Age | Commit message (Collapse) | Author |
|
avc: denied { read } for comm="Binder:6457_1" name="u:object_r:vendor_aware_available_prop:s0" dev="tmpfs" ino=21989 scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_aware_available_prop:s0 tclass=file permissive=0
Bug: 191214116
Test: pts-tradefed run pts -m PtsSELinuxTest -t
com.google.android.selinux.pts.SELinuxTest#scanBugreport
Change-Id: I25cc16019d60e1a191cbf132ee6b1a2ef92b42a9
|
|
Test: Ensure there are no sepolicy errors for bd_clear
Bug: 192921867
Change-Id: I0974829c7cca465afaa2b3c89da550b7f54aff69
Merged-In: Id0e2306bf751fdce9afec65a54bd83c733885436
|
|
Bug: 190543676
Bug: 192033450
Test: No hexagon failure detected
Merged-In: Ide3b2e474a55df2a460269b88b716f16f2b7fc41
Change-Id: Ide3b2e474a55df2a460269b88b716f16f2b7fc41
|
|
avc: denied { read } for name="android.hardware.graphics
.mapper@4.0-impl-qti-display.so" dev="dm-7"
ino=2012 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:vendor_file:s0 tclass=file
permissive=0
Bug: 189893985
Change-Id: I4c2275e155bd71793d554e5d44d7833d4c4ab9da
|
|
hal_gnss_qti:
avc: denied { search } for comm="android.hardwar" name="location"
dev="dm-6" ino=341 scontext=u:r:hal_gnss_qti:s0
tcontext=u:object_r:location_data_file:s0 tclass=dir permissive=0
Bug: 191613553
Change-Id: Idc2ff2dab3da8cb0b22ae7ea87370dc2348666eb
|
|
avc: denied { dac_read_search } for comm="tftp_server" capability=2 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0
avc: denied { dac_override } for comm="tftp_server" capability=1 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0
Bug: 189167816
Change-Id: I738bb1c1699dd6d2e075fb0f822129d65328eb5a
|
|
1. init_qti_chg_policy sysfs_wakeup:dir read
denied { read } for comm="find" name="wakeup8" dev="sysfs" ino=55134
scontext=u:r:init_qti_chg_policy:s0 tcontext=u:object_r:sysfs_wakeup:s0
tclass=dir permissive=0
init_qti_chg_policy sysfs_iio_devices:dir search
denied { search } for comm="cat" name="devices" dev="sysfs" ino=42746
scontext=u:r:init_qti_chg_policy:s0
tcontext=u:object_r:sysfs_iio_devices:s0 tclass=dir permissive=0
2. cnd default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.mwqemadapter::IMwqemAdapter
sid=u:r:cnd:s0 pid=1224 scontext=u:r:cnd:s0
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
3. rild default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo
sid=u:r:rild:s0 pid=1424 scontext=u:r:rild:s0
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
4. sensors sensors_vendor_data_file:dir search
denied { search } for name="sensors" dev="dm-6" ino=262
scontext=u:r:sensors:s0
tcontext=u:object_r:sensors_vendor_data_file:s0 tclass=dir
permissive=0
5. qtelephony default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo
sid=u:r:qtelephony:s0:c32,c257,c512,c768 pid=4377
scontext=u:r:qtelephony:s0:c32,c257,c512,c768
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
6. hvdcp
denied { write } for name="kmsg" dev="tmpfs" ino=26341 scontext=u:r:hvdcp:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
Bug: 188064567
Change-Id: Ib5e59796a56d6cb39fa1d482599d93903431ab2a
|
|
Bug: 185598142
Bug: 182255618
Change-Id: Idba839ead12334815e0fc989981050f128096cb9
|
|
init: Could not start service 'keymaster-4-1' as part of class 'early_hal':
File /vendor/bin/hw/android.hardware.keymaster@4.1-service-qti(labeled "u:object_r:vendor_file:s0")
has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.
reference to qcom/lito/platform/vendor/qcom/sepolicy_vndr:fefbf6b185221bb37b24ae8eea74862a97389650
cherry-pick from 6903a0fa10f95bec2d05608a20b2d6164177846d
Bug: 185598142
Bug: 178358917
Change-Id: I77c6a6cda6b2772d4ff81a3bb6a0fc819cc47f49
|
|
grilservice_app" into sc-dev
|
|
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1708166
Change-Id: I6b238f58c7eb0d721437e7c6b9553e29d85e3d3f
|
|
05-12 13:18:16.449 1095 1095 I auditd : type=1400 audit(0.0:7): avc: denied { getattr } for comm="pd-mapper" path="/dev/kmsg" dev="tmpfs" ino=17807 scontext=u:r:vendor_pd_mapper:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
Bug: 177335164
Test: boot to home with no avc error
Change-Id: Ia076cca5a5335063edc31990fca7a51fedf117b7
|
|
Bug: 182526894
Test: manaul
Change-Id: Id1fe4d70af39a8113c76cbb465a93ae71c27b156
|
|
1. com.qualcomm.qti.telephonyservice
{ read } for comm="elephonyservice"
name="u:object_r:vendor_radio_prop:s0" dev="tmpfs" ino=25322
scontext=u:r:platform_app:s0:c512,
c768 tcontext=u:object_r:vendor_radio_prop:s0 tclass=file
permissive=0 app=com.qualcomm.qti.telephonyservice
Ref: qcom/lito/device/qcom/sepolicy/+/2824781c (CRs-Fixed: 2809413)
2. vendor.qti.hardware.radio.ims.IImsRadio/default
avc: denied { find } for pid=2718 uid=10252
name=vendor.qti.hardware.radio.ims.IImsRadio/default
scontext=u:r:qtelephony:s0:c252,c256,c512,c768
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=0
Bug: 185560630
Bug: 185954927
Change-Id: Ibe935872b7a35ccdc8c2eb8eaea942ec91527abf
|
|
6f70792c2a
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1693485
Change-Id: Id80f617832a0bd72dffb21ef5a09966111a19ddc
|
|
need run /vendor/bin/sh before setprop
Bug: 180511460
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: Iade61f2c5b1aceb3e91986b8e2075cf471905f89
|
|
USB gadget hal will access extcon folder so that this patch
will add new rule to allow USB gadget hal to access extcon.
Bug: 185302867
Test: apply the rule and verify it
Merged-In: I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5
Change-Id: I0c8c49e40673b5d81cfaa9ee14a972ea048f7dc9
|
|
USB gadget hal will access extcon folder so that this patch
will add new rule to allow USB gadget hal to access extcon.
Bug: 185302867
Test: apply the rule and verify it
Change-Id: I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5
|
|
am: 7fe645d950
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1678366
Change-Id: Ic11f030a77003938de515a5e1304eb2494201275
|
|
|
|
7372a6ae6b
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1612097
Change-Id: I0cfdd80b4c07c2375add29e73c949ae6b3d754d2
|
|
avc: denied { set } for property=vendor.debug.ramdump.full pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:vendor_ramdump_prop:s0 tclass=property_service
avc: denied { set } for property=persist.logd.logpersistd.count pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service
avc: denied { set } for property=persist.logd.size pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logd_prop:s0 tclass=property_service
Bug: 177485581
Bug: 185859405
Change-Id: Ib300f4135e3ee5d927d18845e453cc95397d66f4
|
|
This allows the device_drop_monitor to access AIDL Stats service
Bug: 181892307
Test: Build, flash, boot & and logcat | grep "device_drop_monitor"
Change-Id: Iba7d3aace001b3d7c36c1e02504802125df7fcf2
|
|
The app is no longer signed with the platform key.
Bug: 162313924
Test: verify gril service function works normally
Merged-In: Iec3d729e5614a7b8e6132d18a0bd11b10ba535da
Change-Id: Iabc970e1cffd2762e9781729564eec83270c1d92
|
|
am: 81fbe6f929
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1673431
Change-Id: Ifc8f7794ad6d39777fd15416a548f33ef8a2f5c1
|
|
Bug: 181887265
Test: Test: Build, flash, and logcat for sepolicies messages
Change-Id: I1ead381ee0c8fc6dbb27842498a4692605345ea1
|
|
The app is no longer signed with the platform key.
Bug: 162313924
Test: verify gril service function works normally
Change-Id: Iec3d729e5614a7b8e6132d18a0bd11b10ba535da
|
|
|
|
19a990f686
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1663041
Change-Id: Ia5148647da3a4feb506aad0dbbbd0f49701a4a87
|
|
Bug: 166559473
Bug: 183135316
Test: build
Change-Id: Ic072e046d3c0e448417574d4a6868e9f205c1ee6
|
|
This allows the uv_exposure_reporter to access AIDL Stats service
Bug: 181892307
Test: Build, flash, boot & and logcat | grep "uv_exposure_reporter"
Change-Id: I5aaa2a815ec91e5503197e57508804813d4c2aa3
|
|
210fbd738b
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1652891
Change-Id: I656addbf91e6d8e3e0fed8b8739056fcea8ac651
|
|
This allows the hal_health_default to access AIDL Stats service
Bug: 181351177
Test: Build, flash, boot & and logcat | grep "hal_health_default"
Change-Id: I35fe6fbfa6d098a05286785449fa51223f14563a
|
|
Sign with default key
Test: manually, connect to wifi, reboot and check logcat, no new error
message after apply patch
adb logcat |egrep "Hardware|System.err"
Bug: 162295589
Signed-off-by: Denny cy Lee <dennycylee@google.com>
Change-Id: Iafb8f978981a03020974804f121f04aec7bf334f
Merged-in: Iafb8f978981a03020974804f121f04aec7bf334f
|
|
|
|
11190af27c am: b4091a5216 am: 5a7fbe6185
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1651607
Change-Id: I22d8ab4e87444bb967915d77424ad786b7c0fccd
|
|
|
|
Added permission
- IBluetoothHal access for GRIL service
Bug: 172294179
Change-Id: I2a4af793332c21b0968b3aaf4e13434bdef3ee1e
|
|
Bug: 161414036
Test: hal v1.3 bring up normally
Signed-off-by: Albert Wang <albertccwang@google.com>
Change-Id: I6e3edf0f6d1df390d7fa1c86d9ca9a5a99ff37bf
|
|
am: 3d19dc020a am: adf5639346 am: 4a28316c45
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1646098
Change-Id: I898579173801492f7fdcd0124a8dc06c15a45125
|
|
Bug: 171793497
Test: Ensure there are no sepolicy violations for this device
Change-Id: I979a149ad427bcbfc6a1faf89e26fe710ff7e166
|
|
netmgrd vendor_default_prop:property_service set
avc: denied { set } for property=persist.vendor.data.offload_ko_load
pid=1213 uid=1001 gid=1001
scontext=u:r:netmgrd:s0 tcontext=u:object_r:vendor_default_prop:s0
tclass=property_service permissive=0
Bug: 175076226
Bug: 171353985
Bug: 183061600
Change-Id: Id7e03e22046eb9306f7b0bb6d7c7f56f44ffbbf7
|
|
Bug: 182320246
Test: make selinux_policy
Change-Id: I3ae70835bccde2735d4deefcbbe90b62e05f3cde
|
|
|
|
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1619804
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ieb651d7a6e1bddcaa11017f462bfc3ea8fd5c09b
|
|
|
|
This allows the hal_sensors_default implementation library libsensorsuez
access AIDL Stats service via system servicemanager
Bug: 178523659
Test: Build, flash, boot & and logcat | grep "hal_sensors_default"
Change-Id: I73d9bafa450a8a1a6392d22990c7ccd240877b3a
|
|
Bug: 168011527
Test: built pass
Change-Id: If5846bbc4e406d8dfac323142ad9324c5101aeba
|
|
Bug: 180401296
Merged-In: I6de871f2a9107c4a8438139af720a86e3e760756
Change-Id: I646cf656401a6e71345c4faf7f89ab8d0d1b822b
|