summaryrefslogtreecommitdiffstats
path: root/common
Commit message (Collapse)AuthorAgeFilesLines
* common: Move aux camera whitelist prop to vendorHEADlineage-17.1dianlujitao2020-06-162-2/+3
| | | | | | | * Conflict with pre-Q CAF vendor policy thus prebuilt vendor devices fail to boot. Change-Id: Ie6a6a72b084ef40595dbae3eb591b79b607d0f40
* lineage: sepolicy: Label legacy GNSS serviceArne Coucheron2020-05-261-0/+3
| | | | Change-Id: I295489a1a013d181f75602c7c4ac2f4c9f555e4a
* common: Expose aux camera {black,white}list propsdianlujitao2020-05-141-0/+3
| | | | Change-Id: I8f6d2fcd498ed78d8404451b33ba830381c36061
* Revert "Label lineage.service.adb.root as system prop"Bruno Martins2020-05-141-1/+1
| | | | | | | | This reverts commit a60a7e79b6d452ddc19dc6529f9d90411e28528d. Reason for revert: Standard adb root prop is being used again. Change-Id: Ic1e2ee66141301ce9e0de9364b615a20e2a1ec65
* sepolicy: add hal_lineage_powershareLinux42020-04-257-0/+20
| | | | Change-Id: I2ed2d8c1c8ac03c33900d83802e8a981785e6406
* sepolicy: allow adbroot service to change adb root statusAlessandro Astone2020-04-191-0/+3
| | | | Change-Id: Ica070f35ef0e741e37a5f5425ff759eda5401055
* Revert "common: Allow adbd to set a system_prop"Alessandro Astone2020-04-191-2/+0
| | | | | | This reverts commit 75c6cf913a9c42218ee63c4b4626f95f7666cdb2. Change-Id: I0a5ec7e64ee5bf9cf65213dcb23aa63e75134f16
* lineage: Assign bash the same label as the default shellBruno Martins2020-04-191-0/+3
| | | | | | | This way we avoid duplicating existing rules just for bash to work properly when set as the default shell. Change-Id: Ifcd8271b1e2edf80ba0dd8f1344e09b5e9d10786
* sepolicy: recovery: fix neverallowsAlessandro2020-04-131-1/+1
| | | | | | | | * allow recovery block_device:blk_file { rename }; We don't really need rename so expand create_file_perms into just what we need Change-Id: I5552df47a8858eda875b93f910dbeb519f2b1c2d
* sepolicy: recovery: allow reading fbe key versionAlessandro2020-04-131-0/+3
| | | | | | * We use this to detect fbe encryption Change-Id: I29355790068b78437aba11390bdf3efd22e229bc
* sepolicy: recovery: allow mounting of internal storageAlessandro2020-04-131-1/+4
| | | | Change-Id: I93baf0d9ce9348d59dee2bd4ef764ed8386fabb7
* sepolicy: recovery: allow mounting of usb storageAlessandro Astone2020-04-131-0/+2
| | | | Change-Id: Ide51c085b1e697044e1fbb00eab6fa7d78cb9ff0
* sepolicy: recovery: Allow volume manager write to /sys/*/ueventMichael Bestas2020-04-131-0/+1
| | | | Change-Id: I7f9e4d07fc28f48817618a784317fe239a39a41a
* sepolicy: recovery: Add policy for /dev/block/volmgrMichael Bestas2020-04-131-0/+1
| | | | Change-Id: I73b60f4d6d38e6b8f0749a43c75744d471c7ce32
* sepolicy: recovery: Fix the volume manager blkid.tab denialAdrian DC2020-04-131-0/+1
| | | | | | | | | * denied { link } for pid=573 comm="recovery" name="vold_blkid.tab" dev="tmpfs" ino=20425 scontext=u:r:recovery:s0 tcontext=u:object_r:tmpfs:s0 tclass=file Change-Id: I0b3e47dd00c5a32261691f51838a8d9af9778faa
* sepolicy: recovery: Allow reading proc_filesystemsMichael Bestas2020-04-131-0/+1
| | | | | | * For volume manager Change-Id: I7bab9804c8e05f9ec14cc3179cb72afb4ecf514b
* sepolicy: recovery: Add policy for volume managerAlessandro Astone2020-04-131-0/+3
| | | | | | | | | | | Fixes: avc: denied { read } for pid=573 comm="recovery" scontext=u:r:recovery:s0 tcontext=u:r:recovery:s0 tclass=netlink_kobject_uevent_socket permissive=1 which in turn fixes reboot Change-Id: Ie28453602be3b5c3c4064057f5f071ee7508d316
* sepolicy: New type sdcard_posix for labeled filesystemsTom Marshall2020-04-072-0/+5
| | | | | | | | | | | | | | * Need this because sdcard_external is an alias for vfat Change-Id: I804ebb0fcf643d603b1a02ee7a54e6d5b6b46294 sepolicy: allow vold to mount ext4 sdcard * Originally in 9a19f575a4c991bf2d7bc2f8f980909910ee4cce vendor/cm Change-Id: Id95e48d2380aa7a6727be765e3a52ee49d814bcb Change-Id: I804ebb0fcf643d603b1a02ee7a54e6d5b6b46294
* lineage: Introduce a new flag to exclude fuseblk sepolicytheimpulson2020-03-302-0/+8
| | | | | | | | | | Some QCOM and Almost all MTK devices ship fuseblk sepolicy on vendor partition. When using a prebuilt vendor.img, this causes conflicts with our fuseblk sepolicy, which prevents the device from booting. To remedy this, allow excluding fuseblk sepolicy at build time. Signed-off-by: theimpulson <aayushgupta219@gmail.com> Change-Id: I938a14ada3bb9b6ffa20bb27c15adae3e493b98c
* sepolicy: Add rules required for TARGET_HAS_LEGACY_CAMERA_HAL1Bruno Martins2020-02-261-0/+3
| | | | | | Change-Id: Ibb700942ef0c383faad7b6bf461206a957bd409c Co-authored-by: Adrian DC <radian.dc@gmail.com> Co-authored-by: Arne Coucheron <arco68@gmail.com>
* sepolicy: Nuke sdfat from genfsErfan Abdi2020-02-261-1/+0
| | | | | | * To avoid duplicate with samsung vendors Change-Id: I5ab6c671972aa90d67bf858131d001f317b6641a
* gallery_app: Allow binder call with gpuservicePIPIPIG2336662020-02-191-0/+3
| | | | | | avc: denied { call } for scontext=u:r:gallery_app:s0:c512,c768 tcontext=u:r:gpuservice:s0 tclass=binder permissive=0 app=com.android.gallery3d Change-Id: Icfc215ab0ce77a551ef81b90936c9858aaded03d
* snap_app: Allow binder call with gpuservicePIPIPIG2336662020-02-051-0/+3
| | | | | | avc: denied { call } for scontext=u:r:snap_app:s0:c512,c768 tcontext=u:r:gpuservice:s0 tclass=binder permissive=0 app=org.lineageos.snap Change-Id: Icb3f08c65776fdd51fb6919bda7cc3ec3685ac9c
* sepolicy: Label ro.telephony.use_old_mnc_mcc_formatLuK13372020-01-141-2/+3
| | | | Change-Id: I7f77ef85f5dd3fd9639bfd2cf16328486b82b392
* Move lineage framework service declarations to privatelineage-17.0dianlujitao2019-12-292-7/+7
| | | | Change-Id: I22a3e074b373ff98e5914001a4cf56f17df981ce
* Remove Style API related rulesBruno Martins2019-11-233-3/+0
| | | | | | | | Styles API was removed from the SDK, therefore the rules are deprecated. This reverts commits 8290552 and a14df93. Change-Id: I02cba8f377c952a796df8a2b9d27f397721c2341
* sepolicy: Label and address Trust's system variant denialstheimpulson2019-11-163-1/+9
| | | | Change-Id: I33e3320da346e83b3c74e5631c20f556bd202c2b
* sepolicy: Move hal_lineage_livedisplay_sysfs rule to proper locationRashed Abdel-Tawab2019-11-141-1/+0
| | | | | | | | * hal_lineage_livedisplay_sysfs specific rules belong to hal_lineage_livedisplay_sysfs.te, not hal_lineage_livedisplay.te. Change-Id: I7d180c701c0573cf7fffa9f14be74cdb7066cd54
* sepolicy: allow sysfs livedisplay hal read privs to sysfs_graphics dirsDan Pasanen2019-11-131-0/+1
| | | | | | * Everyone's including this in their device trees anyway Change-Id: I35812c0f00df372cf13a1cefba3fa79a6aff72b6
* sepolicy: Allow Snap to execute bccLuK13372019-11-091-0/+3
| | | | Change-Id: Ib4f9325076019683289f89ea4261fef74a724ed0
* Add adb_root rulesLuca Stefani2019-11-037-0/+23
| | | | Change-Id: Ibfd8f9ca6a3ac0a1a3ed46024ae5782fab1c3470
* Kill su and sudaemonLuca Stefani2019-11-032-75/+0
| | | | | | * They're being dropped Change-Id: Id27a548c8210146835c02f718305160f68cd0212
* Kill sysinitLuca Stefani2019-10-234-20/+0
| | | | Change-Id: I9af50a8d2b6a07e44edde4836a294cedcaa61119
* sepolicy: Make recovery permissiveLuca Stefani2019-10-233-54/+0
| | | | Change-Id: I4a2596dc75088c5bcc72786bb68f994222e31912
* sepolicy: Allow uncrypt to open OTA package as rwLuca Stefani2019-10-101-0/+2
| | | | | | * Needed after I4896ecbe0fc04374e01d006b1c8acdb932e5d16d Change-Id: If15275e138f56a0d99cc91b772c713a705edc3df
* lineage: Label our legacy Wi-Fi serviceBruno Martins2019-10-051-0/+3
| | | | Change-Id: Iacd51e5b9fee1e796f00f4cef9308019a5d470c4
* sepolicy: Drop fsck.exfat labelLuK13372019-09-181-1/+0
| | | | | | * Already labeled in system/sepolicy Change-Id: Ie0161ed7a07e71c6a27a326045fd8a2a2bb15a62
* sepolicy: Mark mkfs and sysinit as system_file_typeLuK13372019-09-122-2/+2
| | | | Change-Id: I802fa29890ab867f152e8c3ee8e74c0823c88094
* sepolicy: Actually remove sepolicy for lineagehwBruno Martins2019-09-061-2/+0
| | | | Change-Id: I4348a1d629059b6d374c3a7dd8a1653b92e4e472
* sepolicy: Add hal_lineage_fod domainLuK13372019-08-247-16/+36
| | | | Change-Id: I067ead0c2f60493a974bc220b67d7039acea4823
* lineage: Guard neverallowed policy for system_file with userdebug/engNolen Johnson2019-07-301-0/+2
| | | | Change-Id: I8761fd7737126dab7cf0748d3f9f46fcd83c660f
* sepolicy: Add hal_lineage_camera_motor domainLuK13372019-07-126-0/+15
| | | | Change-Id: I02caf9ef3e8786b27ae4517533c3df44437b0015
* sepolicy: Dontaudit sysinitJan Altensen2019-07-021-0/+5
| | | | | | | | | * These are neverallows * We are running sysinit as permissive anyway -> Get rid of them from everyone's logs Change-Id: I29a8eeeb81f068a9766b550d4967d7998205535e
* sepolicy: Break livedisplay hal policy into impl independent onesdianlujitao2019-06-154-14/+9
| | | | | | | | * LiveDisplay has different backends (QDCM, sysfs, etc.). QDCM impl doesn't use sysfs, sysfs impl doesn't use QC display service and vice versa, so don't abuse the "default" policy. Change-Id: I87725a091ebe5db5beeb1619ce4daaac9636d808
* sepolicy: Move power hal service label to dynamicdianlujitao2019-06-152-1/+1
| | | | Change-Id: Ibad7c3a88e876006ac88933b894050b045c847b0
* sepolicy: Move touch hal policy to dynamicdianlujitao2019-06-155-5/+5
| | | | Change-Id: I7beb51197b6049133b4385ef344e21fbf2de1ea0
* sepolicy: Move livedisplay hal policy to dynamicdianlujitao2019-06-1513-24/+25
| | | | Change-Id: I7d7b932688d95fc397576e74bc1ff434395ec663
* sepolicy: Dynamically build trust policy into system/vendordianlujitao2019-06-1510-6/+16
| | | | | | | | | | | | * Introduce a new board flag TARGET_USES_PREBUILT_VENDOR_SEPOLICY and a sepolicy variant: dynamic * When TARGET_USES_PREBUILT_VENDOR_SEPOLICY=true, dynamic act as private policy, and vendor policy is excluded in order to avoid conflicts (it's not integrated to final builds anyway). When the flag is not set, dynamic acts as vendor policy to survive from system image change i.e. GSI installation. Change-Id: I8bfd078d6064616c88e2c58a9fa3aa045dddf303
* sepolicy: allow recovery to setenforceAlessandro Astone2019-05-051-0/+5
| | | | Change-Id: Ie33b247180116e8bc40c29884bc6734d8b1a54b2
* sepolicy: recovery: allow reading fbe key versionAlessandro Astone2019-03-291-0/+3
| | | | | | * We use this to detect fbe encryption Change-Id: I29355790068b78437aba11390bdf3efd22e229bc
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 16:16:40 +0000