| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: Ic49f0d4fa46ac4749e9bad3a9d4a780c54c3880e
|
|
Change-Id: Ifa358020513c1a01554d4e715612b59ca1342f67
|
|
Change-Id: I6b79865a3b21b887723ef603fbd3a10ddf0eda7b
|
|
Change-Id: I10b09afe41b927875d1f7c37d6fc18b75ae1250a
|
|
We want to avoid associating types with where they can be used.
Bug: 237115222
Test: build
Change-Id: Iddc557b9eeef7acee16efa37ba832d2eb033cdc6
|
|
This commit adds required sepolicy changes to avoid avc denial for new
vendor.qti.hardware.wifi.supplicant.ISupplicantVendor/default.
Change-Id: Ie272772338299eb2c684b1c3683e062b12ca486b
|
|
Change-Id: I6254ef6e160ff0d3c3ce2e51f20f557e75826dff
|
|
Allow building with PRODUCT_SET_DEBUGFS_RESTRICTIONS set.
Change-Id: I0d0703ea21f1f812c06247a3db2bc755e8904149
|
|
Change-Id: I5e59fd91e723df95224e5738295c2b8007f6f053
|
|
Change-Id: I29b6b536ffa7b1e0f04daf27259643694097081d
|
|
Change-Id: I2680a441d7aacba87aab786ed00bc09f0889df1e
|
|
Change-Id: I358bf7ccf29dadcac53e646d51c7c9a476f5d023
|
|
Change-Id: Ie9f50b544665a8b66b172f35c0f45c5404628595
|
|
Change-Id: Iab72245735d39aabbdf4f3f40238b36cf1701452
|
|
Update sepolicy for KineticsXR controllers.
Change-Id: I75a28dc44dfad25e0be8a470a30baa673f95a4b5
|
|
Currently if the target is in host mode bus suspend and is woke up
by connecting USB peripheral, system_suspend server tries to
read or open or getattr /sys/devices/platform/soc/c440000.qcom,spmi/
spmi-0/spmi0-00/ c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/
usbpd/usbpd0/ nodes, it gets a denial as the wakeup nodes are created
dynamically,so when system_suspend tries to access the node it throws a
denial since it never got the permissions for accessing
the wakup nodes.
Following is the denial:
avc: denied { read } for comm="Binder:650_2" name="wakeup18"
dev="sysfs" ino=66695 scontext=u:r:system_suspend:s0
tcontext=u:object_r:vendor_sysfs_usbpd_device:s0 tclass=dir permissive=0
Fix this by creating a new sepolicy file and providing
system_suspend_server the permission of read to
vendor_sysfs_usb_node. This would give permissions to
sysfs_wakeup.
Change-Id: Ib624a90dadabd27044090cc7df0c7eb90a92ec40
|
|
Bring back the old rules used by old blobs.
This reverts commit 42ff8589e696ee22bdd158e9332eb1b14ebb3adb.
Change-Id: I5986a6c59b7a72091e526586e2cba736c7fa36c4
|
|
Change-Id: I1cc993d353cf2966685a3276b4c97d86c7030326
|
|
Include all possible wakeup paths
Change-Id: I3d7a23abd7fb2668b51d1a51dc0a6bd316c0f379
|
|
Change-Id: I4a4812393c50ffec9d64dc1ad13514551c47985e
|
|
Change-Id: Idd7c3635afd8fa6539d6d4a447cbb0962aefd684
|
|
Allow vendor init scripts to getprop persist.debug.trace property
to fix avc denial issues.
Change-Id: I739d8eb63d305b810af16dd2e31e5fead42037a7
|
|
Bug: 199748390
Test: boot with those files labeled
09-13 17:01:44.542 1865 1865 I auditd : type=1400 audit(0.0:5):
avc: denied { read } for comm="android.ui" name="extcon3" dev="sysfs"
ino=61612 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=0
Change-Id: Iabab1243ce7259d46040901a2a734b5962d281a5
Change-Id: Id46c9620b0607e66f6ae61b2c30ede1b6996320f
|
|
Change-Id: I43e2c93d5915157c7a87a8f0799c45a54e251040
|
|
Change-Id: I3afe448cf9ea34ebcbf831d136af141cadc135bc
|
|
* Can't have them in hardware/oplus/sepolicy/qti/vendor/genfs_contexts
because it conflicts with generic/vendor/lahaina/genfs_contexts here.
Change-Id: I0b5aadad34d6da72275c234fe0429446866d816c
|
|
Change-Id: If22a1fe0036f49d5cfb3f3c21cd9c44b96ac6ae8
|
|
* Can't have them in hardware/oplus/sepolicy/qti/vendor/genfs_contexts
because it conflicts with generic/vendor/lahaina/genfs_contexts here.
Change-Id: I542e7b542aec7a7270095c82bfbd0c22941dc9cd
|
|
* Can't have them in hardware/oplus/sepolicy/qti/vendor/genfs_contexts
because it conflicts with generic/vendor/lahaina/genfs_contexts here.
Change-Id: Ie8f2ea1024a93d4e3d908ddef3140d34da8c4bb2
|
|
This reverts commit 82a20ed16ebd020e1e142ed27a13fde7b9a0926d.
Reason for revert: Not needed on 13 and hits a neverallow.
Change-Id: If66dd5dc6c12e41782ad9ef5058377caca08fa36
|
|
Change-Id: I954c139b25304cf283276f71b05b98e67eb56ec7
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
|
|
Change-Id: I4977b2a09e0dd802cede610ee777f19ce61f203a
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
|
|
If a sdm845 device launched with dynamic partitions, it has a
metadata partition as well.
[ 110.888321] audit: type=1400 audit(3941230.073:20): avc: denied { read } for pid=597 comm="fastbootd" name="sda8" dev="tmpfs" ino=14643 scontext=u:r:fastbootd:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0
[ 110.908854] fastbootd: [libfs_mgr]Failed to open '/dev/block/by-name/metadata': Permission denied
Change-Id: I7897c0fec9b490c23111ff7cd08111757628fdf5
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
|
|
Fixes usbpd related denials on SDM845.
Change-Id: Id74a7d966dec9629dc28d5c2bfe4aa92a67d501a
|
|
Change-Id: If35e87a56efb3e7a82ed2f06bb4dcab8ec4a0e82
|
|
system/core/rootdir/init.rc
1110: write /dev/sys/block/by-name/userdata/queue/discard_max_bytes 134217728
1111: write /dev/sys/block/by-name/rootdisk/queue/discard_max_bytes 134217728
Fixes: avc: denied { write } for comm="init" name="discard_max_bytes"
dev="sysfs" ino=55527 scontext=u:r:init:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Change-Id: I9db0cde703a2922171a96d8d99570741f487a3db
|
|
wlan driver/fw version are set at property at enforcing mode.
Add rules to allow to set wlan driver/fw version info
CRs-Fixed: 2460816
Change-Id: Ic0bb570cd53fe450512496c5864f432ce3219bbe
|
|
Allow dpm to read the slm property to
enable / disable slm.
Change-Id: Ibe211c7421a92bf9b04ef75e03f9e8267a0e5695
CRs-Fixed: 2731396
|
|
As qualcomm relabels read_ahead_kb and friends as sysfs_mmc_host
we explicitly need to grant apexd access to it or it will break.
This results in eg GSIs to be unbootable.
type=1400 audit(3799551.036:40): avc: denied { read write }
for comm="apexd" name="read_ahead_kb" dev="sysfs" ino=81305
scontext=u:r:apexd:s0 tcontext=u:object_r:sysfs_mmc_host:s0
tclass=file permissive=0
Change-Id: Iea24b94318893e8526e06e24bc3308acba37b0cc
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
|
|
Change-Id: Ia91078502b448221ad803674a003378e1f7a846c
|
|
Change-Id: I9fc932d76f9eceb157c0b48cf1d666cde6b55e59
CRs-Fixed: 2289554
|
|
Cvp is a new computer vision hardware
which interacts with DSP and video driver.
Adding new ion mem permission for cvp domains.
Change-Id: I6c2118b15cf5ccc6505c80969c4090e3396238e4
|
|
Change-Id: Ief59f77386ff98cc8070ee9de5fb5a9e514b039e
|
|
Allows netmgr to control starting/stopping the qmipriod daemon via
setting the relevant android properties.
Change-Id: I35d9af93ff565bddc4813eef8ad36db896d4a400
|
|
Add property to generic sepolicy for loading shsusrd from netmgr.
Fixes the following-
[ 66.051992] type=1107 audit(1549.328:591): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for
property=persist.vendor.data.shsusr_load pid=921 uid=1001 gid=1001
scontext=u:r:vendor_netmgrd:s0 tcontext=u:object_r:vendor_default_prop:s0
tclass=property_service permissive=0'
CRs-Fixed: 2575687
Change-Id: I32fb31a7f5e64c2095aee081fd855900be0d0701
|
|
* As seen on non-legacy sepolicy
Change-Id: Ifec35f7ffb2452e930c40f9e59c95e64c7dfaff3
|
|
Added permissions for Perf HAL to set property
values
CRs-Fixed: 2682965
Change-Id: I76c55c4cd46caee6896a302d2cea305c49283315
|
|
Bug: 199748390
Test: boot with those files labeled
09-13 17:01:44.542 1865 1865 I auditd : type=1400 audit(0.0:5):
avc: denied { read } for comm="android.ui" name="extcon3" dev="sysfs"
ino=61612 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=0
Change-Id: Iabab1243ce7259d46040901a2a734b5962d281a5
Change-Id: I96d7ab2bc6e153dea96d8366a16f7e8e5152f1c9
|
|
Add smcinvoke dev node as tee device in file_contexts.
This node has been moved from qssi to vendor for GSI
check.
Change-Id: I9ff2e94f8024f6b091afaa8e04381a3d808d9a2a
|
|
* As seen on non-legacy sepolicy
Change-Id: I8b18879af9e8f5c962091161d9691f3f2673bfd9
|
