Age | Commit message (Collapse) | Author |
|
1. init_qti_chg_policy sysfs_wakeup:dir read
denied { read } for comm="find" name="wakeup8" dev="sysfs" ino=55134
scontext=u:r:init_qti_chg_policy:s0 tcontext=u:object_r:sysfs_wakeup:s0
tclass=dir permissive=0
init_qti_chg_policy sysfs_iio_devices:dir search
denied { search } for comm="cat" name="devices" dev="sysfs" ino=42746
scontext=u:r:init_qti_chg_policy:s0
tcontext=u:object_r:sysfs_iio_devices:s0 tclass=dir permissive=0
2. cnd default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.mwqemadapter::IMwqemAdapter
sid=u:r:cnd:s0 pid=1224 scontext=u:r:cnd:s0
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
3. rild default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo
sid=u:r:rild:s0 pid=1424 scontext=u:r:rild:s0
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
4. sensors sensors_vendor_data_file:dir search
denied { search } for name="sensors" dev="dm-6" ino=262
scontext=u:r:sensors:s0
tcontext=u:object_r:sensors_vendor_data_file:s0 tclass=dir
permissive=0
5. qtelephony default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo
sid=u:r:qtelephony:s0:c32,c257,c512,c768 pid=4377
scontext=u:r:qtelephony:s0:c32,c257,c512,c768
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
6. hvdcp
denied { write } for name="kmsg" dev="tmpfs" ino=26341 scontext=u:r:hvdcp:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
Bug: 188064567
Change-Id: Ib5e59796a56d6cb39fa1d482599d93903431ab2a
|
|
Bug: 185598142
Bug: 182255618
Change-Id: Idba839ead12334815e0fc989981050f128096cb9
|
|
init: Could not start service 'keymaster-4-1' as part of class 'early_hal':
File /vendor/bin/hw/android.hardware.keymaster@4.1-service-qti(labeled "u:object_r:vendor_file:s0")
has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.
reference to qcom/lito/platform/vendor/qcom/sepolicy_vndr:fefbf6b185221bb37b24ae8eea74862a97389650
cherry-pick from 6903a0fa10f95bec2d05608a20b2d6164177846d
Bug: 185598142
Bug: 178358917
Change-Id: I77c6a6cda6b2772d4ff81a3bb6a0fc819cc47f49
|
|
grilservice_app" into sc-dev
|
|
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1708166
Change-Id: I6b238f58c7eb0d721437e7c6b9553e29d85e3d3f
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1708166
Change-Id: I3b7ada3e74790b634277a886e3de044f3da1af15
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1708166
Change-Id: I0b5cc6aff0f15a636ba7e5bbc77356d2b789648c
|
|
05-12 13:18:16.449 1095 1095 I auditd : type=1400 audit(0.0:7): avc: denied { getattr } for comm="pd-mapper" path="/dev/kmsg" dev="tmpfs" ino=17807 scontext=u:r:vendor_pd_mapper:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
Bug: 177335164
Test: boot to home with no avc error
Change-Id: Ia076cca5a5335063edc31990fca7a51fedf117b7
|
|
Bug: 182526894
Test: manaul
Change-Id: Id1fe4d70af39a8113c76cbb465a93ae71c27b156
|
|
1. com.qualcomm.qti.telephonyservice
{ read } for comm="elephonyservice"
name="u:object_r:vendor_radio_prop:s0" dev="tmpfs" ino=25322
scontext=u:r:platform_app:s0:c512,
c768 tcontext=u:object_r:vendor_radio_prop:s0 tclass=file
permissive=0 app=com.qualcomm.qti.telephonyservice
Ref: qcom/lito/device/qcom/sepolicy/+/2824781c (CRs-Fixed: 2809413)
2. vendor.qti.hardware.radio.ims.IImsRadio/default
avc: denied { find } for pid=2718 uid=10252
name=vendor.qti.hardware.radio.ims.IImsRadio/default
scontext=u:r:qtelephony:s0:c252,c256,c512,c768
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=0
Bug: 185560630
Bug: 185954927
Change-Id: Ibe935872b7a35ccdc8c2eb8eaea942ec91527abf
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1697125
Change-Id: I82f4d7bbc392705040683c090e7649637cfbe38e
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1697125
Change-Id: Ibf190c63e8e46042a9ea482fdc815ace7f73a5de
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1697125
Change-Id: I55d869c12adadde26c3a7129bd10e37afb6dc406
|
|
avc: denied { getattr } for path="/apex/apex-info-list.xml" dev="tmpfs" ino=39121 scontext=u:r:incidentd:s0 tcontext=u:object_r:apex_info_file:s0 tclass=file permissive=0
Bug: 187253611
Test: PtsSELinuxTestCases
Change-Id: Ie403bd940646ad04895181af28966fc1edd3b0b9
|
|
6f70792c2a
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1693485
Change-Id: Id80f617832a0bd72dffb21ef5a09966111a19ddc
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1693485
Change-Id: I8361880a45ed6f7dd654759112d4f993b25f6839
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1693485
Change-Id: I7ecb2d25feedc8853a2ec2b46e6f6c89289c39d3
|
|
need run /vendor/bin/sh before setprop
Bug: 180511460
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: Iade61f2c5b1aceb3e91986b8e2075cf471905f89
|
|
58afa846f0 am: dcb0444a65 -s ours
am skip reason: skip tag Change-Id I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5 with SHA-1 502152fb62 is already in history
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1686108
Change-Id: I36120f88a5a195f303720ae9295e3da8d1d44bf2
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1686108
Change-Id: I23056f103cac17be30be92a44a89022bfb192a61
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1686108
Change-Id: I9c706e68f4435f1ceeb77036b0eae2dad2a82209
|
|
USB gadget hal will access extcon folder so that this patch
will add new rule to allow USB gadget hal to access extcon.
Bug: 185302867
Test: apply the rule and verify it
Merged-In: I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5
Change-Id: I0c8c49e40673b5d81cfaa9ee14a972ea048f7dc9
|
|
USB gadget hal will access extcon folder so that this patch
will add new rule to allow USB gadget hal to access extcon.
Bug: 185302867
Test: apply the rule and verify it
Change-Id: I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5
|
|
am: 7fe645d950
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1678366
Change-Id: Ic11f030a77003938de515a5e1304eb2494201275
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1678366
Change-Id: I777b74ba3f8011b63cf1d526305b80bd4c23b285
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1678366
Change-Id: Icc28ccac225f99cc438a4f2413ffa1961f2ff9eb
|
|
|
|
7372a6ae6b
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1612097
Change-Id: I0cfdd80b4c07c2375add29e73c949ae6b3d754d2
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1612097
Change-Id: Ib3608ff14f46b2df581313fb3d18db6b0715bf8b
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1612097
Change-Id: I511a76a66d2ab453831ae646ca1cad05b4a257c3
|
|
avc: denied { set } for property=vendor.debug.ramdump.full pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:vendor_ramdump_prop:s0 tclass=property_service
avc: denied { set } for property=persist.logd.logpersistd.count pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service
avc: denied { set } for property=persist.logd.size pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logd_prop:s0 tclass=property_service
Bug: 177485581
Bug: 185859405
Change-Id: Ib300f4135e3ee5d927d18845e453cc95397d66f4
|
|
This allows the device_drop_monitor to access AIDL Stats service
Bug: 181892307
Test: Build, flash, boot & and logcat | grep "device_drop_monitor"
Change-Id: Iba7d3aace001b3d7c36c1e02504802125df7fcf2
|
|
41e5aa5c47 am: 5cd737b96d -s ours
am skip reason: skip tag Change-Id Iec3d729e5614a7b8e6132d18a0bd11b10ba535da with SHA-1 5536b59781 is already in history
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1639781
Change-Id: Iae19450643e0debd9e50eb67de295caca732c4a8
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1639781
Change-Id: Ia0c7a670fa42754b73eecefed42a0f083d141c31
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1639781
Change-Id: I7cfca4b0c323fac0d960ee4467c4a817e726ba37
|
|
The app is no longer signed with the platform key.
Bug: 162313924
Test: verify gril service function works normally
Merged-In: Iec3d729e5614a7b8e6132d18a0bd11b10ba535da
Change-Id: Iabc970e1cffd2762e9781729564eec83270c1d92
|
|
44c9ce862a
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675549
Change-Id: I822d69efc7eec5f7e595be8e0391cd85e3e0e001
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675549
Change-Id: Ifdb41538ebcb14769d3f4ff92d4792f12da82628
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675549
Change-Id: Icfb09554b58a62e64331cb099b9c767005d18033
|
|
|
|
c649fc94f1 am: 51dcedc475
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675548
Change-Id: Ibfca706fb112403b2749eab168db16ec15dde941
|
|
c649fc94f1
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675548
Change-Id: Ic14701d8554ba3dfcd42e01e997db3db428c5440
|
|
Bug: 178985646
Test: do bugreport and see no related errors
Change-Id: I6048083953648aed7a8be6f0f0998bef7c9c7b65
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675548
Change-Id: Ida1ff3fcbf5cfbe8f37b361c3966d69ed51568c8
|
|
Bug: 177389412
Bug: 177624172
Bug: 177780408
Bug: 178757209
Bug: 178757537
Bug: 178757649
Test: $ make selinux_policy
Push SELinux modules
Run the following commands and ensure incidentd denials are gone.
$ adb shell incident 3052
$ incident_report 3052
$ adb bugreport bugreport.zip
Change-Id: If80115382186b37e1e3ce20aa3ff6491bfe0b6cf
|
|
am: 81fbe6f929
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1673431
Change-Id: Ifc8f7794ad6d39777fd15416a548f33ef8a2f5c1
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1673431
Change-Id: If86691bdb7a9076428e7f7727e810dc3741b2592
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1673431
Change-Id: Ib3255de2ff459ee9f49aef6852906af8f31da95a
|
|
Bug: 181887265
Test: Test: Build, flash, and logcat for sepolicies messages
Change-Id: I1ead381ee0c8fc6dbb27842498a4692605345ea1
|