Evolution-x-devices/device_google_walleye
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_walleye synced 2026-01-29 05:25:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
541 Commits 1 Branch 0 Tags
14876b88f01f3887c59b858bd7233fde830bbbc0
Commit Graph

541 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thierry Strudel
14876b88f0 Migrate common files to device/google/wahoo 
Test: boot, basic functionality
Change-Id: I9edff53d7be158a60914335e755ded652d247db8
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-03-05 13:18:44 -08:00
TreeHugger Robot
d949806cd4 Merge "Adding allow rules and file contexts to handle denials." 2017-03-04 23:37:53 +00:00
Max Bires
07eb4303e8 Adding allow rules and file contexts to handle denials. 
Added lines address following denials:
denied { search } for pid=1184 comm="thermal-engine" name="uio"
dev="sysfs" ino=38350 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_uio:s0 tclass=dir

denied { open } for pid=1184 comm="thermal-engine" path="/sys/class/uio"
dev="sysfs" ino=38350 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_uio:s0 tclass=dir

denied { read } for pid=1184 comm="thermal-engine" name="uio"
dev="sysfs" ino=38350 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_uio:s0 tclass=dir

denied { write } for pid=977 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_generic_socket

denied { ioctl } for pid=778 comm="port-bridge" path="/dev/at_mdm0"
dev="tmpfs" ino=22203 ioctlcmd=c300 scontext=u:r:port-bridge:s0
tcontext=u:object_r:at_device:s0 tclass=chr_file

denied { open } for pid=689 comm="Binder:669_1"
path="/firmware/image/modem.b13" dev="sda7" ino=51
scontext=u:r:per_mgr:s0 tcontext=u:object_r:firmware_file:s0 tclass=file

denied { read } for pid=689 comm="Binder:669_1" name="modem.b13"
dev="sda7" ino=51 scontext=u:r:per_mgr:s0
tcontext=u:object_r:firmware_file:s0 tclass=file

denied { read } for pid=670 comm="sensors.qcom" name="subsys0"
dev="sysfs" ino=33249 scontext=u:r:sensors:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { open } for pid=670 comm="sensors.qcom"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16197
scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read } for pid=670 comm="sensors.qcom" name="devices"
dev="sysfs" ino=16197 scontext=u:r:sensors:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { search } for pid=670 comm="sensors.qcom" name="msm_subsys"
dev="sysfs" ino=16195 scontext=u:r:sensors:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { setpcap } for pid=673 comm="tftp_server" capability=8
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability

denied { read } for pid=669 comm="pm-service" name="subsys0" dev="sysfs"
ino=33249 scontext=u:r:per_mgr:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { open } for pid=669 comm="pm-service"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16197
scontext=u:r:per_mgr:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read } for pid=669 comm="pm-service" name="devices" dev="sysfs"
ino=16197 scontext=u:r:per_mgr:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { search } for pid=669 comm="pm-service" name="msm_subsys"
dev="sysfs" ino=16195 scontext=u:r:per_mgr:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { net_bind_service } for pid=688 comm="pm-service" capability=10
scontext=u:r:per_mgr:s0 tcontext=u:r:per_mgr:s0 tclass=capability

denied { search } for pid=918 comm="loc_launcher" name="mq" dev="sda43"
ino=622663 scontext=u:r:location:s0
tcontext=u:object_r:location_data_file:s0 tclass=dir

denied { write } for pid=918 comm="loc_launcher" name="mq" dev="sda43"
ino=622663 scontext=u:r:location:s0
tcontext=u:object_r:location_data_file:s0 tclass=dir

denied { add_name } for pid=918 comm="loc_launcher" name="location-mq-s"
scontext=u:r:location:s0 tcontext=u:object_r:location_data_file:s0
tclass=dir

denied { create } for pid=918 comm="loc_launcher" name="location-mq-s"
scontext=u:r:location:s0 tcontext=u:object_r:location_data_file:s0
tclass=sock_file

denied { setattr } for pid=918 comm="loc_launcher" name="location-mq-s"
dev="sda43" ino=622681 scontext=u:r:location:s0
tcontext=u:object_r:location_data_file:s0 tclass=sock_file

denied { read } for pid=680 comm="android.hardwar" name="u:obj
ect_r:keymaster_prop:s0" dev="tmpfs" ino=22587
scontext=u:r:hal_gatekeeper_default:s0 tcontext=u:object_r:keymaster_
prop:s0 tclass=file

denied { read } for pid=654 comm="sensors.qcom" name="name" dev="sysfs"
ino=33243 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=654 comm="sensors.qcom"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=33243 scontext=u:r:sensors:s0 tcontext=u:object_r:sys
fs:s0 tclass=file

denied  { mounton } for  pid=560 comm="init" path="/firmware"
dev="sda21" ino=25 scontext=u:r:init:s0
tcontext=u:object_r:firmware_file:s0 tclass=dir

denied { read } for pid=766 comm="gatekeeperd"
name="u:object_r:keymaster_prop:s0" dev="tmpfs" ino=22203
scontext=u:r:gatekeeperd:s0 tcontext=u:object_r:keymaster_prop:s0
tclass=file

denied { search } for pid=1156 comm="rild" name="netmgr" dev="tmpfs"
ino=22676 scontext=u:r:rild:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=dir

denied { search } for pid=1156 comm="rild" name="netmgr" dev="tmpfs"
ino=22704 scontext=u:r:rild:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=dir

denied { open } for pid=795 comm="gatekeeperd"
path="/dev/__properties__/u:object_r:keymaster_prop:s0" dev="tmpfs"
ino=18420 scontext=u:r:gatekeeperd:s0
tcontext=u:object_r:keymaster_prop:s0 tclass=file

denied  { write } for  pid=549 comm="ueventd" name="uevent" dev="sysfs"
ino=17842 scontext=u:r:ueventd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=661 comm="sensors.qcom"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=33243 scontext=u:r:sensors:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { read } for pid=661 comm="sensors.qcom" name="name" dev="sysfs"
ino=33243 scontext=u:r:sensors:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { read } for pid=732 comm="netmgrd" name="name" dev="sysfs"
ino=33243 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=732 comm="netmgrd"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=33243 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { open } for pid=732 comm="netmgrd"
path="/sys/devices/soc/cce0000.qcom,venus/subsys1/name" dev="sysfs"
ino=33290 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { create } for pid=732 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_generic_socket

denied { bind } for pid=732 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_generic_socket

Bug: 34784662
Test: The above denials are no longer present during boot
Change-Id: I6bccebf51e4b9e6cefda6bbe2331d7216632d1e3
 2017-03-04 14:29:29 -08:00
Vineeta Srivastava
75646ac8e5 Merge "Fix QC proprietary path" 2017-03-04 06:55:05 +00:00
TreeHugger Robot
8673bdb7e5 Merge "Enable and binderize gralloc hal" 2017-03-03 23:26:47 +00:00
Chia-I Wu
51b89c489b Enable and binderize gralloc hal 
Bug: 35809668
Test: boots
Change-Id: I3a024ed6561b520080b703529f1e6c101826cd20
 2017-03-03 14:06:50 -08:00
TreeHugger Robot
a3738b6cd8 Merge "Enforce privapp-permissions" 2017-03-03 20:06:27 +00:00
TreeHugger Robot
543ee2ffc7 Merge "audio: enable usb audio tunnel support" 2017-03-02 22:50:38 +00:00
Yifan Hong
518bdd905c Merge "vintf.xml => manifest.xml." 2017-03-02 20:03:14 +00:00
Vineeta Srivastava
6d054c01b0 Fix QC proprietary path 
Test: build muskie
Change-Id: If88712bfbb029efa27293e30eb94a1015f89b62b
 2017-03-01 20:35:54 -08:00
David Lin
6616d417ce audio: enable usb audio tunnel support 
Bug: 33030406
Test: audio playback and record over usb-headset

Change-Id: Id44b212d6edcc7c7d876b55677731b7cb0644f9a
Signed-off-by: David Lin <dtwlin@google.com>
 2017-03-01 19:46:51 -08:00
Yifan Hong
109edcc2ec vintf.xml => manifest.xml. 
Bug: 35870239
Test: m installed-file-list -j64
Change-Id: I6837924cfae732b084d25660e9ea761b453be7f9
 2017-03-01 17:58:22 -08:00
Andres Oportus
873500153f Enable sched governor (schedfreq) 
Bug: 32492390

Signed-off-by: Andres Oportus <andresoportus@google.com>
 2017-03-02 01:37:07 +00:00
TreeHugger Robot
abe680573f Merge "Remove references to non-existent dhcpcd" 2017-03-02 01:32:06 +00:00
Erik Kline
985b903213 Remove references to non-existent dhcpcd 
Test: presubmit
Bug: 19704592
Bug: 35886671
Change-Id: Id87ac71c921edac095860b82af303d3b334d712f
 2017-03-02 09:39:23 +09:00
Max Bires
d03132d274 Adding rules and contexts to fix more denials. 
Fixing following denials:
denied { getattr } for pid=875 comm="thermal-engine"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=38372 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_rmtfs:s0 tclass=file

denied { open } for pid=875 comm="thermal-engine"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=38372 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_rmtfs:s0 tclass=file

denied { read } for pid=875 comm="thermal-engine" name="name"
dev="sysfs" ino=38372 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_rmtfs:s0 tclass=file

denied { read } for pid=875 comm="thermal-engine" name="uio0"
dev="sysfs" ino=38371 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_uio:s0 tclass=lnk_file

denied { block_suspend } for pid=873 comm="thermal-engine" capability=36
scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0
tclass=capability2

denied { write } for pid=986 comm="rmt_storage"
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=socket

denied { read } for pid=672 comm="rmt_storage"
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=socket

denied { getattr } for pid=791 comm="netmgrd"
path="/sys/module/tcp_cubic/parameters/hystart_detect" dev="sysfs"
ino=25096 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=791 comm="netmgrd"
path="/sys/module/tcp_cubic/parameters/hystart_detect" dev="sysfs"
ino=25096 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { write } for pid=791 comm="netmgrd" name="hystart_detect"
dev="sysfs" ino=25096 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { ioctl } for pid=763 comm="netmgrd" path="socket:[1767]"
dev="sockfs" ino=1767 ioctlcmd=c304 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=socket

denied { ioctl } for pid=908 comm="rild" path="socket:[25980]"
dev="sockfs" ino=25980 ioctlcmd=c304 scontext=u:r:rild:s0
tcontext=u:r:rild:s0 tclass=socket

denied { open } for pid=676 comm="servicemanager"
path="/proc/783/attr/current" dev="proc" ino=25112
scontext=u:r:servicemanager:s0 tcontext=u:r:rild:s0 tclass=file

denied { getattr } for pid=676 comm="servicemanager"
scontext=u:r:servicemanager:s0 tcontext=u:r:rild:s0 tclass=process

denied { read } for pid=676 comm="servicemanager" name="current"
dev="proc" ino=25112 scontext=u:r:servicemanager:s0 tcontext=u:r:rild:s0
tclass=file

denied { call } for pid=783 comm="rild" scontext=u:r:rild:s0
tcontext=u:r:servicemanager:s0 tclass=binder

denied { open } for pid=763 comm="netmgrd"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=50839
scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { read } for pid=763 comm="netmgrd" name="soc_id" dev="sysfs"
ino=50839 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { open } for pid=763 comm="netmgrd"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16197
scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read } for pid=763 comm="netmgrd" name="devices" dev="sysfs"
ino=16197 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { search } for pid=763 comm="netmgrd" name="msm_subsys"
dev="sysfs" ino=16195 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { create } for pid=672 comm="rmt_storage"
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=socket

denied { setuid } for pid=672 comm="rmt_storage" capability=7
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { net_bind_service } for pid=672 comm="rmt_storage" capability=10
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { setpcap } for pid=672 comm="rmt_storage" capability=8
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { open } for pid=672 comm="rmt_storage"
path="/sys/kernel/debug/rmt_storage/rmts" dev="debugfs" ino=19673
scontext=u:r:rmt_storage:s0 tcontext=u:object_r:debugfs:s0 tclass=file

denied { write } for pid=672 comm="rmt_storage" name="rmts"
dev="debugfs" ino=19673 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:debugfs:s0 tclass=file

denied { open } for pid=672 comm="rmt_storage" path="/dev/block/sdd15"
dev="tmpfs" ino=22639 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file

denied { read write } for pid=672 comm="rmt_storage" name="sdd15"
dev="tmpfs" ino=22639 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file

denied { read } for pid=672 comm="rmt_storage" name="uio0" dev="sysfs"
ino=38371 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_uio:s0
tclass=lnk_file

denied { ioctl } for pid=671 comm="irsc_util" path="socket:[1213]"
dev="sockfs" ino=1213 ioctlcmd=c305 scontext=u:r:irsc_util:s0
tcontext=u:r:irsc_util:s0 tclass=socket

denied { create } for pid=671 comm="irsc_util" scontext=u:r:irsc_util:s0
tcontext=u:r:irsc_util:s0 tclass=socket

denied { open } for pid=672 comm="rmt_storage" path="/dev/block/sdf3"
dev="tmpfs" ino=22678 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

denied { read write } for pid=672 comm="rmt_storage" name="sdf3"
dev="tmpfs" ino=22678 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

Test: The above denials are no longer present
Bug: 34784662
Change-Id: I79caf3bef228a1fd84f0f58d4274c2f6a668d203
 2017-03-02 00:15:13 +00:00
TreeHugger Robot
0ec7641e74 Merge "Added allows to handle following bootup denials" 2017-03-01 20:00:44 +00:00
Yifan Hong
1588ea5629 Update for interface entry in VINTF. 
Bug: 35219444
Test: pass
Change-Id: If55fbbfe5921094ce9bef129ba8b59e4ad0eaade
 2017-02-28 20:44:58 -08:00
TreeHugger Robot
65efd88f4a Merge "Camera: Enable Treble passthrough mode." 2017-03-01 01:49:56 +00:00
Roshan Pius
6c0cc7e4ed Merge "muskie: Move wpa_supplicant to vendor partition" 2017-02-28 22:14:23 +00:00
TreeHugger Robot
f375bbd1b2 Merge "kernel-headers: use the ones from hardware/qcom/msm8998" 2017-02-28 20:46:53 +00:00
Max Bires
4213a37bf1 Added allows to handle following bootup denials 
denials:
avc: denied { read write } for pid=1673 comm="android.hardwar"
name="qseecom" dev="tmpfs" ino=23078
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:tee_device:s0

denied { ioctl } for pid=769 comm="qti" path="socket:[19255]"
dev="sockfs" ino=19255 ioctlcmd=c302 scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { create } for pid=769 comm="qti" scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { create } for pid=767 comm="netmgrd"
name="netmgr_connect_socket" scontext=u:r:netmgrd:s0
tcontext=u:object_r:netmgrd_socket:s0 tclass=sock_file

denied { setattr } for pid=767 comm="netmgrd"
name="netmgr_connect_socket" dev="tmpfs" ino=22393
scontext=u:r:netmgrd:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=sock_file

denied { read } for pid=767 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_socket

denied { write } for pid=767 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_socket

denied { bind } for pid=767 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_socket

denied { create } for pid=767 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_socket

denied { getattr } for pid=823 comm="netmgrd"
path="/sys/devices/virtual/net/rmnet_data0/queues/rx-0/rps_cpus"
dev="sysfs" ino=56682 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_net:s0 tclass=file

denied { getattr } for pid=823 comm="netmgrd"
path="/proc/sys/net/ipv6/conf/rmnet_data0/accept_ra" dev="proc"
ino=27240 scontext=u:r:netmgrd:s0 tcontext=u:object_r:proc_net:s0
tclass=file

denied { net_raw } for pid=1197 comm="iptables" capability=13
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied  { write } for  pid=547 comm="ueventd" name="uevent" dev="sysfs"
ino=21783 scontext=u:r:ueventd:s0
tcontext=u:object_r:sysfs_fingerprint:s0 tclass=file

denied  { write } for  pid=547 comm="ueventd" name="uevent" dev="sysfs"
ino=17707 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=file

denied  { write } for  pid=547 comm="ueventd" name="uevent" dev="sysfs"
ino=50864 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied  { write } for  pid=547 comm="ueventd" name="uevent" dev="sysfs"
ino=38138 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=file

denied  { create } for  pid=1 comm="init" name="sdcard"
scontext=u:r:init:s0 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file

denied { read } for pid=1571 comm="android.hardwar"
name="soc:fp_fpc1020" dev="sysfs" ino=21863
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_fingerprint:s0 tclass=dir

denied { open } for pid=1571 comm="android.hardwar"
path="/sys/devices/soc/soc:fp_fpc1020" dev="sysfs" ino=21863
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_fingerprint:s0 tclass=dir

denied { search } for pid=1571 comm="android.hardwar"
name="soc:fp_fpc1020" dev="sysfs" ino=21863
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_fingerprint:s0 tclass=dir

denied { set } for property=persist.net.doxlat pid=749 uid=1001 gid=3003
scontext=u:r:netmgrd:s0 tcontext=u:object_r:default_prop:s0
tclass=property_service

denied { set } for property=sys.listeners.registered pid=612 uid=1000
gid=1000 scontext=u:r:tee:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

denied { set } for property=sys.keymaster.loaded pid=609 uid=1000
gid=1000 scontext=u:r:tee:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I52434abc526f8458479cf4acd0ff967277887f49
 2017-02-28 12:33:20 -08:00
TreeHugger Robot
88fe6ac126 Merge "ueventd: set camera framework as owner of easel device files" 2017-02-28 20:28:13 +00:00
Thierry Strudel
1dd8ee840d kernel-headers: use the ones from hardware/qcom/msm8998 
Change-Id: Icf484e56b52bfb537f5ac537ff9e794d4e671865
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-28 11:46:23 -08:00
Shawn Yang
8dcd469205 Merge "RIL support for Muskie/Walleye" 2017-02-28 18:29:49 +00:00
Fyodor Kupolov
55a718781f Enforce privapp-permissions 
Test: build system image and
      run development/tools/privapp_permissions/privapp_permissions.py
      should return no results

Bug: 34872687
Change-Id: I65e4ad45a2549a9adfabf2350b69b81959b586c5
 2017-02-28 10:09:10 -08:00
TreeHugger Robot
5dd6f7bf9c Merge "Copy vendor seccomp policy to vendor partion" 2017-02-28 07:57:05 +00:00
Shawn Yang
5a9e0e1518 RIL support for Muskie/Walleye 
-allow rild to use HTC proprietary QMI
-set sanpshot timer to 3 second
-not power down SIM during APM
-set ims property for VoLTE/VT/VoWLAN
-enable WPS feature
-limit the DSD indication during screen off

bug:34210655

Change-Id: I17c8a38a51d4f5c2747670cf04be740e27a0474c

Author tim.tm_lin <tim.tm_lin@htc.com>
 2017-02-27 19:28:25 -08:00
Shawn Yang
e67fa1db09 Merge "Enable SSRestartDetector in Muskie" 2017-02-28 01:28:30 +00:00
Shawn Yang
ab296f2969 Enable SSRestartDetector in Muskie 
BUG=35138780

Change-Id: I0712462afa800880efbd4d646cd6d3f713318772
 2017-02-27 15:54:51 -08:00
Eino-Ville Talvala
cfc0c62b13 Camera: Enable Treble passthrough mode. 
Initially muskie opted-out of camera Treble enable due to other
bringup instability. Now that things are looking more stable, enable
passthrough mode.

Add the wrapper libraries for legacy camera HAL, and remove the
disable setprop.

Test: Manual camera app use, camera CTS don't seem to regress.
Bug: 32991422
Change-Id: I84c813c433c74afce64308414a597097b6f98e58
 2017-02-27 14:39:11 -08:00
Todd Poynor
27c5f7c638 ueventd: set camera framework as owner of easel device files 
easelcomm AP/Easel communication client and Easel state manager owner
cameraserver, group camera.

Test: manual
Change-Id: Ia30bf523a2a458c4b3044f1485d7fc84955145f1
 2017-02-27 10:52:56 -08:00
Thierry Strudel
82c1287a0b device-vendor: add per device device-vendor file 
Change-Id: I2f90855f208d1c02481c675dfee98d0212c35e73
 2017-02-24 12:02:02 -08:00
Alexey Polyudov
35d52df920 Merge changes from topic 'msm8998-opensource' 
* changes:
  move thermal-engine time-services json-c to hardware/qcom/msm8998
  Move codeaurora and qcom/opensource modules to hardware/qcom/msm8998
 2017-02-24 16:16:33 +00:00
Thierry Strudel
74c073d42f move thermal-engine time-services json-c to hardware/qcom/msm8998 
Change-Id: Id62a8b888e3ddb8593f2d82c1cf566e70632287b
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-23 17:17:02 -08:00
Thierry Strudel
5aae7cd02f Move codeaurora and qcom/opensource modules to hardware/qcom/msm8998 
Change-Id: I9850909027847a5ea420c67ac414d0d920536412
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-23 17:13:55 -08:00
Nick Desaulniers
d93f98e505 muskie: switch EXT4 block cipher to AES-256-HEH 
Change-Id: I9ca69636963b9d01fe7dc7482247975a0b46c2b0
Fixes: 34712722
 2017-02-23 22:31:59 +00:00
Thierry Strudel
67c472e341 Merge changes from topic 'muskie-mwc' 
* changes:
  muskie: fingerprint: add to vendor interface manifest
  Revert "device-common: don't build fingerprint HAL+service"
 2017-02-23 21:47:03 +00:00
Jeff Vander Stoep
f7f53ace0b Copy vendor seccomp policy to vendor partion 
Bug: 34723744
Test: Muskie builds and boots.
Test: For both mediacodec and mediaextractor verify
"cat proc/<pid>/status | grep Seccomp" == "Seccomp: 2"

Change-Id: I414b02f8f49f4d225ef0e8e85b4265ad5cea2281
 2017-02-23 13:01:02 -08:00
Ecco Park
ec43a1a87a Merge "muskie: Update WLAN cfg.ini values" 2017-02-23 20:07:10 +00:00
Roshan Pius
089a8de5f4 muskie: Move wpa_supplicant to vendor partition 
Also, made the changes to have a single wpa_supplicant entry in .rc
which was cleaned up in b/30816535 for other devices.

Bug: 30816535
Bug: 34237671
Test: Compiles
Change-Id: I3e4a8fc8e1865a19037d798994298e2ee20e4074
 2017-02-23 10:12:20 -08:00
Nick Desaulniers
2552e4a3f5 muskie: fingerprint: add to vendor interface manifest 
Bug: 34795013
Change-Id: If500965181ad8f9ac8c7bdf5d7a28e14e8d13b63
 2017-02-22 19:10:07 -08:00
Nick Desaulniers
dc6cafdb24 Revert "device-common: don't build fingerprint HAL+service" 
This reverts commit 109d659016.

Bug: 34795013
Bug: 35390533
Change-Id: I8a5117e513496ee5b2c3d7b9e5fd0f24c18f9924
 2017-02-22 19:07:24 -08:00
Max Bires
f955e7dfc6 Adding allows and file contexts for multiple domains. 
Adding items to address following list of denials:
denied { read } for pid=1875 comm="qti" scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { create } for pid=734 comm="qti" scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { ioctl } for pid=734 comm="qti" path="socket:[33993]"
dev="sockfs" ino=33993 ioctlcmd=c304 scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { read } for pid=876 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { write } for pid=981 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { create } for pid=981 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { read } for pid=755 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_socket

denied { ioctl } for pid=982 comm="cnss-daemon" path="socket:[23695]"
dev="sockfs" ino=23695 ioctlcmd=c302 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=socket

denied { read } for pid=853 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { write } for pid=840 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { create } for pid=840 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { ioctl } for pid=840 comm="time_daemon" path="socket:[22165]"
dev="sockfs" ino=22165 ioctlcmd=c302 scontext=u:r:time_daemon:s0
tcontext=u:r:time_daemon:s0 tclass=socket

denied { open read } for pid=754 comm="time_daemon" path="/dev/rtc0"
dev="tmpfs" ino=10130 scontext=u:r:time_daemon:s0
tcontext=u:object_r:rtc_device:s0 tclass=chr_file

denied { ioctl } for pid=754 comm="time_daemon" path="/dev/rtc0"
dev="tmpfs" ino=10130 ioctlcmd=7009 scontext=u:r:time_daemon:s0
tcontext=u:object_r:rtc_device:s0 tclass=chr_file

denied { setuid setgid } for pid=754 comm="time_daemon" capability=7
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0
tclass=capability

denied { ioctl } for pid=914 comm="rild" path="socket:[23070]"
dev="sockfs" ino=23070 ioctlcmd=c302 scontext=u:r:rild:s0
tcontext=u:r:rild:s0 tclass=socket

denied { call } for pid=914 comm="rild" scontext=u:r:rild:s0
tcontext=u:r:per_mgr:s0 tclass=binder

denied { write } for pid=1220 comm="lowi-server" name="location-mq-s"
dev="sda41" ino=212664 scontext=u:r:location:s0
tcontext=u:object_r:system_data_file:s0 tclass=sock_file

denied { execute_no_trans } for pid=1220 comm="loc_launcher"
path="/vendor/bin/lowi-server" dev="sda19" ino=37
scontext=u:r:location:s0tcontext=u:object_r:location_exec:s0 tclass=file

denied { open read write } for pid=930 comm="android.hardwar" name="irq"
dev="sysfs" ino=36996 scontext=u:r:hal_fingerprint_default:s1
tcontext=u:object_r:sysfs:s0 tclass=file

denied { open } for pid=758 comm="android.hardwar" path="/dev/qseecom"
dev="tmpfs" ino=21107 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:tee_device:s0 tclass=chr_file

denied { read write } for pid=758 comm="android.hardwar" name="qseecom"
dev="tmpfs" ino=21107 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:tee_device:s0 tclass=chr_file

Bug: 34784662
Test: The above denials are no longer present on bootup
Change-Id: Iac2e0e0b631769b33f2642c7fe97acb7510704cb
 2017-02-22 10:32:16 -08:00
Max Bires
7c9cbbca18 Adding netmgrd allows and supporting file contexts. 
Added allows to handle following denials:
denied { write } for pid=751 comm="netmgrd" name="netmgr" dev="tmpfs"
ino=20778 scontext=u:r:netmgrd:s0 tcontext=u:object_r:socket_device:s0
tclass=dir

denied { add_name } for pid=751 comm="netmgrd"
name="netmgr_connect_socket" scontext=u:r:netmgrd:s0
tcontext=u:object_r:socket_device:s0 tclass=dir

denied { write } for pid=2035 comm="ndc" name="netd" dev="tmpfs"
ino=23587 scontext=u:r:netmgrd:s0 tcontext=u:object_r:netd_socket:s0
tclass=sock_file

denied { net_admin } for pid=783 comm="netmgrd" capability=12
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { connectto } for pid=751 comm="netmgrd"
path="/dev/socket/property_service" scontext=u:r:netmgrd:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { write } for pid=751 comm="netmgrd" name="property_service"
dev="tmpfs" ino=19824 scontext=u:r:netmgrd:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { setuid } for pid=729 comm="netmgrd" capability=7
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { getattr } for pid=787 comm="netmgrd"
path="/sys/devices/virtual/net/rmnet_data3/queues/rx-0/rps_cpus"
dev="sysfs" ino=53667 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { write } for pid=787 comm="netmgrd" name="disable_ipv6"
dev="proc" ino=25831 scontext=u:r:netmgrd:s0
tcontext=u:object_r:proc_net:s0 tclass=file

denied { write } for pid=807 comm="netmgrd" name="rps_cpus" dev="sysfs"
ino=54507 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=file

denied { search } for pid=807 comm="netmgrd" name="net" dev="sysfs"
ino=27043 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=dir

denied { getattr } for pid=776 comm="netmgrd"
path="/sys/devices/virtual/net/rmnet_data3/queues/rx-0/rps_cpus"
dev="sysfs" ino=54432 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_net:s0 tclass=file

denied { execute_no_trans } for pid=1107 comm="netmgrd"
path="/system/bin/iptables" dev="sda20" ino=345 scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_file:s0 tclass=file

denied { read } for pid=788 comm="netmgrd" name="net" dev="sda41"
ino=212584 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0
tclass=dir

denied { getattr } for pid=788 comm="netmgrd"
path="/data/misc/netmgr/log.txt" dev="sda41" ino=212657
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { read write open } for pid=729 comm="netmgrd"
path="/data/misc/netmgr/log.txt" dev="sda41" ino=212657
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { add_name } for pid=729 comm="netmgrd" name="log.txt"
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { write } for pid=729 comm="netmgrd" name="netmgr" dev="sda41"
ino=212635 scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Ifb22e8ab9af725b7d5b884b10d2e525c248500f8
 2017-02-21 00:29:59 -08:00
Max Bires
4dde676755 Merge "Adding ueventd and rmt_storage allows and file_context" 2017-02-21 08:14:27 +00:00
Srinivas Girigowda
8118f213b3 muskie: Update WLAN cfg.ini values 
Update WLAN cfg.ini values.

Bug: 33693275
CRs-Fixed: 1111096
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
 2017-02-17 15:42:31 -08:00
TreeHugger Robot
7b8566fa79 Merge "Suppress useless unused-parameter warnings and enable -Werror." 2017-02-17 19:14:16 +00:00
Aurimas Liutikas
e0e24abb85 Suppress useless unused-parameter warnings and enable -Werror. 
Test: make libjson now produces no warnings
Change-Id: I7a816b21ed2c1cdbff1c7c702e1f072d92f4d482
 2017-02-17 10:07:12 -08:00
Thierry Strudel
109d659016 device-common: don't build fingerprint HAL+service 
Bug: 35390533
Change-Id: I266159e3ecdd8ac1120be48dfdd772153c6c26c6
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 13:49:07 -08:00