Commit graph

51 commits

Author SHA1 Message Date
LuK1337
51a2a13e22 msm8976-common: comhal_lineage_livedisplay_default.te -> hal_lineage_livedisplay_default.te
* Dunno how that even happened tbh.

Change-Id: I1b042a79d6ce95a6af906ba00c553e01020b0b73
2019-06-16 16:02:05 +02:00
Kevin F. Haggerty
74c3327190 msm8976-common: Build Samsung LiveDisplay service
Change-Id: I74d38aa0df3179bb00b942135e8ff055aa8a5658
2019-05-24 23:32:30 +02:00
LuK1337
c2e3a7b743 msm8976-common: sepolicy: Remove no longer needed rules
Change-Id: Ib0e310d26d153bf7477110d592e5d18e7042bfad
2019-02-25 17:03:23 +01:00
LuK1337
38786d49b8 Revert "Revert "msm8976-common: Binderize camera & graphics composer""
This reverts commit f10851da4f.

Change-Id: Ia054b3433e8bd3652ad6557180e739a0ea5bd49c
2019-02-25 16:55:49 +01:00
LuK1337
f10851da4f Revert "msm8976-common: Binderize camera & graphics composer"
* Since someone was funny enough to label display.qservice
  as 'service' instead of 'vndservice' in legacy qcom sepolicy
  I'm forced to move these back to passthrough ;-;

This reverts commit a8fd5e61e0.

Change-Id: I4fb729fce584450499b55cc7b8815e9768dac846
2019-01-21 16:16:06 +01:00
LuK1337
9b22aa359f msm8976-common: sepolicy: Allow vendor_init to create files in /data/misc/radio
Change-Id: I537ef9612c1b7994510bc8e91e5c09953a56b384
2019-01-19 13:18:48 +01:00
LuK1337
7efa7c4142 msm8976-common: sepolicy: Allow vendor_init to load firmware files
Change-Id: Ic687c9bdc58023b0745fedd23b99811cdb87a325
2019-01-19 13:18:48 +01:00
Tom Cherry
7aa66e91ba msm8976-common: sepolicy: Add restricted permissions to vendor_init
The core SEPolicy for vendor_init is being restricted to the proper
Treble restrictions.  Since this is a legacy device, it is tagged as a
data_between_core_and_vendor_violators and the needed permissions are
added to its device specific vendor_init.te

Bug: 62875318
Test: boot 8976 targets without audits
Change-Id: I13aaa2278e71092d740216d3978dc720afafe8ea
2019-01-19 13:18:48 +01:00
LuK1337
0c5cb53a04 msm8976-common: sepolicy: Address healthd denials
Change-Id: I56f87d9b879d066bd04bea905a0b8df50b56dc33
2019-01-19 13:18:48 +01:00
LuK1337
26e4e5df4a msm8976-common: sepolicy: Address hal_fingerprint_default denials
Change-Id: If0218356eedc43f53d180c2415c777c2b7f8bf10
2019-01-19 13:18:48 +01:00
LuK1337
b0d28dc4c4 msm8976-common: sepolicy: Address camera related denials
Change-Id: If1dea9ad887987b4e4e05aa52d4b2271e4025080
2019-01-19 13:18:48 +01:00
LuK1337
dafcd292e6 msm8976-common: sepolicy: Allow timekeep to read since_epoch
Change-Id: I66af18e6c82f8ea6a2951a93e468f2533432b3c7
2019-01-19 12:58:40 +01:00
LuK1337
3c733e2cc6 msm8976-common: sepolicy: Address timekeep denials
Change-Id: I1f6b24c2586106535415a1913d9b6d6841bc8392
2019-01-18 23:22:57 +01:00
LuK1337
e13be46cf4 msm8976-common: sepolicy: Remove BT_QCA6174 sysfs labels
* Labeled in device/qcom/sepolicy @ legacy-common.

Change-Id: Ib857f32cfeb594b092fd72e4545f1cfcf05dc5d2
2018-05-22 15:13:19 +02:00
LuK1337
2f40aa1c30 msm8976-common: sepolicy: Remove unnecessary cache block device label
* Already labelled in device/qcom/sepolicy.

Change-Id: I9302885ec1e2f546dadd3c9aab75cbc1563845cd
2018-04-28 20:31:54 +02:00
Giuseppe Barillari
c9d2148237 msm8976-common: sepolicy: Remove debugfs_rmt rules
* Already present in device/qcom/sepolicy/legacy-common

Change-Id: Ie776556d6c3f64b8e4553990c9507ea0dcf9ca0a
Signed-off-by: Giuseppe Barillari <joe2k01dev@gmail.com>
2018-04-21 13:37:09 +02:00
Sean McCreary
da54607843 msm8976-common: Address timekeep denials
Change-Id: I93f89536ff380127e639d09dfa38e458510aea9a
2018-04-10 06:46:20 -06:00
LuK1337
b15744fd7b msm8976-common: Go back passthrough sensors implementation
* Apparently hwbinder causes issues with adaptive
  brightness. Going back to passthrough seems to fix
  this issue.

Change-Id: I47d60d2d7fb52b5001df8a0d385acddebaa0ec84
2018-04-10 14:07:12 +02:00
Paul Keith
a3186e740e msm8976-common: Transition to TARGET_LD_SHIM_LIBS
* Limits security exposure from shims

 * As a bonus, we no longer need noatsecure
   to make LD_SHIM_LIBS persist through services

Change-Id: I877192422062f3e59c81a7130ad1a2b4be5d1647
2018-02-17 09:34:47 +00:00
LuK1337
a8fd5e61e0 msm8976-common: Binderize camera & graphics composer 2018-02-12 18:34:13 +01:00
LuK1337
f387e6602e msm8976-common: Binderize them all
* Leave out camera and graphics composer as they
  can't be binderized on current blobs.
2018-02-12 18:34:13 +01:00
LuK1337
0b60118cf8 msm8976-common: sepolicy: Remove rules that are now in legacy-common 2018-02-12 18:34:12 +01:00
LuK1337
2ff56657dd msm8976-common: sepolicy: Sync timekeep rules with SODP 2018-02-12 18:34:12 +01:00
LuK1337
ee0365443e msm8976-common: Timekeep is now in /vendor 2018-02-12 18:34:12 +01:00
LuK1337
dfde1bbb16 msm8976-common: sepolicy: Add rules for RIL 2018-02-12 18:34:11 +01:00
LuK1337
d44c7bd9b8 msm8976-common: sepolicy: Allow init to setattr on sysfs symlinks
* Required for sx9310_grip sensor.
2018-02-12 18:34:11 +01:00
LuK1337
6cc79a1df7 msm8976-common: sepolicy: Allow timekeep to read "since_epoch"
* We don't really need to relabel it since we trust
  timekeep as it's just a simple OSS program.
2018-01-26 15:47:21 +01:00
LuK1337
eee9f90a82 msm8976-common: sepolicy: Allow system_server to read qti_debugfs 2018-01-26 15:47:21 +01:00
LuK1337
762edfede3 msm8976-common: sepolicy: Use regular expression when labeling BT sysfs
* Apparently gts28vewifi uses different number
  than 125 thus we should be using [0-9]+ regex.
2018-01-26 15:47:21 +01:00
LuK1337
e13f6fe38a msm8976-common: sepolicy: Allow Bluetooth to read firmware files
* Newer devices ship with bt_firmware partition but
  we aren't so lucky so we have to allow bluetooth
  to read firmware_file instead.
2018-01-26 15:47:21 +01:00
LuK1337
54f1428686 msm8976-common: Label BT_QCA6174 sysfs files 2018-01-26 15:47:21 +01:00
Ethan Chen
2bf275f870 msm8976-common: sepolicy: Use noatsecure for everything
* We rely on LD_SHIM_LIBS to provide missing symbols to
  some of our proprietary libraries.

Change-Id: I17095630043bbd5af4436cd5625a0fdc3480ed05
2018-01-26 15:47:21 +01:00
LuK1337
25e027d85e msm8976-common: Initial SELinux updates
* Drop domain_deprecated
* Use proper device block paths as
  symlinks are no longer working.
2018-01-26 15:47:21 +01:00
Bruno Martins
6d58bd23b5 msm8976-common: Grant rmt_storage proper unix perms
Do not grant DAC override permission which would allow this daemon
unix permissions to everything.

avc: denied { dac_override } for pid=2664 comm="rmt_storage" capability=1 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0

Add wakelock group to access:
/sys/power/wake_lock
-rw-rw----  1 radio  wakelock 4096 2017-06-28 00:37 wake_unlock

Change-Id: Ib02b4aedab479f5ad8aca3a2100b5c489397002a
2017-07-04 18:40:56 +02:00
LuK1337
b2f7745ad4 msm8976-common: Update blobs from T813XXU2BQD1
Change-Id: I3e3938773fddd721129a85552caec00f3ab8b17c
2017-04-23 22:44:42 +02:00
LuK1337
64fd514d2c msm8976-common: Allow rmt_storage to use dac_override, net_raw capabilities
Change-Id: Ie5e567c96278711ca5c84258ecb4602aa2fafcc3
2017-02-15 21:06:05 +01:00
Dan Pasanen
b5007f2fee msm8976-common: sepolicy: rfs_access needs net_raw
* This is no longer in device/qcom/sepolicy

Change-Id: I18509dfe367e0328fd6372d0ad80114e3e4ed42d
2017-02-15 19:16:19 +01:00
LuK1337
c2d9166d30 msm8976-common: Use /fota for uncrypt partition
* Should have done that earlier.

Change-Id: Ib74f059066c65eb1d3905a9bbd29b553dae34b3e
2017-02-08 17:23:47 +01:00
Arne Coucheron
7863596495 msm8976-common: Allow init to write in debugfs
avc: denied { write } for name="tracing_on" dev="debugfs" ino=3203 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0

Change-Id: Ic4150d4a932e33124d760fce360c1ac042ed1387
2017-02-03 18:12:26 +01:00
LuK1337
dc7fe24c4c msm8976-common: Allow system_server to search /efs
* Allows acceleration sensor to look for calibration
  file even if it's not there :^)

Change-Id: I891a610b31e4450278da22d29ff69dff8e07372d
2017-02-03 15:41:56 +01:00
LuK1337
6f9f705ab5 msm8976-common: Set proper fingerprintd policies
Change-Id: I981bf82c93fd33e439d6ea6e305860ba841a5f91
2017-01-26 22:18:44 +00:00
LuK1337
b47a1280b6 msm8976-common: Let netd access wifi_efs_file
* Needed for setting proper MAC Address.

Change-Id: I2f7e5f0a69fe8995a4257fb915e488f96bff9888
2017-01-25 21:02:53 +01:00
Luca Stefani
21581fccbd msm8976-common: sepolicy: Allow mediacodec to open venus firmware 2017-01-24 15:43:01 +01:00
Luca Stefani
07fbd607a0 msm8976-common: Allow fpd to save biometrics data 2017-01-24 11:33:26 +01:00
Luca Stefani
e54be9f2df msm8976-common: Allow fpd to read the fp firmware 2017-01-24 11:21:25 +01:00
Luca Stefani
ca6d34be97 msm8976-common: Allow fpd to search fp firmware 2017-01-24 11:18:27 +01:00
Luca Stefani
f6599a6485 msm8976-common: Add FP selinux rules 2017-01-24 11:18:26 +01:00
Luca Stefani
891c848ea6 msm8976-common: Allow timekeep to search time_data_file dir 2017-01-24 11:03:35 +01:00
LuK1337
ffd034cd40 msm8976-common: Remove net_admin, net_raw groups from loc_launcher and pm-service 2017-01-23 22:42:57 +01:00
LuK1337
f175f6bc68 msm8976-common: Make it enforcing :3 2017-01-23 17:34:56 +01:00