| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
* Add back the fstab contexts to prevent some vfat denials
* Remove a lot of not needed addresses
* Create a domain for double tap to wake to not let the powerhal access all the sysfs files
Change-Id: I44dfc5e9903eb562748215541f2d71f9a3d111d7
|
| |
|
|
|
|
|
| |
* Also fix other general sepolicy errors after stopping to ignore the neverallows
Change-Id: I1af3d9f57a0ca6e37420094a53f1c52127f3e187
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
| |
* Mostly squash the various macros
Change-Id: I1e71a6d728cd4d7e7be057604978264c429aed90
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
| |
* No new neverallows generated
Change-Id: If50b0f173fe858470fb98e83d8b7621bcffb64ff
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
|
| |
* They won't make the build fail anyway
* Probably just a temporarely thing
Change-Id: I4822b4eeef8cb3381a5721da8cc6b382898e6c4a
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
| |
Change-Id: Idd48c93dbfddede327c556cf273520412485295e
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
| |
Change-Id: Id73515a55b1082283789cffbd2aafecaada4e06c
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
| |
Change-Id: Iddf2ac2f63d6f3a390e1720c11b1f334cc9729aa
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
| |
Change-Id: If6f7c4310f34239d49af0cad4cc481b507803f80
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
| |
SELinux blocks the loading of the newer firmware and
I do not know how to fix it, for now.
This reverts commit 13c9609710f05a79d119636ec2b9640259dd67c2.
|
| |
|
|
| |
* From google/marlin/marlin:9/PPR1.180610.009/4898911:user/release-keys.
|
| | |
|
| | |
|
| |
|
|
| |
avc: denied { find } for interface=android.hardware.memtrack::IMemtrack pid=3638 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:hal_memtrack_hwservice:s0 tclass=hwservice_manager permissive=0
|
| | |
|
| |
|
|
| |
* Now we have "Sharp Shooter" mode on Snap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
avc: denied { read } for pid=2442 comm=tion.NEW_MODULE name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=tion.NEW_MODULE name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2212 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2212 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=lowpool[1] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=lowpool[1] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=3917 comm=gcm-task#1 name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=3917 comm=gcm-task#1 name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5270 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5270 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=lowpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=lowpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=highpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=highpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2241 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2241 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="lowpool[5]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="lowpool[5]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2239 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2239 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="lowpool[4]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="lowpool[4]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
|
| | |
|
| |
|
|
|
|
| |
* Fixup of ee7d7d4737b75ac25b29e98e9af39bfd9a2e17ee
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Also move fingerprint.te to hal_fingerprint_default.te, it helps to track and apply upstream changes.
Fix hal_fingerprint_default sepolicy denials.
* avc: denied { write } for pid=1933 comm=android.hardwar name=/ dev=dm-0 ino=2 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { add_name } for pid=1946 comm=android.hardwar name=fpc scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { create } for pid=1981 comm=android.hardwar name=fpc scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { create } for pid=1935 comm=android.hardwar name=socket scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0
* avc: denied { setattr } for pid=1939 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0
* avc: denied { read } for pid=1939 comm="android.hardwar" name="fpc" dev="dm-0" ino=2908161 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { remove_name } for pid=1996 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { unlink } for pid=1949 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0
Fix rild sepolicy denials.
* avc: denied { getattr } for pid=838 comm=sh path=/system/bin/toybox dev=sde18 ino=447 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0
* avc: denied { execute_no_trans } for pid=838 comm=sh path=/system/vendor/bin/toybox_vendor dev=sde18 ino=2863 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=0
* avc: denied { execute } for pid=831 comm=sh name=toybox dev=sde18 ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0
* avc: denied { read open } for pid=830 comm="sh" path="/system/bin/toybox" dev="sde18" ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0
* avc: denied { execute_no_trans } for pid=1162 comm="sh" path="/system/bin/toybox" dev="sde18" ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0
Fix adbd sepolicy denial.
* avc: denied { set } for property=ctl.mdnsd pid=5237 uid=2000 gid=2000 scontext=u:r:adbd:s0 tcontext=u:object_r:ctl_mdnsd_prop:s0 tclass=property_service permissive=0\x0a
Fix vold sepolicy denial.
* avc: denied { read } for pid=467 comm=vold name=/ dev=sda2 ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
* avc: denied { open } for pid=473 comm="vold" path="/persist" dev="sda2" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
* avc: denied { ioctl } for pid=466 comm="vold" path="/persist" dev="sda2" ino=2 ioctlcmd=5879 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
Fix priv_app sepolicy denial.
* avc: denied { read } for pid=4397 comm=Binder:4397_1 name=modules dev=proc ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0
* avc: denied { open } for pid=4309 comm="Binder:4309_2" path="/proc/modules" dev="proc" ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0
* avc: denied { getattr } for pid=4543 comm="Binder:4543_4" path="/proc/modules" dev="proc" ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0
Fix charger sepolicy denials.
I found them booting from offline charging mode.
* avc: denied { read } for pid=444 comm=charger name=/ dev=tmpfs ino=15050 scontext=u:r:charger:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0
* avc: denied { open } for pid=441 comm=charger path=/dev dev=tmpfs ino=14613 scontext=u:r:charger:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0
* avc: denied { dac_override } for pid=442 comm="charger" capability=1 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=0
* avc: denied { dac_read_search } for pid=442 comm="charger" capability=2 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=0
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
| |
* The camera ones are due to the OSS camera hal
* The other one has just been missed before
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
| |
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
| |
Signed-off-by: dd3boh <dade.garberi@gmail.com>
|
| |
|
|
| |
Change-Id: I7d79eadee41a637d26c8b29a73d733d64b68d822
|
| |
|
