Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
125 Commits 2 Branches 0 Tags
d5dfd2260c870e2f9db534b783b82cb5c91a72be
Commit Graph

125 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thierry Strudel
d5dfd2260c init.hardware.rc: move out non common part 
Change-Id: If2a580c53da0554748c22afded341c3ea98c6288
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-03-27 23:07:24 +00:00
TreeHugger Robot
5287e34b38 Merge "Add SchedTune configuration" 2017-03-27 20:40:49 +00:00
TreeHugger Robot
abd026d8e5 Merge "Enable partitions on loop devices." 2017-03-27 19:50:34 +00:00
TreeHugger Robot
ccfe224b18 Merge "Add SIP feature to makefile" 2017-03-27 19:33:48 +00:00
Jeff Sharkey
485715094f Enable partitions on loop devices. 
This is used by the new "virtual disk" feature used by vold to help
debug and test storage code on devices without physical media.

Bug: 34903607
Test: builds, boots
Change-Id: Ifb7653a2100ef40a83b2c663c5dd3114d4b05ab6
 2017-03-27 12:05:44 -06:00
TreeHugger Robot
67db39201a Merge "Set up adb in recovery mode" 2017-03-27 16:50:37 +00:00
TreeHugger Robot
e80b60c317 Merge "set_os_desc use to 1 for functions where diag is enabled" 2017-03-25 01:25:12 +00:00
Andres Oportus
cb3ed63677 Add SchedTune configuration 
Bug: 36367381
Test: Boot and check stune configuration effect on sysfs

Change-Id: I838c31d164684a5d88550c92284b65bb50f2ed56
Signed-off-by: Andres Oportus <andresoportus@google.com>
 2017-03-24 17:46:33 -07:00
John Dias
cc89b85d81 Merge "Change the firmware image search path to /vendor/firmware" 2017-03-24 23:15:29 +00:00
Badhri Jagan Sridharan
b23fe6bedc Merge "usb.rc: separate out common usb scripts" 2017-03-24 23:03:59 +00:00
Badhri Jagan Sridharan
f5d7ba5d43 set_os_desc use to 1 for functions where diag is enabled 
Test: Manually verify modem overlay functions for usbradio bootmode
Bug: 31947358
Change-Id: I433ca7a574b9535fc0fe470f7d4a5dec169ba683
 2017-03-24 15:45:14 -07:00
Hall Liu
e696ee5edf Add SIP feature to makefile 
Change-Id: I9feee40d1defce93e4fc7bec997f8fe8af745424
Test: manual
Fixes: 36454749
 2017-03-24 15:05:34 -07:00
Alex Klyubin
c0d916e7c5 wcnss_service is using Binder services. sad 
Test: mmm system/sepolicy
Bug: 36599434
Change-Id: I6d49f5eac823f5ba0a45ab6e548e76e7fc9d2b66
 2017-03-24 14:51:42 -07:00
TreeHugger Robot
dec94fbf9b Merge "Adding rules and contexts for following denials" 2017-03-24 21:25:50 +00:00
Alex Klyubin
feaee1da05 Merge "Annotate violators of "no Binder in vendor" rule" 2017-03-24 21:13:20 +00:00
Badhri Jagan Sridharan
ba9132eaf9 Set up adb in recovery mode 
The default commands in the init script for recovery mode does not
cover configfs. This CL adds support for them.

Test: tested adb devices on recovery
Bug: 36516174
Change-Id: I5e9a82bd6d5514a842410d57b6e896302339ea09
 2017-03-24 11:44:43 -07:00
Badhri Jagan Sridharan
7a7be27f91 usb.rc: separate out common usb scripts 
The root directly will now contain init.muskie.usb.rc which would
be included into target specific files.

Change-Id: I9334ae4c1a7b48ac08faca4d8a267fa68e512141
 2017-03-24 11:44:19 -07:00
Max Bires
3608be21ba Merge "Adding context and allows to handle boot denials" 2017-03-24 16:12:17 +00:00
Alex Klyubin
ba3d873cf8 Annotate violators of "no Binder in vendor" rule 
These vendor domains use Binder, which is not permitted. This commit
thus temporarily associates these domains with
binder_in_vendor_violators attribute which permits the domains to use
Binder. This is a temporary workaround. The fix is to fix these domains
to not use Binder.

Test: mmm system/sepolicy
Bug: 35870313
Change-Id: I2bc329387bfdcc250a59f5d92419b4349e49c0cf
 2017-03-24 08:40:00 -07:00
Trevor Bunker
7f5f979b95 Adding rules and contexts for following denials 
denied { read } for pid=774 comm="android.hardwar" name="mnh_sm"
dev="tmpfs" ino=20667 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { open } for pid=774 comm="android.hardwar" path="/dev/mnh_sm"
dev="tmpfs" ino=20667 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { ioctl } for pid=774 comm="android.hardwar" path="/dev/mnh_sm"
dev="tmpfs" ino=20667 ioctlcmd=5401 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { read write } for pid=774 comm="android.hardwar"
name="easelcomm-client" dev="tmpfs" ino=20570
scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
tclass=chr_file

denied { open } for pid=774 comm="android.hardwar"
path="/dev/easelcomm-client" dev="tmpfs" ino=20570
scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
tclass=chr_file

denied { ioctl } for pid=4319 comm="android.hardwar"
path="/dev/easelcomm-client" dev="tmpfs" ino=20570 ioctlcmd=ea02
scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
tclass=chr_file

Test: manual flash, check kernel log to make sure denials were gone
Bug: 36584629
Change-Id: I978f700d6a15e0e485a319c070f10a7fbe73bcbb
Signed-off-by: Trevor Bunker <trevorbunker@google.com>
 2017-03-24 07:58:14 -07:00
Max Bires
0ef2f5d6b6 Adding context and allows to handle boot denials 
Addressing the following selinux denials:
denied  { relabelto } for  pid=1 comm="init" name="sda20" dev="tmpfs"
ino=20728 scontext=u:r:init:s0 tcontext=u:object_r:sda_block_device:s0
tclass=blk_file

denied { read } for pid=5417 comm="android.hardwar" name="caps"
dev="sysfs" ino=31785 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_mdss_mdp_caps:s0 tclass=file

denied  { search } for  pid=579 comm="ueventd" name="firmware"
dev="sda22" ino=25 scontext=u:r:ueventd:s0
tcontext=u:object_r:firmware_file:s0 tclass=dir

denied { create } for pid=669 comm="ramdump" name="RAMDUMP_STATUS"
scontext=u:r:ramdump:s0 tcontext=u:object_r:ramdump_data_file:s0
tclass=file

denied { setattr } for pid=669 comm="ramdump" name="RAMDUMP_STATUS"
dev="sda45" ino=1114114 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=file

denied { read write } for pid=669 comm="ramdump" name="sdd1" dev="tmpfs"
ino=20938 scontext=u:r:ramdump:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file

denied { open } for pid=669 comm="ramdump" path="/dev/block/sdd1"
dev="tmpfs" ino=20938 scontext=u:r:ramdump:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file

denied { getattr } for pid=669 comm="ramdump" path="/dev/block/sdd1"
dev="tmpfs" ino=20938 scontext=u:r:ramdump:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file

denied { write } for pid=669 comm="ramdump" name="property_service"
dev="tmpfs" ino=19539 scontext=u:r:ramdump:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { connectto } for pid=669 comm="ramdump"
path="/dev/socket/property_service" scontext=u:r:ramdump:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { set } for property=debug.htc.hrdump pid=669 uid=0 gid=0
scontext=u:r:ramdump:s0 tcontext=u:object_r:debug_prop:s0
tclass=property_service

denied { net_bind_service } for pid=691 comm="tftp_server" capability=10
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability

denied { open } for pid=690 comm="rmt_storage"
path="/sys/devices/soc/a1800000.qcom,rmtfs_rtel_sharedmem/uio/uio1/name"
dev="sysfs" ino=40788 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for pid=691 comm="pm-service" name="name" dev="sysfs"
ino=32454 scontext=u:r:per_mgr:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { read } for pid=692 comm="sensors.qcom" name="name" dev="sysfs"
ino=48306 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=692 comm="sensors.qcom"
path="/sys/devices/soc/17300000.qcom,lpass/subsys4/name" dev="sysfs"
ino=48306 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=691 comm="pm-service"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32454 scontext=u:r:per_mgr:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { ioctl } for pid=694 comm="rmt_storage" path="socket:[24703]"
dev="sockfs" ino=24703 ioctlcmd=c304 scontext=u:r:rmt_storage:s0
tcontext=u:r:rmt_storage:s0 tclass=socket

denied { search } for pid=696 comm="pd-mapper" name="msm_subsys"
dev="sysfs" ino=16813 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=696 comm="pd-mapper" name="devices" dev="sysfs"
ino=16815 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { open } for pid=696 comm="pd-mapper"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16815
scontext=u:r:pd_mapper:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read } for pid=696 comm="pd-mapper" name="subsys0" dev="sysfs"
ino=32462 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { read } for pid=696 comm="pd-mapper" name="name" dev="sysfs"
ino=32454 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=696 comm="pd-mapper"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32454 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { setpcap } for pid=696 comm="pd-mapper" capability=8
scontext=u:r:pd_mapper:s0 tcontext=u:r:pd_mapper:s0 tclass=capability

denied { setgid } for pid=696 comm="pd-mapper" capability=6
scontext=u:r:pd_mapper:s0 tcontext=u:r:pd_mapper:s0 tclass=capability

denied { setuid } for pid=696 comm="pd-mapper" capability=7
scontext=u:r:pd_mapper:s0 tcontext=u:r:pd_mapper:s0 tclass=capability

denied { read } for pid=731 comm="pd-mapper" name="image" dev="sda7"
ino=3 scontext=u:r:pd_mapper:s0 tcontext=u:object_r:firmware_file:s0
tclass=dir

denied { open } for pid=731 comm="pd-mapper" path="/firmware/image"
dev="sda7" ino=3 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:firmware_file:s0 tclass=dir

denied { read } for pid=731 comm="pd-mapper" name="modemr.jsn"
dev="sda7" ino=37 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:firmware_file:s0 tclass=file

denied { open } for pid=731 comm="pd-mapper"
path="/firmware/image/modemr.jsn" dev="sda7" ino=37
scontext=u:r:pd_mapper:s0 tcontext=u:object_r:firmware_file:s0
tclass=file

denied { open } for pid=831 comm="update_verifier"
path="/dev/block/platform/soc/1da4000.ufshc/by-name" dev="tmpfs"
ino=20506 scontext=u:r:update_verifier:s0
tcontext=u:object_r:block_device:s0 tclass=dir

denied { read } for pid=831 comm="update_verifier" name="by-name"
dev="tmpfs" ino=20506 scontext=u:r:update_verifier:s0
tcontext=u:object_r:block_device:s0 tclass=dir

denied { getattr } for pid=831 comm="update_verifier"
path="/dev/block/sda9" dev="tmpfs" ino=20550
scontext=u:r:update_verifier:s0 tcontext=u:object_r:sda_block_device:s0
tclass=blk_file

denied { read write } for pid=831 comm="update_verifier" name="sda"
dev="tmpfs" ino=20516 scontext=u:r:update_verifier:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

denied { open } for pid=831 comm="update_verifier" path="/dev/block/sda"
dev="tmpfs" ino=20516 scontext=u:r:update_verifier:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

denied { read } for pid=827 comm="android.hardwar" name="caps"
dev="sysfs" ino=31785 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { open } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/caps" dev="sysfs" ino=31785
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { getattr } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/caps" dev="sysfs" ino=31785
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { search } for pid=827 comm="android.hardwar"
name="8c0000.qcom,msm-cam" dev="sysfs" ino=20221
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=dir

denied { read } for pid=827 comm="android.hardwar" name="name"
dev="sysfs" ino=41516 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file

denied { open } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/8c0000.qcom,msm-cam/video4linux/video0/name"
dev="sysfs" ino=41516 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file

denied { getattr } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/8c0000.qcom,msm-cam/video4linux/video0/name"
dev="sysfs" ino=41516 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file

denied { search } for pid=827 comm="android.hardwar" name="leds"
dev="sysfs" ino=27651 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=dir

denied { read } for pid=827 comm="android.hardwar" name="lcd-backlight"
dev="sysfs" ino=32041 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=lnk_file

denied { read } for pid=827 comm="android.hardwar" name="max_brightness"
dev="sysfs" ino=32043 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file

denied { open } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/max_brightness"
dev="sysfs" ino=32043 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file

denied { getattr } for pid=869 comm="init.radio.sh"
path="/system/bin/sh" dev="sda22" ino=466 scontext=u:r:init_radio:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { read } for pid=869 comm="init.radio.sh" path="/system/bin/sh"
dev="sda22" ino=466 scontext=u:r:init_radio:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { read } for pid=878 comm="android.hardwar" name="modalias"
dev="sysfs" ino=19754 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=878 comm="android.hardwar"
path="/sys/devices/soc/1d0101c.qcom,spss/modalias" dev="sysfs" ino=19754
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { write } for pid=678 comm="ramdump" name="ramdump" dev="sda45"
ino=1114113 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=dir

denied { search } for pid=702 comm="rmt_storage" name="rmt_storage"
dev="debugfs" ino=9892 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:debugfs_rmt_storage:s0 tclass=dir

denied { setgid } for pid=703 comm="tftp_server" capability=6
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability

denied { setuid } for pid=703 comm="tftp_server" capability=7
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability

denied { append } for pid=703 comm="tftp_server" name="wake_lock"
dev="sysfs" ino=16525 scontext=u:r:rfs_access:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file

denied { open } for pid=703 comm="tftp_server"
path="/sys/power/wake_lock" dev="sysfs" ino=16525
scontext=u:r:rfs_access:s0 tcontext=u:object_r:sysfs_wake_lock:s0
tclass=file

denied { open } for pid=700 comm="sensors.qcom"
path="/sys/devices/soc/4080000.qcom,mss/subsys6/name" dev="sysfs"
ino=48392 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0

denied { create } for pid=700 comm="sensors.qcom"
scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=socket

denied { ioctl } for pid=700 comm="sensors.qcom" path="socket:[21942]"
dev="sockfs" ino=21942 ioctlcmd=c304 scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket

denied { create } for pid=724 comm="pd-mapper" scontext=u:r:pd_mapper:s0
tcontext=u:r:pd_mapper:s0 tclass=socket

denied { ioctl } for pid=724 comm="pd-mapper" path="socket:[11465]"
dev="sockfs" ino=11465 ioctlcmd=c304 scontext=u:r:pd_mapper:s0
tcontext=u:r:pd_mapper:s0 tclass=socket

denied { net_bind_service } for pid=724 comm="pd-mapper" capability=10
scontext=u:r:pd_mapper:s0 tcontext=u:r:pd_mapper:s0 tclass=capability

denied { create } for pid=1 comm="init" name="b.1" scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=lnk_file

denied { write } for pid=673 comm="ramdump" name="ramdump" dev="sda45"
ino=1114113 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=dir

denied { search } for pid=701 comm="rmt_storage"
name="0.qcom,rmtfs_sharedmem" dev="sysfs" ino=18392
scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=dir

denied { read } for pid=702 comm="tftp_server" name="rfs" dev="sdd3"
ino=17 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { open } for pid=702 comm="tftp_server" path="/persist/rfs"
dev="sdd3" ino=17 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { search } for pid=714 comm="sensors.qcom" name="sensors"
dev="sdd3" ino=12 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

denied { getattr } for pid=714 comm="sensors.qcom" path="/persist"
dev="sdd3" ino=2 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { read } for pid=714 comm="sensors.qcom" name="sensors"
dev="sdd3" ino=12 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

denied { open } for pid=714 comm="sensors.qcom" path="/persist/sensors"
dev="sdd3" ino=12 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

denied { read } for pid=714 comm="sensors.qcom" name="sensors"
dev="sda20" ino=186 scontext=u:r:sensors:s0
tcontext=u:object_r:system_file:s0 tclass=dir

denied { open } for pid=714 comm="sensors.qcom"
path="/vendor/etc/sensors" dev="sda20" ino=186 scontext=u:r:sensors:s0
tcontext=u:object_r:system_file:s0 tclass=dir

denied { read } for pid=699 comm="sensors.qcom" name="sensors"
dev="tmpfs" ino=22609 scontext=u:r:sensors:s0
tcontext=u:object_r:sensors_device:s0 tclass=chr_file

denied { open } for pid=699 comm="sensors.qcom" path="/dev/sensors"
dev="tmpfs" ino=22609 scontext=u:r:sensors:s0
tcontext=u:object_r:sensors_device:s0 tclass=chr_file

denied { ioctl } for pid=699 comm="sensors.qcom" path="socket:[18642]"
dev="sockfs" ino=18642 ioctlcmd=c302 scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket

denied { setgid } for pid=699 comm="sensors.qcom" capability=6
scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability

denied { setuid } for pid=699 comm="sensors.qcom" capability=7
scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability

denied { open } for pid=778 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_rotator/video4linux/video3/name"
dev="sysfs" ino=42413 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for pid=778 comm="android.hardwar" name="name"
dev="sysfs" ino=42413 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { open } for pid=778 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_rotator/video4linux/video3/name"
dev="sysfs" ino=42413 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { getattr } for pid=778 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_rotator/video4linux/video3/name"
dev="sysfs" ino=42413 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { create } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_generic_socket

denied { setopt } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_generic_socket

denied { bind } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_generic_socket

denied { getattr } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_generic_socket

denied { search } for pid=705 comm="servicemanager" name="834"
dev="proc" ino=24031 scontext=u:r:servicemanager:s0
tcontext=u:r:wcnss_service:s0 tclass=dir

denied { read } for pid=705 comm="servicemanager" name="current"
dev="proc" ino=25351 scontext=u:r:servicemanager:s0
tcontext=u:r:wcnss_service:s0 tclass=file

denied { open } for pid=705 comm="servicemanager"
path="/proc/834/attr/current" dev="proc" ino=25351
scontext=u:r:servicemanager:s0 tcontext=u:r:wcnss_service:s0 tclass=file

denied { getattr } for pid=705 comm="servicemanager"
scontext=u:r:servicemanager:s0 tcontext=u:r:wcnss_service:s0
tclass=process

denied { call } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:per_mgr:s0 tclass=binder

denied { ioctl } for pid=925 comm="cnss-daemon" path="socket:[23136]"
dev="sockfs" ino=23136 ioctlcmd=c304 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=socket

denied { search } for pid=925 comm="cnss-daemon" name="soc0" dev="sysfs"
ino=49100 scontext=u:r:wcnss_service:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

denied { read } for pid=925 comm="cnss-daemon" name="soc_id" dev="sysfs"
ino=49104 scontext=u:r:wcnss_service:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { open } for pid=925 comm="cnss-daemon"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=49104
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { search } for pid=840 comm="android.hardwar"
name="1d0101c.qcom,spss" dev="sysfs" ino=19751
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { search } for pid=844 comm="imsdatadaemon" name="soc0"
dev="sysfs" ino=49100 scontext=u:r:ims:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=dir

denied { read } for pid=844 comm="imsdatadaemon" name="soc_id"
dev="sysfs" ino=49104 scontext=u:r:ims:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { write } for pid=840 comm="android.hardwar" name="uinput"
dev="tmpfs" ino=20491 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

denied { open } for pid=840 comm="android.hardwar" path="/dev/uinput"
dev="tmpfs" ino=20491 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

denied { call } for pid=840 comm="android.hardwar"
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:servicemanager:s0
tclass=binder

denied { transfer } for pid=840 comm="android.hardwar"
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:servicemanager:s0
tclass=binder

denied { search } for pid=705 comm="servicemanager" name="840"
dev="proc" ino=24009 scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_default:s0 tclass=dir

denied { read } for pid=705 comm="servicemanager" name="current"
dev="proc" ino=24339 scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_default:s0 tclass=file

denied { open } for pid=705 comm="servicemanager"
path="/proc/840/attr/current" dev="proc" ino=24339
scontext=u:r:servicemanager:s0 tcontext=u:r:hal_fingerprint_default:s0
tclass=file

denied { write } for pid=1 comm="init" name="ipa" dev="tmpfs" ino=23659
scontext=u:r:init:s0 tcontext=u:object_r:ipa_dev:s0 tclass=chr_file

denied { ioctl } for pid=844 comm="imsdatadaemon" path="socket:[24380]"
dev="sockfs" ino=24380 ioctlcmd=c304 scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket

denied { read } for pid=6117 comm="android.hardwar"
name="msm_fb_panel_info" dev="sysfs" ino=32082
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { search } for pid=6117 comm="android.hardwar"
name="c900000.qcom,mdss_rotator" dev="sysfs" ino=22026
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { write } for pid=5870 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=netlink_socket

denied { create } for pid=1116 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0
tclass=netlink_generic_socket

denied { bind } for pid=1116 comm="lowi-server" scontext=u:r:location:s0
tcontext=u:r:location:s0 tclass=netlink_socket

denied { setopt } for pid=1116 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=netlink_socket

denied { create } for pid=1116 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=netlink_socket

denied { create } for pid=1116 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0
tclass=netlink_generic_socket

denied { read } for pid=785 comm="adsprpcd" name="ion" dev="tmpfs"
ino=19881 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:ion_device:s0
tclass=chr_file

denied { open } for pid=785 comm="adsprpcd" path="/dev/ion" dev="tmpfs"
ino=19881 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:ion_device:s0
tclass=chr_file

denied { read } for pid=785 comm="adsprpcd" name="adsprpc-smd"
dev="tmpfs" ino=19979 scontext=u:r:adsprpcd:s0
tcontext=u:object_r:qdsp_device:s0 tclass=chr_file

denied { open } for pid=785 comm="adsprpcd" path="/dev/adsprpc-smd"
dev="tmpfs" ino=19979 scontext=u:r:adsprpcd:s0
tcontext=u:object_r:qdsp_device:s0 tclass=chr_file

denied { create } for pid=786 comm="cnss_diag"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_socket

denied { bind } for pid=786 comm="cnss_diag"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_socket

denied { search } for pid=786 comm="cnss_diag" name="wifi" dev="sda45"
ino=638991 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:wifi_data_file:s0 tclass=dir

denied { write } for pid=786 comm="cnss_diag" name="wifi" dev="sda45"
ino=638991 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:wifi_data_file:s0 tclass=dir

denied { add_name } for pid=786 comm="cnss_diag" name="cnss_diag.conf"
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:wifi_data_file:s0
tclass=dir

denied { create } for pid=786 comm="cnss_diag" name="cnss_diag.conf"
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:wifi_data_file:s0
tclass=file

denied { search } for pid=809 comm="cnss-daemon" name="msm_subsys"
dev="sysfs" ino=16813 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=809 comm="cnss-daemon" name="devices"
dev="sysfs" ino=16815 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { write } for pid=1069 comm="tftp_server" name="mpss" dev="sdd3"
ino=20 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { add_name } for pid=1069 comm="tftp_server"
name="server_check.txt.rfs_tmp" scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { remove_name } for pid=1069 comm="tftp_server"
name="server_check.txt.rfs_tmp" dev="sdd3" ino=31
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { ioctl } for pid=788 comm="cnd" path="socket:[24072]"
dev="sockfs" ino=24072 ioctlcmd=c302 scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=socket

denied { create } for pid=788 comm="cnd" scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=socket

denied { write } for pid=831 comm="imsqmidaemon" name="property_service"
dev="tmpfs" ino=20215 scontext=u:r:ims:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { connectto } for pid=831 comm="imsqmidaemon"
path="/dev/socket/property_service" scontext=u:r:ims:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { set } for property=sys.ims.QMI_DAEMON_STATUS pid=831 uid=1000
gid=1001 scontext=u:r:ims:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

denied { read } for pid=829 comm="adsprpcd" name="dsp" dev="sda20"
ino=360 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:system_file:s0
tclass=dir

denied { search } for pid=834 comm="qti" name="msm_subsys" dev="sysfs"
ino=16813 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read } for pid=834 comm="qti" name="devices" dev="sysfs"
ino=16815 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { open } for pid=834 comm="qti"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16815
scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=834 comm="qti" name="name" dev="sysfs" ino=32454
scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=834 comm="qti"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32454 scontext=u:r:qti:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { read } for pid=834 comm="qti" name="subsys6" dev="sysfs"
ino=48400 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=lnk_file

denied { search } for pid=834 comm="qti" name="soc0" dev="sysfs"
ino=49100 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

denied { read } for pid=834 comm="qti" name="soc_id" dev="sysfs"
ino=49104 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { read } for pid=850 comm="adsprpcd" name="dsp" dev="sda20"
ino=360 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:system_file:s0
tclass=dir

denied { read write } for pid=856 comm="qti" name="rmnet_ctrl"
dev="tmpfs" ino=20972 scontext=u:r:qti:s0
tcontext=u:object_r:rmnet_device:s0 tclass=chr_file

denied { open } for pid=856 comm="qti" path="/dev/rmnet_ctrl"
dev="tmpfs" ino=20972 scontext=u:r:qti:s0
tcontext=u:object_r:rmnet_device:s0 tclass=chr_file

denied { read } for pid=871 comm="cnss-daemon" name="subsys0"
dev="sysfs" ino=32462 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { read } for pid=871 comm="cnss-daemon" name="name" dev="sysfs"
ino=32454 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=871 comm="cnss-daemon"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32454 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { search } for pid=854 comm="cnd" name="msm_subsys" dev="sysfs"
ino=16813 scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read } for pid=854 comm="cnd" name="devices" dev="sysfs"
ino=16815 scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { open } for pid=854 comm="cnd"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16815
scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=854 comm="cnd" name="subsys0" dev="sysfs"
ino=32462 scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=lnk_file

denied { read } for pid=854 comm="cnd" name="name" dev="sysfs" ino=32454
scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { search } for pid=799 comm="thermal-engine" name="soc0"
dev="sysfs" ino=49100 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=dir

denied { read } for pid=799 comm="thermal-engine" name="soc_id"
dev="sysfs" ino=49104 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { open } for pid=799 comm="thermal-engine"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=49104
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { getattr } for pid=799 comm="thermal-engine"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=49104
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { read write } for pid=799 comm="thermal-engine"
name="msm_thermal_query" dev="tmpfs" ino=20974
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:audio_device:s0
tclass=chr_file

denied { open } for pid=799 comm="thermal-engine"
path="/dev/msm_thermal_query" dev="tmpfs" ino=20974
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:audio_device:s0
tclass=chr_file

denied { read } for pid=799 comm="thermal-engine"
name="gpu_available_frequencies" dev="sysfs" ino=33232
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=file

denied { open } for pid=799 comm="thermal-engine"
path="/sys/devices/soc/5000000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies"
dev="sysfs" ino=33232 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { getattr } for pid=799 comm="thermal-engine"
path="/sys/devices/soc/5000000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies"
dev="sysfs" ino=33232 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { search } for pid=799 comm="thermal-engine" name="leds"
dev="sysfs" ino=27651 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=dir

denied { read } for pid=799 comm="thermal-engine" name="lcd-backlight"
dev="sysfs" ino=32041 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=lnk_file

denied { read } for pid=799 comm="thermal-engine" name="max_brightness"
dev="sysfs" ino=32043 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file

denied { open } for pid=799 comm="thermal-engine"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/max_brightness"
dev="sysfs" ino=32043 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file

denied { getattr } for pid=799 comm="thermal-engine"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/max_brightness"
dev="sysfs" ino=32043 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file

denied { read write } for pid=804 comm="thermal-engine"
name="system_temp_level" dev="sysfs" ino=48764
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=file

denied { setuid } for pid=808 comm="cnd" capability=7
scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability

denied { read } for pid=809 comm="netmgrd" name="subsys0" dev="sysfs"
ino=32462 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { setgid } for pid=809 comm="netmgrd" capability=6
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { setgid } for pid=808 comm="cnd" capability=6
scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability

denied { setpcap } for pid=809 comm="netmgrd" capability=8
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { search } for pid=809 comm="netmgrd" name="netmgr" dev="sda45"
ino=639036 scontext=u:r:netmgrd:s0
tcontext=u:object_r:netmgr_data_file:s0 tclass=dir

denied { write } for pid=809 comm="netmgrd" name="netmgr" dev="sda45"
ino=639036 scontext=u:r:netmgrd:s0
tcontext=u:object_r:netmgr_data_file:s0 tclass=dir

denied { add_name } for pid=809 comm="netmgrd" name="log.txt"
scontext=u:r:netmgrd:s0 tcontext=u:object_r:netmgr_data_file:s0
tclass=dir

denied { create } for pid=809 comm="netmgrd" name="log.txt"
scontext=u:r:netmgrd:s0 tcontext=u:object_r:netmgr_data_file:s0
tclass=file

denied { read } for pid=808 comm="cnd" name="meminfo" dev="proc"
ino=4026532074 scontext=u:r:cnd:s0 tcontext=u:object_r:proc_meminfo:s0
tclass=file

denied { getattr } for pid=803 comm="android.hardwar"
path="/dev/block/sda9" dev="tmpfs" ino=20515
scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { read write } for pid=803 comm="android.hardwar" name="sda"
dev="tmpfs" ino=20381 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { open } for pid=803 comm="android.hardwar" path="/dev/block/sda"
dev="tmpfs" ino=20381 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { getattr } for pid=803 comm="android.hardwar"
path="/dev/block/sda3" dev="tmpfs" ino=20491
scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { read write } for pid=803 comm="android.hardwar" name="sda"
dev="tmpfs" ino=20381 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { open } for pid=803 comm="android.hardwar" path="/dev/block/sda"
dev="tmpfs" ino=20381 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Id13fa6e775fe3a50dd677fc46b2c7c36306a5330
 2017-03-23 20:32:30 +00:00
TreeHugger Robot
b6eac2ab5d Merge "Remove apntype ims on Vzw legacy CDMA networks" 2017-03-23 07:28:15 +00:00
Shawn Yang
0dfa7d051d Merge "Config default network to Gloal without DSDS/DSDA" 2017-03-23 01:31:28 +00:00
Jayachandran C
b87c15da35 Remove apntype ims on Vzw legacy CDMA networks 
Vzw doesn't support IMS over legacy CMDA networks.
Keeping the ims type under 1x causes QC CNE module to use
existing default 1x data in a 1x and wifi only scenario.
After this change the IMS data call will be setup over
wifi instead of using the existing 1x data call.

Bug: 35407153
Bug: 36447378
Change-Id: I8994612f6a769e797498bc04cf8dbccb6f6cd091
 2017-03-22 16:03:54 -07:00
Shawn Yang
c7d28d6976 Config default network to Gloal without DSDS/DSDA 
Test: Manually verified on device
Change-Id: I76f1acfb58b18cef68f66d8b61e2f1d018fac215
 2017-03-22 15:35:26 -07:00
Ecco Park
a1ed30873f Merge "muskie/walleye: Update WCNSS cfg.ini values" 2017-03-22 22:28:16 +00:00
Srinivas Girigowda
88d89615e3 muskie/walleye: Update WCNSS cfg.ini values 
Update WCNSS cfg.ini values.

Bug: 36200830
Change-Id: I9bfb57ac897a902ced4da134049acfb5e3de812e
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
 2017-03-22 15:14:56 -07:00
TreeHugger Robot
22eae398ec Merge "Adding rules and contexts for following denials" 2017-03-22 19:39:48 +00:00
TreeHugger Robot
b38e7aa888 Merge "Revert "Partial revert "audio: enable usb audio tunnel support""" 2017-03-22 19:31:40 +00:00
Max Bires
4496453740 Adding rules and contexts for following denials 
denied { write } for pid=642 comm="ramdump"
path="/data/ramdump/RAMDUMP_STATUS" dev="sda10" ino=2342914
scontext=u:r:ramdump:s0 tcontext=u:object_r:ramdump_data_file:s0
tclass=file

denied { write } for pid=642 comm="ramdump" name="ramdump" dev="sda10"
ino=2342913 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=dir

denied { read } for pid=662 comm="tftp_server" name="rfs" dev="sda4"
ino=13 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { setgid } for pid=662 comm="tftp_server" capability=6
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability

denied { setuid } for pid=662 comm="tftp_server" capability=7
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability

denied { append } for pid=662 comm="tftp_server" name="wake_lock"
dev="sysfs" ino=15848 scontext=u:r:rfs_access:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file

denied { open } for pid=662 comm="tftp_server"
path="/sys/power/wake_lock" dev="sysfs" ino=15848
scontext=u:r:rfs_access:s0 tcontext=u:object_r:sysfs_wake_lock:s0
tclass=file

denied { open } for pid=659 comm="sensors.qcom"
path="/sys/devices/soc/soc:qcom,kgsl-hyp/subsys3/name" dev="sysfs"
ino=33536 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { read } for pid=659 comm="sensors.qcom" name="name" dev="sysfs"
ino=33536 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { create } for pid=659 comm="sensors.qcom"
scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=socket

denied { ioctl } for pid=659 comm="sensors.qcom" path="socket:[7725]"
dev="sockfs" ino=7725 ioctlcmd=c304 scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket

denied { create } for pid=1 comm="init" name="b.1" scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=lnk_file

denied { search } for pid=675 comm="sensors.qcom" name="sensors"
dev="sda4" ino=35 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

denied { getattr } for pid=675 comm="sensors.qcom"
path="/persist/sensors" dev="sda4" ino=35 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

denied { search } for pid=813 comm="android.hardwar"
name="1d0101c.qcom,spss" dev="sysfs" ino=19070
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { write } for pid=813 comm="android.hardwar" name="uinput"
dev="tmpfs" ino=21871 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

denied { open } for pid=813 comm="android.hardwar" path="/dev/uinput"
dev="tmpfs" ino=21871 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

denied { call } for pid=813 comm="android.hardwar"
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:servicemanager:s0
tclass=binder

denied { transfer } for pid=813 comm="android.hardwar"
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:servicemanager:s0
tclass=binder

denied { search } for pid=665 comm="servicemanager" name="813"
dev="proc" ino=18771 scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_default:s0 tclass=dir

denied { read } for pid=665 comm="servicemanager" name="current"
dev="proc" ino=22020 scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_default:s0 tclass=file

denied { open } for pid=665 comm="servicemanager"
path="/proc/813/attr/current" dev="proc" ino=22020
scontext=u:r:servicemanager:s0 tcontext=u:r:hal_fingerprint_default:s0
tclass=file

denied { write } for pid=1017 comm="tftp_server" name="mpss" dev="sda4"
ino=16 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { ioctl } for pid=782 comm="cnd" path="socket:[24734]"
dev="sockfs" ino=24734 ioctlcmd=c302 scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=socket

denied { create } for pid=782 comm="cnd" scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=socket

denied { ioctl } for pid=821 comm="imsdatadaemon" path="socket:[22036]"
dev="sockfs" ino=22036 ioctlcmd=c304 scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket

denied { create } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { setopt } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { bind } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { getattr } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { write } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { nlmsg_write } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { read } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { write } for pid=3137 comm="CNEReceiver" name="cnd" dev="tmpfs"
ino=20431 scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_socket:s0
tclass=sock_file

denied { connectto } for pid=3137 comm="CNEReceiver"
path="/dev/socket/cnd" scontext=u:r:system_app:s0 tcontext=u:r:cnd:s0
tclass=unix_stream_socket

denied { read } for pid=736 comm="android.hardwar"
name="u:object_r:wc_prop:s0" dev="tmpfs" ino=21542
scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:wc_prop:s0
tclass=file

denied { open } for pid=736 comm="android.hardwar"
path="/dev/__properties__/u:object_r:wc_prop:s0" dev="tmpfs" ino=21542
scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:wc_prop:s0
tclass=file

denied { getattr } for pid=736 comm="android.hardwar"
path="/dev/__properties__/u:object_r:wc_prop:s0" dev="tmpfs" ino=21542
scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:wc_prop:s0
tclass=file

denied { open } for pid=736 comm="android.hardwar" path="/dev/btpower"
dev="tmpfs" ino=21482 scontext=u:r:hal_bluetooth_default:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { read write } for pid=736 comm="android.hardwar" name="btpower"
dev="tmpfs" ino=21482 scontext=u:r:hal_bluetooth_default:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { search } for pid=661 comm="rmt_storage"
name="0.qcom,rmtfs_sharedmem" dev="sysfs" ino=17715
scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=dir

denied { getattr } for pid=675 comm="sensors.qcom" path="/persist"
dev="sda4" ino=2 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { search } for pid=1030 comm="tftp_server" name="/" dev="sde5"
ino=1 scontext=u:r:rfs_access:s0 tcontext=u:object_r:firmware_file:s0
tclass=dir

denied { read write } for pid=1852 comm="Binder:1416_4"
path="socket:[43150]" dev="sockfs" ino=43150
scontext=u:r:cameraserver:s0 tcontext=u:r:system_server:s0
tclass=unix_stream_socket

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I8656888b215eefad12069d19cb9ec1fc10022082
 2017-03-22 10:56:52 -07:00
TreeHugger Robot
8722c86325 Merge "BoardConfig: TARGET_USES_COLOR_METADATA := true" 2017-03-21 20:40:43 +00:00
Patrick Tjin
14026bea4f Wahoo: move configs from device to board, remove inodes/journal 
Move filesystem configs from device.mk to BoardConfig.mk.
Move vendor partition configs to vendor/BoardConfigVendor.mk
Remove unused inodes and journal from system.

Test: Build system and vendor image, verify more space available
Change-Id: Ib98f21ff64f2dc189395db68db10ffe14b5e3c56
 2017-03-21 13:27:31 -07:00
TreeHugger Robot
c62260cb10 Merge "Disable NFC while camera is active" 2017-03-21 19:30:50 +00:00
Thierry Strudel
a7a2cf1733 BoardConfig: TARGET_USES_COLOR_METADATA := true 
Bug: 36483019
Change-Id: Id04f2e6b243bcd726f852cf85a828d43c7e83ebc
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-03-21 12:22:59 -07:00
Tao Bao
1afc4fb568 Merge "Add recovery.wipe file." 2017-03-21 18:33:04 +00:00
Vineeta Srivastava
29d3a82b32 Change the firmware image search path to /vendor/firmware 
Test: booted on a device
Change-Id: I3c4a4de9d316779c2b7b085f9160064c225e431a
 2017-03-21 10:40:32 -07:00
Tao Bao
1ff004a529 Add recovery.wipe file. 
Bug: 36427762
Test: lunch muskie-userdebug && make bootimage. Check
      $OUT/recovery/root/etc/recovery.wipe exists.
Change-Id: Id86c53d62d2b5a293f22b37fef3c64caa82f15f1
 2017-03-21 10:28:34 -07:00
Patrick Tjin
1b7c5dd537 wahoo: rename laser node to wahoo_laser 
Test: check that permission is correctly applied
Change-Id: I8bed24ca1a2279d984e94c88f6210f02eaa4a106
 2017-03-20 22:52:36 -07:00
Yueyao Zhu
04aa53c74f early_mount: remove /vendor entry from fstab 
/vendor is mounted using fstab entry provided through
the device tree.

Test: muskie boots

Bug: 36024481
Change-Id: Id48b118e5770c0c0f904b70a683df9bf90acd2b1
Signed-off-by: Yueyao Zhu <yueyao@google.com>
 2017-03-20 21:07:17 -07:00
TreeHugger Robot
ba6590e438 Merge "Camera: Switch to binderized camera HAL" 2017-03-21 01:51:51 +00:00
TreeHugger Robot
e057eb392d Merge "Adding files and allows to handle denials" 2017-03-21 01:31:28 +00:00
Daniel Rosenberg
5d0751c729 Merge "Sdcardfs is now the default. Remove unnecessary line" 2017-03-21 01:13:05 +00:00
TreeHugger Robot
9d621789ba Merge "Adding allows to handle the following runtime denials" 2017-03-21 00:36:08 +00:00
TreeHugger Robot
f491c17948 Merge "build: allow for platform-specific bootloader build" 2017-03-21 00:19:14 +00:00
Max Bires
24e6f9d833 Adding files and allows to handle denials 
Denials:
denied { sys_rawio } for pid=630 comm="ramdump" capability=17
scontext=u:r:ramdump:s0 tcontext=u:r:ramdump:s0 tclass=capability

denied { getattr } for pid=630 comm="ramdump" path="/dev/block/sda5"
dev="tmpfs" ino=20606 scontext=u:r:ramdump:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { open } for pid=630 comm="ramdump" path="/dev/block/sda5"
dev="tmpfs" ino=20606 scontext=u:r:ramdump:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { read write } for pid=630 comm="ramdump" name="sda5" dev="tmpfs"
ino=20606 scontext=u:r:ramdump:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { getattr } for pid=630 comm="ramdump"
path="/data/ramdump/RAMDUMP_RESERVED" dev="sda10" ino=2342915
scontext=u:r:ramdump:s0 tcontext=u:object_r:ramdump_data_file:s0
tclass=file

denied { open } for pid=630 comm="ramdump"
path="/data/ramdump/RAMDUMP_RESERVED" dev="sda10" ino=2342915
scontext=u:r:ramdump:s0 tcontext=u:object_r:ramdump_data_file:s0
tclass=file

denied { read } for pid=630 comm="ramdump" name="RAMDUMP_RESERVED"
dev="sda10" ino=2342915 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=file

denied { getattr } for pid=630 comm="ramdump" path="/fstab.taimen"
dev="sda8" ino=26 scontext=u:r:ramdump:s0 tcontext=u:object_r:rootfs:s0
tclass=file

denied { open } for pid=630 comm="ramdump" path="/fstab.taimen"
dev="sda8" ino=26 scontext=u:r:ramdump:s0 tcontext=u:object_r:rootfs:s0
tclass=file

denied { read } for pid=630 comm="ramdump" name="fstab.taimen"
dev="sda8" ino=26 scontext=u:r:ramdump:s0 tcontext=u:object_r:rootfs:s0
tclass=file

denied { setattr } for pid=630 comm="ramdump" name="RAMDUMP_RESERVED"
dev="sda10" ino=2342915 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=file

denied { search } for pid=2350 comm="csbootstraputil" name="msm_subsys"
dev="sysfs" ino=16136 scontext=u:r:radio:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { open } for pid=2350 comm="csbootstraputil"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=33390 scontext=u:r:radio:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { read } for pid=2350 comm="csbootstraputil" name="name"
dev="sysfs" ino=33390 scontext=u:r:radio:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { read } for pid=2350 comm="csbootstraputil" name="subsys0"
dev="sysfs" ino=33398 scontext=u:r:radio:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { open } for pid=2350 comm="csbootstraputil"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16138
scontext=u:r:radio:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { read } for pid=2350 comm="csbootstraputil" name="devices"
dev="sysfs" ino=16138 scontext=u:r:radio:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { search } for pid=2350 comm="csbootstraputil" name="msm_subsys"
dev="sysfs" ino=16136 scontext=u:r:radio:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { execute_no_trans } for pid=2579 comm="cnss_diag"
path="/system/bin/sh" dev="sda8" ino=463 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { getattr } for pid=2579 comm="sh" path="/system/bin/sh"
dev="sda8" ino=463 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { read open } for pid=2579 comm="cnss_diag" path="/system/bin/sh"
dev="sda8" ino=463 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { execute } for pid=2579 comm="cnss_diag" name="sh" dev="sda8"
ino=463 scontext=u:r:wcnss_service:s0 tcontext=u:object_r:shell_exec:s0
tclass=file

denied { getattr } for pid=959 comm="Binder:769_1"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=50550
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { open } for pid=959 comm="Binder:769_1"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=50550
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { read } for pid=959 comm="Binder:769_1" name="soc_id"
dev="sysfs" ino=50550 scontext=u:r:mediacodec:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { search } for pid=959 comm="Binder:769_1" name="soc0"
dev="sysfs" ino=50546 scontext=u:r:mediacodec:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=dir

denied { write } for pid=959 comm="Binder:769_1" name="perfd"
dev="tmpfs" ino=18724 scontext=u:r:mediacodec:s0
tcontext=u:object_r:perfd_socket:s0 tclass=sock_file

denied { getattr } for pid=2054 comm="wcnss_filter"
path="/dev/__properties__/u:object_r:bluetooth_prop:s0" dev="tmpfs"
ino=21588 scontext=u:r:wcnss_filter:s0
tcontext=u:object_r:bluetooth_prop:s0 tclass=file

denied { open } for pid=2054 comm="wcnss_filter"
path="/dev/__properties__/u:object_r:bluetooth_prop:s0" dev="tmpfs"
ino=21588 scontext=u:r:wcnss_filter:s0
tcontext=u:object_r:bluetooth_prop:s0 tclass=file

denied { read } for pid=2054 comm="wcnss_filter"
name="u:object_r:bluetooth_prop:s0" dev="tmpfs" ino=21588
scontext=u:r:wcnss_filter:s0 tcontext=u:object_r:bluetooth_prop:s0
tclass=file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I78370d1096f9957a51e0207f14948970e868d079
 2017-03-20 17:00:43 -07:00
TreeHugger Robot
4d527363f4 Merge "Adding allows for the following boot-time denials" 2017-03-20 23:55:12 +00:00
Max Bires
0ac2cd2f5c Adding allows to handle the following runtime denials 
denied { read } for pid=1908 comm="lowi-server" scontext=u:r:location:s0
tcontext=u:r:location:s0 tclass=netlink_socket

denied { write } for pid=853 comm="cnss-daemon"
name="tcp_limit_output_bytes" dev="proc" ino=49959
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:proc_net:s0
tclass=file

denied { open } for pid=853 comm="cnss-daemon"
path="/proc/sys/net/ipv4/tcp_limit_output_bytes" dev="proc" ino=49959
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:proc_net:s0
tclass=file

denied { getattr } for pid=853 comm="cnss-daemon"
path="/proc/sys/net/ipv4/tcp_limit_output_bytes" dev="proc" ino=49959
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:proc_net:s0
tclass=file

Bug: 34784662
Test: The denials are no longer present
Change-Id: Icc9b42f7261fa82222db258a87f8ff0aa7f668a2
 2017-03-20 16:20:47 -07:00
Max Bires
46f6aa7fe3 Adding allows for the following boot-time denials 
denied { read write } for pid=605 comm="qseecomd" name="sda3"
dev="tmpfs" ino=21567 scontext=u:r:tee:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { open } for pid=605 comm="qseecomd" path="/dev/block/sda3"
dev="tmpfs" ino=21567 scontext=u:r:tee:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I67440c501d6582e54fa7179a93910d8d1d9c88aa
 2017-03-20 22:42:33 +00:00
Alexey Polyudov
5d874cbb25 build: allow for platform-specific bootloader build 
Change-Id: If7cd6e8155cb4077b73902b8f9f5ac1f9e099ce7
Signed-off-by: Alexey Polyudov <apolyudov@google.com>
 2017-03-20 15:25:42 -07:00
Daniel Rosenberg
b1c4b0de92 Sdcardfs is now the default. Remove unnecessary line 
Test: Boot device. Ensure device boots using sdcardfs
Change-Id: I6f480a45144aef8557953f03d4669d5e36f6f1f2
 2017-03-20 21:07:23 +00:00