Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
663 Commits 2 Branches 0 Tags
b387500a64c3e89f18d75e3c9a4e47741cef2eda
Commit Graph

663 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Bires
b387500a64 Fixing the following denials in order to prep ims for enforcing 
If there is no security issue with having ims write to ims_socket, then
I am fine with granting the permission in order to hurry up the
enforcing status of this domain.

denied { read } for pid=888 comm="imsdatadaemon" name="timestamp_switch"
dev="sysfs" ino=27246 scontext=u:r:ims:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=888 comm="imsdatadaemon"
path="/sys/module/diagchar/parameters/timestamp_switch" dev="sysfs"
ino=27246 scontext=u:r:ims:s0 tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for pid=1326 comm="imsrcsd" name="timestamp_switch"
dev="sysfs" ino=27246 scontext=u:r:hal_rcsservice:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { write } for pid=1077 comm="ims_rtp_daemon" name="ims_datad"
dev="tmpfs" ino=27069 scontext=u:r:ims:s0
tcontext=u:object_r:ims_socket:s0 tclass=sock_file

Bug: 34784662
Test: These denials no longer appear
Change-Id: I95d8b62d73fae35fca5e292e6927c4663db76e6f
 2017-05-22 10:52:16 -07:00
Max Bires
55217df527 Merge "Removing rmt_storage from permissive and into enforcing" 2017-05-22 17:31:04 +00:00
Max Bires
c63b6fd359 Merge "Fixing a dac_override for perfd" 2017-05-22 17:19:36 +00:00
Max Bires
b9c5ac5b4e Merge "Removing rfs_access from permissive mode" 2017-05-22 16:59:27 +00:00
Max Bires
6644722995 Merge "Removing system_server from permissive mode" 2017-05-22 16:04:57 +00:00
SzuWei Lin
11656dcc37 Move bluetooth property to vendor 
Property 'qcom.bluetooth.soc' is readed by driver.  Moves it to
vendor to use bluetooth on generic AOSP.

Bug: 37927875
Test: switch on/off bluetooth in settings
Change-Id: Ib4dd140b7e9f1b3d6cce098d8527bafcafcff950
 2017-05-22 18:28:27 +08:00
TreeHugger Robot
9f64145e0f Merge changes from topic 'merge-msm8998-AU143' 
* changes:
  Enable IRTPService
  Fix in-call audio issue
  Adding vndbinder_use statements to support the new qualcomm patches
 2017-05-22 10:08:09 +00:00
TreeHugger Robot
c4f618ff35 Merge "Move sec_config to vendor" 2017-05-22 03:51:21 +00:00
Max Bires
5b8a6bbbb2 Merge "Removing per_mgr from permissive and into enforcing mode" 2017-05-22 02:44:02 +00:00
Sooraj Sasindran
ae03bcef3c Enable IRTPService 
Enable IRTPService

Change-Id: I37dd0e10ff082cae8e32fdedb77774adc9f21af5
 2017-05-21 19:32:35 -07:00
Wileen Chiu
4e79aefebc Fix in-call audio issue 
Update instance name of QcRilAudio HAL.
Mutliple (one per SIM) instances of
QcRilAudio HAL is required.

Change-Id: Ied34684509f1db37727880116bab785fddaaded3
 2017-05-21 19:32:35 -07:00
Max Bires
2d76a6ac61 Adding vndbinder_use statements to support the new qualcomm patches 
Leaving in the binder call until I can independently verify that none of
these domains are running anything through binder, and if they are then
file bug reports on it.

Some of these domains don't seem to use the transfer/call permissions,
so refraining from adding the full vndbinder_use statement until those
are apparent

Denials:

denied { getattr } for pid=556 comm="vndservicemanag"
scontext=u:r:vndservicemanager:s0 tcontext=u:r:hal_gnss_qti:s0
tclass=process

denied { open } for pid=556 comm="vndservicemanag"
path="/proc/744/attr/current" dev="proc" ino=25957
scontext=u:r:vndservicemanager:s0 tcontext=u:r:hal_gnss_qti:s0
tclass=file

denied { read } for pid=556 comm="vndservicemanag" name="current"
dev="proc" ino=25957 scontext=u:r:vndservicemanager:s0
tcontext=u:r:hal_gnss_qti:s0 tclass=file

denied { call } for pid=744 comm="Loc_hal" scontext=u:r:hal_gnss_qti:s0
tcontext=u:r:vndservicemanager:s0 tclass=binder

denied { ioctl open read write } for pid=744 comm="Loc_hal"
path="/dev/vndbinder" dev="tmpfs" ino=19167 ioctlcmd=6209
scontext=u:r:hal_gnss_qti:s0 tcontext=u:object_r:vndbinder_device:s0
tclass=chr_file

denied { ioctl } for pid=770 comm="Binder:770_2" path="/dev/vndbinder"
dev="tmpfs" ino=19167 ioctlcmd=6201 scontext=u:r:per_mgr:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { getattr } for pid=556 comm="vndservicemanag"
scontext=u:r:vndservicemanager:s0 tcontext=u:r:per_mgr:s0 tclass=process

denied { open } for pid=556 comm="vndservicemanag"
path="/proc/770/attr/current" dev="proc" ino=24336
scontext=u:r:vndservicemanager:s0 tcontext=u:r:per_mgr:s0 tclass=file

denied { read } for pid=556 comm="vndservicemanag" name="current"
dev="proc" ino=24336 scontext=u:r:vndservicemanager:s0
tcontext=u:r:per_mgr:s0 tclass=file

denied { search } for pid=556 comm="vndservicemanag" name="770"
dev="proc" ino=8315 scontext=u:r:vndservicemanager:s0
tcontext=u:r:per_mgr:s0 tclass=dir

denied { transfer } for pid=770 comm="pm-service"
scontext=u:r:per_mgr:s0 tcontext=u:r:vndservicemanager:s0 tclass=binder

denied { call } for pid=770 comm="pm-service" scontext=u:r:per_mgr:s0
tcontext=u:r:vndservicemanager:s0 tclass=binder

denied { ioctl open read write } for pid=770 comm="pm-service"
path="/dev/vndbinder" dev="tmpfs" ino=19167 ioctlcmd=6209
scontext=u:r:per_mgr:s0 tcontext=u:object_r:vndbinder_device:s0
tclass=chr_file

denied { read write } for pid=886 comm="cnss-daemon" name="vndbinder"
dev="tmpfs" ino=19167 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { ioctl } for pid=886 comm="cnss-daemon" path="/dev/vndbinder"
dev="tmpfs" ino=19167 ioctlcmd=6201 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { ioctl } for pid=875 comm="rild" path="/dev/vndbinder"
dev="tmpfs" ino=19167 ioctlcmd=6201 scontext=u:r:rild:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { ioctl open read write } for pid=853 comm="pm-proxy"
name="vndbinder" dev="tmpfs" ino=19167 scontext=u:r:per_proxy:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { call } for pid=853 comm="pm-proxy" scontext=u:r:per_proxy:s0
tcontext=u:r:vndservicemanager:s0 tclass=binder

denied { search } for pid=556 comm="vndservicemanag" name="853"
dev="proc" ino=28401 scontext=u:r:vndservicemanager:s0
tcontext=u:r:per_proxy:s0 tclass=dir

denied { read } for pid=556 comm="vndservicemanag" name="current"
dev="proc" ino=28421 scontext=u:r:vndservicemanager:s0
tcontext=u:r:per_proxy:s0 tclass=file

denied { open } for pid=556 comm="vndservicemanag"
path="/proc/853/attr/current" dev="proc" ino=28421
scontext=u:r:vndservicemanager:s0 tcontext=u:r:per_proxy:s0 tclass=file

denied { getattr } for pid=556 comm="vndservicemanag"
scontext=u:r:vndservicemanager:s0 tcontext=u:r:per_proxy:s0
tclass=process

denied  { add } for interface=vendor.qti.qcril.am::IQcRilAudio pid=875
scontext=u:r:rild:s0 tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager

denied  { find } for service=vendor.qcom.PeripheralManager pid=774
uid=1001 scontext=u:r:rild:s0
tcontext=u:object_r:default_android_vndservice:s0 tclass=service_manager

denied { call } for pid=792 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:vndservicemanager:s0
tclass=binder

denied { read write } for pid=1197 comm="rild" name="vndbinder"
dev="tmpfs" ino=19957 scontext=u:r:rild:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { call } for pid=773 comm="rild" scontext=u:r:rild:s0
tcontext=u:r:vndservicemanager:s0 tclass=binder

Bug: 34784662
Test: vndbinder functionality for these domains is working
Change-Id: Ife7d4b4734ab4aca1d314b1b6cbac3203b216adc
 2017-05-21 19:32:35 -07:00
Max Bires
269000ee1a Removing rfs_access from permissive mode 
Bug: 34784662
Bug: 38261486
Test: rfs_access functions normally in enforcing mode
Change-Id: I1d0cddbceb30238ab56e9c959d25c18e9fdbf15b
 2017-05-21 19:14:54 -07:00
Max Bires
47e15da9ae Merge "Adding allows and context for dumpstate" 2017-05-22 01:52:35 +00:00
Max Bires
dbfd297594 Removing rmt_storage from permissive and into enforcing 
No longer seeing any denials related to rmt_storage

Bug: 34784662
Test: rmt_storage operates properly in enforcing mode
Change-Id: Ib7127b88b5ea35b8e92cdda48ad32a02c66f1c86
 2017-05-21 17:18:17 -07:00
TreeHugger Robot
55b267982a Merge "Fix selinux denial for usb hal" 2017-05-22 00:17:10 +00:00
Max Bires
b1ad57c5a1 Merge "Removing netmgrd from permissive mode and into enforcing" 2017-05-20 23:15:46 +00:00
Max Bires
593581e7d7 Removing netmgrd from permissive mode and into enforcing 
Bug: 34784662
Bug: 38261549
Test: netmgrd continues to function properly under enforcing
Change-Id: I763f222ddb9befd9b9e2ae9aff713b5d865c62f7
 2017-05-20 23:15:20 +00:00
Max Bires
fd351dd0e2 Fixing a dac_override for perfd 
Bug: 38182328
Bug: 34784662
Test: perfd no longer requests dac_override privileges
Change-Id: Idc6f2ff2c476327bb4a261b20413e688562ce049
 2017-05-20 14:56:11 -07:00
Max Bires
79a23bb77d Merge "Fixing a qti denial" 2017-05-20 21:49:20 +00:00
TreeHugger Robot
27d06323d6 Merge "Add <interface> / <instance> to dev compat mat" 2017-05-20 04:15:20 +00:00
TreeHugger Robot
f058642f29 Merge "ril: enable ECC customization" 2017-05-20 01:38:00 +00:00
Shawn Yang
ca75a2ced3 Merge "Stop always on logging when external logging enabled" 2017-05-20 01:00:28 +00:00
TreeHugger Robot
0150e2bb2f Merge "Interface callbacks from CHRE interface to the Offload server" 2017-05-19 23:39:31 +00:00
TreeHugger Robot
60775a9f44 Merge "Offload HAL Service: Constant definition" 2017-05-19 23:36:27 +00:00
Shawn Yang
7def19e4be Stop always on logging when external logging enabled 
Bug:36691005

Turn off persist.sys.modem.diag.mdlog according the usb.sys.config
state

Test: Manually set usb.sys.config status and check for AOL status

Change-Id: Ia97956cc860173419b264951909890d9e8e60db8
 2017-05-19 15:36:19 -07:00
Youhan Wang
6967e3b287 Merge "Grant system_app write access to tel_mon_prop" 2017-05-19 20:29:10 +00:00
Thierry Strudel
970e5b7dce Merge "Ensure usb related .rc is parsed in a defined order" 2017-05-19 20:01:27 +00:00
Yueyao Zhu
9c902b351f Ensure usb related .rc is parsed in a defined order 
Loading process:
- rootdir/init.rc
    |- /vendor/etc/init/hw/init.${ro.hardware}.rc
        |- /vendor/etc/init/hw/init.${ro.hardware}.usb.rc
            |- /vendor/etc/init/hw/init.wahoo.usb.rc

This CL moves init.hardware.rc, init.wahoo.usb.rc to /vendor/
etc/init/hw/, and import /vendor/etc/init/hw/init.${ro.hardware}
.usb.rc from init.hardware.rc.

Test: Build with related CLs and USB File Transfer works
Bug: 38301110
Change-Id: I4808a117994374bceac324c60cc47225a8df5970
Signed-off-by: Yueyao Zhu <yueyao@google.com>
 2017-05-19 12:01:14 -07:00
Joel Fernandes
8fa14d1102 init: Change default governor to schedutil and set ratelimits 
Use rate-limit values: 500us for up, 20ms for down.

Change-Id: Ifc3ebb8e63078ab402080b50b800b6fffb326f97
Signed-off-by: Joel Fernandes <joelaf@google.com>
 2017-05-19 18:26:01 +00:00
Max Bires
14f3c709af Adding allows and context for dumpstate 
denied  { find } for
service=android.service.gatekeeper.IGateKeeperService pid=14914 uid=2000
scontext=u:r:dumpstate:s0 tcontext=u:object_r:gatekeeper_service:s0
tclass=service_manager

denied { call } for scontext=u:r:dumpstate:s0
tcontext=u:r:update_engine:s0 tclass=binder

denied { call } for scontext=u:r:dumpstate:s0 tcontext=u:r:installd:s0
tclass=binder

denied { use } for path="pipe:[231372]" dev="pipefs" ino=231372
scontext=u:r:hal_audio_default:s0 tcontext=u:r:dumpstate:s0 tclass=fd

denied { call } for scontext=u:r:dumpstate:s0 tcontext=u:r:per_mgr:s0
tclass=binder

denied { read } for name="log" dev="debugfs" ino=32
scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:debugfs:s0
tclass=file

denied { read } for name="rpm_master_stats" dev="debugfs" ino=16914
scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:debugfs_rpm:s0
tclass=file

denied { read } for name="rpm_stats" dev="debugfs" ino=16912
scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:debugfs_rpm:s0
tclass=file

denied { read } for comm="top" name="stat" dev="proc" ino=4026532075
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_stat:s0 tclass=file

Bug: 34784662
Bug: 38292576
Test: The above denials are no longer present in adb bugreport
Change-Id: I1def308765f818c04833e2127df1c9803ed2dc77
 2017-05-19 11:22:19 -07:00
Badhri Jagan Sridharan
ddc21e70ac Fix selinux denial for usb hal 
Fixes the following denial:
avc: denied { write } for name="current_power_role"
dev="sysfs" ino=50970 scontext=u:r:hal_usb_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
permissive=0

Bug: 38097623
Test: The denial message is not seen anymore.
Change-Id: I961a595a06211214142d3316abf7172f5e500347
 2017-05-19 10:28:10 -07:00
tim.tm_lin
d960db5b4f ril: enable ECC customization 
Bug: 38402296
Change-Id: I5ecfab75c450a9258d2b95cb7b603c15c8d9b67d
 2017-05-19 10:11:14 -07:00
Max Bires
668f76f3fe Fixing a qti denial 
denied { read write } for name="smdcntl8" dev="tmpfs" ino=20779
scontext=u:r:qti:s0 tcontext=u:object_r:smd_device:s0 tclass=chr_file

Bug: 34784662
Test: qti has access to the smd_device
Change-Id: I89a6f27c484c8ef6fd3478da8e394d9aec517ae2
 2017-05-19 17:04:08 +00:00
Yifan Hong
31f2043b4f Merge "Fix instance name in manifest.xml for keymaster" 2017-05-19 16:36:00 +00:00
Zhijun He
3b8330ec56 Merge "Enable EIS3 and Gzoom by default" 2017-05-19 16:28:25 +00:00
SzuWei Lin
b4e345f78c Move sec_config to vendor 
Bug: 37927875
Test: check the files in folder /vendor/etc
Change-Id: I7cd478315961e00f88c99cae309d51ca7b1daeb7
 2017-05-19 15:54:28 +08:00
Wei Wang
1fe2d41ec9 Merge "wahoo: all ramdump to set RCU stall property" 2017-05-19 03:41:33 +00:00
Zhijun He
62bae0b32f Enable EIS3 and Gzoom by default 
Bug: 38299858
Change-Id: I6e1c252ea547e21680f43edec5c81d8edccfc5fb
 2017-05-19 02:15:27 +00:00
Sohani Rao
6d9cd96678 Interface callbacks from CHRE interface to the Offload server 
Bug: 32842314
Test: VTS
Change-Id: I58f6f7e403671070dfcd986dccfd0fc44f55f686
 2017-05-18 18:32:34 -07:00
Youhan Wang
ef151ac4d7 Grant system_app write access to tel_mon_prop 
Define new type tel_mon_prop and matches with
persist.radio.enable_tel_mon

TelephonyMonitor debug switch in Developer Options requires read/write
access to persist.radio.enable_tel_mon.

The feature is only enabled on userdebug/eng devices for Pixel17.

Test: Make, Toggling Developer Options -> Telephony Monitor succeeds

Bug:38351509
Change-Id: I8c68c2bca3040b6a067f83606589ef6f857cf9fc
 2017-05-18 17:57:33 -07:00
Ahmed ElArabawy
ea9e809ba7 Merge "Revert "power hal: Add power HAL API 1.1 impl for Wahoo"" 2017-05-18 23:57:27 +00:00
Wei Wang
d977d05b45 wahoo: all ramdump to set RCU stall property 
Panic on RCU stall hasn't been enabled on wahoo but we need the
permission in order to make ramdump app do not crash.

Bug: 38423394
Test: ramdump app has proper permission
Change-Id: I9831f2ac3dfbfdd1db099fa04683380e25cbd1ec
 2017-05-18 15:50:35 -07:00
Yifan Hong
e25410da1e Fix instance name in manifest.xml for keymaster 
Test: m system_compatibility_matrix.xml
Test: device boots with and without data wipe
Change-Id: Ibc75398b8d4c0f751c639d26b92d9736d6401e87
 2017-05-18 22:46:49 +00:00
Yifan Hong
fbfba6f554 Add <interface> / <instance> to dev compat mat 
Test: m compatibility_matrix.xml -j
Test: m system_manifest.xml -j
Bug: 38395193
Change-Id: Ia75a6ac4b4f8f4380da8707482886df408e60250
 2017-05-18 14:37:08 -07:00
Youhan Wang
fe8ca0668e Merge "Set data roaming default false for Wahoo." 2017-05-18 17:37:17 +00:00
Jaesoo Lee
da9eee4c13 Merge "configstore: applied uprev of configstore (1.0 -> 1.1)" 2017-05-18 13:05:41 +00:00
Andrew Scull
5ffefa6084 Merge changes from topic 'ese vintf' 
* changes:
  Add OemLock HAL to the manifest.
  Add Weaver HAL to the manifest.
 2017-05-18 09:31:42 +00:00
Wei Wang
fa7fff56b6 Merge "wahoo: tune zram performance" 2017-05-18 05:01:29 +00:00
Ajay Dudani
ddfc169363 perfd: Add rule to allow hal_power_default signull denial 
[ 1786.071909] type=1400 audit(1495048493.567:602): avc: denied {
signull } for pid=781 comm="perfd" scontext=u:r:perfd:s0
tcontext=u:r:hal_power_default:s0 tclass=process permissive=1

Test: Boot test, verified this selinux denial doesn't show up
Change-Id: I37a4cf45eea84dc3314d235ef21eb7d2c2d8c33e
 2017-05-18 04:16:08 +00:00