Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
284 Commits 2 Branches 0 Tags
e1e3e5bdf75b0660929ad0ca3e004345b1a6c072
Commit Graph

284 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mikhail Naganov
e1e3e5bdf7 soundtrigger: Use "default" instance name for HAL service 
"default" implies using "primary" legacy device module.
This doesn't change anything for binderized mode, because
the server was only registering itself as "sound_trigger.primary",
so it was the only possibility anyways.

Usage of "stub" (debugging) module is still possible
if audioflinger and corresponding services are built with
USE_LEGACY_LOCAL_AUDIO_HAL=true (added makefile check to ensure
that).

Change-Id: Idc69c2ae1e0a02a7d2134f469f65d6de72aa5fe9
Test: "Ok Google" from screen off state on sailfish
Bug: 36570720
 2017-04-14 15:52:23 +00:00
TreeHugger Robot
13a91b2731 Merge "power_profile: Update intial values" 2017-04-14 01:17:07 +00:00
TreeHugger Robot
02432cf6d4 Merge "init.hardware.rc: remove start servicemanager" 2017-04-14 01:16:23 +00:00
Max Bires
a09eac3964 Merge "Revert "Setting SELinux to enforcing mode."" 2017-04-14 01:00:59 +00:00
Max Bires
fb4eaa89a1 Revert "Setting SELinux to enforcing mode." 
This reverts commit a0fd5b0101.

Bug: 37305560
Change-Id: I6d23ea3b3cb785003d4b1f18101f2579b1e26051
 2017-04-13 23:55:21 +00:00
Wei Wang
c522a2c012 init.hardware.rc: remove start servicemanager 
servicemanager is now started in common init

Bug: 37306311
Test: muskie boot
Change-Id: I277a9c2fff67eafe483f7a0fd4a3e90d8e4a695a
 2017-04-13 14:28:46 -07:00
Vinay Kalia
b8eaf12180 power_profile: Update intial values 
Test: Compilation

BUG: 36796913
Change-Id: I03a3d80f02df72ecc88451994c7bca71752e8845
 2017-04-13 11:40:39 -07:00
Wei Wang
9f0befc870 sepolicy: thermal-engine.te: add shutdown permission 
With recently refactored android_reboot(), we need permission to set
powerctl_prop to trigger init to do reboot logic.

Bug: 37277184
Test: build
Change-Id: If687ef874d51c64795e6175a132c34b406c2b19c
 2017-04-13 10:37:17 -07:00
Alex Klyubin
662399ca0d Merge "Remove unnecessary sepolicy attributes" 2017-04-13 16:26:07 +00:00
Naveen Kalla
0266d437c7 Fix IMS Registration failure 
imsdatadaemon was failing due to selinux denials shown below

02-07 12:07:06.299 W imsdatadaemon: type=1400 audit(0.0:77): avc: denied
{ net_raw } for capability=13 scontext=u:r:ims:s0 tcontext=u:r:ims:s0
tclass=capability permissive=0
02-07 12:07:06.299 W imsdatadaemon: type=1400 audit(0.0:78): avc: denied
{ net_bind_service } for capability=10 scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=capability permissive=0
02-07 12:07:06.299 I auditd  : type=1400 audit(0.0:77): avc: denied {
net_raw } for comm="imsdatadaemon" capability=13 scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=capability permissive=0
02-07 12:07:06.299 I auditd  : type=1400 audit(0.0:78): avc: denied {
net_bind_service } for comm="imsdatadaemon" capability=10
scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=capability permissive=0

Test: Check IMS registration works on device with this fix
Change-Id: Ib0e5078d13f27ccec0ebea4f146d75f29153bf7c
 2017-04-12 23:07:59 -07:00
TreeHugger Robot
97bfbcc96c Merge "Change drm/crypto service names to "default"" 2017-04-13 02:25:25 +00:00
Alex Klyubin
0a7d71babe Remove unnecessary sepolicy attributes 
Test: mmm system/sepolicy
Bug: 34980020
Change-Id: Iefc2b9bbb32e91f8bb968aaad47d3512bf888a27
 2017-04-12 18:52:16 -07:00
Ecco Park
7249685ee4 Fix sepolicy issue for cnss-daemon 
[   16.582894] type=1400 audit(1492027059.612:107): avc: denied {
net_admin } for pid=842 comm="cnss-daemon" capability=12
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=capability permissive=1
[   16.655912] type=1400 audit(1492027059.612:107): avc: denied {
net_admin } for pid=842 comm="cnss-daemon" capability=12
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=capability permissive=1

Bug: 37280481

Change-Id: I5b76247df26bf4ae1f17df1dbd6bc09eb6a743d6
Signed-off-by: Ecco Park <eccopark@google.com>
 2017-04-12 14:05:31 -07:00
Ecco Park
87a1142b73 Fix sepolicy issue for cnss-diag and cnss-daemon 
1) denial message for cnss-daemon
[  185.251957] type=1400 audit(1492021938.121:423): avc: denied { create } 
for pid=781 comm="cnss_diag" name="local_buffer" scontext=u:r:wcnss_service:s0
tcontext=u:object_r:cnss_vendor_data_file:s0 
tclass=dir permissive=1
[  185.258602] type=1400 audit(1492021938.121:424): avc: denied { setattr }
for pid=781 comm="cnss_diag" name="local_buffer" dev="sda45" ino=2179097
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:cnss_vendor_data_file:s0
tclass=dir permissive=1

2) remove unused cnss_diag.te (instead, we use wcnss_service.te)

Bug: 36734870

Change-Id: Ie0d1a99adf0cde2616eaf099e2757407f43eb77d
Signed-off-by: Ecco Park <eccopark@google.com>
 2017-04-12 20:22:21 +00:00
Chris Thornton
93bfba0b34 Merge "The sound trigger hal needs to talk to /dev/wcd_dsp0_control for hotword." 2017-04-12 17:44:25 +00:00
Ecco Park
687c471c17 Merge changes Ice91de09,I0d05425d 
* changes:
  Pixel logger: fixed sepolicy issue for cnss_diag
  Enable local_buffer mode of cnss_diag
 2017-04-12 17:34:44 +00:00
TreeHugger Robot
c1308166b0 Merge "Allow logger_app to execute qlogd" 2017-04-12 17:01:37 +00:00
Siqi Lin
9b4825da94 Merge "sepolicy: Allow ramdump_app to access surfaceflinger_service" 2017-04-12 16:54:30 +00:00
Jie Song
0f258d3c4c Allow logger_app to execute qlogd 
Fix of following denial:

avc: denied { execute_no_trans } for path="/vendor/bin/diag_mdlog"
dev="dm-1" ino=72 scontext=u:r:logger_app:s0:c116,c256,c512,c768
tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0

Bug: 37257559
Test: Pixel Logger can start diag_mdlog with no issue
Change-Id: I718949eb6d893be02c816ecbf32e0bd08e104be0
 2017-04-12 15:54:41 +00:00
Andrew Scull
fdd3c83a20 Merge "Add eSE daemon." 2017-04-12 12:38:03 +00:00
Chris Thornton
8f4fa5158e The sound trigger hal needs to talk to /dev/wcd_dsp0_control for hotword. 
Test: Ran on device after modifying policy
Change-Id: I0971a914fd50bcfb7d1823183950c45d2632cc42
 2017-04-11 21:31:29 -07:00
Adrian Salido
a60c8d7e89 power: rewrite battery stats parser 
Make parsing battery stats more extendable and switch to system_stats for
the battery stats.

Bug: 36064954
Test: dumpsys batterystats shows non-zero stats
Change-Id: I39c59f86cbb335da5796d23c0ff4a7435745b31e
 2017-04-11 19:05:04 -07:00
Ecco Park
46a2456715 Pixel logger: fixed sepolicy issue for cnss_diag 
Bug: 36734870

Change-Id: Ice91de09ef35c8ced0c3faccf65ddfacf8b64101
Signed-off-by: Ecco Park <eccopark@google.com>
 2017-04-12 01:40:31 +00:00
Shawn Yang
25eaf09f91 Enable port-bridge by default 
Bug: 36580490

Test: Verify the port-bridge service is running by default
Change-Id: I5a5f4371f9a46b50d48b8a39299b4f9d9924ff8f
 2017-04-11 23:23:19 +00:00
Ecco Park
9570fb16c7 Enable local_buffer mode of cnss_diag 
Bug: 32248316

Change-Id: I0d05425d234d397a3c1fb1c65ba741259d5fb407
Signed-off-by: Ecco Park <eccopark@google.com>
 2017-04-11 15:54:14 -07:00
Siqi Lin
d9abe217aa sepolicy: Allow ramdump_app to access surfaceflinger_service 
Fixes the following denial which prevents Ramdump Uploader main
activity from displaying:

SELinux : avc:  denied  { find } for service=SurfaceFlinger pid=4901
uid=10120 scontext=u:r:ramdump_app:s0:c120,c256,c512,c768
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager

Bug: 37209981
Test: manual - open Ramdump Uploader app, see no ANR
Change-Id: I3cf8ba627a7c850639d9f8a9aad0bd15ee77f0ee
 2017-04-11 15:23:34 -07:00
TreeHugger Robot
1270be7329 Merge "Replace make file with soong" 2017-04-11 22:15:39 +00:00
Max Bires
31e74b0417 Merge "Setting SELinux to enforcing mode." 2017-04-11 21:55:49 +00:00
Jeff Tinker
f3877badc0 Change drm/crypto service names to "default" 
bug:36371166
Change-Id: Iec29f5fadcc92d53d486d5a6cf67df55794758fd
 2017-04-11 13:01:41 -07:00
Max Bires
4dd28d5902 Merge "Switching some vendor libraries over to same_process_hal_file type" 2017-04-11 19:40:50 +00:00
Tyler Gunn
935d08b5d6 Merge "Enable handover support for Google devices." 2017-04-11 18:35:55 +00:00
Max Bires
723bebb5ce Switching some vendor libraries over to same_process_hal_file type 
A lot of app domains were requesting vendor_file read access due to some
mislabeled .so files. This should fix that without granting read access
to vendor_file

Bug: 34784662
Test: .so files are properly labeled
Change-Id: I2aa69d54717af4c9274c979b01a717d991a03449
 2017-04-11 11:26:12 -07:00
TreeHugger Robot
c708f9fe23 Merge "Move logging folder from data to data/vendor" 2017-04-11 16:52:20 +00:00
Ramanan Rajeswaran
465d8985b9 Merge "Remove aosp bits." 2017-04-11 16:34:47 +00:00
Tyler Gunn
df22a200ed Enable handover support for Google devices. 
Enables support for Telecom handover from Telephony ConnectionService
to another ConnectionService for Google devices.

Test: Manual
Bug: 37102939
Change-Id: I91adc9f3bc2908b5bfc19dca4332cceff18f9fb0
 2017-04-11 09:22:10 -07:00
Andrew Scull
2e50fd967f Add eSE daemon. 
It managed the eSE by accessing the driver through the /dev/pn81a node.

Test: Boot brings up esed which connects to the eSE.
Bug: 35628284
Change-Id: I6fa3384169adb60095585856accd53bc61d06cf4
 2017-04-11 14:32:10 +01:00
Max Bires
563a0851b2 Fixing the following denials 
denied { search } for pid=823 comm="ueventd" name="/" dev="sda7" ino=1
scontext=u:r:ueventd:s0 tcontext=u:object_r:firmware_file:s0 tclass=dir

denied { search } for pid=707 comm="qseecomd" name="/" dev="sda7" ino=1
scontext=u:r:tee:s0 tcontext=u:object_r:firmware_file:s0 tclass=dir

denied { read write open getattr } for pid=711 comm="ramdump"
name="sdd1" dev="tmpfs" ino=20349 scontext=u:r:ramdump:s0
tcontext=u:object_r:misc_block_device:s0 tclass=blk_file

denied { write add_name } for pid=964 comm="perfd" name="perfd"
dev="sda45" ino=3407877 scontext=u:r:perfd:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { create } for pid=964 comm="perfd" name="default_values"
scontext=u:r:perfd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { search } for pid=751 comm="android.hardwar" name="c17a000.i2c"
dev="sysfs" ino=22393 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { search } for pid=611 comm="android.hardwar" name="/" dev="sdd3"
ino=2 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { read execute open } for pid=727 comm="main"
name="libadsprpc.so" dev="sda20" ino=840 scontext=u:r:zygote:s0
tcontext=u:object_r:vendor_file:s0 tclass=file

denied { read execute } for pid=4970 comm="main" name="libadsprpc.so"
dev="sda20" ino=499 scontext=u:r:webview_zygote:s0
tcontext=u:object_r:vendor_file:s0 tclass=file

denied { unlink } for pid=8008 comm="rild"
name="uim_remote_client_socket0" dev="tmpfs" ino=26606
scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0
tclass=sock_file

denied { write } for pid=691 comm="ramdump" name="sda45" dev="tmpfs"
ino=20680 scontext=u:r:ramdump:s0
tcontext=u:object_r:userdata_block_device:s0 tclass=blk_file

denied { search } for pid=5098 comm="m.android.phone" name="framework"
dev="sda20" ino=383 scontext=u:r:radio:s0
tcontext=u:object_r:vendor_framework_file:s0 tclass=dir

denied { read write } for pid=1377 comm="Binder:1366_1"
path="socket:[55679]" dev="sockfs" ino=55679
scontext=u:r:folio_daemon:s0 tcontext=u:r:system_server:s0
tclass=unix_stream_socket

denied { use } for pid=1377 comm="Binder:1366_1" path="socket:[55679]"
dev="sockfs" ino=55679 scontext=u:r:folio_daemon:s0
tcontext=u:r:system_server:s0 tclass=fd

denied { call } for pid=847 comm="folio_daemon"
scontext=u:r:folio_daemon:s0 tcontext=u:r:system_server:s0 tclass=binder

denied { getattr read open } for pid=3711 comm="dex2oat"
path="/system/vendor" dev="sda22" ino=2749 scontext=u:r:dex2oat:s0
tcontext=u:object_r:vendor_file:s0 tclass=lnk_file

denied { read } for pid=5338 comm="RenderThread"
name="gralloc.msm8998.so" dev="sda20" ino=793
scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:vendor_file:s0
tclass=file

denied { read } for pid=5161 comm="RenderThread"
name="gralloc.msm8998.so" dev="sda20" ino=793
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_file:s0 tclass=file

denied  { module_load } for  pid=588 comm="insmod"
path="/vendor/lib/modules/synaptics_dsx_core_htc.ko" dev="sda20" ino=749
scontext=u:r:init-insmod-sh:s0 tcontext=u:object_r:vendor_file:s0
tclass=system

denied { read open } for pid=607 comm="servicemanager" name="current"
dev="proc" ino=45010 scontext=u:r:servicemanager:s0
tcontext=u:r:folio_daemon:s0 tclass=file

denied { getattr } for pid=607 comm="servicemanager"
scontext=u:r:servicemanager:s0 tcontext=u:r:folio_daemon:s0
tclass=process

denied { search } for pid=607 comm="servicemanager" name="871"
dev="proc" ino=45008 scontext=u:r:servicemanager:s0
tcontext=u:r:folio_daemon:s0 tclass=dir

denied { read write } for pid=3642 comm="Binder:1199_3"
path="socket:[45011]" dev="sockfs" ino=45011
scontext=u:r:folio_daemon:s0 tcontext=u:r:system_server:s0
tclass=unix_stream_socket

denied { call } for pid=871 comm="folio_daemon"
scontext=u:r:folio_daemon:s0 tcontext=u:r:servicemanager:s0
tclass=binder

denied { sys_module } for pid=976 comm="tc" capability=16
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { sys_module } for pid=645 comm="Binder:645_2" capability=16
scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability

denied { open read } for pid=776 comm="ueventd" name="modem.mdt"
dev="sda7" ino=38 scontext=u:r:ueventd:s0
tcontext=u:object_r:firmware_file:s0 tclass=file

denied { write open } for pid=787 comm="perfd"
path="/dev/cpu_dma_latency" dev="tmpfs" ino=19589 scontext=u:r:perfd:s0
tcontext=u:object_r:device:s0 tclass=chr_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I2d905d89d3375e5dd4820d34cc11223814514f27
 2017-04-11 01:26:29 -07:00
TreeHugger Robot
c37e2c4107 Merge "Enable binderized Thermal HAL." 2017-04-11 08:09:32 +00:00
Sohani Rao
8e2f6a5cdd Replace make file with soong 
For WifiOffload HAL, comply with soong format

Test: VTS test
Bug: 32842314
Change-Id: I1af37efd20e3dc75bc40b8a7fa4f19b428c6f232
 2017-04-10 18:20:17 -07:00
Jie Song
33e42325ff Move logging folder from data to data/vendor 
diag_logs
cnss_diag
ramdump

Bug: 36734870
Test: Capture logs and check no SELinux denial
Change-Id: Iff035c2074d54a454ddd1b9e3c025ddbcf7ae40d
 2017-04-10 17:25:14 -07:00
TreeHugger Robot
02519b47d6 Merge "Adding allows to handle the following denials" 2017-04-11 00:05:40 +00:00
Max Bires
bc99e5b908 Adding allows to handle the following denials 
denied { write } for pid=10249 comm="secdiscard" name="sda45"
dev="tmpfs" ino=19911 scontext=u:r:vold:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { create read } for pid=9183 comm="time_daemon" name="ats_2"
scontext=u:r:time_daemon:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { read write open } for pid=9183 comm="time_daemon" name="ats_2"
dev="sdd3" ino=33 scontext=u:r:time_daemon:s0
tcontext=u:object_r:persist_file:s0 tclass=file

denied { write add_name } for pid=9183 comm="time_daemon" name="time"
dev="sda45" ino=851969 scontext=u:r:time_daemon:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { write } for pid=5959 comm="Binder:1415_9" name="timerslack_ns"
dev="proc" ino=138483 scontext=u:r:system_server:s0
tcontext=u:r:isolated_app:s0:c512,c768 tclass=file

denied { write } for pid=5365 comm="Binder:1415_8" name="timerslack_ns"
dev="proc" ino=123305 scontext=u:r:system_server:s0
tcontext=u:r:logger_app:s0:c112,c256,c512,c768 tclass=file

denied { connectto } for pid=9161 comm="omm.timeservice"
path=0074696D655F67656E6F6666 scontext=u:r:system_app:s0
tcontext=u:r:time_daemon:s0 tclass=unix_stream_socket

denied { read } for pid=5123 comm="m.android.phone" name="vendor"
dev="sda22" ino=2749 scontext=u:r:radio:s0
tcontext=u:object_r:vendor_file:s0 tclass=lnk_file

denied { getattr read open } for pid=5123 comm="m.android.phone"
path="/vendor/framework/qti-vzw-ims-internal.jar" dev="sda20" ino=385
scontext=u:r:radio:s0 tcontext=u:object_r:vendor_framework_file:s0
tclass=file

denied { write } for pid=888 comm="perfd" name="default_pwrlevel"
dev="sysfs" ino=33408 scontext=u:r:perfd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { read open } for pid=360 comm="kworker/u16:6"
name="synaptics_0.img" dev="sda20" ino=360 scontext=u:r:kernel:s0
tcontext=u:object_r:vendor_file:s0 tclass=file

denied  { read } for  pid=589 comm="init.power.sh" name="soc:qcom,cpubw"
dev="sysfs" ino=44524 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { open read } for pid=668 comm="init.power.sh"
path="/sys/class/devfreq" dev="sysfs" ino=28440
scontext=u:r:init_power:s0 tcontext=u:object_r:sysfs:s0 tclass=dir

denied { write open } for pid=760 comm="android.hardwar" name="wlan"
dev="tmpfs" ino=20256 scontext=u:r:hal_wifi_default:s0
tcontext=u:object_r:wlan_device:s0 tclass=chr_file

denied { open getattr write } for comm="android.hardwar"
path="/sys/devices/soc/c17a000.i2c/i2c-6/6-005a/rtp_input" dev="sysfs"
ino=41310 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { ioctl } for pid=880 comm="android.hardwar" path="/dev/uinput"
dev="tmpfs" ino=20584 ioctlcmd=5564
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Id259bdcbf4cf7a93b8c98b8a06addb99385d7588
 2017-04-10 15:39:09 -07:00
Glen Kuhne
b1af8c9d6e Merge "default hotspot ssid prefix to 'Pixel'" 2017-04-10 22:23:03 +00:00
Ramanan Rajeswaran
702f9f4f44 Remove aosp bits. 
Test: built muskie.
Change-Id: I30e09d990bb3d4e96f769075f0fb995f71fd35a0
 2017-04-10 14:14:11 -07:00
TreeHugger Robot
1602c1cf13 Merge "Refactoring block device labeling and adding allows." 2017-04-08 00:43:29 +00:00
Max Bires
ed261e9c7e Refactoring block device labeling and adding allows. 
Denials:
denied { write ioctl open } for pid=847 comm="folio_daemon"
name="uinput" dev="tmpfs" ino=20677 scontext=u:r:folio_daemon:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

denied { search } for pid=1553 comm="rild" name="netmgr" dev="tmpfs"
ino=21012 scontext=u:r:rild:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=dir

denied { read write open } for pid=689 comm="qseecomd" name="sdd2"
dev="tmpfs" ino=18308 scontext=u:r:tee:s0
tcontext=u:object_r:ssd_block_device:s0 tclass=blk_file

denied { read write open } for pid=771 comm="rmt_storage" name="sdd15"
dev="tmpfs" ino=18347 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:modem_block_device:s0 tclass=blk_file

denied { getattr } for comm="android.hardwar" path="/dev/block/sda7"
dev="tmpfs" ino=18138 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:modem_block_device:s0 tclass=blk_file

denied { getattr } for comm="android.hardwar" path="/dev/block/sda22"
dev="tmpfs" ino=18194 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file

denied { getattr } for comm="android.hardwar" path="/dev/block/sda3"
dev="tmpfs" ino=18122 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:ab_block_device:s0 tclass=blk_file

denied { getattr } for comm="android.hardwar" path="/dev/block/sda9"
dev="tmpfs" ino=18146 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:boot_block_device:s0 tclass=blk_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I0a31ed76665a660e658a1e9000e07a9d312fb985
 2017-04-07 16:11:19 -07:00
TreeHugger Robot
78002157cc Merge "Collect modem always on log" 2017-04-07 22:48:58 +00:00
Glen Kuhne
232eb2931f default hotspot ssid prefix to 'Pixel' 
Added a device specific overlay that changes the default name prefix
from "AndroidAp" to "Pixel"

Test: Builds, manually verified name change
Bug: 36368950
Change-Id: I38a5f6fb950d6a45342080bae186a8ed276d94bf
 2017-04-07 14:54:17 -07:00
Max Bires
8bfe8965a2 Adding allow rules and contexts to handle the following denials 
denied  { getattr } for  pid=580 comm="ueventd" name="sda20" dev="tmpfs"
ino=19514 scontext=u:r:ueventd:s0 tcontext=u:object_r:tmpfs:s0
tclass=blk_file

denied  { write } for  pid=580 comm="ueventd" name="uevent" dev="sysfs"
ino=44062 scontext=u:r:ueventd:s0
tcontext=u:object_r:sysfs_bluetooth_writable:s0 tclass=file

denied { search } for pid=826 comm="time_daemon" name="msm_subsys"
dev="sysfs" ino=16858 scontext=u:r:time_daemon:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { write } for pid=2934 comm="Binder:1189_4" name="timerslack_ns"
dev="proc" ino=38677 scontext=u:r:system_server:s0
tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=file

denied { write } for pid=3936 comm="Binder:1189_C" name="timerslack_ns"
dev="proc" ino=85544 scontext=u:r:system_server:s0
tcontext=u:r:platform_app:s0:c512,c768 tclass=file

denied { write } for pid=1201 comm="Binder:1189_2" name="timerslack_ns"
dev="proc" ino=83223 scontext=u:r:system_server:s0
tcontext=u:r:system_app:s0 tclass=file

denied { write } for pid=1584 comm="Binder:1189_3" name="timerslack_ns"
dev="proc" ino=81248 scontext=u:r:system_server:s0
tcontext=u:r:audioserver:s0 tclass=file

denied { write } for pid=1201 comm="Binder:1189_2" name="timerslack_ns"
dev="proc" ino=38795 scontext=u:r:system_server:s0
tcontext=u:r:priv_app:s0:c512,c768 tclass=file

denied { write } for pid=1584 comm="Binder:1189_3" name="timerslack_ns"
dev="proc" ino=86229 scontext=u:r:system_server:s0
tcontext=u:r:untrusted_app:s0:c512,c768 tclass=file

denied { write } for pid=4624 comm="Binder:1189_E" name="timerslack_ns"
dev="proc" ino=105556 scontext=u:r:system_server:s0
tcontext=u:r:radio:s0 tclass=file

denied { write } for pid=1201 comm="Binder:1189_2" name="timerslack_ns"
dev="proc" ino=26256 scontext=u:r:system_server:s0
tcontext=u:r:hal_audio_default:s0 tclass=file

denied { create } for pid=836 comm="perfd" name="default_values"
scontext=u:r:perfd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied  { find } for service=qti.ims.ext pid=3750 uid=1001
scontext=u:r:radio:s0 tcontext=u:object_r:imscm_service:s0
tclass=service_manager

denied { lock } for comm="ip6tables" path="/system/etc/xtables.lock"
dev="sda22" ino=968 scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_file:s0 tclass=file

denied { getattr } for comm="android.hardwar"
path="/sys/devices/soc/c17a000.i2c/i2c-6/6-005a/leds/vibrator/duration"
dev="sysfs" ino=46884 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { open } for comm="android.hardwar"
path="/sys/devices/soc/c17a000.i2c/i2c-6/6-005a/leds/vibrator/activate"
dev="sysfs" ino=46883 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for comm="android.hardwar" name="vibrator" dev="sysfs"
ino=41304 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=lnk_file

denied { search } for comm="android.hardwar" name="leds" dev="sysfs"
ino=27814 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=dir

denied  { add } for
service=com.fingerprints.extension.IFingerprintNavigation pid=884
uid=1000 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:fingerprint_service:s0 tclass=service_manager

denied { open } for pid=9391 comm="cat"
path="/sys/devices/virtual/thermal/cooling_device0/type" dev="sysfs"
ino=44002 scontext=u:r:hal_dumpstate_impl:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file

denied { read } for pid=9391 comm="cat" name="type" dev="sysfs"
ino=44002 scontext=u:r:hal_dumpstate_impl:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file

denied { search } for pid=9391 comm="cat" name="thermal" dev="sysfs"
ino=28795 scontext=u:r:hal_dumpstate_impl:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir

denied { getattr } for pid=9381 comm="ls"
path="/sys/kernel/debug/ion/heaps/secure_heap" dev="debugfs" ino=10246
scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:debugfs:s0
tclass=file

denied { open } for pid=9381 comm="ls"
path="/sys/kernel/debug/ion/heaps" dev="debugfs" ino=9218
scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:debugfs:s0
tclass=dir

denied { read } for pid=9381 comm="ls" name="heaps" dev="debugfs"
ino=9218 scontext=u:r:hal_dumpstate_impl:s0
tcontext=u:object_r:debugfs:s0 tclass=dir

denied { search } for pid=5401 comm="surfaceflinger" name="clients"
dev="debugfs" ino=8429 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:debugfs_ion:s0 tclass=dir

denied { search } for pid=5294 comm="android.hardwar" name="clients"
dev="debugfs" ino=8429 scontext=u:r:hal_audio_default:s0
tcontext=u:object_r:debugfs_ion:s0 tclass=dir

denied { write } for comm="android.hardwar" name="activate" dev="sysfs"
ino=46883 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file

denied { lock execute_no_trans } for comm="rild" path="/vendor/qcril.db"
dev="sda20" ino=1019 scontext=u:r:rild:s0
tcontext=u:object_r:vendor_file:s0 tclass=file

Bug: 34784662
Test: The above denials are no longer occuring

Change-Id: I7931a8c3ed8bdfb7190d6c5c14a11525dca5be3a
 2017-04-07 19:57:13 +00:00
Ed Tam
bfe6ab006c Merge "thermal: specify location to load thermal config" 2017-04-07 03:13:31 +00:00