aboutsummaryrefslogtreecommitdiff
path: root/sepolicy/init.te (follow)
Commit message (Collapse)AuthorAge
* msm8996-common: sepolicy: CleanupDavide Garberi2019-05-02
| | | | | | | | * Add back the fstab contexts to prevent some vfat denials * Remove a lot of not needed addresses * Create a domain for double tap to wake to not let the powerhal access all the sysfs files Change-Id: I44dfc5e9903eb562748215541f2d71f9a3d111d7
* msm8996-common: sepolicy: Changes needed for CAF's new haptics driverSubhajeet Muhuri2019-03-17
| | | | | Change-Id: Ib8cbdbd0088ffb9b74e27404937f0387e728e229 Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: CleanupDavide Garberi2019-03-03
| | | | | | | | | | * genfs_context cleanup after b5b41d341dd744c40d3908550daaafcee6fe7b4b in which it has randomly been imported from Marlin * Slightly cleanup indentation * Remove a lot of domains which were being used in genfs_context as most of it is already labelled differently in qcom common sepolicy and already addressed * Remove violators where not needed * Remove some old properties we're not using anymore Change-Id: Ic72853dfaf71ba3f0596e75d1bdd5b5c93cd70be
* msm8996-common: sepolicy: Nuke the neverallowsDavide Garberi2019-02-06
| | | | | | | * Also fix other general sepolicy errors after stopping to ignore the neverallows Change-Id: I1af3d9f57a0ca6e37420094a53f1c52127f3e187 Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: Address some denialsDavide Garberi2019-01-27
| | | | | Signed-off-by: Davide Garberi <dade.garberi@gmail.com> Change-Id: Ibd1ea0a8b32fc4e87bf912a87339f7bc2a31d423
* msm8996-common: sepolicy: Address some denialsDavide Garberi2018-10-31
| | | | | | | * No new neverallows generated Change-Id: If50b0f173fe858470fb98e83d8b7621bcffb64ff Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: Move neverallows to neverallows.teDavide Garberi2018-10-19
| | | | | Change-Id: Ie067c2f0f6ec96edd110c79d143de36b20708b47 Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy Address init denialsCosme Domínguez Díaz2018-10-19
| | | | | | | | | avc: denied { setattr } for pid=1 comm="init" name="scheduler" dev="sysfs" ino=36476 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 avc: denied { setattr } for pid=1 comm="init" name="scheduler" dev="sysfs" ino=36476 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 avc: denied { write } for pid=1 comm="init" name="scheduler" dev="sysfs" ino=36476 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 avc: denied { write } for pid=1 comm="init" name="scheduler" dev="sysfs" ino=36476 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 avc: denied { write } for pid=1 comm="init" name="slice_idle" dev="sysfs" ino=44595 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 avc: denied { write } for pid=1 comm="init" name="slice_idle" dev="sysfs" ino=44595 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0
* msm8996-common: sepolicy: Put all the neverallows in a separated fileDavide Garberi2018-10-07
| | | | | | | | * They won't make the build fail anyway * Probably just a temporarely thing Change-Id: I4822b4eeef8cb3381a5721da8cc6b382898e6c4a Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: Address binder denialsDavide Garberi2018-10-06
| | | | | Change-Id: Id73515a55b1082283789cffbd2aafecaada4e06c Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: Address some denialsDavide Garberi2018-09-25
| | | | | Change-Id: Id7520ca339db83eeeb8b3e608a44809141e30df3 Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996: sepolicy: Fix device related neverallowsDavide Garberi2018-09-16
| | | | | Change-Id: Iddf2ac2f63d6f3a390e1720c11b1f334cc9729aa Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996: sepolicy: Address some denialsDavide Garberi2018-09-16
| | | | | Change-Id: I8f4d9588573e48069d365b77b081f981b4948fbb Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: CleanupCosme Domínguez Díaz2018-05-02
|
* msm8996-common: sepolicy: Fix more SELinux denials.Cosme Domínguez Díaz2018-03-31
| | | | * We could probably optimize them more, but for now it's enough.
* sepolicy: Allow init to write in debugfsArne Coucheron2018-03-26
| | | | | | avc: denied { write } for name="tracing_on" dev="debugfs" ino=3203 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 Change-Id: Ia3258d2d57088efd367d79de1a7d60fcb01a3e6a
* msm8996-common: sepolicy: Address init denialsLuK13372018-03-17
| | | | Change-Id: I2a5801dcae70e102e8c7e97b8aeb563cb1de8ac8
* sepolicy: Cleanup permissionsBruno Martins2018-03-16
| | | | | | * Remove unneeded permissions Change-Id: Ie52577eb3cf06e3adb4be9e40016407e451e604d
* msm8996-common: sepolicy: UpdateDavide Garberi2018-01-05
| | | | | | * Thanks codeworkx that gave me some advices for this :D Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: Initial sepolicydd3boh2017-11-04
| | | | | | | * Lots of parts are from the old one so thanks to everyone who contributed to that one * Still it doesn't boot in enforcing though Signed-off-by: dd3boh <dade.garberi@gmail.com>
* msm8996-common: Nuke the Nougat sepolicydd3boh2017-11-04
| | | | Signed-off-by: dd3boh <dade.garberi@gmail.com>
* sepolicy: Allow init to write in debugfsArne Coucheron2017-01-27
| | | | | | avc: denied { write } for name="tracing_on" dev="debugfs" ino=3203 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 Change-Id: Ia3258d2d57088efd367d79de1a7d60fcb01a3e6a
* z2plus: update sepolicymnemonyc2017-01-08
| | | | Change-Id: I86ab87016e118cfff8b9debc9c38327326b9bc69
* Initial commitFedor9172016-10-26
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-19 20:02:25 +0000