Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-01-29 23:19:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
233 Commits 2 Branches 0 Tags
8bfe8965a2ceeb5bcd2dd617d187a3368229949e
Commit Graph

233 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Bires
8bfe8965a2 Adding allow rules and contexts to handle the following denials 
denied  { getattr } for  pid=580 comm="ueventd" name="sda20" dev="tmpfs"
ino=19514 scontext=u:r:ueventd:s0 tcontext=u:object_r:tmpfs:s0
tclass=blk_file

denied  { write } for  pid=580 comm="ueventd" name="uevent" dev="sysfs"
ino=44062 scontext=u:r:ueventd:s0
tcontext=u:object_r:sysfs_bluetooth_writable:s0 tclass=file

denied { search } for pid=826 comm="time_daemon" name="msm_subsys"
dev="sysfs" ino=16858 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { write } for pid=2934 comm="Binder:1189_4" name="timerslack_ns"
dev="proc" ino=38677 scontext=u:r:system_server:s0
tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=file

denied { write } for pid=3936 comm="Binder:1189_C" name="timerslack_ns"
dev="proc" ino=85544 scontext=u:r:system_server:s0
tcontext=u:r:platform_app:s0:c512,c768 tclass=file

denied { write } for pid=1201 comm="Binder:1189_2" name="timerslack_ns"
dev="proc" ino=83223 scontext=u:r:system_server:s0
tcontext=u:r:system_app:s0 tclass=file

denied { write } for pid=1584 comm="Binder:1189_3" name="timerslack_ns"
dev="proc" ino=81248 scontext=u:r:system_server:s0
tcontext=u:r:audioserver:s0 tclass=file

denied { write } for pid=1201 comm="Binder:1189_2" name="timerslack_ns"
dev="proc" ino=38795 scontext=u:r:system_server:s0
tcontext=u:r:priv_app:s0:c512,c768 tclass=file

denied { write } for pid=1584 comm="Binder:1189_3" name="timerslack_ns"
dev="proc" ino=86229 scontext=u:r:system_server:s0
tcontext=u:r:untrusted_app:s0:c512,c768 tclass=file

denied { write } for pid=4624 comm="Binder:1189_E" name="timerslack_ns"
dev="proc" ino=105556 scontext=u:r:system_server:s0
tcontext=u:r:radio:s0 tclass=file

denied { write } for pid=1201 comm="Binder:1189_2" name="timerslack_ns"
dev="proc" ino=26256 scontext=u:r:system_server:s0
tcontext=u:r:hal_audio_default:s0 tclass=file

denied { create } for pid=836 comm="perfd" name="default_values"
scontext=u:r:perfd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied  { find } for service=qti.ims.ext pid=3750 uid=1001
scontext=u:r:radio:s0 tcontext=u:object_r:imscm_service:s0
tclass=service_manager

denied { lock } for comm="ip6tables" path="/system/etc/xtables.lock"
dev="sda22" ino=968 scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_file:s0 tclass=file

denied { getattr } for comm="android.hardwar"
path="/sys/devices/soc/c17a000.i2c/i2c-6/6-005a/leds/vibrator/duration"
dev="sysfs" ino=46884 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { open } for comm="android.hardwar"
path="/sys/devices/soc/c17a000.i2c/i2c-6/6-005a/leds/vibrator/activate"
dev="sysfs" ino=46883 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for comm="android.hardwar" name="vibrator" dev="sysfs"
ino=41304 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=lnk_file

denied { search } for comm="android.hardwar" name="leds" dev="sysfs"
ino=27814 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=dir

denied  { add } for
service=com.fingerprints.extension.IFingerprintNavigation pid=884
uid=1000 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:fingerprint_service:s0 tclass=service_manager

denied { open } for pid=9391 comm="cat"
path="/sys/devices/virtual/thermal/cooling_device0/type" dev="sysfs"
ino=44002 scontext=u:r:hal_dumpstate_impl:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file

denied { read } for pid=9391 comm="cat" name="type" dev="sysfs"
ino=44002 scontext=u:r:hal_dumpstate_impl:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file

denied { search } for pid=9391 comm="cat" name="thermal" dev="sysfs"
ino=28795 scontext=u:r:hal_dumpstate_impl:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir

denied { getattr } for pid=9381 comm="ls"
path="/sys/kernel/debug/ion/heaps/secure_heap" dev="debugfs" ino=10246
scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:debugfs:s0
tclass=file

denied { open } for pid=9381 comm="ls"
path="/sys/kernel/debug/ion/heaps" dev="debugfs" ino=9218
scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:debugfs:s0
tclass=dir

denied { read } for pid=9381 comm="ls" name="heaps" dev="debugfs"
ino=9218 scontext=u:r:hal_dumpstate_impl:s0
tcontext=u:object_r:debugfs:s0 tclass=dir

denied { search } for pid=5401 comm="surfaceflinger" name="clients"
dev="debugfs" ino=8429 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:debugfs_ion:s0 tclass=dir

denied { search } for pid=5294 comm="android.hardwar" name="clients"
dev="debugfs" ino=8429 scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:debugfs_ion:s0 tclass=dir

denied { write } for comm="android.hardwar" name="activate" dev="sysfs"
ino=46883 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file

denied { lock execute_no_trans } for comm="rild" path="/vendor/qcril.db"
dev="sda20" ino=1019 scontext=u:r:rild:s0
tcontext=u:object_r:vendor_file:s0 tclass=file

Bug: 34784662
Test: The above denials are no longer occuring

Change-Id: I7931a8c3ed8bdfb7190d6c5c14a11525dca5be3a
 2017-04-07 19:57:13 +00:00
Ed Tam
bfe6ab006c Merge "thermal: specify location to load thermal config" 2017-04-07 03:13:31 +00:00
TreeHugger Robot
2bcd23683f Merge "power: Fix power hal compiler warnings" 2017-04-06 22:19:26 +00:00
John Dias
ce2a1baf2a thermal: specify location to load thermal config 
Bug: 35700896
Test: boot, check for thermal-engine messages
Change-Id: I48c296f2751b8a5150dd7d37f89f29a688a6f949
 2017-04-06 13:45:21 -07:00
Adrian Salido
4b51c52e7f power: Fix power hal compiler warnings 
Bug: 30432975
Test: compile power hal for walleye without warnings
Change-Id: I0d90c26462c662690f8a179250000b9a449a109f
 2017-04-06 13:41:04 -07:00
Connor O'Brien
3c7822edf1 Merge "wahoo: use binderized boot HAL" 2017-04-06 20:24:11 +00:00
Yifan Hong
a7e7e26eba Merge "Add type to device manifest." 2017-04-06 06:23:19 +00:00
TreeHugger Robot
265e0dd79a Merge "Add new type and domain for vendor radio" 2017-04-06 04:29:44 +00:00
Ecco Park
8450042263 Merge "Add permissions to access wlan device node" 2017-04-06 03:53:48 +00:00
TreeHugger Robot
f622c29a28 Merge "Add drm hal to wahoo" 2017-04-05 23:19:16 +00:00
Max Bires
db7d8111a2 Merge "Adding file_contexts to fix hal_bluetooth" 2017-04-05 22:35:50 +00:00
Jeff Tinker
ea51adeb28 Add drm hal to wahoo 
bug:35808472

Test: compiles, I don't have a device to test
Change-Id: I3839a5335f4fd976a6d668f037756bca00676bb8
 2017-04-05 14:56:50 -07:00
Srinivas Girigowda
9f28ebd426 Add permissions to access wlan device node 
This changes are added to give permissions to wlan device
node this includes providing required file context and
permissions to device created and control access only to required
systemserver.

Change-Id: I64554c3d4a2543eefc5ec809eaef407502081cf5
CRs-Fixed: 2010702
Bug: 36494467
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
 2017-04-05 14:56:12 -07:00
TreeHugger Robot
4de588158d Merge "wahoo: Create PDX socket dirs and cpusets for VR services" 2017-04-05 21:27:01 +00:00
Alex Vakulenko
4633df33ed wahoo: Create PDX socket dirs and cpusets for VR services 
Recent CL make VR services hard-fail (crash) on failed attempt to
create PDX sockets. Wahoo-based devices don't have socket directories
under /dev/socket/pdx/... to create those sockets, so they now crash
at boot (which includes surfaceflinger). This prevents the device from
even booting. Add init script to create those socket directories.

Also, create necessary cpusets used by VR services, similar to what
was done for marlin/sailfish (see this commit in device/google/marlin:
1cc612c4ee646e8fc6ae69e8837b9b0d0b2119ce).

Bug: 36977281
Test: `lunch walleye-eng && m -j32 && flash` - build succeeds, device boots
Change-Id: Ic458ceabb16917bcf574f6d8e2de864d41a44d96
 2017-04-05 14:23:04 -07:00
Badhri Jagan Sridharan
8a8b465970 Merge "USB: HIDL: check the status of registerAsService" 2017-04-05 21:16:06 +00:00
David Lin
971ea5d074 vibrator hal: add support for drv2624 haptics driver on wahoo 
This adds the vibrator HAL that implements the new setAmplitude and
perform(Effect) API.

Test done: vibrator_hidl_hal_test
Bug: 36782452

Change-Id: If9988434277790becb469d4dd928e75f7e6af41a
Signed-off-by: David Lin <dtwlin@google.com>
 2017-04-05 12:44:20 -07:00
Jie Song
21ec03152e Add new type and domain for vendor radio 
1. Add radio_vendor_data_file type
2. Add logger_app domain

Bug: 36859102
Test: Verify no security denial
Change-Id: I6c9236a3b2e0b459bf16b2861e7ddfebca3ed9c6
 2017-04-05 10:49:30 -07:00
Max Bires
eb252fd433 Adding file_contexts to fix hal_bluetooth 
Handles denials of the following sort where hal_bluetooth didn't have
access to the directories in sysfs that it needed

denied { write } for comm="android.hardwar" name="extldo" dev="sysfs"
ino=44059 scontext=u:r:hal_bluetooth_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

Bug: 34784662
Test: hal_bluetooth denials are cleaned up
Change-Id: I7cc01fbc1c6414a871e6b0a3b3c95e17a3cd1d99
 2017-04-05 09:50:22 -07:00
Wei Wang
df8b9af4a5 Merge "wahoo: improve boot time and pull in bootanim display time" 2017-04-05 14:33:42 +00:00
Yifan Hong
4e21b916bd Add type to device manifest. 
Test: pass
Change-Id: I829f074ed3bd5987817fe48138bd365199be58ca
 2017-04-04 20:00:49 -07:00
TreeHugger Robot
aa4df693c7 Merge "Add usb service" 2017-04-05 02:45:58 +00:00
Wei Wang
e0fc600245 wahoo: improve boot time and pull in bootanim display time 
1) separate fstab mount
2) launch bootanim early
3) boottime cpuset/io tune
4) parallel slow init operations: write sysfs and insmod

After CL:
Boot time saved 330ms, bootanim triggered early before data/ mounted

Bug: 36780513
Test: walleye boots
Change-Id: I02803179746710413f4b1e2372f3550cd95d1581
 2017-04-04 19:11:21 -07:00
TreeHugger Robot
b1a2a67cf8 Merge "Adding service_context's and allows to handle the following denials" 2017-04-04 23:49:46 +00:00
Connor O'Brien
2deebd4cb8 wahoo: use binderized boot HAL 
Add the binderized boot HAL service to the manifest and grant
necessary SELinux permissions to access block devices.

Bug: 35810130
Test: Device boots & passes boot VTS test
Change-Id: I4df5ec0ff2f170da31e0748e376cda309802b554
Signed-off-by: Connor O'Brien <connoro@google.com>
 2017-04-04 16:48:20 -07:00
TreeHugger Robot
5cb55c5e82 Merge "Wifi Offload HAL implementation for V1.0 interface" 2017-04-04 23:10:35 +00:00
Wei Wang
86ca1da571 Merge "wahoo: include missing libwpa_client" 2017-04-04 22:12:49 +00:00
Max Bires
26fe3e3a66 Adding service_context's and allows to handle the following denials 
denied  { add } for service=rcs pid=3849 uid=1001 scontext=u:r:radio:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager

denied  { add } for service=qti.ims.ext pid=5885 uid=1001
scontext=u:r:radio:s0 tcontext=u:object_r:default_android_service:s0
tclass=service_manager

denied  { add } for service=cneservice pid=3134 uid=1000
scontext=u:r:system_app:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager

denied  { find } for service=permission pid=839 uid=0
scontext=u:r:folio_daemon:s0 tcontext=u:object_r:permission_service:s0
tclass=service_manager

denied  { find } for service=sensorservice pid=839 uid=0
scontext=u:r:folio_daemon:s0
tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager

denied  { add } for
service=com.fingerprints.extension.IFingerprintNavigation pid=847
uid=1000 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager

denied { set } for property=radio.traffic.stats.tx pid=830 uid=1001
gid=1001 scontext=u:r:rild:s0 tcontext=u:object_r:default_prop:s0
tclass=property_service

denied { getattr } for pid=708 comm="servicemanager"
scontext=u:r:servicemanager:s0 tcontext=u:r:folio_daemon:s0
tclass=process

denied { open } for pid=708 comm="servicemanager"
path="/proc/832/attr/current" dev="proc" ino=33917
scontext=u:r:servicemanager:s0 tcontext=u:r:folio_daemon:s0 tclass=file

denied { read } for pid=708 comm="servicemanager" name="current"
dev="proc" ino=33917 scontext=u:r:servicemanager:s0
tcontext=u:r:folio_daemon:s0 tclass=file

denied { search } for pid=708 comm="servicemanager" name="832"
dev="proc" ino=21805 scontext=u:r:servicemanager:s0
tcontext=u:r:folio_daemon:s0 tclass=dir

denied { call } for pid=743 comm="Binder:698_2" scontext=u:r:per_mgr:s0
tcontext=u:r:system_server:s0 tclass=binder

denied { call } for pid=743 comm="Binder:698_2" scontext=u:r:per_mgr:s0
tcontext=u:r:rild:s0 tclass=binder

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I0b09503680bb8e11d5e4ae63033a441e4c03a2cd
 2017-04-04 21:53:50 +00:00
Sohani Rao
a25b59e448 Wifi Offload HAL implementation for V1.0 interface 
Implements Offload HAL HIDL service for Wifi Offload v1.0 interface

Bug: 32842314
Test: Unit tests and Mannual test to ensure service is running
Change-Id: I9612ec28b9b042be10b7e022362124de906649ab
 2017-04-04 14:29:20 -07:00
Trevor Bunker
8a611aeffe sepolicy: fix build 
duplicate file type chre_socket

Test: manual build
Change-Id: Ic608570c6a86a7ef8bdbda9449c6123e4372d3bb
 2017-04-04 13:34:32 -07:00
Wei Wang
0db68e8fe3 wahoo: include missing libwpa_client 
Bug: 36893555
Test: build and boot muskie
Change-Id: I6cde962cebdfc15f377ca0d9f36aadeafedade06
 2017-04-04 11:49:01 -07:00
TreeHugger Robot
778d0e0bc6 Merge "Adding allows to handle the following denials." 2017-04-04 18:10:40 +00:00
Badhri Jagan Sridharan
49e7f44507 USB: HIDL: check the status of registerAsService 
registerAsService call could fail. Hence check the return value.

Bug: 36704362
Change-Id: I46dcd74dbee6aba72cf344f10854e5d4b1b6de18
 2017-04-04 10:38:37 -07:00
Max Bires
275bad3194 Adding allows to handle the following denials. 
denied  { add find } for service=rcs pid=8083 uid=1001
scontext=u:r:radio:s0 tcontext=u:object_r:default_android_service:s0
tclass=service_manager

denied  { find } for service=vendor.qcom.PeripheralManager pid=850
uid=1000 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:per_mgr_service:s0 tclass=service_manager

denied  { find } for service=vendor.qcom.PeripheralManager pid=846
uid=1001 scontext=u:r:rild:s0 tcontext=u:object_r:per_mgr_service:s0
tclass=service_manager

denied  { find } for service=vendor.qcom.PeripheralManager pid=1365
uid=1000 scontext=u:r:system_server:s0
tcontext=u:object_r:per_mgr_service:s0 tclass=service_manager

denied { relabelto } for name="sda20" dev="tmpfs" ino=18344
scontext=u:r:init:s0 tcontext=u:object_r:sda_block_device:s0
tclass=blk_file

denied { getattr } for pid=2911 comm="droid.bluetooth"
path="/storage/emulated" dev="tmpfs" ino=80994 scontext=u:r:bluetooth:s0
tcontext=u:object_r:storage_stub_file:s0 tclass=dir

denied { write } for pid=841 comm="chre" name="socket" dev="tmpfs"
ino=20101 scontext=u:r:chre:s0 tcontext=u:object_r:socket_device:s0
tclass=dir

denied { ioctl } for pid=837 comm="folio_daemon" path="/dev/binder"
dev="tmpfs" ino=20922 ioctlcmd=6201 scontext=u:r:folio_daemon:s0
tcontext=u:object_r:binder_device:s0 tclass=chr_file

denied { create read getattr } for pid=700 comm="android.hardwar"
name="WCD9340_Bluetooth_cal.acdbdelta" scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:audio_data_file:s0 tclass=file

denied { search write add_name } for pid=700 comm="android.hardwar"
name="audio" dev="sda45" ino=639037 scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:audio_data_file:s0 tclass=dir

denied { connectto } for pid=935 comm="HwBinder:823_2"
path="/dev/socket/perfd" scontext=u:r:mediacodec:s0
tcontext=u:r:perfd:s0 tclass=unix_stream_socket

denied { connectto } for pid=1276 comm="writer" path="/dev/socket/perfd"
scontext=u:r:hal_audio_default:s0 tcontext=u:r:perfd:s0
tclass=unix_stream_socket

denied { write } for pid=1276 comm="writer" name="perfd" dev="tmpfs"
ino=24997 scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:perfd_socket:s0 tclass=sock_file

denied { create read getattr } for pid=841 comm="perfd"
name="default_values" scontext=u:r:perfd:s0
tcontext=u:object_r:system_data_file:s0 tclass=file

denied { write add_name } for pid=841 comm="perfd" name="perfd"
dev="sda45" ino=3407877 scontext=u:r:perfd:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { read } for pid=841 comm="perfd" name="cpus" dev="cgroup" ino=99
scontext=u:r:perfd:s0 tcontext=u:object_r:cgroup:s0 tclass=file

denied { read open getattr } for pid=803 comm="perfd"
name="u:object_r:post_boot_prop:s0" dev="tmpfs" ino=18264
scontext=u:r:perfd:s0 tcontext=u:object_r:post_boot_prop:s0 tclass=file

denied { read open ioctl } for pid=702 comm="android.hardwar"
path="/dev/block/sdb" dev="tmpfs" ino=10114 ioctlcmd=1268
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

denied { write } for pid=703 comm="android.hardwar" name="sdb"
dev="tmpfs" ino=18208 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sdb_block_device:s0 tclass=blk_file

denied { connectto } for pid=704 comm="android.hardwar"
path="/dev/socket/perfd" scontext=u:r:hal_power_default:s0
tcontext=u:r:perfd:s0 tclass=unix_stream_socket

denied { search } for pid=714 comm="android.hardwar"
name="800f000.qcom,spmi" dev="sysfs" ino=17602
scontext=u:r:hal_usb_default:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read open getattr } for pid=714 comm="android.hardwar"
name="current_power_role" dev="sysfs" ino=49071
scontext=u:r:hal_usb_default:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=file

denied { search } for pid=1062 comm="imsdatadaemon" name="netmgr"
dev="tmpfs" ino=22946 scontext=u:r:ims:s0
tcontext=u:object_r:netmgrd_socket:s0 tclass=dir

denied { create setattr unlink } for pid=818 comm="init" name="chre"
dev="tmpfs" ino=21770 scontext=u:r:init:s0
tcontext=u:object_r:socket_device:s0 tclass=sock_file

denied { connectto } for pid=696 comm="setprop"
path="/dev/socket/property_service" scontext=u:r:init_power:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { set } for property=sys.post_boot.parsed pid=696 uid=0 gid=0
scontext=u:r:init_power:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

denied { write } for pid=696 comm="setprop" name="property_service"
dev="tmpfs" ino=21108 scontext=u:r:init_power:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { read open write } for pid=836 comm="perfd" name="swap_ratio"
dev="proc" ino=25638 scontext=u:r:perfd:s0 tcontext=u:object_r:proc:s0
tclass=file

denied { read open } for pid=827 comm="perfd"
name="available_frequencies" dev="sysfs" ino=33342 scontext=u:r:perfd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { search } for pid=827 comm="perfd" name="5000000.qcom,kgsl-3d0"
dev="sysfs" ino=21521 scontext=u:r:perfd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=827 comm="perfd" name="devfreq" dev="sysfs"
ino=33377 scontext=u:r:perfd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=lnk_file

denied { write } for pid=881 comm="perfd" name="perfd" dev="sda45"
ino=3407877 scontext=u:r:perfd:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { read } for pid=827 comm="perfd" name="soc_id" dev="sysfs"
ino=49301 scontext=u:r:perfd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { write } for pid=3830 comm=504F5349582074696D65722032
name="perfd" dev="tmpfs" ino=8971 scontext=u:r:perfd:s0
tcontext=u:object_r:perfd_socket:s0 tclass=sock_file

denied { search } for pid=827 comm="perfd" name="soc0" dev="sysfs"
ino=49297 scontext=u:r:perfd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

denied { kill } for pid=858 comm="perfd" capability=5
scontext=u:r:perfd:s0 tcontext=u:r:perfd:s0 tclass=capability

denied { signull } for pid=858 comm="perfd" scontext=u:r:perfd:s0
tcontext=u:r:mediacodec:s0 tclass=process

denied { call } for pid=924 comm="Binder:732_1" scontext=u:r:per_mgr:s0
tcontext=u:r:wcnss_service:s0 tclass=binder

denied { search } for pid=3670 comm="IFMsg_Rxr" name="qmux_radio"
dev="tmpfs" ino=22942 scontext=u:r:radio:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=dir

denied { write } for pid=3789 comm="IFMsg_Rxr" name="rild_ims0"
dev="tmpfs" ino=28087 scontext=u:r:radio:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file

denied { search } for pid=1405 comm="rild" name="netmgr" dev="tmpfs"
ino=22946 scontext=u:r:rild:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=dir

denied { open } for pid=3138 comm=".dataservices"
path="/dev/__properties__/u:object_r:cnd_prop:s0" dev="tmpfs" ino=18241
scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_prop:s0 tclass=file

denied { create read getattr lock unlink } for pid=3134 comm="Thread-5"
name="xtra.sqlite" scontext=u:r:system_server:s0
tcontext=u:object_r:location_data_file:s0 tclass=file

denied { search } for pid=3594 comm="Thread-5" name="netmgr" dev="tmpfs"
ino=22946 scontext=u:r:system_server:s0
tcontext=u:object_r:netmgrd_socket:s0 tclass=dir

denied { search } for pid=1578 comm="system-server-i" name="/"
dev="sdd3" ino=2 scontext=u:r:system_server:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { call } for pid=3134 comm="Thread-5"
scontext=u:r:system_server:s0 tcontext=u:r:per_mgr:s0 tclass=binder

denied { search write add_name create read open remove_name } for
pid=3134 comm="Thread-5" name="location" dev="sda45" ino=639046
scontext=u:r:system_server:s0 tcontext=u:object_r:location_data_file:s0
tclass=dir

denied { transfer } for pid=1445 comm="Binder:1425_1"
scontext=u:r:system_server:s0 tcontext=u:r:folio_daemon:s0 tclass=binder

denied { read create write } for pid=929 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { ioctl } for pid=925 comm="time_daemon" path="socket:[18992]"
dev="sockfs" ino=18992 ioctlcmd=c302 scontext=u:r:time_daemon:s0
tcontext=u:r:time_daemon:s0 tclass=socket

denied { ioctl } for pid=859 comm="time_daemon" path="socket:[19003]"
dev="sockfs" ino=19003 ioctlcmd=c304 scontext=u:r:time_daemon:s0
tcontext=u:r:time_daemon:s0 tclass=socket

denied { read open } for pid=827 comm="time_daemon" name="rtc0"
dev="tmpfs" ino=22580 scontext=u:r:time_daemon:s0
tcontext=u:object_r:rtc_device:s0 tclass=chr_file

denied { read open getattr } for pid=860 comm="time_daemon"
name="soc_id" dev="sysfs" ino=49301 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { read open } for pid=827 comm="time_daemon" name="name"
dev="sysfs" ino=32499 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { setgid setuid sys_time } for pid=827 comm="time_daemon"
capability=6 scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0
tclass=capability

denied { search read open } for pid=827 comm="time_daemon"
name="msm_subsys" dev="sysfs" ino=16858 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=827 comm="time_daemon" name="subsys0"
dev="sysfs" ino=32507 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { search } for pid=860 comm="time_daemon" name="soc0" dev="sysfs"
ino=49297 scontext=u:r:time_daemon:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

denied { getattr setattr } for pid=589 comm="ueventd" name="sda20"
dev="tmpfs" ino=9908 scontext=u:r:ueventd:s0
tcontext=u:object_r:tmpfs:s0 tclass=blk_file

denied { ioctl } for pid=828 comm="cnss_diag" path="socket:[100666]"
dev="sockfs" ino=100666 ioctlcmd=8be5 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=udp_socket

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Iedf0a829a8e9629961104bb350e53224a179d5dd
 2017-04-04 16:37:57 +00:00
Vineeta Srivastava
d2559c428d Merge "Split fstab from wahoo" 2017-04-04 05:14:17 +00:00
Vineeta Srivastava
6391a9f523 Split fstab from wahoo 
Change-Id: I37ae0d2b5d1a12a513744b8f59cdc71aaf26dba1
 2017-04-03 18:11:10 -07:00
Vineeta Srivastava
93e84f9caf Start port-bridge service when serial_cdev is enabled 
Change-Id: I3113c45483893629ea417579b8b04446d2f52808
 2017-04-04 00:33:36 +00:00
Brian Duddie
ac4cb203d6 Merge "Add binderized context hub HAL" 2017-04-04 00:28:27 +00:00
TreeHugger Robot
8c6ba4b3ab Merge "Do not assume default names for VINTF." 2017-04-03 22:54:37 +00:00
TreeHugger Robot
e95cc6d94f Merge "Adding dirs to genfscon for sysfs to fix labeling issue." 2017-04-03 19:38:56 +00:00
Brian Duddie
dfdaceabf2 Add binderized context hub HAL 
Add context hub HAL implementation to the build, with new sepolicy files
that resolve these denials:

type=1400 audit(4779207.059:418): avc: denied { write } for pid=809
comm="android.hardwar" name="chre" dev="tmpfs" ino=32491
scontext=u:r:hal_contexthub_default:s0
tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=1

type=1400 audit(5568590.159:45): avc: denied { connectto } for pid=734
comm="android.hardwar" path="/dev/socket/chre"
scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:chre:s0
tclass=unix_stream_socket permissive=1

Bug: 35808469
Test: confirm HAL gets loaded, VTS passes, no denials from
      hal_contexthub_default
Change-Id: I1882571c0541de78242755cd4b3b1548365a388b
 2017-04-03 11:49:09 -07:00
matt_huang
2f747de0cd Change permissions of led driver 
Change-Id: Ia9a8dd8d401d274a37820bdb30727eec8b1f54b3
Signed-off-by: matt_huang <matt_huang@htc.com>
 2017-04-03 10:00:43 -07:00
Max Bires
73a599a65d Adding dirs to genfscon for sysfs to fix labeling issue. 
This fixes the following denials:
denied { open } for pid=669 comm="init.power.sh"
path="/sys/class/devfreq" dev="sysfs" ino=28322
scontext=u:r:init_power:s0 tcontext=u:object_r:sysfs:s0 tclass=dir

denied { search } for pid=669 comm="init.power.sh" name="soc:qcom,cpubw"
dev="sysfs" ino=18242 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { write } for pid=669 comm="init.power.sh" name="governor"
dev="sysfs" ino=44449 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=669 comm="init.power.sh"
path="/sys/devices/soc/soc:qcom,cpubw/devfreq/soc:qcom,cpubw/governor"
dev="sysfs" ino=44449 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

Bug: 35154684
Test: The above denials are cleared out and the tcontext is correct
Change-Id: Ida40036c18427ab9a3116b7b855a8418f11137e7
 2017-04-03 09:33:38 -07:00
Max Bires
f41ff958d8 Fixing the following run and boot time denials 
denied { getattr read open } for pid=716 comm="android.hardwar"
path="/dev/block/sdc1" dev="tmpfs" ino=21762
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

denied { set } for property=htc.camera.sensor.inf pid=717 uid=1047
gid=1005 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_prop:s0 tclass=property_service

denied { read open } for pid=642 comm="qseecomd" name="/" dev="sda45"
ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { read open search write add_name } for pid=642 comm="qseecomd"
name="fpdata" dev="sda45" ino=3408055 scontext=u:r:tee:s0
tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir

denied { create read } for pid=642 comm="qseecomd" name="user.db.bak"
scontext=u:r:tee:s0 tcontext=u:object_r:fingerprintd_data_file:s0
tclass=file

denied { read write } for pid=7567 comm="secdiscard" name="sda45"
dev="tmpfs" ino=21749 scontext=u:r:vold:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: If5d8fffd2c50e85e22c7bcbbb429bd80bbf1f0fa
 2017-04-02 19:07:17 -07:00
Max Bires
3669fffc1f Adding allows to fix following denials during run/boot time 
denied { write } for pid=808 comm="cnd" name="property_service"
dev="tmpfs" ino=19844 scontext=u:r:cnd:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { connectto } for pid=808 comm="cnd"
path="/dev/socket/property_service" scontext=u:r:cnd:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { set } for property=persist.sys.cnd.iwlan pid=808 uid=1000
gid=1000 scontext=u:r:cnd:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

denied { sendto } for pid=808 comm="cnd" path="/dev/socket/wpa_wlan0"
scontext=u:r:cnd:s0 tcontext=u:r:hal_wifi_supplicant_default:s0
tclass=unix_dgram_socket

denied { connectto } for pid=687 comm="android.hardwar"
path=0062745F736F636B scontext=u:r:hal_bluetooth_default:s0
tcontext=u:r:wcnss_filter:s0 tclass=unix_stream_socket

denied { getattr } for pid=688 comm="android.hardwar"
path="/dev/block/sdb1" dev="tmpfs" ino=21693
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

denied { read } for pid=688 comm="android.hardwar" name="by-name"
dev="tmpfs" ino=19833 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:block_device:s0 tclass=dir

denied { sendto } for pid=4906 comm="wpa_supplicant"
path="/data/misc/wifi/sockets/wpa_ctrl_808-2"
scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:cnd:s0
tclass=unix_dgram_socket

denied { connectto } for pid=1071 comm="imsdatadaemon"
path="/dev/socket/netmgr/netmgr_connect_socket" scontext=u:r:ims:s0
tcontext=u:r:netmgrd:s0 tclass=unix_stream_socket

denied { open getattr } for pid=7689 comm="Thread-2"
path="/dev/__properties__/u:object_r:ramdump_prop:s0" dev="tmpfs"
ino=20494 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:ramdump_prop:s0 tclass=file

denied { write } for pid=3588 comm="IFMsg_Rxr" name="rild_ims0"
dev="tmpfs" ino=30159 scontext=u:r:radio:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file

denied { read open } for pid=672 comm="ramdump" name="fstab" dev="sysfs"
ino=16483 scontext=u:r:ramdump:s0 tcontext=u:object_r:sysfs:s0
tclass=dir

denied { read open getattr } for pid=672 comm="ramdump" name="cmdline"
dev="proc" ino=4026532068 scontext=u:r:ramdump:s0
tcontext=u:object_r:proc:s0 tclass=file

denied { connectto } for pid=3249 comm="Thread-4"
path="/dev/socket/netmgr/netmgr_connect_socket"
scontext=u:r:system_server:s0 tcontext=u:r:netmgrd:s0
tclass=unix_stream_socket

denied { call transfer } for pid=3148 comm="Thread-4"
scontext=u:r:system_server:s0 tcontext=u:r:per_mgr:s0 tclass=binder

denied { write } for pid=3249 comm="Thread-4"
name="netmgr_connect_socket" dev="tmpfs" ino=25191
scontext=u:r:system_server:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=sock_file

denied { read write open } for pid=3337 comm="wcnss_filter"
name="ttyHS0" dev="tmpfs" ino=21812 scontext=u:r:wcnss_filter:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { getattr } for pid=826 comm="cnss-daemon"
path="/proc/sys/net/ipv4/tcp_adv_win_scale" dev="proc" ino=106652
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:proc_net:s0
tclass=file

denied { ioctl } for pid=7237 comm="ifconfig" path="socket:[108096]"
dev="sockfs" ino=108096 ioctlcmd=8914 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=udp_socket

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I1adafb8205c8d2a662921b42af9b580bc1d63bb8
 2017-04-03 00:23:03 +00:00
TreeHugger Robot
609f422c4d Merge "wahoo: Add libbt-vendor in device.mk" 2017-04-01 19:39:06 +00:00
TreeHugger Robot
ec45cdc146 Merge "Annotate core components that access vendor data types" 2017-04-01 04:43:18 +00:00
TreeHugger Robot
077214c030 Merge "sepolicy: add time_daemon domain to allow service to boot" 2017-04-01 01:56:06 +00:00
TreeHugger Robot
ddcd856200 Merge "nfc: Enable Binderized NFC HAL" 2017-04-01 01:49:06 +00:00
TreeHugger Robot
9614e64032 Merge "Start CHRE daemon on boot" 2017-04-01 01:41:26 +00:00