| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Change-Id: I8c3d826c2fad645200d5375be935bdbb14a52e37
|
| |
|
|
| |
Change-Id: If6e24a7bfc3cc866e3d3f442990aec03f8827c35
|
| |
|
|
| |
Change-Id: Id19a6f554b6ebd5a5aa52d24616afa78f59ad2ee
|
| |
|
|
|
|
|
| |
* <Q blobs require broader sysfs access and we don't
want to relabel stuff like /sys/class/kgsl.
Change-Id: I6a821da53686eba33990ae231ccae700de2d7391
|
| |
|
|
| |
Change-Id: I151dce68bbf3fc0bded44643ff19cc9558660409
|
| |
|
|
|
|
|
|
|
|
| |
[ 9.346918] type=1400 audit(71454275.960:7): avc: denied { create } for comm="init" name="dpmwrapper" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0
Ref:
[0]: https://source.codeaurora.org/quic/la/device/qcom/sepolicy/commit/?h=LA.UM.9.2.1.r1-03800-sdm660.0&id=79488292273efa5ab89bc405a5f6ae4dec5d011d
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I262b06821c0625978b3685d0666bd2cf599fbf98
|
| |
|
|
| |
Change-Id: Ia80078dcb85930373c27de4248f043088d140c81
|
| |
|
|
| |
Change-Id: I69d2b3558e10d8dfb35963a1bb3043e1f2179ee5
|
| |
|
|
| |
Change-Id: I471c0d1fedb51eabc32b54ab35a9823db8efd034
|
| |
|
|
|
|
| |
* The context is now charger
Change-Id: I1cb92590b1285ea08e30d89cfe421bbb0acc47f2
|
| |
|
|
|
|
| |
android.hardwar: type=1400 audit(0.0:10): avc: denied { open } for path="/sys/devices/soc/400f000.qcom,spmi/spmi-0/spmi0-03/400f000.qcom,spmi:qcom,pmi8994@3:qcom,leds@d000/leds/red/brightness" dev="sysfs" ino=39334 scontext=u:r:hal_light_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file
Change-Id: Ifa312d4b1d0b3119815e770a9988c4d258613db5
|
| |
|
|
| |
Change-Id: I43176dd76a1491bf9108207552cfb0e80658547a
|
| |
|
|
|
| |
avc: denied { getattr } for comm="android.hardwar" path="/sys/devices/soc/75b5000.i2c/i2c-7/7-001d/power_supply/parallel/type" dev="sysfs" ino=38270 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file
Change-Id: I46efbce995478ba0e1b171a677c26dc7d1c5ee4e
|
| |
|
|
|
|
| |
* These are neverallows on Q
Change-Id: I1f7203f830a67d34eab85e7b9707585614a678b9
|
| |
|
|
|
|
| |
* With full treble system components can't access to /vendor files, except for a few whitelisted.
Change-Id: I3b05467e885c19f7b2fe531cfb9f6c128a6b503e
|
| |
|
|
|
|
| |
Bug: 112880217
Test: device boots without denials to input files
Change-Id: I48686c6828bdf99efaabff39c4afb22b0dd8b38b
|
| |
|
|
| |
Change-Id: Ia625bceef88124f53bf0f937b782c1f88c658a8e
|
| |
|
|
|
|
| |
* Q sepolicy doesn't have labels for these root folders anymore
Change-Id: Ibc1f13968eb4de0868de149f1347ca07da1c581c
|
| |
|
|
|
|
|
|
| |
healthd : type=1400 audit(0.0:3369): avc: denied { open } for path="/sys/devices/soc/7411000.qusb/power_supply/dpdm/type" dev="sysfs" ino=36007 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=file
healthd : type=1400 audit(0.0:3370): avc: denied { getattr } for path="/sys/devices/soc/7411000.qusb/power_supply/dpdm/type" dev="sysfs" ino=36007 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=file
health@2.0-serv: type=1400 audit(0.0:3371): avc: denied { read } for name="type" dev="sysfs" ino=36007 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file
Change-Id: I33bf70d0bcb2b93ba65f93947c1c758e6c2c563b
|
| |
|
|
|
|
|
| |
* Switch to /persist for bt_mac to make so that it's kept even after a factory reset
* Also update the path of wlan_mac.bin in wlan.sh to write to the real mount point instead of the bind one
Change-Id: I250358484a8c8a8ef7f01941eea798c11d6ac4e7
|
| |
|
|
|
|
|
| |
* log:
[ 11.659088] type=1400 audit(1558020697.976:30): avc: denied { read } for pid=995 comm="system_server" name="hctosys" dev="sysfs" ino=36303 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Change-Id: Ica5355a1f30eaaf04e4b842d824897bc3c6df335
|
| |
|
|
|
|
|
|
|
| |
* Solves the following denial.
avc: denied { set } for property=persist.net.doxlat pid=837 uid=1001 gid=1001 scontext=u:r:netmgrd:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=1
* We need this again after having switched back to Oreo RIL in 4d1a575a1900797720c957c40898a1bdebecfe55
Change-Id: I30db8b7aa6017dfdea1c874f69b7b8b90bcc8800
|
| |
|
|
|
|
|
|
| |
* log:
[ 26.216198] selinux: avc: denied { set } for property=ctl.stop$imsrcsd pid=824 uid=1000 gid=1000 scontext=u:r:ims:s0 tcontext=u:object_r:ctl_stop_prop:s0 tclass=property_service permissive=0\x0a
[ 26.216278] init: Unable to set property 'ctl.stop' to 'imsrcsd' from uid:1000 gid:1000 pid:824: Invalid permissions to perform 'stop' on 'imsrcsd'
Change-Id: I15868bd0dd1ef2cfa1003441e2553abe474ae365
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Log:
[ 24.377749] selinux: avc: denied { set } for property=vendor.min_freq_0 pid=522 uid=0 gid=0 scontext=u:r:hal_perf_default:s0 tcontext=u:object_r:vendor_mpctl_prop:s0 tclass=property_service permissive=0\x0a
[ 24.377791] init: Unable to set property 'vendor.min_freq_0' to '384000' from uid:0 gid:0 pid:522: SELinux permission check failed
[ 24.378820] selinux: avc: denied { set } for property=vendor.min_freq_4 pid=522 uid=0 gid=0 scontext=u:r:hal_perf_default:s0 tcontext=u:object_r:vendor_mpctl_prop:s0 tclass=property_service permissive=0\x0a
[ 24.378850] init: Unable to set property 'vendor.min_freq_4' to '384000' from uid:0 gid:0 pid:522: SELinux permission check failed
* Also cleanup the old sepolicy not needed anymore
Change-Id: I2c5237540f8933f890818a58b4f61165c80cb93e
|
| |
|
|
|
|
|
| |
* Turns out we don't actually need to use this as /proc/mac_wifi and mac_bt can turn into normal mac address values just with hex dumping
* Remove bt_mac_prop as we can just set the mac path in vendor_prop.mk
Change-Id: I23665cdd5d39d5e090694cff5a63f55ecb9ea334
|
| |
|
|
| |
Change-Id: Ibc6eed2018314e79f3f18749cedd9852c82a8a66
|
| |
|
|
|
|
| |
This reverts commit 6b5e38c35a519487048cb66ce65086d4673e53bd.
Change-Id: I811a7c04d35e27d74057f310c05aab008d434aae
|
| |
|
|
|
|
|
|
| |
- Create label for RFKILL node and add sepolicy
for its access.
Change-Id: Id16dce0818aa1f6233b75f35344b4eca9259c7b1
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Once the service is running, proximity sensor is constantly active
when the display is turned off, resulting into a residual increase
in battery consumption. Add a toggle so that users can decide whether
they accept that and prefer to prevent accidental wake-ups triggered
by the fingerprint sensor.
* Keep the receiver that listens for the screen status registered only
if the fingerprint wake-up feature is enabled at the same time as
the accidental wake-up prevention feature.
* Set PocketMode as a required module of ConfigPanel, to make sure
it is only shipped on devices building the latter.
* The configpanel part is integrated in b07a633bdeda835867aa3dc5a033529d7bd712dc
Change-Id: Icfa23d2aef971e368476b6f1f7612493c2b69a20
|
| |
|
|
|
|
| |
* It would get disabled anyway when bootloader is unlocked, but this way makes safetynet pass even when unlocked
Change-Id: I2dfe641bf60e0409f290b7b31492df00568c9916
|
| |
|
|
|
|
|
|
| |
* Add back the fstab contexts to prevent some vfat denials
* Remove a lot of not needed addresses
* Create a domain for double tap to wake to not let the powerhal access all the sysfs files
Change-Id: I44dfc5e9903eb562748215541f2d71f9a3d111d7
|
| |
|
|
| |
Change-Id: Ie210f27a1dd3d79c50a49c6b024019464227bdd7
|
| |
|
|
|
|
| |
* Added in platform by https://github.com/LineageOS/android_device_qcom_sepolicy/commit/a7143aa372d9004eeeb69a50221a5324d59cb5b6
Change-Id: I328a46b45d651aeb54665c2453390adbb767de20
|
| |
|
|
| |
Change-Id: I790167bf413bb1166e63972ab321e2278cbabbfc
|
| |
|
|
| |
Change-Id: Icaefcf91ea08813bb84ce33effec44d037bd5145
|
| |
|
|
|
|
| |
* This is useful without msm_irqbalance
Change-Id: I500abb9dab85a4132210a9557f7ce3febaceadbb
|
| |
|
|
|
| |
Change-Id: Ib8cbdbd0088ffb9b74e27404937f0387e728e229
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
| |
* z2_plus/row do not support NFC so its useless to have these
* fixes random log saying this device has no NFC
Change-Id: Idc0d97b42dff1f826efb35808b3998f40be98a7b
|
| |
|
|
|
|
|
|
|
|
| |
* genfs_context cleanup after b5b41d341dd744c40d3908550daaafcee6fe7b4b in which it has randomly been imported from Marlin
* Slightly cleanup indentation
* Remove a lot of domains which were being used in genfs_context as most of it is already labelled differently in qcom common sepolicy and already addressed
* Remove violators where not needed
* Remove some old properties we're not using anymore
Change-Id: Ic72853dfaf71ba3f0596e75d1bdd5b5c93cd70be
|
| |
|
|
|
|
|
|
|
| |
* Bin extracted from ZUI
* Add init.wlan.sh to check if the mac address in wlan_mac.bin is already correct, if not correct it
* Run both the bins on boot completed as wcg can't run earlier
* Label both the bins and address their denials
Change-Id: I7a8001465ec9c3d69bd228efa57dddfdd8e3c6f3
|
| |
|
|
|
|
| |
* We don't need this anymore, no random mac because the real hardware wlan mac works now
Change-Id: I13f85f4eb438b2230408d5bad1c694b2cd39a25b
|
| |
|
|
|
|
| |
* We don't support this on stoct.
Change-Id: Ic690330d1c063cec7f3bca049c0bf27967e7e36c
|
| |
|
|
| |
Change-Id: Ib5d3a671d94012fdcf8926e59821470857d41811
|
| |
|
|
| |
Change-Id: I050c47c495625cc769a2f6549f8f68ed8be07d6a
|
| |
|
|
|
| |
Change-Id: Ifec612cc608fcd4b7d72892e7921e238be4672e0
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
| |
Change-Id: I7b87ae0ad834ba02a78696afe393d9d4f8920fbd
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* Not the best solution but I can't think of any other solution at the moment
* It shouldn't anyway be a security problem as this domain is used only for charger
* Fixes offline charging completely
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
Change-Id: I7379724a0550553e0fd6ab4f470bd9439c093936
|
| |
|
|
|
|
|
|
| |
* Don't break any neverallows this time
* Still healthd missing to fix
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
Change-Id: I861eb5dc1f91e7cdea2e7b55c617e55a24ec2e02
|
| |
|
|
|
|
|
|
|
| |
* Normal path is /data/vendor/camera, defined in device/qcom/sepolicy
* We have hex edited 6.0 blobs from /data/misc/camera to /data/vendor/qcam
because of the new path string being longer than the old one
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
Change-Id: Ib96191dd55aea0c20c58a16bf1a91a46f07367e6
|
| |
|
|
|
|
|
| |
* Also fix other general sepolicy errors after stopping to ignore the neverallows
Change-Id: I1af3d9f57a0ca6e37420094a53f1c52127f3e187
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
