psmattas/device_oneplus_sm7250-common
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
819 Commits 1 Branch 0 Tags
1add6a0350f79a4c4970eae10042eb89303cf1a6
Commit Graph

134 Commits

Author SHA1 Message Date
Sandeep-FED
53550a2c1b sm7250-common: cleanup some sepolicy 
Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
 2023-01-05 22:47:16 +05:30
Keertesh
c13e9f282a sm7250-common: SEPolicy: Address denial for hal_fingerprint_default 
*W HwBinder:1461_1: type=1400 audit(0.0:546): avc: denied { write } for name="touch_hold" dev="proc" ino=4026534068 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0
 2023-01-05 22:46:01 +05:30
Keertesh
abd911b9c0 sm7250-common: SEPolicy: Cleanup 
*throws errors

Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
 2023-01-05 22:45:47 +05:30
aswin7469
0bc8972eea sm7250-common: rootdir: cleanup unused oneplus stuffs 
* im sorry custom kernels

Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2023-01-05 22:30:20 +05:30
Juhyung Park
cdc530b446 sm7250-common: sepolicy: label /proc/sys/vm/rswappiness 
My kernel uses rswappiness

Change-Id: I3894163a83da0981c7ca4c214375bee4bc4912fd
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2023-01-05 22:25:28 +05:30
aswin7469
b01c825b8f sm7250-common: allow hal_sensors_default to access QCOM diag port 
* denied { read write } for name="diag" dev="tmpfs" ino=26705 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:vendor_diag_device:s0 tclass=chr_file permissive=0

Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2023-01-05 22:25:01 +05:30
Kevin F. Haggerty
b5646bb2a9 sm7250-common: Sepolicy: Allow system_app to read /proc/pagetypeinfo 
avc: denied { read } for name="pagetypeinfo" dev="proc" ino=4026543033
scontext=u:r:system_app:s0 tcontext=u:object_r:proc_pagetypeinfo:s0
tclass=file permissive=0

Signed-off-by: aswin7469 <aswinas@pixysos.com>
Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
Signed-off-by: Sandeep P S <sandymankara11@gmail.com>
 2023-01-05 22:24:47 +05:30
Ivan Vecera
bc4bd12a9d sm7250-common: sepolicy allow system_app to access zram sysfs nodes 
04-22 09:15:37.459 19569 19569 I auditd  : type=1400 audit(0.0:570): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0
04-22 09:15:37.459 19569 19569 I auditd  : type=1400 audit(0.0:571): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0

Change-Id: Ide9b1a9488b26fa69e7a2c8e73a8e657c8b28beb
Signed-off-by: Ivan Vecera <ivan@cera.cz>
Signed-off-by: aswin7469 <aswinas@pixysos.com>
Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
Signed-off-by: Sandeep P S <sandymankara11@gmail.com>
 2023-01-05 22:23:40 +05:30
Jaegeuk Kim
c194818165 sm7250-common: sepolicy: Allow ioctl to zram_swap for performance 
This fixes permission denied when setting F2FS_PIN_FILE.

[   46.726131] init: [libfs_mgr]Failed to set pin_file for f2fs: /data/per_boot/zram_swap: Permission denied
[   46.726151] init: [libfs_mgr]Failure of zram backing device file for '/dev/block/zram0'
[   46.726341] type=1400 audit(1601025878.312:17): avc: denied { ioctl } for comm="init" path="/data/per_boot/zram_swap" dev="dm-9" ino=4868 ioctlcmd=0xf50d scontext=u:r:init:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=0

Bug: 169311165
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I982f70556284ac55d659bae6aff93b84d71e67f0
Signed-off-by: aswin7469 <aswinas@pixysos.com>
Signed-off-by: Sandeep P S <sandymankara11@gmail.com>
 2023-01-05 22:21:46 +05:30
Mimi Wu
fa6ee90f23 sm7250-common: sepolicy: Modify sepolicy for toolbox to rm -rf /data/per_boot 
type=1400 audit(1581489923.612:571): avc: denied { getattr } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:572): avc: denied { read } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:573): avc: denied { open } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:574): avc: denied { getattr } for comm="rm" path="/data/per_boot/ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.616:575): avc: denied { write } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:576): avc: denied { remove_name } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.619:577): avc: denied { unlink } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.656:578): avc: denied { rmdir } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I22706c63fb13ea2aae0cd9fe8b92edc578fd459e
Signed-off-by: Mimi Wu <mimiwu@google.com>
Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2023-01-05 22:19:07 +05:30
Mimi Wu
e8c93af4e7 sm7250-common: sepolicy: Add sepolicy for kernel to access /data/per_boot/zram_swap 
type=1400 audit(1581485243.256:88): avc: denied { read } for comm="loop29" path="/data/per_boot/zram_swap" dev="dm-9" ino=9820 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I48d7684ce3b4ca1ada81011b1cab21007c758ba5
Signed-off-by: Mimi Wu <mimiwu@google.com>
Signed-off-by: aswin7469 <aswinas@pixysos.com>
Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
Signed-off-by: Sandeep P S <sandymankara11@gmail.com>
 2023-01-05 22:18:57 +05:30
revolwoc
850517a1cd sm7250-common:address some denials 
Signed-off-by: revolwoc <imsakshisharma04@gmail.com>
Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
 2023-01-05 22:11:07 +05:30
aswin7469
5041396400 sm7250-common: update sepolicy for oneplus cam 
* follow up to dc211612076fc67fc9ec4b90672ed3df9246d997
* update to account for rom side change

Signed-off-by: aswin7469 <aswinas@pixysos.com>
Signed-off-by: Sandeep P S <sandymankara11@gmail.com>
 2023-01-05 22:10:40 +05:30
LuK1337
46aec432c2 sm7250-common: sepolicy: Allow camera to access vendor_xdsp_device 
Change-Id: I59ee2b5a5f37690c2d55f8ee3acb0cdfb127e678
Signed-off-by: c79 <vexed@riseup.net>
 2023-01-05 22:02:12 +05:30
aswin7469
12c9486209 sm7250-common: label more wakeup nodes 
log:

E android.system.suspend@1.0-service: Error opening event_count for wakeup104: Permission denied
E android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup24: Permission denied

Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2023-01-05 21:58:58 +05:30
aswin7469
68031e1fee sm7250-common: include oneplus camera 
Signed-off-by: aswin7469 <aswinas@pixysos.com>
Signed-off-by: Manikantraaavi <raavimanikanta6595@gmail.com>
Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
Signed-off-by: Sandeep P S <sandymankara11@gmail.com>
 2023-01-05 21:56:27 +05:30
alk3pInjection
dce9f79f6b sm7250-common: sepolicy: label new fod status nodes 
* Required for our fod hack.

Change-Id: I999b33ca675da101c58af79dc3b3363594fe25b9
Signed-off-by: aswin7469 <aswinas@pixysos.com>
Signed-off-by: Manikantaraavi <raavimanikanta6595@gmail.com>
 2022-04-08 19:40:01 +00:00
Jake Weinstein
19b73df61d sm7250-common: Set display calibration on color mode settings 
* sRGB on Natural and Boosted
   Unmanaged on Saturated
   P3 on Automatic

Change-Id: Ida1a64ff2ea99973f2e2a0fa7ca062c75b7c4831
 2022-04-01 16:51:29 +05:30
KakatkarAkshay
029bb8b7f2 sm7250-common: sepolicy: Get rid of persist.vendor.bluetooth.a2dp. property context 
Duplicate prefix match detected for 'persist.vendor.bluetooth.a2dp.'
 2022-03-28 23:51:39 +05:30
LuK1337
947995ce82 sm7250-common: sepolicy: Allow camera to access vendor_xdsp_device 
Change-Id: I59ee2b5a5f37690c2d55f8ee3acb0cdfb127e678
 2022-03-28 23:51:39 +05:30
aswin7469
58cd1c84e1 sm7250-common: address denials for gcam 
Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2022-03-28 23:51:39 +05:30
aswin7469
885bb9c7eb sm7250-common: allow nfc data to read write 
Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2022-03-28 23:51:39 +05:30
KakatkarAkshay
f8329112dc Revert "sm7250-common: Enable color mode & set display calibration on color mode settings" 
This reverts commit 84e9206b3a.
 2022-03-28 23:51:39 +05:30
KakatkarAkshay
c39d21ce33 sm7250-common: Remove op1 and op2 partitions 2022-03-07 13:13:47 +00:00
Elektroschmock
4cd0ddca4b sm7250-common: sepolicy: Fix isolated_app denial 
avc: denied { setattr } for comm="CrUtilityMain" name="commands.json" dev="mmcblk0p42" ino=1251111 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="commands.json" dev="mmcblk0p42" ino=1251111 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="f2" dev="mmcblk0p42" ino=1251128 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="f2" dev="mmcblk0p42" ino=1251128 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
Change-Id: I9a70417149c3239b89cc4266942cb3de4da34a4f
 2022-03-07 13:12:29 +00:00
KakatkarAkshay
1bd58ce14c sm7250-common: Address some camera denials 2022-03-07 13:12:29 +00:00
Omkar Chandorkar
35f19a5c38 sm7250-common: sepolicy: allow untrusted_app_29 to access camera prop 
* fixes E/libc    (7181): Access denied finding property "persist.vendor.camera.privapp.list"

Signed-off-by: Omkar Chandorkar <gotenksIN@aosip.dev>
 2022-03-07 13:12:29 +00:00
alk3pInjection
5403ccfd73 sm7250-common: label power_status 2022-02-12 13:21:43 +05:30
chandu078
2d9979e96c sm7250-common: sepolicy: address misc denials 
Change-Id: I78f8f206c8697efddf08474f97e7df039b0d4363
 2022-02-12 13:21:42 +05:30
alk3pInjection
f2ab8f8bbb sm7250-common: sepolicy: Resolve neverallows 
Signed-off-by: alk3pInjection <webmaster@raspii.tech>
Change-Id: Id53185beac0757193d0fc68c76efcfe1279c335f
 2022-02-12 13:21:42 +05:30
jhonboy121
580139f879 sm7250-common: sepolicy: address denials for fp hal 
Change-Id: I69be81a37de6fca38659281ebca490292cb7bbaa
 2022-02-12 13:21:42 +05:30
Inseob Kim
2fb1896b68 sm7250-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Merged-In: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
(cherry picked from commit 44eb8e1f89adf04fd413a69391fd444ba68af742)
(cherry picked from commit 1922128397116d551a663d5344b4456a84bf46eb)
Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2022-02-12 13:21:42 +05:30
Akshay Kakatkar
7cafc897c8 sm7250-common: sepolicy: Comply with VTS vendor isolation 2022-01-05 11:00:41 +05:30
LuK1337
b542d1243b sm7250-common: Adjust for recent tri state key changes 
tri-state-key package has been integrated into KeyHandler app, and
KeyHandler itself no longer needs to be added to lineage-sdk overlays.

Change-Id: I13b8f05e8e0b036c9303a01ec0c7e2d99b6756f7
 2022-01-05 11:00:41 +05:30
TheScarastic
b7ee7e9a4e sm7250-common: Switch to udfps 2021-10-30 18:20:40 +02:00
Michael Bestas
c2b95ec33d sm7250-common: sepolicy: exported2_default_prop -> build_prop 
Change-Id: I535b88b360d3bf6a4487086c15d90a2800667056
 2021-10-18 18:20:58 +02:00
maitreya29
3cb351509c sm7250-common: SEPolicy: Get ro.gfx.driver.1 sepolicy in accordance to master 2021-10-18 18:20:58 +02:00
Chandra Chaganti
e60b2b84df sm7250-common: nuke livedisplay 2021-10-18 18:20:54 +02:00
Jake Weinstein
84e9206b3a sm7250-common: Enable color mode & set display calibration on color mode settings 
* sRGB on Natural and Boosted
   Unmanaged on Saturated
   P3 on Automatic

 * Set color mode to Natural by default

 * Adjust display composition color spaces

Change-Id: If73eafa82395e80acf84445fcab2f1ce25a33e23
Signed-off-by: aswin7469 <aswinas@pixysos.com>
 2021-10-10 15:55:40 +02:00
KakatkarAkshay
830a408488 sm7250-common: sepolicy: Fix some denials 2021-10-10 15:55:40 +02:00
KakatkarAkshay
044a1120f9 sm7250-common: sepolicy: Address NFC Denials 
Change-Id: I67138bb9133d12703445cf3c3010c493eecda1b0
 2021-10-10 15:55:38 +02:00
Chandra Chaganti
424e901ea2 sm7250-common: overlay: enable oem fast charge 
Signed-off-by: chandra <chandra.chaganti@hotmail.com>
 2021-10-10 15:55:37 +02:00
Bruno Martins
46020fe68b sm7250-common: sepolicy: Fix labelling of project_info 
There seems to be a race condition somewhere that prevents
it to be properly labelled, so move to genfs.

Change-Id: Ie2d1deeb19a871eb0b9f5120a92432fda658d725
 2021-09-26 09:22:28 +02:00
LuK1337
10aaf01d9d sm7250-common: Remove wlchgd 
Nords don't have wireless charging

Change-Id: Ifdc76ca918c2e67affa54c3ce61558b65f98558c
 2021-09-26 09:22:28 +02:00
LuK1337
7dd1345dc6 sm7250-common: sepolicy: Drop labels for all socket devices 
These don't exist anymore.

Change-Id: I25e15cc3d2f68d00e4ab85ed955b014da727294b
 2021-09-26 09:22:28 +02:00
LuK1337
909a5b20d6 sm7250-common: sepolicy: Remove u:object_r:memplus_device:s0 type 
/dev/memplus doesn't exist anymore.

Change-Id: Ib0cf673039769465b50901db9a6575ab322d1095
 2021-09-26 09:22:28 +02:00
LuK1337
bde9286ca3 sm7250-common: sepolicy: Regenerate labels for wakeup dirs 
The list of folders for genfscon was generated using following script:
  for f in `adb shell "find /sys/devices -name wakeup -type d"`; do
      adb shell "ls -Z '$f' | grep -qv u:object_r:sysfs:s0 || echo '$f'"
  done

While list for regular file_contexts was just a simple grep "wakeup[0-9]".

Change-Id: I66abd501ce53b84e7268948d01d7b6c6c42cfbd1
 2021-09-26 09:22:28 +02:00
LuK1337
01388d7ea8 sm7250-common: sepolicy: Remove procfs_oem_wireless type 
SM7250 devices don't have /proc/wireless or /proc/skin_temp_thrd.

Change-Id: Ib3a67f7c508ab3aea0bee28866b7293c8a785739
 2021-09-26 09:22:28 +02:00
Bruno Martins
e3e752c978 sm7250-common: sepolicy: Re-label health sysfs nodes 
Change-Id: I648046582f54a254d61c6c76ec5747357bdeca59
 2021-09-26 09:22:28 +02:00
KakatkarAkshay
5d1a5c70b0 sm7250-common: Remove PowerShare Sepolicy 
None of the lito family of OnePlus devices has this feature.

Signed-off-by: KakatkarAkshay <akshayakakatkaraa@gmail.com>
 2021-09-26 09:22:10 +02:00