aboutsummaryrefslogtreecommitdiff
path: root/sepolicy/charger.te (follow)
Commit message (Collapse)AuthorAge
* msm8996-common: sepolicy: CleanupDavide Garberi2019-05-02
| | | | | | | | * Add back the fstab contexts to prevent some vfat denials * Remove a lot of not needed addresses * Create a domain for double tap to wake to not let the powerhal access all the sysfs files Change-Id: I44dfc5e9903eb562748215541f2d71f9a3d111d7
* msm8996-common: sepolicy: Move neverallows to neverallows.teDavide Garberi2018-10-19
| | | | | Change-Id: Ie067c2f0f6ec96edd110c79d143de36b20708b47 Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: Address charger denialsCosme Domínguez Díaz2018-10-19
| | | | | | | | | | | | | avc: denied { dac_override } for pid=463 comm="chargeonlymode" capability=1 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=1 avc: denied { write } for pid=463 comm="chargeonlymode" name="persist" dev="rootfs" ino=938 scontext=u:r:charger:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 avc: denied { add_name } for pid=463 comm="chargeonlymode" name="subsys" scontext=u:r:charger:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 avc: denied { create } for pid=463 comm="chargeonlymode" name="subsys" scontext=u:r:charger:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1 avc: denied { create } for pid=463 comm="chargeonlyiode" name="batt_info.bin" scontext=u:r:charger:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=file permissive=1 avc: denied { write open } for pid=463 comm="chargeonlymode" path="/persist/subsys/batt_info.bin" dev="rootfs" ino=948 scontext=u:r:charger:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=file permissive=1 avc: denied { setattr } for pid=463 comm="chargeonlymode" name="batt_info.bin" dev="rootfs" ino=948 scontext=u:r:charger:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=file permissive=1 avc: denied { chown } for pid=463 comm="chargeonlymode" capability=0 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=1 avc: denied { read } for pid=463 comm="chargeonlymode" name="type" dev="sysfs" ino=42537 scontext=u:r:charger:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=file permissive=1 avc: denied { open } for pid=463 comm="chargeonlymode" path="/sys/devices/soc/qpnp-smbcharger-16/pnwer_supply/dc/type" dev="sysfs" ino=42537 scontext=u:r:charger:s0 tcontext=u:objectOr:sysfs_battery_supply:s0 tclass=file permissive=1
* msm8996: sepolicy: Fix device related neverallowsDavide Garberi2018-09-16
| | | | | Change-Id: Iddf2ac2f63d6f3a390e1720c11b1f334cc9729aa Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: Fix chager SELinux denials:Cosme Domínguez Díaz2018-07-28
| | | | | | | | | | | | | avc: denied { dac_override } for pid=442 comm="chargeonlymode" capability=1 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=1 avc: denied { read } for pid=442 comm="chargeonlymode" name="rtc0" dev="tmpfs" ino=2231 scontext=u:r:charger:s0 tcontext=u:object_r:rtc_device:s0 tclass=chr_file permissive=1 avc: denied { open } for pid=442 comm="chargeonlymode" path="/dev/rtc0" dev="tmpfs" ino=2231 scontext=u:r:charger:s0 tcontext=u:object_r:rtc_device:s0 tclass=chr_file permissive=1 avc: denied { ioctl } for pid=442 comm="chargeonlymode" path="/dev/rtc0" dev="tmpfs" ino=2231 ioctlcmd=7008 scontext=u:r:charger:s0 tcontext=u:object_r:rtc_device:s0 tclass=chr_file permissive=1 avc: denied { write } for pid=442 comm="chargeonlymode" name="persist" dev="rootfs" ino=14980 scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1 avc: denied { add_name } for pid=442 comm="chargeonlymode" name="subsys" scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1 avc: denied { create } for pid=442 comm="chargeonlymode" name="subsys" scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1 avc: denied { create } for pid=442 comm="chargeonlymode" name="batt_info.bin" scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=1 avc: denied { read append } for pid=442 comm="chargeonlymode" name="batt_info.bin" dev="rootfs" ino=2334 scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=1 avc: denied { getattr } for pid=442 comm="chargeonlymode" path="/persist/subsys/batt_info.bin" dev="rootfs" ino=2334 scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=1
* msm8996-common: sepolicy: CleanupCosme Domínguez Díaz2018-05-02
|
* msm8996-common: Reorder the sepolicyDavide Garberi2018-02-19
| | | | | | * Fixup of ee7d7d4737b75ac25b29e98e9af39bfd9a2e17ee Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* sepolicy: Address some denialsCosme Domínguez Díaz2018-02-19
* Also move fingerprint.te to hal_fingerprint_default.te, it helps to track and apply upstream changes. Fix hal_fingerprint_default sepolicy denials. * avc: denied { write } for pid=1933 comm=android.hardwar name=/ dev=dm-0 ino=2 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { add_name } for pid=1946 comm=android.hardwar name=fpc scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { create } for pid=1981 comm=android.hardwar name=fpc scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { create } for pid=1935 comm=android.hardwar name=socket scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0 * avc: denied { setattr } for pid=1939 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0 * avc: denied { read } for pid=1939 comm="android.hardwar" name="fpc" dev="dm-0" ino=2908161 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { remove_name } for pid=1996 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { unlink } for pid=1949 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0 Fix rild sepolicy denials. * avc: denied { getattr } for pid=838 comm=sh path=/system/bin/toybox dev=sde18 ino=447 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0 * avc: denied { execute_no_trans } for pid=838 comm=sh path=/system/vendor/bin/toybox_vendor dev=sde18 ino=2863 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=0 * avc: denied { execute } for pid=831 comm=sh name=toybox dev=sde18 ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0 * avc: denied { read open } for pid=830 comm="sh" path="/system/bin/toybox" dev="sde18" ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0 * avc: denied { execute_no_trans } for pid=1162 comm="sh" path="/system/bin/toybox" dev="sde18" ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0 Fix adbd sepolicy denial. * avc: denied { set } for property=ctl.mdnsd pid=5237 uid=2000 gid=2000 scontext=u:r:adbd:s0 tcontext=u:object_r:ctl_mdnsd_prop:s0 tclass=property_service permissive=0\x0a Fix vold sepolicy denial. * avc: denied { read } for pid=467 comm=vold name=/ dev=sda2 ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0 * avc: denied { open } for pid=473 comm="vold" path="/persist" dev="sda2" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0 * avc: denied { ioctl } for pid=466 comm="vold" path="/persist" dev="sda2" ino=2 ioctlcmd=5879 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0 Fix priv_app sepolicy denial. * avc: denied { read } for pid=4397 comm=Binder:4397_1 name=modules dev=proc ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0 * avc: denied { open } for pid=4309 comm="Binder:4309_2" path="/proc/modules" dev="proc" ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0 * avc: denied { getattr } for pid=4543 comm="Binder:4543_4" path="/proc/modules" dev="proc" ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0 Fix charger sepolicy denials. I found them booting from offline charging mode. * avc: denied { read } for pid=444 comm=charger name=/ dev=tmpfs ino=15050 scontext=u:r:charger:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0 * avc: denied { open } for pid=441 comm=charger path=/dev dev=tmpfs ino=14613 scontext=u:r:charger:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0 * avc: denied { dac_override } for pid=442 comm="charger" capability=1 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=0 * avc: denied { dac_read_search } for pid=442 comm="charger" capability=2 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=0 Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-19 20:34:15 +0000