| Age | Commit message (Collapse) | Author |
|---|
|
* suntrold is a oneshot service and spawns a subprocess which is required
for the rear camera. Since [1] oneshot services' process groups are
killed which prevents suntrold from working correctly.
* To work this issue around create a non-oneshot service, suntrold.sh, which
never exits, so that suntrold can be started from it and it's subprocesses
will not be killed.
[1] https://github.com/aosp-mirror/platform_system_core/commit/d89ed132a0ee1a57046286b83e64a35b71774952
[Idea of this is from LuK1337]
Co-authored-by: LuK1337 <priv.luk@gmail.com>
Change-Id: Id9c4f56648168f0ffe19b2bb31c591750afe6f97
|
|
* The default label in /data/ folders is system_data_root_folder now
* ro.bt.bdaddr_path is labelled as exported_bluetooth_prop now
Change-Id: Ifb689a1ffe0ee475790d75e4c8d69b01a82601e1
|
|
Change-Id: If615758376413b16fcc80addd03a9ba5cd388e8a
|
|
Change-Id: I270a673ac8c13dd192799e2513ec377919653458
Signed-off-by: Nikhil Punathil <nikhilpe@gmail.com>
|
|
|
|
- Fix symlinking and reading denials for iddd and credmgrd
Change-Id: I786301f2cb4f2aaa76e8f5b96a036ada0563463b
|
|
Fixes the denial:
avc: denied { append } for pid=327 comm="credmgrfirstboo" name=
"credmgr.log" dev="mmcblk0p24" ino=12 scontext=u:r:credmgrd:s0
tcontext=u:object_r:cache_file:s0 tclass=file permissive=0
Also fixes issue with camera not working on first boot on aries.
Change-Id: I726ff6a30745929f01f62d8504e0e0621e414ad7
|
|
* Credmgrdinit script had some mistakes. Adjust
policies according to the new changes.
Change-Id: I6e865f756225a1d8decdbc1833123dced27e75de
|
|
Change-Id: I078576ec339adcf935b47034f6c5faed429339f5
|
|
* No policies added or removed, only moved between
files to improve se linux management.
Change-Id: Ifa7cb9ce84f75c99f2d96dd0a71ced26f2580ba9
|
|
when it is set to enforced (from logcat and dmesg):
04-01 22:29:40.566 W/macaddrsetup(362): type=1400 audit(0.0:302): avc: denied { dac_override } for capability=1 scontext=u:r:addrsetup:s0 tcontext=u:r:addrsetup:s0 tclass=capability permissive=0
04-01 22:31:46.119 W/credmgrd(333): type=1400 audit(0.0:380): avc: denied { search } for name="suntory" dev="tmpfs" ino=6960 scontext=u:r:credmgrd:s0 tcontext=u:object_r:suntrold_sock_socket:s0 tclass=dir permissive=0
04-01 22:31:46.123 W/credmgrd(333): type=1400 audit(0.0:381): avc: denied { search } for name="/" dev="tmpfs" ino=7367 scontext=u:r:credmgrd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0
04-01 22:31:41.186 W/iddd (12977): type=1400 audit(0.0:378): avc: denied { search } for name="/" dev="tmpfs" ino=7367 scontext=u:r:iddd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0
04-01 22:31:46.249 W/scd (13064): type=1400 audit(0.0:382): avc: denied { getattr } for path="/dev/socket/scd/scd.sock" dev="tmpfs" ino=9384 scontext=u:r:scd:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0
04-02 01:54:06.328 W/scd (7200): type=1400 audit(0.0:47): avc: denied { remove_name } for name="scd.sock" dev="tmpfs" ino=8437 scontext=u:r:scd:s0 tcontext=u:object_r:socket_device:s0 tclass=dir permissive=0
04-02 02:36:47.050 W/scd (6544): type=1400 audit(0.0:53): avc: denied { unlink } for name="scd.sock" dev="tmpfs" ino=8369 scontext=u:r:scd:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0
04-02 03:09:36.677 W/scd (7902): type=1400 audit(0.0:72): avc: denied { search } for name="scd" dev="mmcblk0p25" ino=382769 scontext=u:r:scd:s0 tcontext=u:object_r:scd_data:s0 tclass=dir permissive=0
04-02 03:42:10.207 W/excal:HalCtrl(6497): type=1400 audit(0.0:16): avc: denied { write } for name="current1" dev="sysfs" ino=19887 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 29.029135] type=1400 audit(7343886.976:11): avc: denied { search } for pid=365 comm="mm-qcamera-daem" name="etc" dev="mmcblk0p25" ino=716673 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:ta_data_file:s0 tclass=dir permissive=0
[ 27.905847] type=1400 audit(7343885.850:6): avc: denied { search } for pid=254 comm="wvkbd" name="suntory" dev="tmpfs" ino=7537 scontext=u:r:wv:s0 tcontext=u:object_r:suntrold_sock_socket:s0 tclass=dir permissive=0
04-02 13:20:48.566 W/excal:ExposureC(7212): type=1400 audit(0.0:18): avc: denied { search } for name="battery" dev="sysfs" ino=18957 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=dir permissive=0
04-02 14:03:30.945 W/excal:ExposureC(6244): type=1400 audit(0.0:14): avc: denied { read } for name="voltage_now" dev="sysfs" ino=18973 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=file permissive=0
04-02 14:35:55.034 W/excal:ExposureC(6197): type=1400 audit(0.0:17): avc: denied { open } for name="voltage_now" dev="sysfs" ino=18870 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=file permissive=0
04-02 15:05:29.858 W/excal:ExposureC(5947): type=1400 audit(0.0:15): avc: denied { getattr } for path="/sys/devices/qpnp-charger-14/power_supply/battery/technology" dev="sysfs" ino=18969 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=file permissive=0
04-02 17:38:33.610 W/Binder:5021_3(5299): type=1400 audit(0.0:11): avc: denied { read } for name="/" dev="tmpfs" ino=6614 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
04-02 18:27:24.996 W/Binder:5251_1(5266): type=1400 audit(0.0:13): avc: denied { open } for name="/" dev="tmpfs" ino=7203 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
Change-Id: Ifbc5ef57cadea4d3f35d52dce23c1b56966bd981
|
|
Change-Id: I0b85560bb56beee0d21751fe55587c2de4b8ff00
|
|
Change-Id: Idc6306fc79c34969fbb84dab87c42d4305169037
|
|
Change-Id: Icfc6a998c6c5615351ed59111284858b9f27893c
shinano-common: Rework credmgrd sepolicies
Change-Id: Id922021b05ed0313b5cd7e506641632277a82105
shinano-common: Fix last camera denials
Change-Id: Ibf96ebf0a136ffa40be85369896f57645c24157c
|
