| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
* This comes up when switching gnss to hwbinder
* Mimic the old location rule to resolve the denial
Change-Id: I118ac5fad75f7ab02ccf4a728c2bc67a9eb57752
|
|
|
|
|
|
| |
* more than just legacy needs this
Change-Id: Id345d69835f495d9ca6813d6ea55433631e53c97
|
|
|
|
|
|
|
| |
* This adapts rule added in commit 710d097, as required after
https://github.com/LineageOS/android_device_lineage_sepolicy/commit/e61f6cdc33cbaa181790a4bc0e0d9ffff3b6fe2b
Change-Id: I617d65d348b70174a8c0308332f50992f09ecd13
|
|
|
|
|
|
|
|
|
|
|
| |
* fixes the following denial
mm-qcamera-daem: type=1400 audit(0.0:15): avc: denied { use } for path="anon_inode:dmabuf"
dev="anon_inodefs" ino=5959 scontext=u:r:mm-qcamerad:s0
tcontext=u:r:platform_app:s0:c512,c768 tclass=fd permissive=0
BUGBASH-2287
Change-Id: I9a4af24d3c4bfafb29b029ead90681bfc370f280
|
|
|
|
|
|
|
| |
* Remove rules that cause build breakages
Change-Id: Iaefab105ed52178f3c7d356aa2782147df8d2fbf
Signed-off-by: Marco Zanin (B--B) <mrczn.bb@gmail.com>
|
|
|
|
| |
Change-Id: I7fe1bfd28117dc61354e65cf4c3ea2ff9880ae0a
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Addresses the following errors caught in a log:
E ANDR-PERF-TARGET-INIT: Inside InitializeTarget
W vendor.qti.hard: type=1400 audit(0.0:12): avc: denied { write } for name="property_service" dev="tmpfs" ino=14909 scontext=u:r:hal_perf_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W vendor.qti.hard: type=1400 audit(0.0:13): avc: denied { write } for name="property_service" dev="tmpfs" ino=14909 scontext=u:r:hal_perf_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W libc : Unable to set property "ro.min_freq_0" to "384000": connection failed; errno=13 (Permission denied)
W libc : Unable to set property "ro.min_freq_4" to "384000": connection failed; errno=13 (Permission denied)
Change-Id: I6de28c23fdb816faad0eaf45e8f4d793865d6eea
|
|
|
|
| |
Change-Id: I925ef41fa713e829b932cc502a6820ad9f8e3037
|
|
|
|
|
|
|
|
|
| |
* Turns out we need to use init.qcom.bt.sh instead of
running hci_qcomm_init directly, as that causes BT
to take longer than 10 seconds to enable on first time
it's enabled after boot
Change-Id: I0ee4a645d3828429b2deb0464f78090f49c9eb7b
|
|
|
|
|
|
| |
* Codeaurora strikes again with a wrong regex
Change-Id: Id1be8ab8c264f05d3c1ddd3c622495a220fd074f
|
|
|
|
|
|
|
| |
* Label additional nodes and add it as common rule, since it doesn't
apply only to msm8953.
Change-Id: I42b329d782795feed776b09d5c12d89be9bac868
|
|
|
|
|
|
| |
Do u even regex, br0?
Change-Id: If907448d394f967268c9f72051bec5a47220087b
|
|
|
|
| |
Change-Id: Ibff5485fcaebc181d9aa17fcea38cf4ae3146193
|
|
|
|
| |
Change-Id: I35e8bbffb44626c95f3d59adb4d97bc07da043a4
|
|
|
|
|
|
| |
* Partial cherry-pick of commit 3aaeeceb270dc6c8af8dd9a95fa8b9e33097ff50
Change-Id: Ifa500ca57dc71831074a39fb5b05246c12cd0d4c
|
|
|
|
| |
Change-Id: I3a9d988f75f64b45d1abb952b771a7e9bb30cac8
|
|
|
|
| |
Change-Id: Ibef3bd2704b8edbefb90085c7c246ab832646300
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certain perfd optimizations depend on this ability.
Change-Id: Ib994cf879db73c02d8c79c8b7e6a8a855496c6be
sepolicy: perfd: fix signull permission
Commit 1a20a7fbc2 ("sepolicy: perf: allow checking for existence of
other processes (signull)") was implemented incorrectly. It granted
perfd only permissions to signull itself, not other processes. Fix
this, granting signull permissions to all processes by using the
'domain' attribute.
Change-Id: I5ea7c543ba5854550bb020382b43368d75244f32
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qcom sepolicy only covers bt_qca6174, while our devices
uses bt_qca6174.91.
Label using a regex to make sure every case is covered.
This fixes the following denial.
avc: denied { write } for comm="hci_thread" name="state" dev="sysfs" ino=17919 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file
And should also fix bluetooth.
Change-Id: Ice453dee8750e6c9ca6b1fe6cb20709c39958c7e
|
|
|
|
|
|
| |
* Label as sysfs_graphics like non-legacy sysfs
Change-Id: Iadccb98b26cc704e84ff4c85ee3eadc2fcc95f0c
|
|
|
|
| |
Change-Id: Ia282fc2cb3e70b407a5c7a0b045a4cb68dc80188
|
|
|
|
| |
Change-Id: If5cd58caad0c4f084764f21ab1fbb5c5b11be371
|
|
|
|
| |
Change-Id: I3d3c1c2d0c04f8dc77037cbf47ce7b1452fe8c33
|
|
|
|
|
|
|
| |
msmpeafowl: sdm670
msmskunk: sdm845
Change-Id: I1c71c14af53123cc7852cd7948ee66575323d239
|
|
|
|
| |
Change-Id: I44dcf57ec36e3ecd0674d84f8fe1f8a98ee71d28
|
|
|
|
| |
Change-Id: I9b5f18936b3b7dc362b81750b24af41810ea847e
|
|
|
|
| |
Change-Id: I11b65ea2a853b7b71652ef8bc4447bc554a8393a
|
|
|
|
| |
Change-Id: Id29dbfe25a979ff8257ba5f4f6fe94ec2c2b471c
|
|
|
|
| |
Change-Id: Ibf48ea3a61e3ff08feb2e24287dee39d2ebe3889
|
|
|
|
| |
Change-Id: I9a65a68b0de351cd072a4aa4b66f78a7b082d354
|
|
|
|
| |
Change-Id: I1696d40518a6193a335e4930e5b576b7dda86f0d
|
|
|
|
| |
Change-Id: If569ce1cb560a19123b1b7bfae5e10e653825f35
|
|
|
|
|
|
| |
* msm8916 perfd wants to write to "max_pwrlevel"
Change-Id: I86e9f7ac7cc82f3d8605d215aa39171b385ecc61
|
|
|
|
|
|
| |
* We applied this for mpdecision, perfd needs it too
Change-Id: Ib43f7575cefdeddcc02a3a6240c6f38aef18300d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hal_gnss_default uses data services API's to use data related
functionality for SUPL/E911 call. This was internally using
internet datagram sockets for IOCTL calls to retrieve interface
name leading to this denial. Since HAL is not supposed to have
this permission, use netlink route sockets instead to achieve
this functionality.
Fixes the following denial -
audit(0.0:94): avc: denied { create } for comm="Loc_hal_worker"
scontext=u:r:hal_gnss_default:s0 tcontext=u:r:hal_gnss_default:s0
tclass=udp_socket permissive=0
BUG:37730994
Change-Id: If358032ffcf870747d6bca4fa50fb45214d70f8c
|
|
|
|
|
|
| |
* They are harmless
Change-Id: Idb7947558a8af876e93fa02168da144d9373c9c9
|
|
|
|
|
|
| |
Adding context to boot, recovery, cache and system block device
Change-Id: I5604c5ab842483760947d6fcb348d0723c9908b1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add rule to allow mm-qcamera daemon to import the fd which
is allocated in app's context.
Change-Id: Icdc13cf34cef98a2529b79ee61900b5130585b0d
sepolicy: Allow camera daemon to access priv_app buffer.
Add rule to allow mm-qcamera daemon to import the fd which
is allocated in app's context. This is required for VT call
camera preview to work.
Change-Id: Iea4d82a44f42715ca888960549494e788dd99563
CRs-Fixed: 2133945
[mikeioannina]: Move to common sepolicy
Change-Id: I6e1c48df94b31132f5b1f9afa3a07ccc3c4aab4d
|
|
|
|
|
|
|
| |
* The props are already set using set_prop,
remove useless unix_socket_connect
Change-Id: Ib27edc72e678bd4fc1a0d6f336be5020b0757673
|
|\
| |
| |
| |
| |
| | |
https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD
"LA.UM.6.6.r1-07200-89xx.0"
|
| |\
| | |
| | |
| | | |
Change-Id: I47b8996b7913f264864ecc9c0e69194390b7b01d
|
| | |\ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since ImageFv is now an upgradable A/B partition,
adding appropriate selabel to it. Even though this
partition is added to sdm845 presently, assigning the
label to all targets, so that OTA won't be broken
if/when ImageFv partition is added in other targets.
Change-Id: I188edb41aeb86945277d1ab4fabb885678c2a4ed
|
| | |/
| | |
| | |
| | |
| | |
| | | |
Add qmmf webserver and corresponding permissions
Change-Id: I85e0bb7be9a30992d8ff565a9cfc2f839e09f957
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD
"LA.UM.6.4.r1-07600-8x98.0"
|
| |\ \ \
| | | |/
| | |/|
| | | | |
Change-Id: Ic4f826280c302fad5805d9b5873c1ab4e9ec5f5b
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adding rule for radio daemon to access perf hal
Change-Id: Ib805d97363d697bd49434364ea77d475c0a91542
|
| | |\ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Instead of using sp_keymaster for SSR notifications, we'll
use a dummy channel - spdaemon_ssr.
Change-Id: If6e83d470b7bf437f9935c9953a5fbc8bfe6e452
|
| | |\ \ \ |
|