Piteball/android_device_samsung_klte-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
740 commits 1 branch 0 tags 1.8 MiB
Commit graph

55 commits

Author SHA1 Message Date
Kevin F. Haggerty
933059f487
klte-common: sepolicy: Label sysfs_fingerprint, resolve denials 
* avc: denied { setattr } for name="type_check" dev="sysfs" ino=28060
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=0

Change-Id: Ide1be660eaa005a7268161a4ab8d301b793ba062
 2018-11-29 07:01:06 -07:00
Kevin F. Haggerty
b5bfa3d797
klte-common: sepolicy: Label sysfs_audio nodes 
Change-Id: I46a0067241a3ce4567992c7437336f4a9c4bab8e
 2018-11-25 08:10:41 -07:00
Kevin F. Haggerty
1075fc17bb
klte-common: sepolicy: Resolve fingerprint HAL denials 
* avc: denied { write } for name=fpdata dev=mmcblk0p26 ino=106076
  scontext=u:r:hal_fingerprint_default:s0
  tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir
  permissive=1

Change-Id: I624acde27d157daa473179980af30abd82b51131
 2018-11-15 21:17:28 -07:00
Paul Keith
4cab6270ec klte-common: Stop abusing global contexts for fingerprint 
* vcs_device is used to label /dev/vcs*, which are virtual consoles
* Create and use our own label for /dev/vfsspi so our fingerprint
  hal can access it, and rename vcs_data_file while we're at it

Change-Id: I01f0e8c4924d3847383319ce59dbbf802f89a36b
 2018-05-15 14:02:21 +02:00
Kevin F. Haggerty
9d1c38d6ab klte-common: sepolicy: Label sysfs nodes for power HAL 
Change-Id: I0fa2297ebb219421ad59a49836b9a39ece0843af
 2018-03-01 04:42:08 +00:00
Kevin F. Haggerty
01ebfad97a klte-common: sepolicy: Allow FP HAL more privs for vcs_data_file 
avc: denied { read } for name="validity" dev="mmcblk0p26"
  ino=219889 scontext=u:r:hal_fingerprint_default:s0
  tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0
avc: denied { write } for name="validity" dev="mmcblk0p26"
  ino=219889 scontext=u:r:hal_fingerprint_default:s0
  tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0
avc: denied { create } for name="finger.db"
  scontext=u:r:hal_fingerprint_default:s0
  tcontext=u:object_r:vcs_data_file:s0 tclass=file permissive=0

Change-Id: I2e0caa8b3763b8cdcd19b40d174f1a8fc3dc332e
 2018-02-15 21:45:17 -07:00
Kevin F. Haggerty
61eedfac83 klte-common: sepolicy: Allow tee more privs for vcs_data_file 
avc: denied { add_name } for name="5dsokxEEDXgQhkN50bp-Z2K5InM_"
  scontext=u:r:tee:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=dir
  permissive=0
avc: denied { create } for name="5dsokxEEDXgQhkN50bp-Z2K5InM_"
  scontext=u:r:tee:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=dir
  permissive=0
avc: denied { write } for name="validity" dev="mmcblk0p26" ino=81441
  scontext=u:r:tee:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=dir
  permissive=0
avc: denied { create } for name="AdVIudLPitjpV7ZB04m7UvhkKdg_"
  scontext=u:r:tee:s0 tcontext=u:object_r:vcs_data_file:s0 tclass=file
  permissive=0

Change-Id: I4798dd5cff58b7948222124b6879d8303c36af27
 2018-02-15 21:44:53 -07:00
Kevin F. Haggerty
96de9ccf0d klte-common: sepolicy: Move common items to msm8974-common 
* The bulk of this policy isn't specific to klte, so let's move
  it somewhere that allows the maintenace of it to help other
  impacted devices.

Change-Id: I57b0d24d25e5871c5aa69d415b94ca21f89c1794
 2018-02-03 15:15:57 -07:00
Kevin F. Haggerty
669f00e706 klte-common: sepolicy: Clean up previous commit 
* Some idiot did a 'git push lineage HEAD;refs/for/lineage-15.1'
  instead of a 'git push lineage HEAD:refs/for/lineage-15.1'.
  Do you see the difference?
* Delete all of the old policy items and commented-out lines like
  the previous commit promised.

Change-Id: I6cd8a8cffc76661b6de486e6b8550bafa83f5de9
 2018-01-19 16:18:46 -07:00
Kevin F. Haggerty
5045387dec [DO NOT MERGE] klte-common: sepolicy: Rewrite for O 
* WIP
* KILL that sepolicy/old/ before merging
* KILL the dontaudits before merging

Change-Id: I6694567fa1c834b262941b9be362c96cbd16625e
 2018-01-19 16:07:35 -07:00
Paul Keith
878439b046 klte-common: Add support for sec nfc chips 
* kltesprsports has this

Change-Id: I5a12c2911347f626153131a677c73c47cba5d7c0
 2017-12-22 09:16:55 -07:00
Corinna Vinschen
a5bfcfc37b klte-common: sepolicy: Add external fs permissions for shell 
Avoid SELinux denials when accessing external exfat FS from adb shell.

Change-Id: I5f7d804dae4847807fdee763fa91e85cac049cf5
Signed-off-by: Corinna Vinschen <xda@vinschen.de>
 2017-10-20 10:04:39 +02:00
Kevin F. Haggerty
d66d9d918a klte-common: sepolicy: Clean-up policy for external sdcards 
* Yes, this looks horrendously wide-open, but this only applied for the
  complete sandbox that is external sdcard

Change-Id: Ibd1fe240eeed65f079e810a3da5157a4e64944f2
 2017-09-26 09:00:39 -06:00
Bruno Martins
0dd0f42631 klte-common: Grant rmt_storage proper unix perms 
Do not grant DAC override permission which would allow this daemon
unix permissions to everything.

avc: denied { dac_override } for pid=2664 comm="rmt_storage" capability=1 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0

Add wakelock group to access:
/sys/power/wake_lock
-rw-rw----  1 radio  wakelock 4096 2017-06-28 00:37 wake_unlock

Change-Id: Ib02b4aedab479f5ad8aca3a2100b5c489397002a
 2017-06-29 08:48:53 +00:00
OzzysCmAcc
d6b31929f5 klte-common: fix init denial 
*denial is caused by rild update from m package

Change-Id: I42f6ac07d48e6bea17e44a88f379fb6647fb27b8
 2017-03-25 11:15:55 +00:00
Kevin F. Haggerty
020350a1f3 klte-common: sepolicy: Add file_contexts entries for variant blobs 
Change-Id: I7d93e2d8e1fda33065fa0063062c7c441a2b73bf
 2017-03-11 18:39:33 +00:00
OzzysCmAcc
14c78877a8 klte-common: fix rmt_storage denial 
*this fixes no sim card after caf rebase
*avc: denied { dac_override } for pid=314 comm="rmt_storage"
capability=1 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability permissive=0

Change-Id: I09ab419bd2fd1fb9ddeb3b8c670df15075a73a51
 2017-02-16 13:21:22 +00:00
Kevin F. Haggerty
9ad0c9b223 klte-common: fstab: Assign fota partition for /misc 
* This partition doesn't cause the world to die...

Change-Id: I069eef35f586d2da02112c1558701b96e0059551
 2017-02-09 22:12:20 -07:00
Kevin F. Haggerty
2575fdfcf7 klte-common: Fix file contexts related to our telephony symlink mess 
Change-Id: I1344b960de72a2b70da9cf6ce1bf947e8b39a71d
 2017-01-11 08:12:59 -07:00
OzzysCmAcc
8e29a7edc9 address rild denial 
Change-Id: Ia2f37457138d3878021d3c72592e27e694acba49
 2017-01-06 12:31:42 +01:00
OzzysCmAcc
45cead0eb7 klte-common: address rild denial 
*[   12.591018] init: avc:  denied  { set } for property=persist.ril.
radiocapa.tdscdma pid=334 uid=1001 gid=1001 scontext=u:r:rild:s0
tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=1

Change-Id: I106a93dbae498244dce087b35ebe818558db9db5
 2016-12-20 22:27:39 -08:00
OzzysCmAcc
1315cde569 klte-common: address kernel denial 
Change-Id: Ice6ae3ec441bef079c6c9e83498d523c66d57af6
 2016-12-20 09:46:24 -08:00
OzzysCmAcc
b5b3b195c3 klte-common: address init denial 
Change-Id: I156d3ff44fa85eb956127974a7f934a1232f63df
 2016-12-20 09:45:49 -08:00
OzzysCmAcc
c52ffc147e klte-common: adress mpdecision denial 
Change-Id: I3cdc06b38a166678b0ab98df630168c0ef929363
 2016-11-13 12:21:05 -08:00
Oskar Kratochvil
b44f79b615 klte-common: fix another denial for mpdecision 
Change-Id: I091cdbf7741832f5c41f5355cf5ae6a30478ecd7
 2016-11-11 11:02:06 -07:00
OzzysCmAcc
dc8e5fee42 klte-common: update the sepolicy 
Change-Id: Ibec3600fc519b3b7a5f309b197e4180d80755fc5
 2016-11-09 14:28:43 -08:00
Kevin F. Haggerty
5b43dfd64d klte-common: sepolicy: Allow macloader to write params to sysfs 
Change-Id: I157456c3cbd666f907c5761b816b605f1a1eec34
 2016-10-24 06:25:47 -07:00
Kevin F. Haggerty
e5640b3481 klte-common: sepolicy updates 
Change-Id: I85fb2a3e93574d13d323e11bf6a2030074ae6685
 2016-10-21 08:44:08 -07:00
Kevin F. Haggerty
7d1c078f38 klte-common: sepolicy: allow rild to read a lnk_file 
* Needed because our blobs hardcode the old telephony path and we
  have to symlink to the new location

Change-Id: I12d25feb21af4e542e88c3b582390ae5930231bd
 2016-10-21 06:01:21 -07:00
Kevin F. Haggerty
41b04289c2 klte-common: sepolicy updates 
* Full rewrite is probably best, but this is good for now

Change-Id: I4ef137ffd16892ffa562dffd9e4a88d69f4a780d
 2016-10-19 19:02:15 -07:00
ljzyal
2f41fd2d2f klte: Use new Fingerprint Hal without ValidityService 
* Use a fully OSS FPS stack to remove dependency on a service to
  register fingerprints and hacked up touchwiz libs from Samsung

Change-Id: I66ae7fc807a213befdf77d0f09d38f2fbe01df61
 2016-10-03 18:55:15 -07:00
OzzysCmAcc
dcebc16e28 klte-common: fix a few denials 
Change-Id: I1aa71a071faf13c71b825cd84583c61106198810
(cherry picked from commit 1de5a396a728efc8d6f9a4c7292ff0a17625ce8d)
 2016-09-24 07:42:58 -07:00
OzzysCmAcc
6492424ad1 klte-common: fix mediaserver denial 
Change-Id: I64d3d2aa96081e3f0880063e58b28ff729e6a3cd
 2016-07-26 17:09:38 -07:00
Oskar Kratochvil
effdcb214e Revert "klte-common: address some denials" 
*this has moved to vendor_cm

This reverts commit f4da350e72.

Change-Id: If1cd01968676213725dc21666683b3f112f4cb44
 2016-07-24 12:07:51 -07:00
Oskar Kratochvil
c0f241c97d Revert "fix denials" 
This reverts commit 6465e8ed91.

Change-Id: I22d0294713f90a5753425fdacef014acfe349de1
 2016-07-20 12:44:33 -07:00
OzzysCmAcc
6465e8ed91 fix denials 
Change-Id: I84138c7d810ea7d89952b9254a540a14eef227b6
 2016-05-16 22:23:17 -07:00
Kevin F. Haggerty
6a11bbd692 klte-common: sepolicy: Address system_server denials 
*wifi_efs_file
*app_data_file

Change-Id: I80d63260d081ca0c769918010a8fe6720fb3da3a
 2016-05-16 10:29:30 -07:00
OzzysCmAcc
f4da350e72 klte-common: address some denials 
Change-Id: Ibd37e8306bd26db6d0d3239e39a5144ff9f39029
 2016-05-14 07:41:08 -07:00
ljzyal
e76049cc87 klte-common: Support Fingerprint Hardware 
Change-Id: I41c1f9bfa3c6ad11ce9726c467b977384471a38e
 2016-02-29 19:32:44 -08:00
Jani Lusikka
678f8d91e7 klte-common: Allow rild to access sysfs_sec files 
Addresses:
W/rild(769): type=1400 audit(0.0:3150): avc: denied { write } for
name="hall_irq_ctrl" dev="sysfs" ino=29313 scontext=u:r:rild:s0
tcontext=u:object_r:sysfs_sec:s0 tclass=file permissive=0

Change-Id: I1f1667a230b4db02adc7165eedaf684cf318b471
 2016-01-20 10:20:16 -08:00
Daniel Hillenbrand
15d948877b Revert "sepolicy: Fixes for external storage denials" 
Moved to vendor/cm

This reverts commit 1e1d0f4bed.

Change-Id: Idf6925f221df113d6f6461663b6b2eb91f7ba744
 2016-01-01 08:31:52 -08:00
codeworkx
1e1d0f4bed sepolicy: Fixes for external storage denials 
Change-Id: Ia7b13e360ea4109fb12a4ade91b3536bcb3e57c5
 2015-12-31 11:00:04 +01:00
OzzysCmAcc
279607a2ca klte-common: address healthd denial 
* Fixes offmode charging

Change-Id: I79e6ef01ba02bd780a80c7134d7cdbd499461e0c
 2015-12-25 02:42:31 -08:00
Ethan Chen
4216a7bdbb klte-common: Grant macloader fsetid 
Change-Id: I5ceb7624d788888d781d2a6b5c5cae5b45debd66
 2015-12-23 14:22:54 -08:00
Patrick Lower
fd12bd2e09 sepolicy: allow bluetooth access to CID file 
Change-Id: I35754469ad4032cd1c3f2282732f1d246d827ba5
 2015-12-08 13:25:10 -05:00
Ethan Chen
323a99eef6 klte-common: Update SELinux policy 
* thermal-engine socket labeling is done in the QC common policy now.

Change-Id: Iaa3b1d6ebf615b27fec06f5241af4935a4703dbf
 2015-11-17 15:36:58 -08:00
Ethan Chen
cc9392254e klte-common: Update SELinux configuration 
Change-Id: Ia7140d0cd2c1c80d4811988a3cb4e7960eba1261
 2015-11-14 18:03:57 -08:00
Abhisek Devkota
e3112cd974 Sepolicy updates 
Change-Id: I1cc1f4bf811e25b5fac33df76b2ab16853b1bbac
 2015-09-17 15:49:37 -07:00
Patrick Lower
6705aa25dd sepolicy: address denails when trying to access audience SoC 
* addressses the following:

<36>[  814.651401] type=1400 audit(1428137775.191:174): avc: denied { read write } for pid=730 comm="AudioOut_2" name="ttyHS3" dev="tmpfs" ino=9278 scontext=u:r:mediaserver:s0 tcontext=u:object_r:serial_device:s0 tclass=chr_file
<36>[  814.651560] type=1400 audit(1428137775.191:174): avc: denied { open } for pid=730 comm="AudioOut_2" name="ttyHS3" dev="tmpfs" ino=9278 scontext=u:r:mediaserver:s0 tcontext=u:object_r:serial_device:s0 tclass=chr_file

Change-Id: I4d76dd487e9319bcd3bd9d86215cfa245a10ac34
 2015-04-06 02:48:25 +00:00
Patrick Lower
2b7fabeef0 klte-common: sepolicy updates 
* Fixed denials for time daemon, mpdecision, vold, TSP and more
  Using audit2allow and audit.log I no longer see any errors
* Removed unnecessary lines from system_app due to changes in CMHW

Change-Id: I47a34074bf27a11c67ec54e57616347690cf6d3b
 2015-03-16 16:11:31 -04:00