android_device_samsung_klte-common

Commit Graph

Author	SHA1	Message	Date
Kevin F. Haggerty	933059f487	klte-common: sepolicy: Label sysfs_fingerprint, resolve denials * avc: denied { setattr } for name="type_check" dev="sysfs" ino=28060 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Change-Id: Ide1be660eaa005a7268161a4ab8d301b793ba062	2018-11-29 07:01:06 -07:00
Kevin F. Haggerty	b5bfa3d797	klte-common: sepolicy: Label sysfs_audio nodes Change-Id: I46a0067241a3ce4567992c7437336f4a9c4bab8e	2018-11-25 08:10:41 -07:00
Kevin F. Haggerty	1075fc17bb	klte-common: sepolicy: Resolve fingerprint HAL denials * avc: denied { write } for name=fpdata dev=mmcblk0p26 ino=106076 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=1 Change-Id: I624acde27d157daa473179980af30abd82b51131	2018-11-15 21:17:28 -07:00
Paul Keith	4cab6270ec	klte-common: Stop abusing global contexts for fingerprint * vcs_device is used to label /dev/vcs, which are virtual consoles Create and use our own label for /dev/vfsspi so our fingerprint hal can access it, and rename vcs_data_file while we're at it Change-Id: I01f0e8c4924d3847383319ce59dbbf802f89a36b	2018-05-15 14:02:21 +02:00
Kevin F. Haggerty	9d1c38d6ab	klte-common: sepolicy: Label sysfs nodes for power HAL Change-Id: I0fa2297ebb219421ad59a49836b9a39ece0843af	2018-03-01 04:42:08 +00:00
Kevin F. Haggerty	01ebfad97a	klte-common: sepolicy: Allow FP HAL more privs for vcs_data_file avc: denied { read } for name="validity" dev="mmcblk0p26" ino=219889 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0 avc: denied { write } for name="validity" dev="mmcblk0p26" ino=219889 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0 avc: denied { create } for name="finger.db" scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=file permissive=0 Change-Id: I2e0caa8b3763b8cdcd19b40d174f1a8fc3dc332e	2018-02-15 21:45:17 -07:00
Kevin F. Haggerty	61eedfac83	klte-common: sepolicy: Allow tee more privs for vcs_data_file avc: denied { add_name } for name="5dsokxEEDXgQhkN50bp-Z2K5InM_" scontext=u:r:tee:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0 avc: denied { create } for name="5dsokxEEDXgQhkN50bp-Z2K5InM_" scontext=u:r:tee:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0 avc: denied { write } for name="validity" dev="mmcblk0p26" ino=81441 scontext=u:r:tee:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0 avc: denied { create } for name="AdVIudLPitjpV7ZB04m7UvhkKdg_" scontext=u:r:tee:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=file permissive=0 Change-Id: I4798dd5cff58b7948222124b6879d8303c36af27	2018-02-15 21:44:53 -07:00
Kevin F. Haggerty	96de9ccf0d	klte-common: sepolicy: Move common items to msm8974-common * The bulk of this policy isn't specific to klte, so let's move it somewhere that allows the maintenace of it to help other impacted devices. Change-Id: I57b0d24d25e5871c5aa69d415b94ca21f89c1794	2018-02-03 15:15:57 -07:00
Kevin F. Haggerty	669f00e706	klte-common: sepolicy: Clean up previous commit * Some idiot did a 'git push lineage HEAD;refs/for/lineage-15.1' instead of a 'git push lineage HEAD:refs/for/lineage-15.1'. Do you see the difference? * Delete all of the old policy items and commented-out lines like the previous commit promised. Change-Id: I6cd8a8cffc76661b6de486e6b8550bafa83f5de9	2018-01-19 16:18:46 -07:00
Kevin F. Haggerty	5045387dec	[DO NOT MERGE] klte-common: sepolicy: Rewrite for O * WIP * KILL that sepolicy/old/ before merging * KILL the dontaudits before merging Change-Id: I6694567fa1c834b262941b9be362c96cbd16625e	2018-01-19 16:07:35 -07:00
Paul Keith	878439b046	klte-common: Add support for sec nfc chips * kltesprsports has this Change-Id: I5a12c2911347f626153131a677c73c47cba5d7c0	2017-12-22 09:16:55 -07:00
Corinna Vinschen	a5bfcfc37b	klte-common: sepolicy: Add external fs permissions for shell Avoid SELinux denials when accessing external exfat FS from adb shell. Change-Id: I5f7d804dae4847807fdee763fa91e85cac049cf5 Signed-off-by: Corinna Vinschen <xda@vinschen.de>	2017-10-20 10:04:39 +02:00
Kevin F. Haggerty	d66d9d918a	klte-common: sepolicy: Clean-up policy for external sdcards * Yes, this looks horrendously wide-open, but this only applied for the complete sandbox that is external sdcard Change-Id: Ibd1fe240eeed65f079e810a3da5157a4e64944f2	2017-09-26 09:00:39 -06:00
Bruno Martins	0dd0f42631	klte-common: Grant rmt_storage proper unix perms Do not grant DAC override permission which would allow this daemon unix permissions to everything. avc: denied { dac_override } for pid=2664 comm="rmt_storage" capability=1 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0 Add wakelock group to access: /sys/power/wake_lock -rw-rw---- 1 radio wakelock 4096 2017-06-28 00:37 wake_unlock Change-Id: Ib02b4aedab479f5ad8aca3a2100b5c489397002a	2017-06-29 08:48:53 +00:00
OzzysCmAcc	d6b31929f5	klte-common: fix init denial *denial is caused by rild update from m package Change-Id: I42f6ac07d48e6bea17e44a88f379fb6647fb27b8	2017-03-25 11:15:55 +00:00
Kevin F. Haggerty	020350a1f3	klte-common: sepolicy: Add file_contexts entries for variant blobs Change-Id: I7d93e2d8e1fda33065fa0063062c7c441a2b73bf	2017-03-11 18:39:33 +00:00
OzzysCmAcc	14c78877a8	klte-common: fix rmt_storage denial this fixes no sim card after caf rebase avc: denied { dac_override } for pid=314 comm="rmt_storage" capability=1 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0 Change-Id: I09ab419bd2fd1fb9ddeb3b8c670df15075a73a51	2017-02-16 13:21:22 +00:00
Kevin F. Haggerty	9ad0c9b223	klte-common: fstab: Assign fota partition for /misc * This partition doesn't cause the world to die... Change-Id: I069eef35f586d2da02112c1558701b96e0059551	2017-02-09 22:12:20 -07:00
Kevin F. Haggerty	2575fdfcf7	klte-common: Fix file contexts related to our telephony symlink mess Change-Id: I1344b960de72a2b70da9cf6ce1bf947e8b39a71d	2017-01-11 08:12:59 -07:00
OzzysCmAcc	8e29a7edc9	address rild denial Change-Id: Ia2f37457138d3878021d3c72592e27e694acba49	2017-01-06 12:31:42 +01:00
OzzysCmAcc	45cead0eb7	klte-common: address rild denial *[ 12.591018] init: avc: denied { set } for property=persist.ril. radiocapa.tdscdma pid=334 uid=1001 gid=1001 scontext=u:r:rild:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=1 Change-Id: I106a93dbae498244dce087b35ebe818558db9db5	2016-12-20 22:27:39 -08:00
OzzysCmAcc	1315cde569	klte-common: address kernel denial Change-Id: Ice6ae3ec441bef079c6c9e83498d523c66d57af6	2016-12-20 09:46:24 -08:00
OzzysCmAcc	b5b3b195c3	klte-common: address init denial Change-Id: I156d3ff44fa85eb956127974a7f934a1232f63df	2016-12-20 09:45:49 -08:00
OzzysCmAcc	c52ffc147e	klte-common: adress mpdecision denial Change-Id: I3cdc06b38a166678b0ab98df630168c0ef929363	2016-11-13 12:21:05 -08:00
Oskar Kratochvil	b44f79b615	klte-common: fix another denial for mpdecision Change-Id: I091cdbf7741832f5c41f5355cf5ae6a30478ecd7	2016-11-11 11:02:06 -07:00
OzzysCmAcc	dc8e5fee42	klte-common: update the sepolicy Change-Id: Ibec3600fc519b3b7a5f309b197e4180d80755fc5	2016-11-09 14:28:43 -08:00
Kevin F. Haggerty	5b43dfd64d	klte-common: sepolicy: Allow macloader to write params to sysfs Change-Id: I157456c3cbd666f907c5761b816b605f1a1eec34	2016-10-24 06:25:47 -07:00
Kevin F. Haggerty	e5640b3481	klte-common: sepolicy updates Change-Id: I85fb2a3e93574d13d323e11bf6a2030074ae6685	2016-10-21 08:44:08 -07:00
Kevin F. Haggerty	7d1c078f38	klte-common: sepolicy: allow rild to read a lnk_file * Needed because our blobs hardcode the old telephony path and we have to symlink to the new location Change-Id: I12d25feb21af4e542e88c3b582390ae5930231bd	2016-10-21 06:01:21 -07:00
Kevin F. Haggerty	41b04289c2	klte-common: sepolicy updates * Full rewrite is probably best, but this is good for now Change-Id: I4ef137ffd16892ffa562dffd9e4a88d69f4a780d	2016-10-19 19:02:15 -07:00
ljzyal	2f41fd2d2f	klte: Use new Fingerprint Hal without ValidityService * Use a fully OSS FPS stack to remove dependency on a service to register fingerprints and hacked up touchwiz libs from Samsung Change-Id: I66ae7fc807a213befdf77d0f09d38f2fbe01df61	2016-10-03 18:55:15 -07:00
OzzysCmAcc	dcebc16e28	klte-common: fix a few denials Change-Id: I1aa71a071faf13c71b825cd84583c61106198810 (cherry picked from commit 1de5a396a728efc8d6f9a4c7292ff0a17625ce8d)	2016-09-24 07:42:58 -07:00
OzzysCmAcc	6492424ad1	klte-common: fix mediaserver denial Change-Id: I64d3d2aa96081e3f0880063e58b28ff729e6a3cd	2016-07-26 17:09:38 -07:00
Oskar Kratochvil	effdcb214e	Revert "klte-common: address some denials" *this has moved to vendor_cm This reverts commit `f4da350e72`. Change-Id: If1cd01968676213725dc21666683b3f112f4cb44	2016-07-24 12:07:51 -07:00
Oskar Kratochvil	c0f241c97d	Revert "fix denials" This reverts commit `6465e8ed91`. Change-Id: I22d0294713f90a5753425fdacef014acfe349de1	2016-07-20 12:44:33 -07:00
OzzysCmAcc	6465e8ed91	fix denials Change-Id: I84138c7d810ea7d89952b9254a540a14eef227b6	2016-05-16 22:23:17 -07:00
Kevin F. Haggerty	6a11bbd692	klte-common: sepolicy: Address system_server denials wifi_efs_file app_data_file Change-Id: I80d63260d081ca0c769918010a8fe6720fb3da3a	2016-05-16 10:29:30 -07:00
OzzysCmAcc	f4da350e72	klte-common: address some denials Change-Id: Ibd37e8306bd26db6d0d3239e39a5144ff9f39029	2016-05-14 07:41:08 -07:00
ljzyal	e76049cc87	klte-common: Support Fingerprint Hardware Change-Id: I41c1f9bfa3c6ad11ce9726c467b977384471a38e	2016-02-29 19:32:44 -08:00
Jani Lusikka	678f8d91e7	klte-common: Allow rild to access sysfs_sec files Addresses: W/rild(769): type=1400 audit(0.0:3150): avc: denied { write } for name="hall_irq_ctrl" dev="sysfs" ino=29313 scontext=u:r:rild:s0 tcontext=u:object_r:sysfs_sec:s0 tclass=file permissive=0 Change-Id: I1f1667a230b4db02adc7165eedaf684cf318b471	2016-01-20 10:20:16 -08:00
Daniel Hillenbrand	15d948877b	Revert "sepolicy: Fixes for external storage denials" Moved to vendor/cm This reverts commit `1e1d0f4bed`. Change-Id: Idf6925f221df113d6f6461663b6b2eb91f7ba744	2016-01-01 08:31:52 -08:00
codeworkx	1e1d0f4bed	sepolicy: Fixes for external storage denials Change-Id: Ia7b13e360ea4109fb12a4ade91b3536bcb3e57c5	2015-12-31 11:00:04 +01:00
OzzysCmAcc	279607a2ca	klte-common: address healthd denial * Fixes offmode charging Change-Id: I79e6ef01ba02bd780a80c7134d7cdbd499461e0c	2015-12-25 02:42:31 -08:00
Ethan Chen	4216a7bdbb	klte-common: Grant macloader fsetid Change-Id: I5ceb7624d788888d781d2a6b5c5cae5b45debd66	2015-12-23 14:22:54 -08:00
Patrick Lower	fd12bd2e09	sepolicy: allow bluetooth access to CID file Change-Id: I35754469ad4032cd1c3f2282732f1d246d827ba5	2015-12-08 13:25:10 -05:00
Ethan Chen	323a99eef6	klte-common: Update SELinux policy * thermal-engine socket labeling is done in the QC common policy now. Change-Id: Iaa3b1d6ebf615b27fec06f5241af4935a4703dbf	2015-11-17 15:36:58 -08:00
Ethan Chen	cc9392254e	klte-common: Update SELinux configuration Change-Id: Ia7140d0cd2c1c80d4811988a3cb4e7960eba1261	2015-11-14 18:03:57 -08:00
Abhisek Devkota	e3112cd974	Sepolicy updates Change-Id: I1cc1f4bf811e25b5fac33df76b2ab16853b1bbac	2015-09-17 15:49:37 -07:00
Patrick Lower	6705aa25dd	sepolicy: address denails when trying to access audience SoC * addressses the following: <36>[ 814.651401] type=1400 audit(1428137775.191:174): avc: denied { read write } for pid=730 comm="AudioOut_2" name="ttyHS3" dev="tmpfs" ino=9278 scontext=u:r:mediaserver:s0 tcontext=u:object_r:serial_device:s0 tclass=chr_file <36>[ 814.651560] type=1400 audit(1428137775.191:174): avc: denied { open } for pid=730 comm="AudioOut_2" name="ttyHS3" dev="tmpfs" ino=9278 scontext=u:r:mediaserver:s0 tcontext=u:object_r:serial_device:s0 tclass=chr_file Change-Id: I4d76dd487e9319bcd3bd9d86215cfa245a10ac34	2015-04-06 02:48:25 +00:00
Patrick Lower	2b7fabeef0	klte-common: sepolicy updates * Fixed denials for time daemon, mpdecision, vold, TSP and more Using audit2allow and audit.log I no longer see any errors * Removed unnecessary lines from system_app due to changes in CMHW Change-Id: I47a34074bf27a11c67ec54e57616347690cf6d3b	2015-03-16 16:11:31 -04:00

1 2

55 Commits