Commit Graph

94 Commits

Author SHA1 Message Date
Kevin F. Haggerty
d68795bd7f
msm8974-common: sepolicy: Label /firmware-modem mountpoint
Change-Id: I08720daf701235f9209b7e6fd66d6432a5684ec2
2020-04-24 14:22:24 -06:00
Paul Keith
50045fa46e msm8974-common: Transition to consumerir HIDL hal
Change-Id: I85950a46eebec0e9a4b34681b2042467231b33b3
2020-01-31 15:08:24 +01:00
LuK1337
756a4e4063
msm8974-common: hal_lineage_livedisplay_default -> hal_lineage_livedisplay_sysfs
Change-Id: If8954290c41913b7453a1cba4d67f7a63d08d2dd
2019-06-16 09:01:58 -06:00
Kevin F. Haggerty
66b282da2e
msm8974-common: Build Samsung LiveDisplay service
Change-Id: I74d38aa0df3179bb00b942135e8ff055aa8a5658
2019-05-07 07:20:49 -06:00
Paul Keith
c036f18fe2
msm8974-common: Build vendor.lineage.touch HAL from hardware/samsung
Change-Id: I6eca1e9875cb5793a3a45c6e77bc201946ebd897
2019-04-10 06:45:59 -06:00
Kevin F. Haggerty
4b086d485b
Revert "msm8974-common: sepolicy: Label sysfs_net, resolve denials"
This reverts commit 97ff0e6d32.

Change-Id: Ib609a1a9987598be26e2fe32cc77ea9f57c9c63d
2019-02-19 07:42:09 -07:00
Kevin F. Haggerty
9aa32ce3c9
msm8974-common: sepolicy: Adapt to global sepolicy merges
* Several items merged globally caused duplicate definition of paths
  that were previously labeled here.

This reverts commit 27afbf1dc6.
This reverts commit 7fb5a8c6cb.
This partially reverts commit bb196ad94b.
This partially reverts commit c39a735ab5.

Change-Id: I901e5aa78058e1a465f110cde31fb7d76eaf3d51
2019-01-21 16:59:40 -07:00
Kevin F. Haggerty
f823b51508
msm8974-common: sepolicy: Eliminate qemu_hw_mainkeys_prop entries
* Specific definition of this is dropped from qcom/sepolicy-legacy

Change-Id: I429abf7dddd2de4443349366b932149f30b87206
2018-12-31 15:21:52 -07:00
Kevin F. Haggerty
afa0af84d6 msm8974-common: sepolicy: Clean up
* Group policy statements better
* Nuke unneeded allows

Change-Id: Ibc1fd4debe8c95005a6dd54e1428d6365248bd80
2018-12-26 22:06:35 +01:00
Kevin F. Haggerty
7e3f9a566d
msm8974-common: sepolicy: Resolve init denials
* avc: denied { write } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file permissive=1
* avc: denied { open } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="firmware_path" dev="sysfs"
  ino=6423 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_wifi_writeable:s0 tclass=file
  permissive=1
* avc: denied { write } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { open } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { write } for name="enabled" dev="sysfs" ino=29716
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_thermal:s0
  tclass=file permissive=1
* avc: denied { write } for name="online" dev="sysfs" ino=5871
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0
  tclass=file permissive=1
* avc: denied { write } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { open } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="min_pwrlevel" dev="sysfs"
  ino=19546 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_kgsl:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="enabled" dev="sysfs" ino=23417
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_hal_pwr:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="rear_camfw" dev="sysfs" ino=24404
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_camera:s0
  tclass=file permissive=1
* avc: denied { check_context } for scontext=u:r:init:s0
  tcontext=u:object_r:kernel:s0 tclass=security permissive=0

Change-Id: Id7f78abedea2209f84527b1b83259574d06a0900
2018-11-30 14:29:49 -07:00
Kevin F. Haggerty
7fb5a8c6cb
msm8974-common: sepolicy: Label sysfs_usb_storage_gadget, resolve denials
* avc: denied { setattr } for name="file" dev="sysfs" ino=23591
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_storage_gadget:s0
  tclass=file permissive=1

Change-Id: Ia96e3634cbe1a85bb7da3f24ecfa3fbaaa55baad
2018-11-30 14:14:59 -07:00
Kevin F. Haggerty
58cf5da15e
msm8974-common: sepolicy: Label sysfs_usb_otg, resolve denials
* avc: denied { setattr } for name="booster" dev="sysfs" ino=23129
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_otg:s0
  tclass=file permissive=1

Change-Id: Iffb33bd7647026107473fb63e82d942ad027f9f9
2018-11-30 14:10:55 -07:00
Kevin F. Haggerty
a0c32871a9
msm8974-common: sepolicy: Broaden sysfs_bluetooth_writable, resolve denials
Change-Id: Iff3645e36ece2126f3697bb0389394415be16529
2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
5c15bb5833
msm8974-common: sepolicy: Label sysfs_msmuart_file, resolve denials
* avc: denied { setattr } for name="clock" dev="sysfs" ino=18914
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msmuart_file:s0
  tclass=file permissive=1

Change-Id: Iaf5fe6791344dcf419242599eb6c9272c61cd707
2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
5d817ed103
msm8974-common: sepolicy: Label sysfs_mmc_host, resolve denials
* avc: denied { write } for name="control" dev="sysfs" ino=25383
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=1
* avc: denied { open } for name="control" dev="sysfs" ino=25383
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=1

Change-Id: I876d025db9cf1fe67faeccca830ffd53dbf92904
2018-11-29 21:58:43 -07:00
Kevin F. Haggerty
6189adadd4
msm8974-common: sepolicy: Label sysfs_socinfo, resolve denials
* avc: denied { setattr } for name="soc_iddq" dev="sysfs" ino=5543
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_socinfo:s0 tclass=file
  permissive=0

Change-Id: Ife248a9cccea19b09b931525606cf4c34344fd9f
2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
b98cef71f1
msm8974-common: sepolicy: Label additional sysfs_io_sched_tuneable node
Change-Id: I2b416123c7d925443df20f518cb2a0bd02935229
2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
dbcc41c888
msm8974-common: sepolicy: Resolve additional sensors HAL denials
* avc: denied { search } for name="sec-thermistor" dev="sysfs"
  ino=5485 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=dir permissive=0

Change-Id: I4d77e87b2662bca081cc5b934161347fed6a157d
2018-11-29 21:58:42 -07:00
Kevin F. Haggerty
1f52307ccb
msm8974-common: sepolicy: Label sysfs_sensors, resolve denials
* avc: denied { read } for name="ssp_sensor" dev="sysfs" ino=27809
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="temperature" dev="sysfs" ino=10861
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
  tclass=file permissive=0

Change-Id: I2e4a436704ed019af153da880d7becbde4b0ab11
2018-11-29 21:57:48 -07:00
Kevin F. Haggerty
c39a735ab5
msm8974-common: sepolicy: Label sysfs_msm_perf, resolve denials
* avc: denied { write } for name="suspend_enabled" dev="sysfs"
  ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
  tclass=file permissive=1
* avc: denied { open } for name="suspend_enabled" dev="sysfs"
  ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
  tclass=file permissive=1

Change-Id: I23d69f0442d126b2a6ac3aaeda5032856a4483f2
2018-11-29 19:17:53 -07:00
Kevin F. Haggerty
27afbf1dc6
msm8974-common: sepolicy: Label sysfs_disk_stat nodes
* avc: denied { read } for name="stat" dev="sysfs" ino=26461
  scontext=u:r:storaged:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=1

Change-Id: I4b7258d069801f542da8c7f5ca8242ea32f12bca
2018-11-29 19:17:52 -07:00
Kevin F. Haggerty
97ff0e6d32
msm8974-common: sepolicy: Label sysfs_net, resolve denials
* avc: denied { getattr } for path="/sys/devices/msm_sdcc.2/mmc_host/
  mmc0/mmc0:0001/mmc0:0001:2/net/wlan0/phy80211" dev="sysfs"
  ino=29873 scontext=u:r:hal_wifi_hostapd_default:s0
  tcontext=u:object_r:sysfs_net:s0 tclass=lnk_file permissive=0
* avc: denied { read } for name="phy80211" dev="sysfs" ino=29823
  scontext=u:r:hal_wifi_hostapd_default:s0
  tcontext=u:object_r:sysfs_net:s0 tclass=lnk_file permissive=0

Change-Id: I6f40b8bdac2537b7000c02af6fac8277acb2a718
2018-11-29 19:17:52 -07:00
Kevin F. Haggerty
a7c4bcc98e
msm8974-common: sepolicy: Label our custom sensors service
Change-Id: I331abeac851cd92b32990ff797dff506dd67e503
2018-11-27 08:12:35 -07:00
Kevin F. Haggerty
4b1a3c2134
msm8974-common: sepolicy: Resolve hal_sensors_default denials
* avc: denied { read } for name="name" dev="sysfs" ino=26468i
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs:s0
  tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="tmpfs" ino=7276
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:iio_device:s0 tclass=chr_file permissive=0
* avc: denied { open } for name="iio:device0" dev="tmpfs" ino=7275
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:iio_device:s0 tclass=chr_file permissive=0
* avc: denied { search } for name="/" dev="mmcblk0p12" ino=2
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:efs_file:s0
  tclass=dir permissive=0
* avc: denied { read } for name="gyro_cal_data" dev="mmcblk0p12"
  ino=41 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:efs_file:s0 tclass=file permissive=0
* avc: denied { read } for name="shtc1_sensor" dev="tmpfs" ino=8378
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sensors_device:s0 tclass=chr_file permissive=1
* avc: denied { open } for name="shtc1_sensor" dev="tmpfs" ino=8378
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sensors_device:s0 tclass=chr_file permissive=1

Change-Id: Iad7e41e5e250eb1511d5838bd42b2b07843d220b
2018-11-27 08:12:35 -07:00
Kevin F. Haggerty
071111d64d
msm8974-common: sepolicy: Label sysfs_sec_* types, resolve denials
* Rename sysfs_sec type to sysfs_sec_key
* Add additional sysfs_sec_* types as appropriate

* avc: denied { read } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { open } for name="temp_adc" dev="sysfs" ino=10538
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { write } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_ir:s0
  tclass=file permissive=1
* avc: denied { write } for name="led_blink" dev="sysfs" ino=25722
  scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=1
* avc: denied { write } for name="brightness" dev="sysfs" ino=23467
  scontext=u:r:system_server:s0
  tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=1
* avc: denied { setattr } for name="ir_send" dev="sysfs" ino=21339
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="hall_irq_ctrl" dev="sysfs"
  ino=29565 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="epen_firm_update" dev="sysfs"
  ino=23585 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_epen:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="cmd" dev="sysfs" ino=23756
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=file permissive=1
* avc: denied { write } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { open } for name="wakeup_keys" dev="sysfs" ino=29568
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
  tclass=file permissive=1
* avc: denied { read } for name="input" dev="sysfs" ino=24012
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
  tclass=lnk_file permissive=0
* avc: denied { setattr } for name="waketime" dev="sysfs" ino=29035
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_bamdmux:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25719
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_led:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="usb_sel" dev="sysfs" ino=28162
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_switch:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=23468
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="temperature" dev="sysfs"
  ino=10538 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file
  permissive=0
* avc: denied { setattr } for name="barcode_send" dev="sysfs"
  ino=19231 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_sec_barcode_emul:s0 tclass=file
  permissive=0

Change-Id: I66b6d2aab875a2706f2730be9755e8d9805ffb6e
2018-11-27 08:12:28 -07:00
Kevin F. Haggerty
bb196ad94b
msm8974-common: sepolicy: Label sysfs_leds, resolve denials
* avc: denied { search } for name="leds" dev="sysfs" ino=7437
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25718
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=1

Change-Id: I8840e28b3aa72e60d5c15cad66f043a36a15c771
2018-11-27 07:00:57 -07:00
Kevin F. Haggerty
0e66ee2593
msm8974-common: sepolicy: Label sysfs_batteryinfo, resolve denials
* avc: denied { setattr } for name="siop_level" dev="sysfs" ino=29912
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_batteryinfo:s0
  tclass=file permissive=1
* avc: denied { search } for name="battery.95" dev="sysfs" ino=3264
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
* avc: denied { read } for name="batt_temp_adc" dev="sysfs" ino=28739
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
* avc: denied { open } for name="batt_temp_adc" dev="sysfs" ino=28739
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1

Change-Id: Ie3098da96eeed27a9403e3c311fe011c1f359561
2018-11-27 06:50:04 -07:00
Kevin F. Haggerty
1357777a0f
msm8974-common: sepolicy: Label sysfs_input, resolve denials
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0
  tclass=file permissive=1
* avc: denied { open } for name="poll_delay" dev="sysfs" ino=27687
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file
  permissive=1
* avc: denied { search } for name="input" dev="sysfs" ino=13030
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="input6" dev="sysfs" ino=26725
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="device" dev="sysfs" ino=26717
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=lnk_file permissive=0
* avc: denied { read write } for name="poll_delay" dev="sysfs"
  ino=26946 scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=0

Change-Id: Id46a02a44e773b99ff61f9a8ff18394c74c80f90
2018-11-27 06:41:19 -07:00
Kevin F. Haggerty
8d6d6a1f00
msm8974-common: sepolicy: Label sysfs_iio, resolve denials
* avc: denied { read } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { open } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { write } for name="length" dev="sysfs" ino=26482
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="sysfs" ino=26489
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=0
* avc: denied { read } for name="iio:device0" dev="sysfs" ino=26350
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="length" dev="sysfs" ino=26343
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file
  permissive=1

Change-Id: If9b3e9efe4f7c6eec3faf973e0b7aebd96d76ef3
2018-11-27 06:40:47 -07:00
Kevin F. Haggerty
4cea2fcca2
msm8974-common: sepolicy: More sysfs_graphics, resolve denials
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=12913
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0
  tclass=file permissive=1
* avc: denied { read } for name="window_type" dev="sysfs" ino=12710
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file
  permissive=1
* avc: denied { read } for name="window_type" dev="sysfs" ino=12710
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
* avc: denied { search } for name="panel" dev="sysfs" ino=12358
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_graphics:s0 tclass=dir permissive=0

Change-Id: I8597d7be6217816924a8fee854341e4f2fb18562
2018-11-26 22:18:08 -07:00
Kevin F. Haggerty
241d260828
msm8974-common: sepolicy: Update sysfs_mdnie, resolve denials
* avc: denied { setattr } for name="scenario" dev="sysfs" ino=12753
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mdnie:s0 tclass=file
  permissive=0
* avc: denied { search } for name="mdnie" dev="sysfs" ino=12743i
  scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_mdnie:s0
  tclass=dir permissive=0

Change-Id: I4a0530136d7d1e6ee8ede0733e70de813382372b
2018-11-26 21:00:04 -07:00
Kevin F. Haggerty
b14c7f0152
msm8974-common: sepolicy: Sort sysfs block of file_contexts sanely
Change-Id: I421f1c97db0f5c2919d99293d75d3f6e09f52340
2018-11-21 23:10:10 -07:00
Kevin F. Haggerty
a60dc07555
msm8974-common: sepolicy: Drop our mediaextractor additions
* LineageOS/android_system_sepolicy@2a67349574 covers this for us

Change-Id: I55a92c1580d4943f72f17ba8991fcbb5c8167c8d
2018-11-21 23:10:09 -07:00
Bruno Martins
7bf8dd9506
msm8974-common: Only include legacy QC sepolicy
* This has now turned into a separate repository (maintained only
   for legacy devices, those that never got official Orea updates).

Change-Id: I981b452b697bc3610d7aa97b74ed182c6b70ca30
2018-10-21 08:25:19 -06:00
Kevin F. Haggerty
d766a7e028 msm8974-common: sepolicy: Resolve misc denials
avc: denied { chown } for capability=0 scontext=u:r:thermal-engine:s0
tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0

avc: denied  { find } for interface=android.hardware.camera.provider::ICameraProvider
pid=1315 scontext=u:r:mediaserver:s0 tcontext=u:object_r:hal_camera_hwservice:s0
tclass=hwservice_manager permissive=0

avc: denied { getattr } for pid=1940 comm="mount.ntfs"
path="/dev/block/mmcblk0p23" dev="tmpfs" ino=6957 scontext=u:r:vold:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0

avc: denied { read write } for pid=1370 comm="mm-qcamera-daem" name="rear_corever"
dev="sysfs" ino=24696 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=0

avc: denied { search } for pid=561 comm="mm-qcamera-daem" name="camera"
dev="sysfs" ino=24680 scontext=u:r:mm-qcamerad:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=dir permissive=0

avc: denied { getattr } for pid=1950 comm="mount.ntfs"
path="/dev/block/mmcblk0p24" dev="tmpfs" ino=8134 scontext=u:r:vold:s0
tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0

avc: denied { getattr } for pid=1926 comm="fsck.ntfs" path="/dev/block"
dev="tmpfs" ino=6956 scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=0

avc: denied { getattr } for pid=1948 comm="mount.ntfs"
path="/dev/block/mmcblk0p12" dev="tmpfs" ino=8090 scontext=u:r:vold:s0
tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=0

avc: denied { read } for pid=339 comm="mediaserver" name="rear_camfw_load"
dev="sysfs" ino=24694 scontext=u:r:mediaserver:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file permissive=0

Change-Id: Ieb941d135d9f245f4a2bb9abb78e1b84bbef4b38
2018-03-31 09:25:48 -06:00
Kevin F. Haggerty
e405ae831d msm8974-common: sepolicy: Allow mediaextractor r_file_perms to fuse:file
* This is necessary for the built-in music player to play files off
  of fuse (NTFS, in our case, for the most part) volumes

Change-Id: Ib6fffb5c2b5c8c514979a7aabce949d82902b2d1
2018-03-18 17:23:30 -06:00
Kevin F. Haggerty
778c310204 msm8974-common: sepolicy: Add policy statements for power HAL
Change-Id: I5fbf737a2dddf4e70a1a51e23b2e06a153a6f769
2018-02-28 07:17:50 -07:00
Paul Keith
f159447f74 msm8974-common: Remove exfat and ntfs sepolicies
* They are labelled as vfat now

Change-Id: I1f1df3b7c1c294b2efb5ce9417838b9932eb08f1
2018-02-22 23:27:10 +01:00
Paul Keith
a6a77f987c msm8974-common: Wire up mDNIe features
Change-Id: Ib5d2825bb50c90b6743157bd624e7156c6d5ad01
2018-02-22 23:27:10 +01:00
Paul Keith
d5d83cb89e msm8974-common: Remove noatsecure
* Shims have been moved to a board flag, so we no longer need
  noatsecure to make LD_SHIM_LIBS persist through services

Change-Id: I94b8c30e28e6dd297e0020ddfb46b2af21068721
2018-02-17 13:20:49 +00:00
Kevin F. Haggerty
4bb6449aad msm8974-common: sepolicy: Allow hostapd to read wifi rfkill dev
avc: denied { read } for name="rfkill" dev="tmpfs" ino=8177
  scontext=u:r:hostapd:s0 tcontext=u:object_r:wlan_device:s0
  tclass=chr_file permissive=0

Change-Id: Iea5deec2736f0eac50aa30858889d51b86e58788
2018-02-16 17:15:39 -07:00
Kevin F. Haggerty
68b75f9105 msm8974-common: sepolicy: Import common sepolicy from klte-common
* The bulk of the device family policy was common and applicable
  to all Samsung msm8974-devices. Move that common stuff here to
  ease maintenance.

Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8
2018-02-03 15:07:03 -07:00
Christopher R. Palmer
ef32c33672 msm8974-common: Nuke our copy of SELinux policies
We now get the qcom-common SELinux policy.  Get rid of our old policy
and add back config as we need it, rather than trying to merge the two.

Change-Id: I5ca5098c653f09c7901343d0ae71793f6eb21ab8
2014-11-23 05:21:07 +00:00
slayher
8eb37d439c MSM8974: Initial Common repo commit. 2014-05-18 23:33:07 -04:00