Age | Commit message (Collapse) | Author |
|
Change-Id: Ife08e9c41024331ca190ff6612ae8be5764a4ceb
|
|
Already defined in device/aicp/sepolicy
|
|
... The policy file was missing from commit
https://github.com/omnirom/android_device_sony_shinano-common/commit/c9d825a67a3074f100a9c8486a1acdedccdbbb78
Change-Id: I530e10c1a4e41d718cf2f80f3fb91e07579c63b5
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
Change-Id: Id6dd04a1c7c5fa5ce6d0158ace578c614c0e1639
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
* Grand access to qseecomd.
* Grant access to bluetooth properties.
Change-Id: Iacd41d8c313e1137c66e76da2ee2c4db7b3f4883
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
I mlog_qmi_servic: type=1400 audit(0.0:37): avc: denied { create } for scontext=u:r:mlog_qmi:s0 tcontext=u:r:mlog_qmi:s0 tclass=socket permissive=1
Change-Id: Ic659f526a436afd4509dea0a3780aa38f78b4875
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
Change-Id: I553837282f0a785162b7799b65a3a6b2d406599f
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
* Label FW path (for the communication with the kernel).
* Allow the HAL (Treble) service to read the FW files.
Change-Id: I50c43882bf1837e87cc4609de74caf4ed7aa78c5
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
* In order to be compliant with the proprietary file locations,
adjust the path to the binaries in the init files. The blob
binaries have been moved from "/system/bin" to "/system/vendor/bin"
* The idea behind the move is to profit from qcom's sepolicy
file labelling.
Change-Id: I78b96730638258ffd54640f7951ceebc7f503fc4
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
* Create socket perms for the own socket.
* Allow access to qseecom.
Change-Id: Ifbd5f08f1d9bbbadc3ba94ad79d1e8f7f5286635
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
* Define the ioctls and grant access to the socket.
* Allow access to qseecom socket.
* Label adsprpcd service appropriately.
Change-Id: I4a0ccd322b16c30e7f10dccc1278ed17507d56e2
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
Change-Id: Ie7d708e2457928de0fe2e75054bda0dc3d66afa6
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
Change-Id: Ia33c2b403922198847da9773c0cf1c02e2c62597
|
|
Adds a list of ioctls, which are emitted by the UIM service. This
service setups the broadcom BT/FM driver.
Change-Id: Ib37674796a5e2d677a4bb3f596110f906f290b74
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
|
|
Change-Id: Ie6d0fdba3a2c06e5d2852a41c0c84ca1f65f7b07
|
|
* A new way exist for ioctl management.
Remove all old refs.
Change-Id: I52f9c0e8f115ea26e22a93566c24cbd8a7b3a58f
|
|
Change-Id: I413e7dc177b0f47742c9ac4ab032cc61a490d573
|
|
Change-Id: I270a673ac8c13dd192799e2513ec377919653458
Signed-off-by: Nikhil Punathil <nikhilpe@gmail.com>
|
|
|
|
|
|
- Fix symlinking and reading denials for iddd and credmgrd
Change-Id: I786301f2cb4f2aaa76e8f5b96a036ada0563463b
|
|
avc denied {read} for name="u:object_r:ta_prop:s0" dev="tmpfs" ino=7216
scontext=u:r:rild:s0 tcontext=u:object_r:ta_prop:s0 tclass=file
permissive=0
avc denied {open} for name="u:object_r:ta_prop:s0" dev="tmpfs" ino=7212
scontext=u:r:rild:s0 tcontext=u:object_r:ta_prop:s0 tclass=file
permissive=0
avc: denied {getattr} for pid=403 comm="rild" path="/dev/__properties__/
u:object_r:ta_prop:s0" dev="tmpfs" ino=9225 scontext=u:r:rild:s0
tcontext=u:object_r:ta_prop:s0 tclass=file permissive=0
Change-Id: I4fa966bfe7fdb97fe3123e0915f74f7843534979
|
|
Fixes the denial:
avc: denied { append } for pid=327 comm="credmgrfirstboo" name=
"credmgr.log" dev="mmcblk0p24" ino=12 scontext=u:r:credmgrd:s0
tcontext=u:object_r:cache_file:s0 tclass=file permissive=0
Also fixes issue with camera not working on first boot on aries.
Change-Id: I726ff6a30745929f01f62d8504e0e0621e414ad7
|
|
Change-Id: I6e93799b92a66b514da186b249155795408b2e08
|
|
* The auto backup at 3.AM fail because of missing permissions.
Change-Id: I8db1471e7a7dd1426ebbf3a5269b35d30d215e75
|
|
* Credmgrdinit script had some mistakes. Adjust
policies according to the new changes.
Change-Id: I6e865f756225a1d8decdbc1833123dced27e75de
|
|
Change-Id: I078576ec339adcf935b47034f6c5faed429339f5
|
|
* No policies added or removed, only moved between
files to improve se linux management.
Change-Id: Ifa7cb9ce84f75c99f2d96dd0a71ced26f2580ba9
|
|
Change-Id: I1bdee42245e2cbf22ff030e0879064880ba90c0c
|
|
from logcat:
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:7): avc: denied { unlink } for name="log" dev="mmcblk0p24" ino=6403 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:8): avc: denied { unlink } for name=".version" dev="mmcblk0p24" ino=6404 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:9): avc: denied { unlink } for name="recovery.fstab" dev="mmcblk0p24" ino=6405 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:10): avc: denied { unlink } for name="storage.fstab" dev="mmcblk0p24" ino=6406 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:11): avc: denied { unlink } for name="intent" dev="mmcblk0p24" ino=6408 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 21:05:50.971 E/SELinux (317): avc: denied { find } for service=account pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:account_service:s0 tclass=service_manager permissive=1
04-03 21:05:50.973 E/SELinux (317): avc: denied { find } for service=user pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:user_service:s0 tclass=service_manager permissive=1
04-03 21:05:50.973 E/SELinux (317): avc: denied { find } for service=package pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:package_service:s0 tclass=service_manager permissive=1
Change-Id: If600b150dd004a5f7fb5336b1ab6b76e2a6ec5b3
|
|
when it is set to enforced (from logcat and dmesg):
04-01 22:29:40.566 W/macaddrsetup(362): type=1400 audit(0.0:302): avc: denied { dac_override } for capability=1 scontext=u:r:addrsetup:s0 tcontext=u:r:addrsetup:s0 tclass=capability permissive=0
04-01 22:31:46.119 W/credmgrd(333): type=1400 audit(0.0:380): avc: denied { search } for name="suntory" dev="tmpfs" ino=6960 scontext=u:r:credmgrd:s0 tcontext=u:object_r:suntrold_sock_socket:s0 tclass=dir permissive=0
04-01 22:31:46.123 W/credmgrd(333): type=1400 audit(0.0:381): avc: denied { search } for name="/" dev="tmpfs" ino=7367 scontext=u:r:credmgrd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0
04-01 22:31:41.186 W/iddd (12977): type=1400 audit(0.0:378): avc: denied { search } for name="/" dev="tmpfs" ino=7367 scontext=u:r:iddd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0
04-01 22:31:46.249 W/scd (13064): type=1400 audit(0.0:382): avc: denied { getattr } for path="/dev/socket/scd/scd.sock" dev="tmpfs" ino=9384 scontext=u:r:scd:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0
04-02 01:54:06.328 W/scd (7200): type=1400 audit(0.0:47): avc: denied { remove_name } for name="scd.sock" dev="tmpfs" ino=8437 scontext=u:r:scd:s0 tcontext=u:object_r:socket_device:s0 tclass=dir permissive=0
04-02 02:36:47.050 W/scd (6544): type=1400 audit(0.0:53): avc: denied { unlink } for name="scd.sock" dev="tmpfs" ino=8369 scontext=u:r:scd:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0
04-02 03:09:36.677 W/scd (7902): type=1400 audit(0.0:72): avc: denied { search } for name="scd" dev="mmcblk0p25" ino=382769 scontext=u:r:scd:s0 tcontext=u:object_r:scd_data:s0 tclass=dir permissive=0
04-02 03:42:10.207 W/excal:HalCtrl(6497): type=1400 audit(0.0:16): avc: denied { write } for name="current1" dev="sysfs" ino=19887 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
[ 29.029135] type=1400 audit(7343886.976:11): avc: denied { search } for pid=365 comm="mm-qcamera-daem" name="etc" dev="mmcblk0p25" ino=716673 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:ta_data_file:s0 tclass=dir permissive=0
[ 27.905847] type=1400 audit(7343885.850:6): avc: denied { search } for pid=254 comm="wvkbd" name="suntory" dev="tmpfs" ino=7537 scontext=u:r:wv:s0 tcontext=u:object_r:suntrold_sock_socket:s0 tclass=dir permissive=0
04-02 13:20:48.566 W/excal:ExposureC(7212): type=1400 audit(0.0:18): avc: denied { search } for name="battery" dev="sysfs" ino=18957 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=dir permissive=0
04-02 14:03:30.945 W/excal:ExposureC(6244): type=1400 audit(0.0:14): avc: denied { read } for name="voltage_now" dev="sysfs" ino=18973 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=file permissive=0
04-02 14:35:55.034 W/excal:ExposureC(6197): type=1400 audit(0.0:17): avc: denied { open } for name="voltage_now" dev="sysfs" ino=18870 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=file permissive=0
04-02 15:05:29.858 W/excal:ExposureC(5947): type=1400 audit(0.0:15): avc: denied { getattr } for path="/sys/devices/qpnp-charger-14/power_supply/battery/technology" dev="sysfs" ino=18969 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_battery_supply:s0 tclass=file permissive=0
04-02 17:38:33.610 W/Binder:5021_3(5299): type=1400 audit(0.0:11): avc: denied { read } for name="/" dev="tmpfs" ino=6614 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
04-02 18:27:24.996 W/Binder:5251_1(5266): type=1400 audit(0.0:13): avc: denied { open } for name="/" dev="tmpfs" ino=7203 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
Change-Id: Ifbc5ef57cadea4d3f35d52dce23c1b56966bd981
|
|
Change-Id: I542625f5be637dbad4a40498eca69bfec0fe8ab1
|
|
Change-Id: If833437e19f05e24a448caec9c7e569d34ba6c82
|
|
Change-Id: I0b85560bb56beee0d21751fe55587c2de4b8ff00
|
|
|
|
Change-Id: I0e726ca654ac6758569b6c754461872dcc9e60c0
|
|
|
|
Change-Id: I6f81296829673f66bcb27f444945b9bddd54929c
This fixes random mac adress at boot
|
|
Change-Id: I2ca85cd2c555b74f8de63c05e1e6dd2cc292dac9
|
|
Change-Id: Ie6504c205fa9fbe54803331f5f40c765ace1a1e8
|
|
Change-Id: Ife9e06092421bffc0b77ef38b68df3196938f788
|
|
Change-Id: Idc6306fc79c34969fbb84dab87c42d4305169037
|
|
Change-Id: Icfc6a998c6c5615351ed59111284858b9f27893c
shinano-common: Rework credmgrd sepolicies
Change-Id: Id922021b05ed0313b5cd7e506641632277a82105
shinano-common: Fix last camera denials
Change-Id: Ibf96ebf0a136ffa40be85369896f57645c24157c
|
|
Change-Id: I62e1e9b87e48b0f5d436ef44bb816eedf5328347
shinano-common: Solve camera services denials
Change-Id: I36479598ada099da4949d999f7485b69ccd59c19
|
|
Change-Id: If920b5e5265aca89020bd000904d586cd879cc85
|
|
Change-Id: Id559336a2e89951c1c17f7e9bce5b0c23ce162b9
|
|
Change-Id: I38050b1701c4bf3ee3929c17a1e8dad849b9e815
|
|
[ 975.964842] type=1400 audit(1446642899.043:386): avc: denied { net_bind_service } for pid=9887 comm=mlog_qmi_servic capability=10 scontext=u:r:mlog_qmi:s0 tcontext=u:r:mlog_qmi:s0 tclass=capability permissive=0
[ 980.851345] type=1400 audit(1446642903.923:387): avc: denied { net_raw } for pid=9916 comm=mlog_qmi_servic capability=13 scontext=u:r:mlog_qmi:s0 tcontext=u:r:mlog_qmi:s0 tclass=capability permissive=0
Signed-off-by: Humberto Borba <humberos@gmail.com>
Signed-off-by: Julien Bolard <jbolard@genymobile.com>
Change-Id: If7e31433325dd607877bd5110a8936024584ff28
|
|
Change-Id: I7e5db804524dca6cb3da52d3997525911dac66f7
|
|
Change-Id: I698f56bca42ffef6e83f46dbdf6e8b798267028a
|
|
Change-Id: Ib7d69d95adbef765429a7ba9f7112b6296bc6f1b
|
|
Change-Id: I42971cd8dc77655c066aabfb198b7eac033cd484
|
|
All Z3 series need this service to keep modem alive
Change-Id: Iba8ac16083d878a9a9864472d350ee4868f20c6a
|
|
Change-Id: Ie58527ef6ca5b9aed48e68d0ec74a6453b3b4643
|
|
This partially reverts commit 21ae2255e1cd2e17a4b9e7766aa1f86eec2f18a6
Change-Id: Ic4e063ef166466843f2f0708c6531cf68c7074ef
|
|
Change-Id: I312eb2c2eec3787809a9aff767cca24c6695bdcf
|
|
based on rhine-common 7e2a33e
|