| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
| |
Change-Id: Ib1b232d57ca108f73995690ad31bbeee638aa5ad
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
|
| |
|
|
|
|
|
| |
SELinux blocks the loading of the newer firmware and
I do not know how to fix it, for now.
This reverts commit 13c9609710f05a79d119636ec2b9640259dd67c2.
|
| |
|
|
| |
* From google/marlin/marlin:9/PPR1.180610.009/4898911:user/release-keys.
|
| | |
|
| | |
|
| |
|
|
| |
avc: denied { find } for interface=android.hardware.memtrack::IMemtrack pid=3638 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:hal_memtrack_hwservice:s0 tclass=hwservice_manager permissive=0
|
| |
|
|
|
| |
* Using marlin WiFi firmware, which is newer than ours,
we can get a fully functional Power HAL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
avc: denied { dac_override } for pid=442 comm="chargeonlymode" capability=1 scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=capability permissive=1
avc: denied { read } for pid=442 comm="chargeonlymode" name="rtc0" dev="tmpfs" ino=2231 scontext=u:r:charger:s0 tcontext=u:object_r:rtc_device:s0 tclass=chr_file permissive=1
avc: denied { open } for pid=442 comm="chargeonlymode" path="/dev/rtc0" dev="tmpfs" ino=2231 scontext=u:r:charger:s0 tcontext=u:object_r:rtc_device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for pid=442 comm="chargeonlymode" path="/dev/rtc0" dev="tmpfs" ino=2231 ioctlcmd=7008 scontext=u:r:charger:s0 tcontext=u:object_r:rtc_device:s0 tclass=chr_file permissive=1
avc: denied { write } for pid=442 comm="chargeonlymode" name="persist" dev="rootfs" ino=14980 scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { add_name } for pid=442 comm="chargeonlymode" name="subsys" scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { create } for pid=442 comm="chargeonlymode" name="subsys" scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { create } for pid=442 comm="chargeonlymode" name="batt_info.bin" scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=1
avc: denied { read append } for pid=442 comm="chargeonlymode" name="batt_info.bin" dev="rootfs" ino=2334 scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=1
avc: denied { getattr } for pid=442 comm="chargeonlymode" path="/persist/subsys/batt_info.bin" dev="rootfs" ino=2334 scontext=u:r:charger:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=1
|
| |
|
|
| |
This reverts commit 5a1c5d7094cf0c00f4bbca7390fee11ef9293366.
|
| |
|
|
|
|
|
| |
This commit make lag in battery settings.
Thank to @kenny3fcb for the tip
This reverts commit b53e00d1d443ad324182f932a3d2508c29aa8a56.
|
| |
|
|
|
|
|
| |
* We need to set TARGET_WLAN_POWER_STAT to work with
the QCACLD2 driver.
The default value is for QCACLD3.
|
| |
|
|
| |
* And system_app and vold fixup.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
enough RAM.
* My device has 6GB of RAM so I didn't notice any issue. However devices with 3GB or
less become unusable with THP enabled, according to @YaroST12
* Also, for devices with enough RAM, we'll restrict THP to madvise regions as
suggested by the kernel documentation:
"Embedded systems should enable hugepages only inside madvise regions
to eliminate any risk of wasting any precious byte of memory and to
only run faster." [1]
[1] https://www.kernel.org/doc/Documentation/vm/transhuge.txt
|
| |
|
|
|
|
|
|
| |
* The atfwd daemon is responsible for handling AT command
forward requests from modem and should be enabled
for all targets except sda, apq, qcs.
Change-Id: I886b616565f81da10ad4a7b52baf8854a0b26f52
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
SELinux: Could not read /sys/devices/soc/2080000.qcom,mss/firmware/modem.mdt/power: No such file or directory.\x0a
SELinux: Could not read /sys/devices/soc/2080000.qcom,mss/firmware/msadp/power: No such file or directory.\x0a
SELinux: Could not read /sys/devices/soc/soc:qcom,kgsl-hyp/firmware/a530_zap.mdt/power: No such file or directory.\x0a
SELinux: Could not read /sys/devices/soc/soc:qcom,kgsl-hyp/firmware/a530_zap.b02: No such file or directory.\x0a
SELinux: Could not read /sys/devices/soc/2080000.qcom,mss/firmware/modem.b09/power: No such file or directory.\x0a
SELinux: Could not read /sys/devices/soc/2080000.qcom,mss/firmware/modem.b10/power: No such file or directory.\x0a
SELinux: Could not read /sys/devices/soc/600000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/firmware/evicted30.bin: No such file or directory.\x0a
SELinux: Could not read /sys/devices/soc/600000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/firmware/bdwlan30.b00: No such file or directory.\x0a
SELinux: Could not read /sys/devices/soc/600000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/firmware/bdwlan30.bin: No such file or directory.\x0a
|
| |
|
|
| |
* Now we have "Sharp Shooter" mode on Snap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
avc: denied { getattr } for pid=1726 comm="m.android.phone" path="/data/user_de/0/com.android.settings" dev="sda10" ino=1957977 scontext=u:r:radio:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=1726 comm="m.android.phone" path="/data/user_de/0/com.android.settings" dev="sda10" ino=1957977 scontext=u:r:radio:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=2363 comm="sAsyncHandlerTh" path="/data/cache/recovery" dev="sda10" ino=2228226 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=2363 comm="sAsyncHandlerTh" path="/data/cache/recovery" dev="sda10" ino=2228226 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=2363 comm="sAsyncHandlerTh" path="/data/cache/backup" dev="sda10" ino=2228228 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:cache_private_backup_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=2363 comm="sAsyncHandlerTh" path="/data/cache/backup" dev="sda10" ino=2228228 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:cache_private_backup_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=2363 comm="sAsyncHandlerTh" path="/data/cache/recovery" dev="sda10" ino=2228226 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=2363 comm="sAsyncHandlerTh" path="/data/cache/recovery" dev="sda10" ino=2228226 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=2363 comm="sAsyncHandlerTh" path="/data/cache/backup" dev="sda10" ino=2228228 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:cache_private_backup_file:s0 tclass=dir permissive=0
avc: denied { getattr } for pid=2363 comm="sAsyncHandlerTh" path="/data/cache/backup" dev="sda10" ino=2228228 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:cache_private_backup_file:s0 tclass=dir permissive=0
|
| |
|
|
| |
* avc: denied { set } for property=service.adb.root pid=1892 uid=1000 gid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:shell_prop:s0 tclass=property_service permissive=1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
avc: denied { read } for pid=2442 comm=tion.NEW_MODULE name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=tion.NEW_MODULE name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2212 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2212 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=lowpool[1] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=lowpool[1] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=3917 comm=gcm-task#1 name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=3917 comm=gcm-task#1 name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5270 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5270 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=lowpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=lowpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=highpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=highpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2241 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2241 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="lowpool[5]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="lowpool[5]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2239 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2239 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="lowpool[4]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="lowpool[4]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
|
| |
|
|
|
|
|
|
|
|
| |
address denials such as:
avc: denied { module_request } for pid=1 comm="init" kmod="crypto-cts(cbc(aes-ce))-all" scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0
which caused by b/35930111
Bug: 36056446
Test: no denials
Change-Id: I2a1fd14a0225a79526f77228bddd299434f075f3
|
| |
|
|
| |
* The rules came from marlin's sepolicy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Add required permissions for netmgrd to use the new netutils wrappers
Bug: 36463595
Test: boot sailfish, test LTE, wifi, wifi calling and phone calls work
Change-Id: I5894ee2659f97fce4f4f2b16c54c10f42484b454
Signed-off-by: Sandeep Patil <sspatil@google.com>
|
| |
|
|
| |
Change-Id: I6dfc2f82393f23e3f11bc813057c9446985d1968
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* avc: denied { read } for pid=2288 comm=m.android.phone name=libimsmedia_jni.so dev=sda9 ino=1103 scontext=u:r:radio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
* avc: denied { open } for pid=2288 comm=m.android.phone path=/vendor/lib64/libimsmedia_jni.so dev=sda9 ino=1103 scontext=u:r:radio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
* avc: denied { getattr } for pid=2288 comm=m.android.phone path=/vendor/lib64/libimsmedia_jni.so dev=sda9 ino=1103 scontext=u:r:radio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
* avc: denied { execute } for pid=2288 comm=m.android.phone path=/vendor/lib64/libimsmedia_jni.so dev=sda9 ino=1103 scontext=u:r:radio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
|
| |
|
|
| |
* I don't know what happened here... xD
|
| |
|
|
| |
* avc: denied { read } for pid=609 comm="generic" path="/storage/emulated/0/DCIM/Camera/VID_20180331_163634.mp4" dev="fuse" ino=24 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:fuse:s0 tclass=file permissive=0
|
| |
|
|
| |
* We could probably optimize them more, but for now it's enough.
|
| |
|
|
| |
* And simplify hal_fingerprint_default.te
|
| |
|
|
|
|
| |
* avc: denied { read } for pid=694 comm="mm-qcamera-daem" name="name" dev="sysfs" ino=39334 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
* avc: denied { open } for pid=686 comm="mm-qcamera-daem" path="/sys/devices/soc/aa4000.qcom,fd/video4linux/video1/name" dev="sysfs" ino=39334 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=
* avc: denied { read } for pid=694 comm="mm-qcamera-daem" name="name" dev="sysfs" ino=45837 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
|
| |
|
|
|
|
|
|
|
|
| |
persist partition is mounted rw so it should be checked for errors.
Bug: 63874026
Test: build and flash, verify persist is correctly labeled and no
denials in the log.
Change-Id: I9bb57b5ed20bda0f6937d506bf9b9630365abd87
|
| | |
|
| |
|
|
| |
Change-Id: Ie0c94ac657127b1653afbbb82b06789dfe34032d
|
| | |
|
| |
|
|
| |
* avc: denied { getattr } for pid=4814 comm=mount name=/ dev=sde12 ino=2 scontext=u:r:shell:s0 tcontext=u:object_r:adsprpcd_file:s0 tclass=filesystem permissive=0
|
| |
|
|
|
|
| |
avc: denied { write } for name="tracing_on" dev="debugfs" ino=3203 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0
Change-Id: Ia3258d2d57088efd367d79de1a7d60fcb01a3e6a
|
| |
|
|
|
| |
* avc: denied { connectto } for pid=483 comm=bluetooth@1.0-s path=0062745F736F636B scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:wcnss_filter:s0 tclass=unix_stream_socket permissive=0
* vc: denied { add_name } for pid=483 comm=bluetooth@1.0-s name=bt_fw_version.txt scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
system_server is configured to access idc and keylayout files in
/vendor/usr/idc and /vendor/usr/keylayout. This explicitly grants this
access to system_server, instead of relying on overly broad access
granted by hal_client_domain(system_server, ...) macros which is no
longer going to grant this overly broad access soon.
Test: Modify hal_client_domain to no longer associate hal_x_client with
hal_x, observe that there are no violations form system_server
trying to read /vendor/usr/idc and /vendor/usr/keylayouts.
Bug: 37160141
Change-Id: I136df8713f2f9ff03096e5f6cf35e3e804733040
|
| | |
|
| |
|
|
|
| |
bug: 22804304
Change-Id: I7e189198351c7abf3fc87c441fccccff887d2934
|
| |
|
|
|
| |
* Remove never-allow rules and enable SELinux permissive for now.
* Enable PRODUCT_FULL_TREBLE_OVERRIDE.
|
| |
|
|
| |
Change-Id: I46669d8c727dce1ca4e28403ca7c24a126d5510f
|
| |
|
|
| |
Change-Id: I2a5801dcae70e102e8c7e97b8aeb563cb1de8ac8
|
| |
|
|
|
|
| |
* Remove unneeded permissions
Change-Id: Ie52577eb3cf06e3adb4be9e40016407e451e604d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* avc: denied { write } for pid=484 comm=bluetooth@1.0-s name=bluedroid dev=sda10 ino=3465222 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0
Fix ims SELinux denials:
* avc: denied { set } for property=ctl.imsrcsd pid=715 uid=1000 gid=1000 scontext=u:r:ims:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service permissive=0
Fix vold SELinux denials:
* avc: denied { open } for path="/data/system_de/0/spblob/01e7bcfa0f8c0631.secdis" dev="sda10" ino=3031052 scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
Fix system_app SELinux denials:
* avc: denied { call } for pid=6251 comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:wificond:s0 tclass=binder permissive=0
* avc: denied { find } for service=installd pid=6251 uid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:installd_service:s0 tclass=service_manager permissive=0
|
| |
|
|
| |
* avc: denied { read } for pid=729 comm=lowi-server name=u:object_r:wcnss_prop:s0 dev=tmpfs ino=15432 scontext=u:r:location:s0 tcontext=u:object_r:wcnss_prop:s0 tclass=file permissive=0
|
