RomanDesigner
a0c7e49b26
msm8226-common: sepolicy: Fix more errors
2020-03-11 11:11:11 +03:00
RomanDesigner
ec3ab6930e
Fix sepolicy errors
2020-03-11 11:03:44 +03:00
RomanDesigner
6ab05867f2
msm8226-common: Allow init to mount firmware_file dirs
2020-03-11 10:57:11 +03:00
Mohammad Afaneh
1907fef93b
[SQUASH] msm8226-common: bringup sepolicy to Q
2020-03-10 18:31:46 +03:00
Francescodario Cuzzocrea
7ed21fcb70
msm8226-common: fix more sepolicy denials
...
Change-Id: If81bc788428fdbbcd2c16d80f76316082e2c607f
2020-01-04 21:28:02 +01:00
Francescodario Cuzzocrea
8296402cb4
msm8226-common: resolve sepolicy denials
...
Change-Id: Iea4bbd17a420a06d55658a4a52bdcabf14cf4d2c
2019-12-15 18:41:15 +01:00
PythonLimited
8bc870910c
msm8226-common: update and cleanup sepolicy
2019-10-17 16:12:48 +02:00
Kevin F. Haggerty
417dc63a46
msm8226-common: sepolicy: Adapt to global sepolicy merges
...
* Several items merged globally caused duplicate definition of paths
that were previously labeled here.
This reverts commit 27afbf1dc6
.
This reverts commit 7fb5a8c6cb
.
This partially reverts commit bb196ad94b
.
This partially reverts commit c39a735ab5
.
Change-Id: I901e5aa78058e1a465f110cde31fb7d76eaf3d51
2019-10-16 12:30:58 +02:00
Kevin F. Haggerty
a5d5045f45
msm8226-common: sepolicy: Clean up
...
* Group policy statements better
* Nuke unneeded allows
Change-Id: Ibc1fd4debe8c95005a6dd54e1428d6365248bd80
2019-10-16 12:30:55 +02:00
Kevin F. Haggerty
8c265a347e
msm8226-common: sepolicy: Resolve init denials
...
* avc: denied { write } for name="enable_adaptive_lmk" dev="sysfs"
ino=6724 scontext=u:r:init:s0
tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file permissive=1
* avc: denied { open } for name="enable_adaptive_lmk" dev="sysfs"
ino=6724 scontext=u:r:init:s0
tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file
permissive=1
* avc: denied { setattr } for name="firmware_path" dev="sysfs"
ino=6423 scontext=u:r:init:s0
tcontext=u:object_r:sysfs_wifi_writeable:s0 tclass=file
permissive=1
* avc: denied { write } for name="l2" dev="sysfs" ino=29063
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
tclass=file permissive=1
* avc: denied { open } for name="l2" dev="sysfs" ino=29063
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
tclass=file permissive=1
* avc: denied { write } for name="enabled" dev="sysfs" ino=29716
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_thermal:s0
tclass=file permissive=1
* avc: denied { write } for name="online" dev="sysfs" ino=5871
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0
tclass=file permissive=1
* avc: denied { write } for name="boost_ms" dev="sysfs" ino=6652
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
tclass=file permissive=1
* avc: denied { open } for name="boost_ms" dev="sysfs" ino=6652
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
tclass=file permissive=1
* avc: denied { setattr } for name="min_pwrlevel" dev="sysfs"
ino=19546 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_kgsl:s0
tclass=file permissive=0
* avc: denied { setattr } for name="enabled" dev="sysfs" ino=23417
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_hal_pwr:s0
tclass=file permissive=1
* avc: denied { setattr } for name="rear_camfw" dev="sysfs" ino=24404
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_camera:s0
tclass=file permissive=1
* avc: denied { check_context } for scontext=u:r:init:s0
tcontext=u:object_r:kernel:s0 tclass=security permissive=0
Change-Id: Id7f78abedea2209f84527b1b83259574d06a0900
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
db9de76b54
msm8226-common: sepolicy: Label sysfs_usb_storage_gadget, resolve denials
...
* avc: denied { setattr } for name="file" dev="sysfs" ino=23591
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_storage_gadget:s0
tclass=file permissive=1
Change-Id: Ia96e3634cbe1a85bb7da3f24ecfa3fbaaa55baad
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
7bdcdf733e
msm8226-common: sepolicy: Label sysfs_usb_otg, resolve denials
...
* avc: denied { setattr } for name="booster" dev="sysfs" ino=23129
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_usb_otg:s0
tclass=file permissive=1
Change-Id: Iffb33bd7647026107473fb63e82d942ad027f9f9
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
2a303c3bbc
msm8226-common: sepolicy: Broaden sysfs_bluetooth_writable, resolve denials
...
Change-Id: Iff3645e36ece2126f3697bb0389394415be16529
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
8a2f7414d2
msm8226-common: sepolicy: Label sysfs_msmuart_file, resolve denials
...
* avc: denied { setattr } for name="clock" dev="sysfs" ino=18914
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msmuart_file:s0
tclass=file permissive=1
Change-Id: Iaf5fe6791344dcf419242599eb6c9272c61cd707
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
d290aaa200
msm8226-common: sepolicy: Label sysfs_mmc_host, resolve denials
...
* avc: denied { write } for name="control" dev="sysfs" ino=25383
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
tclass=file permissive=1
* avc: denied { open } for name="control" dev="sysfs" ino=25383
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mmc_host:s0
tclass=file permissive=1
Change-Id: I876d025db9cf1fe67faeccca830ffd53dbf92904
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
695a6ac727
msm8226-common: sepolicy: Label sysfs_socinfo, resolve denials
...
* avc: denied { setattr } for name="soc_iddq" dev="sysfs" ino=5543
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_socinfo:s0 tclass=file
permissive=0
Change-Id: Ife248a9cccea19b09b931525606cf4c34344fd9f
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
c75b3abe8d
msm8226-common: sepolicy: Label sysfs_sensors, resolve denials
...
* avc: denied { read } for name="ssp_sensor" dev="sysfs" ino=27809
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
tclass=lnk_file permissive=1
* avc: denied { setattr } for name="temperature" dev="sysfs" ino=10861
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sensors:s0
tclass=file permissive=0
Change-Id: I2e4a436704ed019af153da880d7becbde4b0ab11
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
5bc5db2267
msm8226-common: sepolicy: Label sysfs_msm_perf, resolve denials
...
* avc: denied { write } for name="suspend_enabled" dev="sysfs"
ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
tclass=file permissive=1
* avc: denied { open } for name="suspend_enabled" dev="sysfs"
ino=10567 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_perf:s0
tclass=file permissive=1
Change-Id: I23d69f0442d126b2a6ac3aaeda5032856a4483f2
2019-10-16 12:30:30 +02:00
Kevin F. Haggerty
8d6fcd7628
msm8226-common: sepolicy: Label sysfs_sec_* types, resolve denials
...
* Rename sysfs_sec type to sysfs_sec_key
* Add additional sysfs_sec_* types as appropriate
* avc: denied { read } for name="temp_adc" dev="sysfs" ino=10538
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { open } for name="temp_adc" dev="sysfs" ino=10538
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1
* avc: denied { write } for name="ir_send" dev="sysfs" ino=21339
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_ir:s0
tclass=file permissive=1
* avc: denied { write } for name="led_blink" dev="sysfs" ino=25722
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_led:s0
tclass=file permissive=1
* avc: denied { write } for name="brightness" dev="sysfs" ino=23467
scontext=u:r:system_server:s0
tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=1
* avc: denied { setattr } for name="ir_send" dev="sysfs" ino=21339
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file
permissive=1
* avc: denied { setattr } for name="hall_irq_ctrl" dev="sysfs"
ino=29565 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
tclass=file permissive=1
* avc: denied { setattr } for name="epen_firm_update" dev="sysfs"
ino=23585 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_epen:s0
tclass=file permissive=1
* avc: denied { setattr } for name="cmd" dev="sysfs" ino=23756
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
tclass=file permissive=1
* avc: denied { write } for name="wakeup_keys" dev="sysfs" ino=29568
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
tclass=file permissive=1
* avc: denied { open } for name="wakeup_keys" dev="sysfs" ino=29568
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0
tclass=file permissive=1
* avc: denied { read } for name="input" dev="sysfs" ino=24012
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0
tclass=lnk_file permissive=0
* avc: denied { setattr } for name="waketime" dev="sysfs" ino=29035
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_bamdmux:s0
tclass=file permissive=0
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25719
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_led:s0
tclass=file permissive=0
* avc: denied { setattr } for name="usb_sel" dev="sysfs" ino=28162
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_switch:s0
tclass=file permissive=0
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=23468
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0
tclass=file permissive=0
* avc: denied { setattr } for name="temperature" dev="sysfs"
ino=10538 scontext=u:r:init:s0
tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file
permissive=0
* avc: denied { setattr } for name="barcode_send" dev="sysfs"
ino=19231 scontext=u:r:init:s0
tcontext=u:object_r:sysfs_sec_barcode_emul:s0 tclass=file
permissive=0
Change-Id: I66b6d2aab875a2706f2730be9755e8d9805ffb6e
2019-10-12 10:26:47 +02:00
Kevin F. Haggerty
e03bb93d67
msm8226-common: sepolicy: Label sysfs_leds, resolve denials
...
* avc: denied { search } for name="leds" dev="sysfs" ino=7437
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
* avc: denied { setattr } for name="led_r" dev="sysfs" ino=25718
scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file
permissive=1
Change-Id: I8840e28b3aa72e60d5c15cad66f043a36a15c771
2019-10-12 10:26:47 +02:00
Kevin F. Haggerty
be05387f8f
msm8226-common: sepolicy: Label sysfs_batteryinfo, resolve denials
...
* avc: denied { setattr } for name="siop_level" dev="sysfs" ino=29912
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_batteryinfo:s0
tclass=file permissive=1
* avc: denied { search } for name="battery.95" dev="sysfs" ino=3264
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
* avc: denied { read } for name="batt_temp_adc" dev="sysfs" ino=28739
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
* avc: denied { open } for name="batt_temp_adc" dev="sysfs" ino=28739
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
Change-Id: Ie3098da96eeed27a9403e3c311fe011c1f359561
2019-10-12 10:26:47 +02:00
Kevin F. Haggerty
e38fc5cd87
msm8226-common: sepolicy: Label sysfs_input, resolve denials
...
* avc: denied { read write } for name="poll_delay" dev="sysfs"
ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0
tclass=file permissive=1
* avc: denied { open } for name="poll_delay" dev="sysfs" ino=27687
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file
permissive=1
* avc: denied { search } for name="input" dev="sysfs" ino=13030
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="input6" dev="sysfs" ino=26725
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0
* avc: denied { read } for name="device" dev="sysfs" ino=26717
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_input:s0 tclass=lnk_file permissive=0
* avc: denied { read write } for name="poll_delay" dev="sysfs"
ino=26946 scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=0
Change-Id: Id46a02a44e773b99ff61f9a8ff18394c74c80f90
2019-10-12 10:26:47 +02:00
Kevin F. Haggerty
88813355e5
msm8226-common: sepolicy: Label sysfs_iio, resolve denials
...
* avc: denied { read } for name="devices" dev="sysfs" ino=7783
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { open } for name="devices" dev="sysfs" ino=7783
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { write } for name="length" dev="sysfs" ino=26482
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="sysfs" ino=26489
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
tclass=lnk_file permissive=0
* avc: denied { read } for name="iio:device0" dev="sysfs" ino=26350
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0
tclass=lnk_file permissive=1
* avc: denied { setattr } for name="length" dev="sysfs" ino=26343
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file
permissive=1
Change-Id: If9b3e9efe4f7c6eec3faf973e0b7aebd96d76ef3
2019-10-12 10:26:47 +02:00
Kevin F. Haggerty
204b419f28
msm8226-common: sepolicy: More sysfs_graphics, resolve denials
...
* avc: denied { setattr } for name="brightness" dev="sysfs" ino=12913
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0
tclass=file permissive=1
* avc: denied { read } for name="window_type" dev="sysfs" ino=12710
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file
permissive=1
* avc: denied { read } for name="window_type" dev="sysfs" ino=12710
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
* avc: denied { search } for name="panel" dev="sysfs" ino=12358
scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:sysfs_graphics:s0 tclass=dir permissive=0
Change-Id: I8597d7be6217816924a8fee854341e4f2fb18562
2019-10-12 10:26:47 +02:00
Francescodario Cuzzocrea
0c1635f670
msm8226-common: remove init.tefor P bringup
2019-10-12 10:26:47 +02:00
Francescodario Cuzzocrea
f89d1e5ca3
[SQUASH]: initial bringup of samsung msm8226-common repo from msm8974-common
...
* Rename msm8974-common -> msm8226-common
* Import the old msm8226-common camera wrapper and apply :
- 45e3438b26 (diff-dd6d2dcc679d12b9430a9787bab45b33)
- 737bd8c396 (diff-dd6d2dcc679d12b9430a9787bab45b33)
- a79e72b246 (diff-dd6d2dcc679d12b9430a9787bab45b33)
- d4dadbaff0 (diff-dd6d2dcc679d12b9430a9787bab45b33)
- c2eb30c314 (diff-dd6d2dcc679d12b9430a9787bab45b33)
- 9ac995b901 (diff-dd6d2dcc679d12b9430a9787bab45b33)
* Remove msm8974 keylayout in favour of msm8226 ones
* Add wifi/prima relate configs for Qualcomm WIFI
* Import libwncss from our old msm8226-common branch
* Remove AvancedDisplay overlay as our panel does not support mDNIe
* Import rootdir files from stock SM-G800H release, rework it taking as
example klte one and import stock ondemand governor parameters
* Adapt seccomp policy for msm8226
* Adapt sensor multihal for msm8226
* Adapt sepolicy for msm8226-common
2019-10-12 10:17:42 +02:00
Paul Keith
d5d83cb89e
msm8974-common: Remove noatsecure
...
* Shims have been moved to a board flag, so we no longer need
noatsecure to make LD_SHIM_LIBS persist through services
Change-Id: I94b8c30e28e6dd297e0020ddfb46b2af21068721
2018-02-17 13:20:49 +00:00
Kevin F. Haggerty
68b75f9105
msm8974-common: sepolicy: Import common sepolicy from klte-common
...
* The bulk of the device family policy was common and applicable
to all Samsung msm8974-devices. Move that common stuff here to
ease maintenance.
Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8
2018-02-03 15:07:03 -07:00