sepolicy: qti: Label Power Stats HAL

09-27 21:53:52.374 642 642 I hwservicemanager: Since android.hardware.power.stats@1.0::IPowerStats/default is not registered, trying to start it as a lazy HAL (if it's not configured to be a lazy HAL, it may be stuck starting or still starting). 09-27 21:53:52.374 642 4719 W libc : Unable to set property "ctl.interface_start" to "android.hardware.power.stats@1.0::IPowerStats/default": error code: 0x20 09-27 21:53:52.374 4692 4692 I HidlServiceManagement: getService: Trying again for android.hardware.power.stats@1.0::IPowerStats/default... 09-27 21:53:52.374 642 4719 I hwservicemanager: Tried to start android.hardware.power.stats@1.0::IPowerStats/default as a lazy service, but was unable to. Usually this happens when a service is not installed, but if the service is intended to be used as a lazy service, then it may be configured incorrectly. 09-27 21:53:52.374 4692 4718 I SystemConfig: Reading permissions from /vendor/etc/permissions/android.hardware.se.omapi.ese.xml 09-27 21:53:52.375 642 4721 W libc : Unable to set property "ctl.interface_start" to "android.hardware.power.stats@1.0::IPowerStats/default": error code: 0x20 09-27 21:53:52.375 642 4721 I hwservicemanager: Tried to start android.hardware.power.stats@1.0::IPowerStats/default as a lazy service, but was unable to. Usually this happens when a service is not installed, but if the service is intended to be used as a lazy service, then it may be configured incorrectly.
sepolicy: qti: Allow hal_sensors_default to open & read oplus proc version
2023-10-31 19:00:36 +05:30 · 2023-10-31 18:59:28 +05:30 · 2023-10-30 20:55:59 +05:30 · 2023-10-30 20:55:59 +05:30 · 2023-10-30 20:55:59 +05:30 · 2023-10-30 20:55:08 +05:30
41 changed files with 132 additions and 6 deletions
--- a/KeyHandler/res/values-cy/strings.xml
+++ b/KeyHandler/res/values-cy/strings.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+    Copyright (C) 2021 The LineageOS Project
+    SPDX-License-Identifier: Apache-2.0
+-->
+<resources>
+    <string name="alert_slider_category_title">Llithridd rhybuddion</string>
+    <string name="alert_slider_selection_dialog_title">Gweithred</string>
+    <string name="alert_slider_top_position">Lleoliad brig</string>
+    <string name="alert_slider_middle_position">Lleoliad canol</string>
+    <string name="alert_slider_bottom_position">Lleoliad gwaelod</string>
+    <string name="alert_slider_mode_none">Dim</string>
+    <string name="alert_slider_mode_silent">Distaw</string>
+    <string name="alert_slider_mode_normal">Arferol</string>
+    <string name="alert_slider_mode_vibration">Dirgryniad</string>
+    <string name="alert_slider_mode_dnd_priority_only">Blaenoriaeth yn unig</string>
+    <string name="alert_slider_mode_dnd_total_silence">Distawrwydd llwyr</string>
+    <string name="alert_slider_mode_dnd_alarms_only">Larymau yn unig</string>
+    <string name="alert_slider_mute_media_title">Tewi cyfryngau</string>
+    <string name="alert_slider_mute_media_summary">Tewi cyfryngau wrth newid i ddistaw</string>
+</resources>
--- a/KeyHandler/res/values-fr/strings.xml
+++ b/KeyHandler/res/values-fr/strings.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+    Copyright (C) 2021 The LineageOS Project
+    SPDX-License-Identifier: Apache-2.0
+-->
+<resources>
+    <string name="alert_slider_category_title">Curseur d\'alerte</string>
+    <string name="alert_slider_selection_dialog_title">Action</string>
+    <string name="alert_slider_top_position">En haut</string>
+    <string name="alert_slider_middle_position">Au milieu</string>
+    <string name="alert_slider_bottom_position">En bas</string>
+    <string name="alert_slider_mode_none">Aucun</string>
+    <string name="alert_slider_mode_silent">Silencieux</string>
+    <string name="alert_slider_mode_normal">Normal</string>
+    <string name="alert_slider_mode_vibration">Vibration</string>
+    <string name="alert_slider_mode_dnd_priority_only">Prioritaires uniquement</string>
+    <string name="alert_slider_mode_dnd_total_silence">Silence total</string>
+    <string name="alert_slider_mode_dnd_alarms_only">Alarmes uniquement</string>
+    <string name="alert_slider_mute_media_title">Couper le son du média</string>
+    <string name="alert_slider_mute_media_summary">Couper le son du média lors du passage en mode silencieux</string>
+</resources>
--- a/doze/src/org/lineageos/settings/doze/PickupSensor.kt
+++ b/doze/src/org/lineageos/settings/doze/PickupSensor.kt
@@ -38,7 +38,7 @@ class PickupSensor(
        if (event.values[0] == sensorValue) {
            if (Utils.isPickUpSetToWake(context)) {
                wakeLock.acquire(WAKELOCK_TIMEOUT_MS)
-                powerManager.wakeUpWithProximityCheck(
+                powerManager.wakeUp(
                    SystemClock.uptimeMillis(), PowerManager.WAKE_REASON_GESTURE, TAG
                )
            } else {
--- a/gpt-utils/gpt-utils.h
+++ b/gpt-utils/gpt-utils.h
@@ -83,7 +83,7 @@ extern "C" {
 #define PTN_MULTIIMGOEM                 "multiimgoem"
 #define PTN_MULTIIMGQTI                 "multiimgqti"
 #define PTN_SWAP_LIST                   PTN_XBL, PTN_XBL_CFG, PTN_MULTIIMGOEM, PTN_MULTIIMGQTI, "sbl1", "rpm", "tz", "aboot", "abl", "hyp", "lksecapp", "keymaster", "cmnlib", "cmnlib32", "cmnlib64", "pmic", "apdp", "devcfg", "hosd", "keystore", "msadp", "mdtp", "mdtpsecapp", "dsp", "aop", "qupfw", "vbmeta", "dtbo", "imagefv", "ImageFv", "vm-bootsys", "shrm", "cpucp"
-#define AB_PTN_LIST PTN_SWAP_LIST, "boot", "system", "vendor", "odm", "modem", "bluetooth"
+#define AB_PTN_LIST PTN_SWAP_LIST, "bluetooth", "boot", "modem", "odm", "product", "system_ext", "system", "vendor", "vendor_boot"
 #define BOOT_DEV_DIR    "/dev/block/bootdevice/by-name"

 /******************************************************************************
--- a/overlay/qssi/FrameworksResCommon/res/values/config.xml
+++ b/overlay/qssi/FrameworksResCommon/res/values/config.xml
@@ -120,7 +120,8 @@
    <!-- Screen brightness used to dim the screen while dozing in a very low power state.
         May be less than the minimum allowed brightness setting
         that can be set by the user. -->
-    <integer name="config_screenBrightnessDoze">17</integer>
+    <integer name="config_screenBrightnessDoze">30</integer>
+    <item name="config_screenBrightnessDozeFloat" format="float" type="dimen">0.1</item>

    <!-- Array of output values for LCD backlight corresponding to the lux values
         in the config_autoBrightnessLevels array.  This array should have size one greater
--- a/sepolicy/qti/private/art_boot.te
+++ b/sepolicy/qti/private/art_boot.te
@@ -0,0 +1 @@
+allow art_boot self:capability sys_admin;
--- a/sepolicy/qti/private/fsverity_init.te
+++ b/sepolicy/qti/private/fsverity_init.te
@@ -0,0 +1 @@
+allow fsverity_init self:capability sys_admin;
--- a/sepolicy/qti/private/linkerconfig.te
+++ b/sepolicy/qti/private/linkerconfig.te
@@ -0,0 +1 @@
+allow linkerconfig linkerconfig:capability { sys_admin kill };
--- a/sepolicy/qti/private/otapreopt_slot.te
+++ b/sepolicy/qti/private/otapreopt_slot.te
@@ -0,0 +1 @@
+allow otapreopt_slot self:capability sys_admin;
--- a/sepolicy/qti/private/profcollectd.te
+++ b/sepolicy/qti/private/profcollectd.te
@@ -0,0 +1 @@
+allow profcollectd self:capability sys_admin;
--- a/sepolicy/qti/private/property_contexts
+++ b/sepolicy/qti/private/property_contexts
@@ -1,5 +1,9 @@
 # Camera
 oplus.camera.    u:object_r:exported_system_prop:s0
+oppo.camera.     u:object_r:exported_system_prop:s0
+
+# Display
+persist.sys.display.iris.absent   u:object_r:system_oplus_iris_prop:s0

 # Fingerprint
 oplus.fingerprint.    u:object_r:system_fingerprint_prop:s0
--- a/sepolicy/qti/private/remount.te
+++ b/sepolicy/qti/private/remount.te
@@ -0,0 +1 @@
+allow remount self:capability sys_admin;
--- a/sepolicy/qti/private/update_verifier.te
+++ b/sepolicy/qti/private/update_verifier.te
@@ -0,0 +1 @@
+allow update_verifier self:capability sys_admin;
--- a/sepolicy/qti/private/vendor_boringssl_self_test.te
+++ b/sepolicy/qti/private/vendor_boringssl_self_test.te
@@ -0,0 +1 @@
+allow vendor_boringssl_self_test self:capability sys_admin;
--- a/sepolicy/qti/public/adbd.te
+++ b/sepolicy/qti/public/adbd.te
@@ -0,0 +1 @@
+allow adbd self:capability sys_admin;
--- a/sepolicy/qti/public/netutils_wrapper.te
+++ b/sepolicy/qti/public/netutils_wrapper.te
@@ -0,0 +1 @@
+dontaudit netutils_wrapper self:capability sys_admin;
--- a/sepolicy/qti/public/property.te
+++ b/sepolicy/qti/public/property.te
@@ -1,3 +1,6 @@
+# Display
+vendor_internal_prop(system_oplus_iris_prop)
+
 # Fingerprint
 vendor_internal_prop(system_fingerprint_prop)

--- a/sepolicy/qti/public/vendor_dpmd.te
+++ b/sepolicy/qti/public/vendor_dpmd.te
@@ -0,0 +1 @@
+allow vendor_dpmd self:capability sys_admin;
--- a/sepolicy/qti/public/vold_prepare_subdirs.te
+++ b/sepolicy/qti/public/vold_prepare_subdirs.te
@@ -0,0 +1 @@
+allow vold_prepare_subdirs self:capability sys_admin;
--- a/sepolicy/qti/vendor/file_contexts
+++ b/sepolicy/qti/vendor/file_contexts
@@ -4,6 +4,7 @@
 # Camera
 /mnt/vendor/persist/camera(/.*)?                                                  u:object_r:vendor_persist_camera_file:s0
 /mnt/vendor/persist/dual_camera_calibration(/.*)?                                 u:object_r:vendor_persist_camera_file:s0
+/(vendor|system/vendor)/bin/hw/vendor\.oplus\.hardware\.cameraMDM@1\.0-service    u:object_r:vendor_hal_cameraMDM_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.oplus\.hardware\.cameraMDM@2\.0-service    u:object_r:vendor_hal_cameraMDM_default_exec:s0
 /(vendor|system/vendor)/lib64/libipebpsstriping\.so                               u:object_r:same_process_hal_file:s0

@@ -33,6 +34,7 @@
 # Logo
 /dev/block/platform/soc/1d84000\.ufshc/by-name/logo_[ab]    u:object_r:vendor_custom_ab_block_device:s0
 /dev/block/platform/soc/1d84000\.ufshc/by-name/LOGO_[ab]    u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/4804000\.ufshc/by-name/logo_[ab]    u:object_r:vendor_custom_ab_block_device:s0

 # MDM
 /dev/block/platform/soc/1d84000\.ufshc/by-name/mdm_oem_dycnvbk    u:object_r:vendor_modem_efs_partition_device:s0
@@ -46,7 +48,10 @@
 /(odm|vendor/odm)/bin/hw/vendor\.qti\.esepowermanager@1\.1-service          u:object_r:vendor_hal_esepowermanager_qti_exec:s0
 /(odm|vendor/odm)/bin/hw/vendor\.qti\.secure_element@1\.2-service           u:object_r:hal_secure_element_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.nfc_snxxx@1\.2-service    u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc-service\.st           u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st      u:object_r:hal_nfc_default_exec:s0
 /dev/pn553                                                                  u:object_r:nfc_device:s0
+/dev/st21nfc                                                                u:object_r:nfc_device:s0

 # Partitions
 /dev/block/platform/soc/1d84000\.ufshc/by-name/vbmeta_vendor_[ab]      u:object_r:vendor_custom_ab_block_device:s0
@@ -54,15 +59,23 @@
 /dev/block/platform/soc/1d84000\.ufshc/by-name/oplus_sec_[ab]          u:object_r:vendor_custom_ab_block_device:s0
 /dev/block/platform/soc/1d84000\.ufshc/by-name/opproduct_[ab]          u:object_r:vendor_custom_ab_block_device:s0
 /dev/block/platform/soc/1d84000\.ufshc/by-name/splash_[ab]             u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/4804000\.ufshc/by-name/engineering_cdt_[ab]    u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/4804000\.ufshc/by-name/opproduct_[ab]          u:object_r:vendor_custom_ab_block_device:s0
+
+# Power
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.mock                 u:object_r:hal_power_stats_default_exec:s0

 # RMT
 /dev/block/platform/soc/1d84000\.ufshc/by-name/oem_dycnvbk           u:object_r:vendor_modem_efs_partition_device:s0
 /dev/block/platform/soc/1d84000\.ufshc/by-name/oem_stanvbk           u:object_r:vendor_modem_efs_partition_device:s0
 /dev/block/platform/soc/1d84000\.ufshc/by-name/oplusdycnvbk          u:object_r:vendor_modem_efs_partition_device:s0
 /dev/block/platform/soc/1d84000\.ufshc/by-name/oplusstanvbk_[ab]     u:object_r:vendor_modem_efs_partition_device:s0
+/dev/block/platform/soc/4804000\.ufshc/by-name/oplusdycnvbk          u:object_r:vendor_modem_efs_partition_device:s0
+/dev/block/platform/soc/4804000\.ufshc/by-name/oplusstanvbk_[ab]     u:object_r:vendor_modem_efs_partition_device:s0

 # Reserve
 /dev/block/platform/soc/1d84000\.ufshc/by-name/oplusreserve[1-4]    u:object_r:vendor_reserve_partition:s0
+/dev/block/platform/soc/4804000\.ufshc/by-name/oplusreserve[1-4]    u:object_r:vendor_reserve_partition:s0

 # Sensors
 /(odm|vendor/odm)/bin/hw/vendor\.oplus\.hardware\.oplusSensor@1\.0-service    u:object_r:vendor_hal_oplusSensor_default_exec:s0
@@ -74,6 +87,7 @@

 # Storsec
 /dev/block/platform/soc/1d84000\.ufshc/by-name/storsec_[ab]    u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/4804000\.ufshc/by-name/storsec_[ab]    u:object_r:vendor_custom_ab_block_device:s0

 # TOF
 /(odm|vendor/odm)/bin/vl53l1_daemon_main    u:object_r:vl53l1_daemon_main_exec:s0
--- a/sepolicy/qti/vendor/fsck.te
+++ b/sepolicy/qti/vendor/fsck.te
@@ -0,0 +1,4 @@
+allow fsck self:capability { sys_admin kill };
+allow fsck sysfs:file getattr;
+
+dontaudit fsck self:capability { dac_override dac_read_search };
--- a/sepolicy/qti/vendor/genfs_contexts
+++ b/sepolicy/qti/vendor/genfs_contexts
@@ -3,6 +3,10 @@ genfscon proc /tristatekey    u:object_r:vendor_proc_tri_state_key:s0

 # Charging
 genfscon proc /wireless                                                u:object_r:vendor_proc_wireless:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/ac    u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/4c90000.i2c/i2c-1/1-006b/iio:device                                                                  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/4c90000.i2c/i2c-1/1-006b/power_supply/parallel                                                       u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/ac    u:object_r:vendor_sysfs_battery_supply:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/ac    u:object_r:vendor_sysfs_battery_supply:s0
 genfscon sysfs /devices/platform/soc/soc:oneplus_wlchg/power_supply    u:object_r:vendor_sysfs_usb_supply:s0
 genfscon sysfs /devices/platform/soc/soc:oplus,chg_gki/power_supply    u:object_r:vendor_sysfs_usb_supply:s0
@@ -26,14 +30,17 @@ genfscon sysfs /devices/platform/soc/soc:sensor_fb    u:object_r:vendor_sysfs_se

 # TOF
 genfscon sysfs /kernel/tof_control    u:object_r:vendor_sysfs_tof:s0
+genfscon sysfs /module/stmvl53l1      u:object_r:vendor_sysfs_tof:s0

 # Ultrasound
 genfscon proc /ultrasound    u:object_r:vendor_proc_ultrasound:s0

 # Versioning
 genfscon proc /oplusVersion    u:object_r:vendor_proc_oplus_version:s0
+genfscon proc /oppoVersion     u:object_r:vendor_proc_oplus_version:s0

 # Vibrator
+genfscon sysfs /devices/platform/soc/880000.i2c/i2c-5/5-005a/leds/vibrator    u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-6/6-005a/leds/vibrator    u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/platform/soc/89c000.i2c/i2c-2/2-005a/leds/vibrator    u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-5/5-005a/leds/vibrator    u:object_r:sysfs_vibrator:s0
@@ -48,21 +55,22 @@ genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/wakeup u:object_r:sysfs
 genfscon sysfs /devices/platform/soc/188101c.qcom,spss/subsys5/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/188101c.qcom,spss/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/1101_00.01.00/wakeup u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/1103_00.01.00/wakeup u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/pci0002:00/0002:00:00.0/0002:01:00.0/0306_02.01.00_EFS/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys8/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys7/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/8300000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/884000.i2c/i2c-12/12-0028/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/884000.i2c/i2c-5/5-0028/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/890000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/980000.i2c/i2c-0/0-003b/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/980000.i2c/i2c-7/7-003b/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/9800000.qcom,npu/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/984000.i2c/i2c-3/3-0028/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/98900000.qcom,turing/subsys4/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/98900000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/990000.i2c/i2c-9/9-004b/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/994000.i2c/i2c-5/5-003b/994000.i2c:op,wlchg_rx@3b:idt,p9415/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/994000.i2c/i2c-5/5-0066/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/994000.i2c/i2c-8/8-003b/994000.i2c:op,wlchg_rx@3b:idt,p9415/wakeup u:object_r:sysfs_wakeup:s0
@@ -72,12 +80,15 @@ genfscon sysfs /devices/platform/soc/a84000.i2c/i2c-4/4-0028/wakeup u:object_r:s
 genfscon sysfs /devices/platform/soc/a94000.i2c/i2c-9/9-0048/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/a94000.i2c/i2c-9/9-004b/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/subsys10/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/subsys9/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/abb0000.qcom,cvpss/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/abb0000.qcom,evass/subsys1/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/abb0000.qcom,evass/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6390/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/subsys10/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/subsys9/wakeup u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/ac/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/ac/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,usb-pdphy@1700/usbpd/usbpd0/otg_default/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm8350b@3:qcom,amoled/wakeup u:object_r:sysfs_wakeup:s0
@@ -103,6 +114,7 @@ genfscon sysfs /devices/platform/soc/soc:qcom,ipa_uc/wakeup u:object_r:sysfs_wak
 genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys3/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-cdsp/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-dsps/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-mpss/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-npu/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,spcom/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,trustedvm@d0800000/subsys2/wakeup u:object_r:sysfs_wakeup:s0
--- a/sepolicy/qti/vendor/hal_bootctl_default.te
+++ b/sepolicy/qti/vendor/hal_bootctl_default.te
@@ -0,0 +1 @@
+allow hal_bootctl_default self:capability sys_admin;
--- a/sepolicy/qti/vendor/hal_camera_default.te
+++ b/sepolicy/qti/vendor/hal_camera_default.te
@@ -14,7 +14,10 @@ allow hal_camera_default proc_meminfo:file r_file_perms;
 allow hal_camera_default vendor_persist_camera_file:dir w_dir_perms;
 allow hal_camera_default vendor_persist_camera_file:file create_file_perms;

+allow hal_camera_default vendor_system_prop:file { open read getattr };
+
 r_dir_file(hal_camera_default, input_device)
+r_dir_file(hal_camera_default, vendor_proc_oplus_version)
 rw_dir_file(hal_camera_default, vendor_sysfs_tof)

 set_prop(hal_camera_default, vendor_camera_prop)
--- a/sepolicy/qti/vendor/hal_graphics_composer_default.te
+++ b/sepolicy/qti/vendor/hal_graphics_composer_default.te
@@ -1,4 +1,5 @@
 binder_call(hal_graphics_composer_default, hal_graphics_composer_default)

+set_prop(hal_graphics_composer_default, system_oplus_iris_prop)
 get_prop(hal_graphics_composer_default, system_oplus_project_prop)
 set_prop(hal_graphics_composer_default, vendor_display_prop)
--- a/sepolicy/qti/vendor/hal_sensors_default.te
+++ b/sepolicy/qti/vendor/hal_sensors_default.te
@@ -1,6 +1,9 @@
 allow hal_sensors_default ssc_interactive_device:chr_file rw_file_perms;
 allow hal_sensors_default ultrasound_device:chr_file rw_file_perms;

+allow hal_sensors_default vendor_proc_oplus_version:dir search;
+allow hal_sensors_default vendor_proc_oplus_version:file { open read };
+
 r_dir_file(hal_sensors_default, vendor_proc_ultrasound)
 rw_dir_file(hal_sensors_default, vendor_persist_engineer_file)
 rw_dir_file(hal_sensors_default, vendor_proc_display)
--- a/sepolicy/qti/vendor/hwservice_contexts
+++ b/sepolicy/qti/vendor/hwservice_contexts
@@ -4,6 +4,9 @@ vendor.oplus.hardware.cameraMDM::IOPlusCameraMDM                       u:object_
 vendor.oplus.hardware.cammidasservice::IMIDASService                   u:object_r:hal_camera_hwservice:s0
 vendor.qti.hardware.camera.cameraextension::ICameraExtensionService    u:object_r:vendor_hal_camera_extension_hwservice:s0

+# Display (CWB)
+vendor.oplus.hardware.cwb::ICwbService    u:object_r:hal_graphics_composer_hwservice:s0
+
 # Display (Pixelworks)
 vendor.pixelworks.hardware.display::IIris           u:object_r:hal_graphics_composer_hwservice:s0
 vendor.pixelworks.hardware.feature::IIrisFeature    u:object_r:hal_graphics_composer_hwservice:s0
--- a/sepolicy/qti/vendor/init.te
+++ b/sepolicy/qti/vendor/init.te
@@ -0,0 +1,3 @@
+allow init proc:file write;
+
+allow init debugfs_tracing_debug:dir mounton;
--- a/sepolicy/qti/vendor/kernel.te
+++ b/sepolicy/qti/vendor/kernel.te
@@ -1 +1,3 @@
 allow kernel vendor_file:file r_file_perms;
+
+dontaudit kernel self:capability { dac_override dac_read_search };
--- a/sepolicy/qti/vendor/property_contexts
+++ b/sepolicy/qti/vendor/property_contexts
@@ -1,4 +1,5 @@
 # Camera
+ro.vendor.oplus.camera.        u:object_r:vendor_camera_prop:s0
 vendor.camera.vm.parameters    u:object_r:vendor_camera_prop:s0

 # Display
--- a/sepolicy/qti/vendor/vdc.te
+++ b/sepolicy/qti/vendor/vdc.te
@@ -0,0 +1 @@
+allow vdc vdc:capability { sys_admin kill };
--- a/sepolicy/qti/vendor/vendor_hal_oplusSensor_default.te
+++ b/sepolicy/qti/vendor/vendor_hal_oplusSensor_default.te
@@ -13,6 +13,8 @@ allow vendor_hal_oplusSensor_default vendor_reserve_partition:blk_file r_file_pe

 allow vendor_hal_oplusSensor_default mnt_vendor_file:dir search;

+allow vendor_hal_oplusSensor_default block_device:dir search;
+
 r_dir_file(vendor_hal_oplusSensor_default, vendor_persist_engineer_file)
 r_dir_file(vendor_hal_oplusSensor_default, vendor_persist_sensors_file)
 r_dir_file(vendor_hal_oplusSensor_default, vendor_proc_oplus_version)
--- a/sepolicy/qti/vendor/vendor_hal_perf_default.te
+++ b/sepolicy/qti/vendor/vendor_hal_perf_default.te
@@ -1 +1,3 @@
+allow vendor_hal_perf_default self:capability sys_admin;
+
 r_dir_file(vendor_hal_perf_default, vendor_sysfs_usb_supply)
--- a/sepolicy/qti/vendor/vendor_hal_usb_qti.te
+++ b/sepolicy/qti/vendor/vendor_hal_usb_qti.te
@@ -0,0 +1 @@
+allow vendor_hal_usb_qti self:capability sys_admin;
--- a/sepolicy/qti/vendor/vendor_irsc_util.te
+++ b/sepolicy/qti/vendor/vendor_irsc_util.te
@@ -0,0 +1 @@
+allow vendor_irsc_util self:capability sys_admin;
--- a/sepolicy/qti/vendor/vendor_modprobe.te
+++ b/sepolicy/qti/vendor/vendor_modprobe.te
@@ -0,0 +1 @@
+allow vendor_modprobe self:capability sys_admin;
--- a/sepolicy/qti/vendor/vendor_msm_irqbalanced.te
+++ b/sepolicy/qti/vendor/vendor_msm_irqbalanced.te
@@ -0,0 +1 @@
+allow vendor_msm_irqbalanced self:capability sys_admin;
--- a/sepolicy/qti/vendor/vendor_netmgrd.te
+++ b/sepolicy/qti/vendor/vendor_netmgrd.te
@@ -0,0 +1 @@
+allow vendor_netmgrd self:capability sys_admin;
--- a/sepolicy/qti/vendor/vendor_rfs_access.te
+++ b/sepolicy/qti/vendor/vendor_rfs_access.te
@@ -0,0 +1 @@
+allow vendor_rfs_access self:capability sys_admin;
--- a/sepolicy/qti/vendor/vendor_rmt_storage.te
+++ b/sepolicy/qti/vendor/vendor_rmt_storage.te
@@ -1,5 +1,9 @@
 allow vendor_rmt_storage vendor_reserve_partition:blk_file rw_file_perms;

+allow vendor_rmt_storage sysfs:file { open read };
+
+allow vendor_rmt_storage self:capability sys_admin;
+
 get_prop(vendor_rmt_storage, vendor_radio_prop)

 rw_dir_file(vendor_rmt_storage, vendor_proc_engineer)
--- a/sepolicy/qti/vendor/vl53l1_daemon_main.te
+++ b/sepolicy/qti/vendor/vl53l1_daemon_main.te
@@ -11,4 +11,6 @@ allow vl53l1_daemon_main self:{

 allow vl53l1_daemon_main self:netlink_iscsi_socket { read write create bind };

+r_dir_file(vl53l1_daemon_main, vendor_persist_camera_file)
+r_dir_file(vl53l1_daemon_main, vendor_sysfs_tof)
 rw_dir_file(vl53l1_daemon_main, mnt_vendor_file)
Author	SHA1	Message	Date
CrisBal	4f1bad3122	sepolicy: qti: Label Power Stats HAL 09-27 21:53:52.374 642 642 I hwservicemanager: Since android.hardware.power.stats@1.0::IPowerStats/default is not registered, trying to start it as a lazy HAL (if it's not configured to be a lazy HAL, it may be stuck starting or still starting). 09-27 21:53:52.374 642 4719 W libc : Unable to set property "ctl.interface_start" to "android.hardware.power.stats@1.0::IPowerStats/default": error code: 0x20 09-27 21:53:52.374 4692 4692 I HidlServiceManagement: getService: Trying again for android.hardware.power.stats@1.0::IPowerStats/default... 09-27 21:53:52.374 642 4719 I hwservicemanager: Tried to start android.hardware.power.stats@1.0::IPowerStats/default as a lazy service, but was unable to. Usually this happens when a service is not installed, but if the service is intended to be used as a lazy service, then it may be configured incorrectly. 09-27 21:53:52.374 4692 4718 I SystemConfig: Reading permissions from /vendor/etc/permissions/android.hardware.se.omapi.ese.xml 09-27 21:53:52.375 642 4721 W libc : Unable to set property "ctl.interface_start" to "android.hardware.power.stats@1.0::IPowerStats/default": error code: 0x20 09-27 21:53:52.375 642 4721 I hwservicemanager: Tried to start android.hardware.power.stats@1.0::IPowerStats/default as a lazy service, but was unable to. Usually this happens when a service is not installed, but if the service is intended to be used as a lazy service, then it may be configured incorrectly.	2023-10-31 19:00:36 +05:30
sreeshankark	5c2518eb11	sepolicy: qti: Allow `hal_sensors_default` to open & read oplus proc version avc: denied { open } for name="prjName" dev="proc" ino=4026531934 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:vendor_proc_oplus_version:s0 tclass=file permissive=0 avc: denied { open } for name="engVersion" dev="proc" ino=4026531944 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:vendor_proc_oplus_version:s0 tclass=file permissive=0 avc: denied { read } for name="prjName" dev="proc" ino=4026531934 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:vendor_proc_oplus_version:s0 tclass=file permissive=0 avc: denied { read } for name="engVersion" dev="proc" ino=4026531944 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:vendor_proc_oplus_version:s0 tclass=file permissive=0	2023-10-31 18:59:28 +05:30
Sukrut4778	83dd99fa11	sepolicy: qti: dontaudit kernel rules avc: denied { dac_override } for comm="kworker/u17:18" capability=1 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0 avc: denied { dac_override } for comm="kworker/u17:5" capability=1 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0	2023-10-30 20:55:59 +05:30
sreeshankark	d64a040800	sepolicy: ati: Allow `vendor_rmt_storage` to open sysfs file	2023-10-30 20:55:59 +05:30
sreeshankark	80b8e19e99	sepolicy: qti: Allow `hal_camera_default` to open and getattr from vendor_system_prop file	2023-10-30 20:55:59 +05:30
sreeshankark	2983479930	sepolicy: qti: Fix many denials avc: denied { sys_admin } for capability=21 scontext=u:r:hal_bootctl_default:s0 tcontext=u:r:hal_bootctl_default:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:fsverity_init:s0 tcontext=u:r:fsverity_init:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_modprobe:s0 tcontext=u:r:vendor_modprobe:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_boringssl_self_test:s0 tcontext=u:r:vendor_boringssl_self_test:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netutils_wrapper:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_msm_irqbalanced:s0 tcontext=u:r:vendor_msm_irqbalanced:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:art_boot:s0 tcontext=u:r:art_boot:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:otapreopt_slot:s0 tcontext=u:r:otapreopt_slot:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:remount:s0 tcontext=u:r:remount:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:update_verifier:s0 tcontext=u:r:update_verifier:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_rfs_access:s0 tcontext=u:r:vendor_rfs_access:s0 tclass=capability avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_hal_usb_qti:s0 tcontext=u:r:vendor_hal_usb_qti:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_irsc_util:s0 tcontext=u:r:vendor_irsc_util:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_hal_perf_default:s0 tcontext=u:r:vendor_hal_perf_default:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_rmt_storage:s0 tcontext=u:r:vendor_rmt_storage:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:profcollectd:s0 tcontext=u:r:profcollectd:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_netmgrd:s0 tcontext=u:r:vendor_netmgrd:s0 tclass=capability permissive=0 avc: denied { sys_admin } for capability=21 scontext=u:r:vendor_dpmd:s0 tcontext=u:r:vendor_dpmd:s0 tclass=capability permissive=0	2023-10-30 20:55:08 +05:30
sreeshankark	4ea2fd9b13	sepolicy: qti: Allow sys_admin permission for vdc avc: denied { sys_admin } for capability=21 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0	2023-10-27 18:52:42 +05:30
sreeshankark	9d4d16b3e5	doze: Use `powerManager.wakeUp` instead powerManager.wakeUpWithProximityCheck is deprecated Reference: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/os/PowerManager.java	2023-10-27 18:50:38 +05:30
sreeshankark	10a876db6d	sepolicy: qti: Allow `hal_sensors_default` to search vendor_proc_oplus_version avc: denied { search } for name="oplusVersion" dev="proc" ino=4026531933 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:vendor_proc_oplus_version:s0 tclass=dir permissive=0	2023-10-27 18:50:38 +05:30
UtsavBalar1231	68c41c5489	sepolicy: qti: Grant perms to mount tracefs when CONFIG_DEBUG_FS avc: denied { mounton } for pid=1 comm="init" path="/sys/kernel/tracing" dev="tracefs" ino=1 scontext=u:r:init:s0 tcontext=u:object_r:debugfs_tracing_debug:s0 tclass=dir permissive=0	2023-10-27 18:50:38 +05:30
sreeshankark	182d42df95	sepolicy: qti: Allow fsck to get attribute from sysfs file type=1400 audit(0.0:7): avc: denied { getattr } for path="/sys/devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:0/block/sda/sda16/partition" dev="sysfs" ino=60454 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0	2023-10-27 18:50:38 +05:30
ekkusa	e2dc36f2c6	sepolicy: qti: Address fsck denial type=1400 audit(1662729171.862:3274): avc: denied { sys_admin } for comm="e2fsck" capability=21 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 type=1400 audit(0.0:9): avc: denied { kill } for capability=5 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0	2023-10-27 18:50:38 +05:30
ekkusa	491aedd063	sepolicy: qti: dontaudit unnecessary fsck rules [ 10.299826] type=1400 audit(16083046.175:3142): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299842] type=1400 audit(16083046.175:3143): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299858] type=1400 audit(16083046.175:3144): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299874] type=1400 audit(16083046.175:3145): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299889] type=1400 audit(16083046.175:3146): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299932] type=1400 audit(16083046.175:3147): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299949] type=1400 audit(16083046.175:3148): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299964] type=1400 audit(16083046.175:3149): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299981] type=1400 audit(16083046.175:3150): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.299997] type=1400 audit(16083046.175:3151): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300012] type=1400 audit(16083046.175:3152): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300042] type=1400 audit(16083046.175:3153): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300059] type=1400 audit(16083046.175:3154): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300075] type=1400 audit(16083046.175:3155): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300090] type=1400 audit(16083046.175:3156): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300106] type=1400 audit(16083046.175:3157): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300121] type=1400 audit(16083046.175:3158): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300137] type=1400 audit(16083046.175:3159): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300250] type=1400 audit(16083046.179:3160): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300267] type=1400 audit(16083046.179:3161): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300284] type=1400 audit(16083046.179:3162): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300300] type=1400 audit(16083046.179:3163): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300315] type=1400 audit(16083046.179:3164): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300331] type=1400 audit(16083046.179:3165): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300346] type=1400 audit(16083046.179:3166): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300362] type=1400 audit(16083046.179:3167): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 [ 10.300378] type=1400 audit(16083046.179:3168): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0	2023-10-27 18:50:38 +05:30
lupesoltec	91fd2326b1	sepolicy: qti: Fix avc denials related to linkerconfig avc: denied { kill } for comm="linkerconfig" capability=5 scontext=u:r:linkerconfig:s0 tcontext=u:r:linkerconfig:s0 tclass=capability permissive=0	2023-10-27 18:49:56 +05:30
Immanuel Raj	af51a76c40	sepolicy: qti: : fix vdc denial avc: denied { kill } for comm="vdc" capability=5 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0	2023-10-27 18:38:03 +05:30
ShevT	0a78993500	sepolicy: qti: allow `init` write to proc file Fix: avc: denied { write } for comm="init" name="dirty_background_bytes" dev="proc" ino=36058 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 avc: denied { write } for comm="init" name="dirty_bytes" dev="proc" ino=36059 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0	2023-10-27 18:38:03 +05:30
sreeshankark	802f874654	sepolicy: qti: allow `hal_camera_default` to read system_prop file android.hardwar: type=1400 audit(0.0:16): avc: denied { read } for name="u:object_r:system_prop:s0" dev="tmpfs" ino=10582 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:system_prop:s0 tclass=file permissive=0	2023-10-27 18:36:53 +05:30
sreeshankark	244521b64e	sepolicy: qti: allow `vendor_rmt_storage` to read sysfs file rmt_storage: type=1400 audit(0.0:17): avc: denied { read } for name="name" dev="sysfs" ino=58041 scontext=u:r:vendor_rmt_storage:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0	2023-10-21 18:51:50 +05:30
Semavi Ulusoy	f0c534137e	sepolicy: qti: allow `vendor_hal_oplusSensor_default` to search block_device auditd: type=1400 audit(0.0:17): avc: denied { search } for comm="vendor.oplus.ha" name="block" dev="tmpfs" ino=14361 scontext=u:r:vendor_hal_oplusSensor_default:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0	2023-10-21 18:46:18 +05:30
John Galt	ec1edc0008	oplus: Set a more correct doze brightness Stock uses different AOD brightness values ranging from 10-50 nits. We can only use one on AOSP, so let's use max from stock for AOD brightness. Inspired by https://gerrit.aospa.co/c/AOSPA/android_device_nothing_phone1/+/27237 Change-Id: I12505be390753655b36e44dfd18e4b68311925be Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>	2023-10-19 11:59:28 +05:30
Pranav Vashi	c9fd367cb8	gpt-utils: Update AB_PTN_LIST Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>	2023-10-19 11:59:16 +05:30
Nick Reuter	13fda71aba	sepolicy: qti: Label SM4350 partitions Change-Id: I8d04c70cade862cff2e3fa1148dfa6040db57f53	2023-04-18 15:10:28 +02:00
Michael Bestas	c94a7269fb	sepolicy: qti: Resolve vl53l1 denials Change-Id: If0fc75186bcce23f0b9cc82ae13c37a30f57a26e	2023-04-18 01:12:55 +02:00
Albert Tang	594bc58b61	sepolicy: qti: Add Oppo labels for SM4350 Change-Id: If77a747fdee65c22c6a491d58cf2d23fee639bd3	2023-04-17 14:13:30 -05:00
Albert Tang	d005182f10	sepolicy: qti: Label SM4350 charging sysfs path Change-Id: Ie8d60494cb7eec9ec67b590d0ecd04663ce7a614	2023-04-17 14:13:22 -05:00
Bruno Martins	4a07f13820	sepolicy: qti: Remove duplicate lahaina wakeup nodes Needed after I53aad29624e904b092c3cf73d498c735cf2f1b3e Change-Id: I245c50c6e5c5d93a58cb4fe11e8e3aef3003ae29	2023-03-24 11:51:11 +00:00
Michael Bestas	5a76738616	Automatic translation import Change-Id: I57d0ae6b9978bcd2d1afabb520216ba414f974a9	2023-03-23 16:38:23 +02:00
Philipp Albrecht	d462ec583d	sepolicy: qti: Label SM7250 charging sysfs path Change-Id: I60fae0b8ec1ef8a3ee88de7a67db5718392539b6	2023-02-28 22:26:26 +01:00
KakatkarAkshay	fbde82d9fa	sepolicy: qti: Label SM7250 vibrator node Change-Id: I67155d9269269aac867eb4f8852b7f496a129ca0	2023-02-28 22:26:26 +01:00
LuK1337	ec719d5ded	sepolicy: qti: Label SM7250 wakeup nodes for i in $(realpath /sys/class/wakeup/); do if ! echo "$(ls -dZ $i)" \| grep -q sysfs_wakeup; then echo genfscon sysfs $(echo $i \| sed -e 's\|/sys\|\|g' -e 's\|wakeup/wakeup.\|wakeup\|g' -e 's\|wakeup[0-9]\|wakeup\|g') u:object_r:sysfs_wakeup:s0; fi; done \| sort -u Change-Id: I482a657cb6edfcef92d52981ce2cbe3a0e174a5f	2023-02-28 22:26:26 +01:00
KakatkarAkshay	608aee50e2	sepolicy: qti: Label vendor.oplus.hardware.cameraMDM@1.0-service As seen on SM7250 Change-Id: I7e942a556b7f18fd30735ba8b4ab5e53ce679ca2	2023-02-28 22:26:26 +01:00
LuK1337	7f301f9342	sepolicy: qti: Label additional SM8350 wakeup nodes Introduced in A13 kernel. Change-Id: I7dbf6a8b54290222127513d62859ffe639dea3df	2023-02-22 01:17:25 +01:00
pjgowtham	2ba9d31401	sepolicy: qti: Label ST21 NFC Change-Id: I98a2db0aed52c227737db88d4f40809970368737	2023-02-22 01:17:25 +01:00
Albert Tang	5dd007e2a4	sepolicy: qti: Label vendor.oplus.hardware.cwb hwservice Change-Id: Ida57e20d1f733398c3da8673b9c6dd537cbc9205	2023-02-22 01:17:25 +01:00
Albert Tang	6d5818a5e3	sepolicy: qti: Label new display and camera props Change-Id: I4e410a65bc181d893f5118099af03ef764ccd6d4	2023-02-22 01:17:25 +01:00
				`@@ -0,0 +1 @@`
				`allow fsverity_init self:capability sys_admin;`
				`@@ -0,0 +1 @@`
				`allow linkerconfig linkerconfig:capability { sys_admin kill };`
				`@@ -0,0 +1 @@`
				`allow otapreopt_slot self:capability sys_admin;`
				`@@ -0,0 +1 @@`
				`allow profcollectd self:capability sys_admin;`
				`@@ -0,0 +1 @@`
				`allow update_verifier self:capability sys_admin;`
				`@@ -0,0 +1 @@`
				`allow vendor_boringssl_self_test self:capability sys_admin;`
				`@@ -0,0 +1 @@`
				`dontaudit netutils_wrapper self:capability sys_admin;`
				`@@ -0,0 +1 @@`
				`allow vendor_dpmd self:capability sys_admin;`
				`@@ -0,0 +1 @@`
				`allow vold_prepare_subdirs self:capability sys_admin;`