aboutsummaryrefslogtreecommitdiff
path: root/sepolicy/vold.te (follow)
Commit message (Collapse)AuthorAge
* msm8996-common: Remove irq related labelsDavide Garberi2019-03-21
| | | | | | * This is useful without msm_irqbalance Change-Id: I500abb9dab85a4132210a9557f7ce3febaceadbb
* msm8996: sepolicy: Fix device related neverallowsDavide Garberi2018-09-16
| | | | | Change-Id: Iddf2ac2f63d6f3a390e1720c11b1f334cc9729aa Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: Remove duplicated rules.Cosme Domínguez Díaz2018-05-13
| | | | * And system_app and vold fixup.
* msm8996-common: sepolicy: CleanupCosme Domínguez Díaz2018-05-02
|
* msm8996-common: Fix hal_bluetooth_default SELinux denials:Cosme Domínguez Díaz2018-03-11
| | | | | | | | | | | | | | | | | * avc: denied { write } for pid=484 comm=bluetooth@1.0-s name=bluedroid dev=sda10 ino=3465222 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0 Fix ims SELinux denials: * avc: denied { set } for property=ctl.imsrcsd pid=715 uid=1000 gid=1000 scontext=u:r:ims:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service permissive=0 Fix vold SELinux denials: * avc: denied { open } for path="/data/system_de/0/spblob/01e7bcfa0f8c0631.secdis" dev="sda10" ino=3031052 scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0 Fix system_app SELinux denials: * avc: denied { call } for pid=6251 comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:wificond:s0 tclass=binder permissive=0 * avc: denied { find } for service=installd pid=6251 uid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:installd_service:s0 tclass=service_manager permissive=0
* msm8996-common: Reorder the sepolicyDavide Garberi2018-02-19
| | | | | | * Fixup of ee7d7d4737b75ac25b29e98e9af39bfd9a2e17ee Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* sepolicy: Address some denialsCosme Domínguez Díaz2018-02-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Also move fingerprint.te to hal_fingerprint_default.te, it helps to track and apply upstream changes. Fix hal_fingerprint_default sepolicy denials. * avc: denied { write } for pid=1933 comm=android.hardwar name=/ dev=dm-0 ino=2 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { add_name } for pid=1946 comm=android.hardwar name=fpc scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { create } for pid=1981 comm=android.hardwar name=fpc scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { create } for pid=1935 comm=android.hardwar name=socket scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0 * avc: denied { setattr } for pid=1939 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0 * avc: denied { read } for pid=1939 comm="android.hardwar" name="fpc" dev="dm-0" ino=2908161 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { remove_name } for pid=1996 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 * avc: denied { unlink } for pid=1949 comm="android.hardwar" name="socket" dev="dm-0" ino=2908162 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=0 Fix rild sepolicy denials. * avc: denied { getattr } for pid=838 comm=sh path=/system/bin/toybox dev=sde18 ino=447 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0 * avc: denied { execute_no_trans } for pid=838 comm=sh path=/system/vendor/bin/toybox_vendor dev=sde18 ino=2863 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=0 * avc: denied { execute } for pid=831 comm=sh name=toybox dev=sde18 ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0 * avc: denied { read open } for pid=830 comm="sh" path="/system/bin/toybox" dev="sde18" ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0 * avc: denied { execute_no_trans } for pid=1162 comm="sh" path="/system/bin/toybox" dev="sde18" ino=444 scontext=u:r:rild:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=0 Fix adbd sepolicy denial. * avc: denied { set } for property=ctl.mdnsd pid=5237 uid=2000 gid=2000 scontext=u:r:adbd:s0 tcontext=u:object_r:ctl_mdnsd_prop:s0 tclass=property_service permissive=0\x0a Fix vold sepolicy denial. * avc: denied { read } for pid=467 comm=vold name=/ dev=sda2 ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0 * avc: denied { open } for pid=473 comm="vold" path="/persist" dev="sda2" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0 * avc: denied { ioctl } for pid=466 comm="vold" path="/persist" dev="sda2" ino=2 ioctlcmd=5879 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0 Fix priv_app sepolicy denial. * avc: denied { read } for pid=4397 comm=Binder:4397_1 name=modules dev=proc ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0 * avc: denied { open } for pid=4309 comm="Binder:4309_2" path="/proc/modules" dev="proc" ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0 * avc: denied { getattr } for pid=4543 comm="Binder:4543_4" path="/proc/modules" dev="proc" ino=4026532515 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0 Fix charger sepolicy denials. I found them booting from offline charging mode. * avc: denied { read } for pid=444 comm=charger name=/ dev=tmpfs ino=15050 scontext=u:r:charger:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0 * avc: denied { open } for pid=441 comm=charger path=/dev dev=tmpfs ino=14613 scontext=u:r:charger:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0 * avc: denied { dac_override } for pid=442 comm="charger" capability=1 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=0 * avc: denied { dac_read_search } for pid=442 comm="charger" capability=2 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=0 Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: sepolicy: Address some denialsdavidevinavil2018-02-11
| | | | Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
* msm8996-common: Nuke the Nougat sepolicydd3boh2017-11-04
| | | | Signed-off-by: dd3boh <dade.garberi@gmail.com>
* Test some changes in sepolicyFedor9172016-11-10
|
* Initial commitFedor9172016-10-26
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-20 02:07:18 +0000