| Age | Commit message (Collapse) | Author |
|---|
|
This commit adds required sepolicy changes to avoid avc denial for new
vendor.qti.hardware.wifi.supplicant.ISupplicantVendor/default.
Change-Id: Ie272772338299eb2c684b1c3683e062b12ca486b
|
|
Change-Id: I6254ef6e160ff0d3c3ce2e51f20f557e75826dff
|
|
Allow building with PRODUCT_SET_DEBUGFS_RESTRICTIONS set.
Change-Id: I0d0703ea21f1f812c06247a3db2bc755e8904149
|
|
Change-Id: I5e59fd91e723df95224e5738295c2b8007f6f053
|
|
Change-Id: I29b6b536ffa7b1e0f04daf27259643694097081d
|
|
Change-Id: I2680a441d7aacba87aab786ed00bc09f0889df1e
|
|
Change-Id: I358bf7ccf29dadcac53e646d51c7c9a476f5d023
|
|
Change-Id: Ie9f50b544665a8b66b172f35c0f45c5404628595
|
|
Change-Id: Iab72245735d39aabbdf4f3f40238b36cf1701452
|
|
Update sepolicy for KineticsXR controllers.
Change-Id: I75a28dc44dfad25e0be8a470a30baa673f95a4b5
|
|
Currently if the target is in host mode bus suspend and is woke up
by connecting USB peripheral, system_suspend server tries to
read or open or getattr /sys/devices/platform/soc/c440000.qcom,spmi/
spmi-0/spmi0-00/ c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/
usbpd/usbpd0/ nodes, it gets a denial as the wakeup nodes are created
dynamically,so when system_suspend tries to access the node it throws a
denial since it never got the permissions for accessing
the wakup nodes.
Following is the denial:
avc: denied { read } for comm="Binder:650_2" name="wakeup18"
dev="sysfs" ino=66695 scontext=u:r:system_suspend:s0
tcontext=u:object_r:vendor_sysfs_usbpd_device:s0 tclass=dir permissive=0
Fix this by creating a new sepolicy file and providing
system_suspend_server the permission of read to
vendor_sysfs_usb_node. This would give permissions to
sysfs_wakeup.
Change-Id: Ib624a90dadabd27044090cc7df0c7eb90a92ec40
|
|
Bring back the old rules used by old blobs.
This reverts commit 42ff8589e696ee22bdd158e9332eb1b14ebb3adb.
Change-Id: I5986a6c59b7a72091e526586e2cba736c7fa36c4
|
|
Change-Id: I1cc993d353cf2966685a3276b4c97d86c7030326
|
|
Include all possible wakeup paths
Change-Id: I3d7a23abd7fb2668b51d1a51dc0a6bd316c0f379
|
|
Change-Id: I4a4812393c50ffec9d64dc1ad13514551c47985e
|
|
Change-Id: Idd7c3635afd8fa6539d6d4a447cbb0962aefd684
|
|
Allow vendor init scripts to getprop persist.debug.trace property
to fix avc denial issues.
Change-Id: I739d8eb63d305b810af16dd2e31e5fead42037a7
|
|
Bug: 199748390
Test: boot with those files labeled
09-13 17:01:44.542 1865 1865 I auditd : type=1400 audit(0.0:5):
avc: denied { read } for comm="android.ui" name="extcon3" dev="sysfs"
ino=61612 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=0
Change-Id: Iabab1243ce7259d46040901a2a734b5962d281a5
Change-Id: Id46c9620b0607e66f6ae61b2c30ede1b6996320f
|
|
Change-Id: I43e2c93d5915157c7a87a8f0799c45a54e251040
|
|
Change-Id: I3afe448cf9ea34ebcbf831d136af141cadc135bc
|
|
* Can't have them in hardware/oplus/sepolicy/qti/vendor/genfs_contexts
because it conflicts with generic/vendor/lahaina/genfs_contexts here.
Change-Id: I0b5aadad34d6da72275c234fe0429446866d816c
|
|
Change-Id: If22a1fe0036f49d5cfb3f3c21cd9c44b96ac6ae8
|
|
* Can't have them in hardware/oplus/sepolicy/qti/vendor/genfs_contexts
because it conflicts with generic/vendor/lahaina/genfs_contexts here.
Change-Id: I542e7b542aec7a7270095c82bfbd0c22941dc9cd
|
|
* Can't have them in hardware/oplus/sepolicy/qti/vendor/genfs_contexts
because it conflicts with generic/vendor/lahaina/genfs_contexts here.
Change-Id: Ie8f2ea1024a93d4e3d908ddef3140d34da8c4bb2
|
|
This reverts commit 82a20ed16ebd020e1e142ed27a13fde7b9a0926d.
Reason for revert: Not needed on 13 and hits a neverallow.
Change-Id: If66dd5dc6c12e41782ad9ef5058377caca08fa36
|
|
Change-Id: I954c139b25304cf283276f71b05b98e67eb56ec7
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
|
|
Change-Id: I4977b2a09e0dd802cede610ee777f19ce61f203a
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
|
|
If a sdm845 device launched with dynamic partitions, it has a
metadata partition as well.
[ 110.888321] audit: type=1400 audit(3941230.073:20): avc: denied { read } for pid=597 comm="fastbootd" name="sda8" dev="tmpfs" ino=14643 scontext=u:r:fastbootd:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0
[ 110.908854] fastbootd: [libfs_mgr]Failed to open '/dev/block/by-name/metadata': Permission denied
Change-Id: I7897c0fec9b490c23111ff7cd08111757628fdf5
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
|
|
Fixes usbpd related denials on SDM845.
Change-Id: Id74a7d966dec9629dc28d5c2bfe4aa92a67d501a
|
|
Change-Id: If35e87a56efb3e7a82ed2f06bb4dcab8ec4a0e82
|
|
system/core/rootdir/init.rc
1110: write /dev/sys/block/by-name/userdata/queue/discard_max_bytes 134217728
1111: write /dev/sys/block/by-name/rootdisk/queue/discard_max_bytes 134217728
Fixes: avc: denied { write } for comm="init" name="discard_max_bytes"
dev="sysfs" ino=55527 scontext=u:r:init:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Change-Id: I9db0cde703a2922171a96d8d99570741f487a3db
|
|
wlan driver/fw version are set at property at enforcing mode.
Add rules to allow to set wlan driver/fw version info
CRs-Fixed: 2460816
Change-Id: Ic0bb570cd53fe450512496c5864f432ce3219bbe
|
|
Allow dpm to read the slm property to
enable / disable slm.
Change-Id: Ibe211c7421a92bf9b04ef75e03f9e8267a0e5695
CRs-Fixed: 2731396
|
|
As qualcomm relabels read_ahead_kb and friends as sysfs_mmc_host
we explicitly need to grant apexd access to it or it will break.
This results in eg GSIs to be unbootable.
type=1400 audit(3799551.036:40): avc: denied { read write }
for comm="apexd" name="read_ahead_kb" dev="sysfs" ino=81305
scontext=u:r:apexd:s0 tcontext=u:object_r:sysfs_mmc_host:s0
tclass=file permissive=0
Change-Id: Iea24b94318893e8526e06e24bc3308acba37b0cc
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
|
|
Change-Id: Ia91078502b448221ad803674a003378e1f7a846c
|
|
Change-Id: I9fc932d76f9eceb157c0b48cf1d666cde6b55e59
CRs-Fixed: 2289554
|
|
Cvp is a new computer vision hardware
which interacts with DSP and video driver.
Adding new ion mem permission for cvp domains.
Change-Id: I6c2118b15cf5ccc6505c80969c4090e3396238e4
|
|
Change-Id: Ief59f77386ff98cc8070ee9de5fb5a9e514b039e
|
|
Allows netmgr to control starting/stopping the qmipriod daemon via
setting the relevant android properties.
Change-Id: I35d9af93ff565bddc4813eef8ad36db896d4a400
|
|
Add property to generic sepolicy for loading shsusrd from netmgr.
Fixes the following-
[ 66.051992] type=1107 audit(1549.328:591): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for
property=persist.vendor.data.shsusr_load pid=921 uid=1001 gid=1001
scontext=u:r:vendor_netmgrd:s0 tcontext=u:object_r:vendor_default_prop:s0
tclass=property_service permissive=0'
CRs-Fixed: 2575687
Change-Id: I32fb31a7f5e64c2095aee081fd855900be0d0701
|
|
* As seen on non-legacy sepolicy
Change-Id: Ifec35f7ffb2452e930c40f9e59c95e64c7dfaff3
|
|
Added permissions for Perf HAL to set property
values
CRs-Fixed: 2682965
Change-Id: I76c55c4cd46caee6896a302d2cea305c49283315
|
|
Bug: 199748390
Test: boot with those files labeled
09-13 17:01:44.542 1865 1865 I auditd : type=1400 audit(0.0:5):
avc: denied { read } for comm="android.ui" name="extcon3" dev="sysfs"
ino=61612 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=0
Change-Id: Iabab1243ce7259d46040901a2a734b5962d281a5
Change-Id: I96d7ab2bc6e153dea96d8366a16f7e8e5152f1c9
|
|
Add smcinvoke dev node as tee device in file_contexts.
This node has been moved from qssi to vendor for GSI
check.
Change-Id: I9ff2e94f8024f6b091afaa8e04381a3d808d9a2a
|
|
* As seen on non-legacy sepolicy
Change-Id: I8b18879af9e8f5c962091161d9691f3f2673bfd9
|
|
The `wifi.interface` property was labelled as `exported_default_prop` by
system/sepolicy in android 11. Since android 12 it is labelled as
`wifi_hal_prop` which causes the following denial.
W libc : Access denied finding property "wifi.interface"
W cnd : type=1400 audit(0.0:22): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=26257 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0
Change-Id: I15c7ea0b0975e7be2f348b1215b4417d5ab08bf8
|
|
SLM enable dual link wifi data transfer by
efficient utilization of available channel capacity.
SLM enables UID specifc data transfer over two links.
"persist.vendor.slm.enable" property used to enable
and disable SLM feature.
CRs-Fixed: 2607286
Change-Id: Ia562f698a3fa309eb45e98dea2a9fdc6a7623799
|
|
Allow the known processes to offload to ADSP / SLPI using the new
device node.
Change-Id: Icaf8c4e1195b10711208bb5a331572ce78143560
|
|
levelFrom is used to determine the level (sensitivity + categories)
for MLS/MCS. If set to all, level is determined from both UID and
user ID. This is bad for poweroffalarm, as it needs to be able to
write to /persist/alarm/data which has a context without mls_level:
u:object_r:persist_alarm_file:s0
instead of
u:object_r:persist_alarm_file:s0:c0,c256,c512,c768
Change-Id: I9a8b706cdedc090281e4b5542eb34816b7ff338e
|
|
remove poweroffalarm system uid
Change-Id: I2e93c12b5e9b0169b77d1beecbdbbb7757b8ee1e
|
