| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |
|
|
|
| |
* Remove never-allow rules and enable SELinux permissive for now.
* Enable PRODUCT_FULL_TREBLE_OVERRIDE.
|
| |
|
|
|
|
| |
* Fixup of ee7d7d4737b75ac25b29e98e9af39bfd9a2e17ee
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Also move fingerprint.te to hal_fingerprint_default.te, it helps to track and apply upstream changes.
Fix hal_fingerprint_default sepolicy denials.
* avc: denied { write } for pid=1933 comm=android.hardwar name=/ dev=dm-0 ino=2 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { add_name } for pid=1946 comm=android.hardwar name=fpc scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { create } for pid=1981 comm=android.hardwar name=fpc scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { create } for pid=1935 comm=android.hardwar name=socket scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0
* avc: denied { setattr } for pid=1939 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0
* avc: denied { read } for pid=1939 comm="android.hardwar" name="fpc" dev="dm-0" ino=2908161 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { remove_name } for pid=1996 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
* avc: denied { unlink } for pid=1949 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0
Fix rild sepolicy denials.
* avc: denied { getattr } for pid=838 comm=sh path=/system/bin/toybox dev=sde18 ino=447 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0
* avc: denied { execute_no_trans } for pid=838 comm=sh path=/system/vendor/bin/toybox_vendor dev=sde18 ino=2863 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=0
* avc: denied { execute } for pid=831 comm=sh name=toybox dev=sde18 ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0
* avc: denied { read open } for pid=830 comm="sh" path="/system/bin/toybox" dev="sde18" ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0
* avc: denied { execute_no_trans } for pid=1162 comm="sh" path="/system/bin/toybox" dev="sde18" ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0
Fix adbd sepolicy denial.
* avc: denied { set } for property=ctl.mdnsd pid=5237 uid=2000 gid=2000 scontext=u:r:adbd:s0 tcontext=u:object_r:ctl_mdnsd_prop:s0 tclass=property_service permissive=0\x0a
Fix vold sepolicy denial.
* avc: denied { read } for pid=467 comm=vold name=/ dev=sda2 ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
* avc: denied { open } for pid=473 comm="vold" path="/persist" dev="sda2" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
* avc: denied { ioctl } for pid=466 comm="vold" path="/persist" dev="sda2" ino=2 ioctlcmd=5879 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
Fix priv_app sepolicy denial.
* avc: denied { read } for pid=4397 comm=Binder:4397_1 name=modules dev=proc ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0
* avc: denied { open } for pid=4309 comm="Binder:4309_2" path="/proc/modules" dev="proc" ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0
* avc: denied { getattr } for pid=4543 comm="Binder:4543_4" path="/proc/modules" dev="proc" ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0
Fix charger sepolicy denials.
I found them booting from offline charging mode.
* avc: denied { read } for pid=444 comm=charger name=/ dev=tmpfs ino=15050 scontext=u:r:charger:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0
* avc: denied { open } for pid=441 comm=charger path=/dev dev=tmpfs ino=14613 scontext=u:r:charger:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0
* avc: denied { dac_override } for pid=442 comm="charger" capability=1 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=0
* avc: denied { dac_read_search } for pid=442 comm="charger" capability=2 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=0
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
| |
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
| |
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
| |
* Lots of parts are from the old one so thanks to everyone who contributed to that one
* Still it doesn't boot in enforcing though
Signed-off-by: dd3boh <dade.garberi@gmail.com>
|
| |
|
|
| |
Signed-off-by: dd3boh <dade.garberi@gmail.com>
|
| |
|
|
| |
Change-Id: I7d79eadee41a637d26c8b29a73d733d64b68d822
|
| |
|
|
| |
Change-Id: I86ab87016e118cfff8b9debc9c38327326b9bc69
|
| | |
|
| |
|
