline 
Change-Id: I3fad2a7a3a7e2200453fd40ef325a9f98bce5506
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
39c71a0276
msm8974-common: sepolicy: Allow platform_app to getattr radio_data_file 
avc: denied { getattr } for path="/data/user_de/0/com.android.phone"
dev="dm-0" ino=1545357 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:radio_data_file:s0 tclass=dir permissive=0
app=com.android.systemui

Change-Id: I74744dde2a3af01a4f30e0898889cad13f95d563
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
98dd537e3c
msm8974-common: sepolicy: Allow the BT HAL to read /efs 
avc: denied { search } for name="/" dev="mmcblk0p11" ino=2
scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:efs_file:s0
tclass=dir permissive=0

Change-Id: I1a8abfb3d02c5cb3c63c93ff20a2974ff70ecb87
 2020-09-06 04:12:09 -06:00
Arne Coucheron
8462d2ec5b
msm8974-common: sepolicy: Allow ueventd to set sys_nice capability 
avc: denied { sys_nice } for capability=23 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0

Change-Id: Icfa56283a9b4c67456bd4e714aa3922fece59436
 2020-09-06 04:12:09 -06:00
Arne Coucheron
66dcc79709
msm8974-common: sepolicy: Allow gpuservice to read opengles_prop 
avc: denied { read } for name="u:object_r:opengles_prop:s0" dev="tmpfs" ino=6353 scontext=u:r:gpuservice:s0 tcontext=u:object_r:opengles_prop:s0 tclass=file permissive=0

Change-Id: I455c5d681e301451ad11210e91d0a71b4b80239a
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
065046fd6d
msm8974-common: sepolicy: Allow fsck_untrusted appropriate access to sysfs_dm 
avc: denied { search } for name="dm-0" dev="sysfs" ino=33209
scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:sysfs_dm:s0
tclass=dir permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=33374
scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:sysfs_dm:s0
tclass=file permissive=0

Change-Id: I38d74974d23f94ddac4c45f1d5470288d4ee8a6f
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
7bfaa1d75f
msm8974-common: sepolicy: Allow ioctls necessary for physical sdcard operations 
* Note: 0x1271 is note defined in system/sepolicy/public/ioctl_defines

avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=19222 ioctlcmd=125e scontext=u:r:vold:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=20176 ioctlcmd=1271 scontext=u:r:vold:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=27110 ioctlcmd=125e scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

avc: denied { ioctl } for path="/dev/block/vold/public:179,65"
dev="tmpfs" ino=27110 ioctlcmd=1271 scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

Change-Id: I7bf2346b9517196160e4dde51baa550fb343bfdf
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
61d3a4eafa
msm8974-common: sepolicy: Allow untrusted fsck to getattr block_device dirs 
avc: denied { getattr } for path="/dev/block" dev="tmpfs" ino=6914
scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:block_device:s0
tclass=dir permissive=0

Change-Id: I03c1086a21edba4e193f81b473e6785aac890364
 2020-09-06 04:12:09 -06:00
Kevin F. Haggerty
631007d58c
msm8974-common: sepolicy: Update for move of init.{qcom,target}.rc to /vendor 
Change-Id: Ic0042ed52e7aeb3faba856411fd0a1b298446125
 2020-09-06 04:12:09 -06:00
Bruno Martins
eac9496d05
msm8974-common: Binderize them all 
* Switch to binderized HAL services as possible and update
   HIDL manifest accordingly.

Change-Id: Id50291488d655187aa013c51bdd6890dca010564
 2020-05-29 12:14:16 -06:00
Elektroschmock
e9a18e2d9e
msm8974-common: sepolicy: label /dev/stune(/.*) as cgroup 
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { open } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1
* avc: denied { write } for name="tasks" dev="tmpfs" ino=7795
  scontext=u:r:gsid:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=1

Change-Id: Idc69978328640ff40ad5efe2f0abd79304e75893
 2020-05-29 12:14:16 -06:00
Kevin F. Haggerty
f3cd79f3ae
msm8974-common: sepolicy: Resurrect alarm_device 
* Both our ril_daemon, via libsec-ril*.so, and our time_daemon
  need access to this device node

Change-Id: Ib787f45596bb6aa606bab102a5bd1cb93eb645a4
 2020-05-26 15:09:19 -06:00
Kevin F. Haggerty
8b07abf736
msm8974-common: sepolicy: Put fastbootd.te in correct place 
Change-Id: I7e65f7835e1ee37aee90aa84dfc431fc0d434231
 2020-05-15 10:43:56 -06:00
Alessandro Astone
53fd5b0828 msm8974-common: Build and enable fastbootd 
Change-Id: I0b20600fe7203a7aec19cbea8f6849052585c6ab
 2020-04-27 18:49:42 -04:00
Kevin F. Haggerty
64ed0d4ffc
msm8974-common: sepolicy: Resolve hal_lineage_touch_default denials 
* avc: denied { search } for name="sec_epen" dev="sysfs" ino=23534
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=dir permissive=1
* avc: denied { search } for name="sec_touchkey" dev="sysfs" ino=23413
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=dir permissive=1

* avc: denied { read } for name="epen_gestures" dev="sysfs" ino=23559
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1
* avc: denied { open } for name="epen_gestures" dev="sysfs" ino=23559
  scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1
* avc: denied { read write } for name="epen_gestures" dev="sysfs"
  ino=23559 scontext=u:r:hal_lineage_touch_default:s0
  tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1

Change-Id: Ie62004f9ca8e93cb8e1dfe45fcff0a9e74f3c44d
 2020-04-25 14:27:00 -06:00
Kevin F. Haggerty
5eb54f4a81
msm8974-common: sepolicy: Label rootfs tombstones symlink 
Change-Id: Ic9960d487b37521c8c1d730bb4f3bb69ed8b53e2
 2020-04-24 16:20:42 -06:00
Kevin F. Haggerty
0cfb50a823
msm8974-common: sepolicy: Label .psm.info file 
Change-Id: Id2e6cf9706262bac877deca0d692d81ef637b0fb
 2020-04-24 16:20:42 -06:00
Kevin F. Haggerty
b46d020e98
msm8974-common: Build the Samsung hwbinder light service 
Change-Id: I33c259766914a5a714b05b59735ee2a8d70b0a5c
 2020-04-24 15:44:37 -06:00