| Age | Commit message (Collapse) | Author |
|---|
|
This patch updates the user group of smd channels to net_bt_stack.
Without this change, it was not possible for non root user to open
the smd channels resulting in Bluetooth not getting turned on and
resulting in crash in libbtvendor causing BT share to stop.
bug 15321227, 15402179
Change-Id: I92ced8c6b543bcad26637428193fe55470b205ec
|
|
* commit 'b3e573f87c52a1862bf67aaa03fe80013853563c':
Improve sensors selinux policy.
|
|
Addressed the following denials.
Allow sensors binary to change its own user and group.
denied { setgid } for pid=201 comm="sensors.qcom" capability=6 scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability
denied { setuid } for pid=201 comm="sensors.qcom" capability=7 scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability
Change owner of /data/misc/sensors/debug/ to nobody. Also
dontaudit the resulting fsetid.
denied { chown } for pid=201 comm="sensors.qcom" capability=0 scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability
Log diagnostic items (/dev/diag)
denied { read write } for pid=208 comm="sensors.qcom" name="diag" dev="tmpfs" ino=6256 scontext=u:r:sensors:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file
denied { open } for pid=208 comm="sensors.qcom" name="diag" dev="tmpfs" ino=6256 scontext=u:r:sensors:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file
denied { ioctl } for pid=208 comm="sensors.qcom" path="/dev/diag" dev="tmpfs" ino=6256 scontext=u:r:sensors:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file
Create socket at /data/app/sensor_ctl_socket
denied { remove_name } for pid=209 comm="sensors.qcom" name="sensor_ctl_socket" dev="mmcblk0p23" ino=24146 scontext=u:r:sensors:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir
denied { unlink } for pid=209 comm="sensors.qcom" name="sensor_ctl_socket" dev="mmcblk0p23" ino=24146 scontext=u:r:sensors:s0 tcontext=u:object_r:apk_data_file:s0 tclass=sock_file
denied { add_name } for pid=209 comm="sensors.qcom" name="sensor_ctl_socket" scontext=u:r:sensors:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir
denied { create } for pid=209 comm="sensors.qcom" name="sensor_ctl_socket" scontext=u:r:sensors:s0 tcontext=u:object_r:apk_data_file:s0 tclass=sock_file
denied { setattr } for pid=209 comm="sensors.qcom" name="sensor_ctl_socket" dev="mmcblk0p23" ino=24146 scontext=u:r:sensors:s0 tcontext=u:object_r:apk_data_file:s0 tclass=sock_file
denied { write } for pid=209 comm="sensors.qcom" name="app" dev="mmcblk0p23" ino=24145 scontext=u:r:sensors:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir
Access /data/misc/sensors and /data/system/sensors
denied { getattr } for pid=204 comm="sensors.qcom" path="/data/misc/sensors" dev="mmcblk0p23" ino=313890 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_data_file:s0 tclass=dir
denied { setattr } for pid=216 comm="sensors.qcom" name="debug" dev="mmcblk0p23" ino=313897 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_data_file:s0 tclass=dir
denied { read append } for pid=216 comm="sensors.qcom" name="error_log" dev="mmcblk0p23" ino=313898 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_data_file:s0 tclass=file
denied { open } for pid=216 comm="sensors.qcom" name="error_log" dev="mmcblk0p23" ino=313898 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_data_file:s0 tclass=file
denied { write } for pid=204 comm="sensors.qcom" name="sensors" dev="mmcblk0p23" ino=313890 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_data_file:s0 tclass=dir
denied { add_name } for pid=204 comm="sensors.qcom" name="debug" scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_data_file:s0 tclass=dir
denied { create } for pid=204 comm="sensors.qcom" name="debug" scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_data_file:s0 tclass=dir
Access sensors dev nodes (/dev/msm_dsps,...)
denied { read } for pid=208 comm="sensors.qcom" name="msm_dsps" dev="tmpfs" ino=6324 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_device:s0 tclass=chr_file
denied { open } for pid=208 comm="sensors.qcom" name="msm_dsps" dev="tmpfs" ino=6324 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_device:s0 tclass=chr_file
denied { ioctl } for pid=299 comm="sensors.qcom" path="/dev/msm_dsps" dev="tmpfs" ino=6324 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_device:s0 tclass=chr_file
Access to persist files.
denied { search } for pid=328 comm="sensors.qcom" name="sensors" dev="mmcblk0p20" ino=14 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_file:s0 tclass=dir
denied { getattr } for pid=328 comm="sensors.qcom" path="/persist/sensors/sns.reg" dev="mmcblk0p20" ino=15 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_file:s0 tclass=file
denied { read } for pid=304 comm="sensors.qcom" name="sensors" dev="mmcblk0p20" ino=14 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_file:s0 tclass=dir
denied { open } for pid=304 comm="sensors.qcom" name="sensors" dev="mmcblk0p20" ino=14 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_file:s0 tclass=dir
denied { write } for pid=304 comm="sensors.qcom" name="sns.reg" dev="mmcblk0p20" ino=15 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_file:s0 tclass=file
Write access to power management controls
denied { write } for pid=251 comm="sensors.qcom" name="cpu_dma_latency" dev="tmpfs" ino=7294 scontext=u:r:sensors:s0 tcontext=u:object_r:power_control_device:s0 tclass=chr_file
denied { open } for pid=251 comm="sensors.qcom" name="cpu_dma_latency" dev="tmpfs" ino=7294 scontext=u:r:sensors:s0 tcontext=u:object_r:power_control_device:s0 tclass=chr_file
Wake lock access
denied { append } for pid=208 comm="sensors.qcom" name="wake_lock" dev="sysfs" ino=57 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file
denied { open } for pid=227 comm="sensors.qcom" name="wake_lock" dev="sysfs" ino=57 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file
Give system server access to sensors socket
for PowerManagerService.
denied { connectto } for pid=536 comm="system_server" path="/data/app/sensor_ctl_socket" scontext=u:r:system_server:s0 tcontext=u:r:sensors:s0 tclass=unix_stream_socket
denied { write } for pid=527 comm="system_server" name="sensor_ctl_socket" dev="mmcblk0p23" ino=24146 scontext=u:r:system_server:s0 tcontext=u:object_r:sensors_socket:s0 tclass=sock_file
Add groups radio and system to sensors binary. This allows us to
avoid dac_override denials with /dev/diag (radio) and
/sys/power/wake_lock (system). Change the permissions of
/dev/msm_dsps to 0660. This also allows us to avoid a dac_override
denial.
Change-Id: I9a8a5f1b981336db02d0a3e397d2f0791406fa9e
|
|
In order to log vendor RIL logs, diag must have radio permissions.
Change-Id: I79a1bc7324ef0402790300dfef353629009cf47f
|
|
ueventd.rc defaults /dev/diag to radio:radio group only.
Remove override from ueventd.mako.rc for this device node as
the default permissions are safer.
Bug: 6933652
Change-Id: I6c21b9aeb185f748f151b5fb85d8f6493d0bc067
Conflicts:
ueventd.mako.rc
|
|
Bug: 7151762
Change-Id: I74c24ef4892e1c28b00b8154a6994e03bd351905
Conflicts:
ueventd.mako.rc
|
|
This reverts commit dea94d4350bd5e975bd9580fd50cfa8dbd23eb95
Change-Id: I8f0ab59be7ba245c967ba0ca3b8c529fc028ae2e
|
|
This reverts commit d9b7d9a313165f120ac073bd14e38b36b59b66c8
Change-Id: I769a7498b2e5bc0dacfeec6150c8538eb2ed9406
|
|
Bug: 7151762
Change-Id: I74c24ef4892e1c28b00b8154a6994e03bd351905
|
|
Bug: 7151762
Change-Id: I14c5c3e95a07561c697830cd21573e7942100277
|
|
Change-Id: I4759c122a7bdc289b792fe64b95448c8d4e5d24d
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
|
Qcril needs to send an ioctl to /dev/mdm which has ownership as
system and in group system. Since Qcril runs as user radio
in group radio, it will not be permitted to send the ioctl
without this change.
Change-Id: Ie6a82f29e0772a9955e49ec9bab0323b8bebc28f
Crs-Fixed: 401598
|
|
Change-Id: Ic7cfdf97f6588314213ac9f225a9b5ad99f0986d
|
|
- RTAC(RealTime Audio Calibration) can tune audio parameter of APQ8064 in real
time
Change-Id: I5a0d1e1097a697922eb7a1eed6f9b77e578a031a
|
|
Change-Id: Id323722db0f8a6b4096cfbf06f9a193e4649ca7b
|
|
- add qseecomd service
- change mode and owner of qseecom
Change-Id: I7914fc41368e6c8c5708d7fdaa2178716db05c15
|
|
- Moved device node owner/mode settings to ueventd
- Create necessary /data/nfc and /data/nfc/param dirs for NVstorage
- Added required NFC product packages
- Added nfcee access files, to allow Google Wallet access.
Change-Id: Ib8ec711288498baf16eea532523a57eb668c56ad
|
|
Change-Id: I52f578a54a3f86cb3b59601aaca4f343dcb2a618
|
|
- top-level init.mako.bt.sh script calls hci_qcomm_init to initialize bluetooth
- modified BoardConfig.mk, device.mk, init.mako.rc. ueventd.mako.rc
to add bring up code (remove qcom property for smd)
Change-Id: Id97080655696676c02fea93138eb819b1ee1a4b9
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
|
Change-Id: Ia985967df6cc41d72acb6064c2b991499822ca06
|
|
- change from 0664 to 0660
Change-Id: I84de8fb83c84a4ea06c016fb5dfd88af892f887a
|
|
- set the right permissions for SMD channels
- enabled the following daemons:
-- bridgemgrd dbus-daemon netmgrd
-- qmiproxy qmuxd rmt_storage
- enabled kickstart to load the modem image
- add USB composition to support diag
- set property to point rild to the appropriate library
Change-Id: Ic6370f95ed8503e3a7312b11ee67fb7facc7a81d
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
|
Change-Id: I9dc209ab9af8a623872a10ef5354d3af1aa18010
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
|
Change-Id: I4df31361e13771c528bb324aa80c876a400e7f28
|
|
Change-Id: I5c364ced5b26c5c6d8f51f87146d5ec4484586ae
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
