Evolution-x-devices/device_google_walleye
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_walleye synced 2026-02-01 07:33:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
503 Commits 1 Branch 0 Tags
5aae7cd02f60c0f70845cb915d13c6dc09278f38
Commit Graph

503 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thierry Strudel
5aae7cd02f Move codeaurora and qcom/opensource modules to hardware/qcom/msm8998 
Change-Id: I9850909027847a5ea420c67ac414d0d920536412
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-23 17:13:55 -08:00
Thierry Strudel
67c472e341 Merge changes from topic 'muskie-mwc' 
* changes:
  muskie: fingerprint: add to vendor interface manifest
  Revert "device-common: don't build fingerprint HAL+service"
 2017-02-23 21:47:03 +00:00
Ecco Park
ec43a1a87a Merge "muskie: Update WLAN cfg.ini values" 2017-02-23 20:07:10 +00:00
Nick Desaulniers
2552e4a3f5 muskie: fingerprint: add to vendor interface manifest 
Bug: 34795013
Change-Id: If500965181ad8f9ac8c7bdf5d7a28e14e8d13b63
 2017-02-22 19:10:07 -08:00
Nick Desaulniers
dc6cafdb24 Revert "device-common: don't build fingerprint HAL+service" 
This reverts commit 109d659016.

Bug: 34795013
Bug: 35390533
Change-Id: I8a5117e513496ee5b2c3d7b9e5fd0f24c18f9924
 2017-02-22 19:07:24 -08:00
Max Bires
f955e7dfc6 Adding allows and file contexts for multiple domains. 
Adding items to address following list of denials:
denied { read } for pid=1875 comm="qti" scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { create } for pid=734 comm="qti" scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { ioctl } for pid=734 comm="qti" path="socket:[33993]"
dev="sockfs" ino=33993 ioctlcmd=c304 scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { read } for pid=876 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { write } for pid=981 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { create } for pid=981 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { read } for pid=755 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_socket

denied { ioctl } for pid=982 comm="cnss-daemon" path="socket:[23695]"
dev="sockfs" ino=23695 ioctlcmd=c302 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=socket

denied { read } for pid=853 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { write } for pid=840 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { create } for pid=840 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { ioctl } for pid=840 comm="time_daemon" path="socket:[22165]"
dev="sockfs" ino=22165 ioctlcmd=c302 scontext=u:r:time_daemon:s0
tcontext=u:r:time_daemon:s0 tclass=socket

denied { open read } for pid=754 comm="time_daemon" path="/dev/rtc0"
dev="tmpfs" ino=10130 scontext=u:r:time_daemon:s0
tcontext=u:object_r:rtc_device:s0 tclass=chr_file

denied { ioctl } for pid=754 comm="time_daemon" path="/dev/rtc0"
dev="tmpfs" ino=10130 ioctlcmd=7009 scontext=u:r:time_daemon:s0
tcontext=u:object_r:rtc_device:s0 tclass=chr_file

denied { setuid setgid } for pid=754 comm="time_daemon" capability=7
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0
tclass=capability

denied { ioctl } for pid=914 comm="rild" path="socket:[23070]"
dev="sockfs" ino=23070 ioctlcmd=c302 scontext=u:r:rild:s0
tcontext=u:r:rild:s0 tclass=socket

denied { call } for pid=914 comm="rild" scontext=u:r:rild:s0
tcontext=u:r:per_mgr:s0 tclass=binder

denied { write } for pid=1220 comm="lowi-server" name="location-mq-s"
dev="sda41" ino=212664 scontext=u:r:location:s0
tcontext=u:object_r:system_data_file:s0 tclass=sock_file

denied { execute_no_trans } for pid=1220 comm="loc_launcher"
path="/vendor/bin/lowi-server" dev="sda19" ino=37
scontext=u:r:location:s0tcontext=u:object_r:location_exec:s0 tclass=file

denied { open read write } for pid=930 comm="android.hardwar" name="irq"
dev="sysfs" ino=36996 scontext=u:r:hal_fingerprint_default:s1
tcontext=u:object_r:sysfs:s0 tclass=file

denied { open } for pid=758 comm="android.hardwar" path="/dev/qseecom"
dev="tmpfs" ino=21107 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:tee_device:s0 tclass=chr_file

denied { read write } for pid=758 comm="android.hardwar" name="qseecom"
dev="tmpfs" ino=21107 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:tee_device:s0 tclass=chr_file

Bug: 34784662
Test: The above denials are no longer present on bootup
Change-Id: Iac2e0e0b631769b33f2642c7fe97acb7510704cb
 2017-02-22 10:32:16 -08:00
Max Bires
7c9cbbca18 Adding netmgrd allows and supporting file contexts. 
Added allows to handle following denials:
denied { write } for pid=751 comm="netmgrd" name="netmgr" dev="tmpfs"
ino=20778 scontext=u:r:netmgrd:s0 tcontext=u:object_r:socket_device:s0
tclass=dir

denied { add_name } for pid=751 comm="netmgrd"
name="netmgr_connect_socket" scontext=u:r:netmgrd:s0
tcontext=u:object_r:socket_device:s0 tclass=dir

denied { write } for pid=2035 comm="ndc" name="netd" dev="tmpfs"
ino=23587 scontext=u:r:netmgrd:s0 tcontext=u:object_r:netd_socket:s0
tclass=sock_file

denied { net_admin } for pid=783 comm="netmgrd" capability=12
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { connectto } for pid=751 comm="netmgrd"
path="/dev/socket/property_service" scontext=u:r:netmgrd:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { write } for pid=751 comm="netmgrd" name="property_service"
dev="tmpfs" ino=19824 scontext=u:r:netmgrd:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { setuid } for pid=729 comm="netmgrd" capability=7
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { getattr } for pid=787 comm="netmgrd"
path="/sys/devices/virtual/net/rmnet_data3/queues/rx-0/rps_cpus"
dev="sysfs" ino=53667 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { write } for pid=787 comm="netmgrd" name="disable_ipv6"
dev="proc" ino=25831 scontext=u:r:netmgrd:s0
tcontext=u:object_r:proc_net:s0 tclass=file

denied { write } for pid=807 comm="netmgrd" name="rps_cpus" dev="sysfs"
ino=54507 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=file

denied { search } for pid=807 comm="netmgrd" name="net" dev="sysfs"
ino=27043 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=dir

denied { getattr } for pid=776 comm="netmgrd"
path="/sys/devices/virtual/net/rmnet_data3/queues/rx-0/rps_cpus"
dev="sysfs" ino=54432 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_net:s0 tclass=file

denied { execute_no_trans } for pid=1107 comm="netmgrd"
path="/system/bin/iptables" dev="sda20" ino=345 scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_file:s0 tclass=file

denied { read } for pid=788 comm="netmgrd" name="net" dev="sda41"
ino=212584 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0
tclass=dir

denied { getattr } for pid=788 comm="netmgrd"
path="/data/misc/netmgr/log.txt" dev="sda41" ino=212657
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { read write open } for pid=729 comm="netmgrd"
path="/data/misc/netmgr/log.txt" dev="sda41" ino=212657
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { add_name } for pid=729 comm="netmgrd" name="log.txt"
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { write } for pid=729 comm="netmgrd" name="netmgr" dev="sda41"
ino=212635 scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Ifb22e8ab9af725b7d5b884b10d2e525c248500f8
 2017-02-21 00:29:59 -08:00
Max Bires
4dde676755 Merge "Adding ueventd and rmt_storage allows and file_context" 2017-02-21 08:14:27 +00:00
Srinivas Girigowda
8118f213b3 muskie: Update WLAN cfg.ini values 
Update WLAN cfg.ini values.

Bug: 33693275
CRs-Fixed: 1111096
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
 2017-02-17 15:42:31 -08:00
TreeHugger Robot
7b8566fa79 Merge "Suppress useless unused-parameter warnings and enable -Werror." 2017-02-17 19:14:16 +00:00
Aurimas Liutikas
e0e24abb85 Suppress useless unused-parameter warnings and enable -Werror. 
Test: make libjson now produces no warnings
Change-Id: I7a816b21ed2c1cdbff1c7c702e1f072d92f4d482
 2017-02-17 10:07:12 -08:00
Thierry Strudel
109d659016 device-common: don't build fingerprint HAL+service 
Bug: 35390533
Change-Id: I266159e3ecdd8ac1120be48dfdd772153c6c26c6
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 13:49:07 -08:00
Thierry Strudel
43e4705737 Merge changes from topic '07.01.01.253.064' 
* changes:
  define path to hardware/qcom/{display,camera}
  kernel-headers: update to 07.01.01.253.064
  Update to 07.01.01.253.064
 2017-02-16 20:59:48 +00:00
Max Bires
dea136c7e7 Adding ueventd and rmt_storage allows and file_context 
Added to address following bootup denials:
denied { append } for pid=633 comm="rmt_storage" name="wake_lock"
dev="sysfs" ino=15356 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file

denied { setgid } for pid=633 comm="rmt_storage" capability=6
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { open } for pid=633 comm="rmt_storage" path="/dev/kmsg"
dev="tmpfs" ino=10129 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file

denied { write } for pid=633 comm="rmt_storage" name="kmsg" dev="tmpfs"
ino=10129 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:kmsg_device:s0
tclass=chr_file

denied  { write } for  pid=533 comm="ueventd" name="uevent" dev="sysfs"
ino=19078 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_camera:s0
tclass=file

denied  { write } for  pid=533 comm="ueventd" name="uevent" dev="sysfs"
ino=44296 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=file

denied { read write } for pid=617 comm="rmt_storage" name="uio0"
dev="tmpfs" ino=22582 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:uio_device:s0 tclass=chr_file

denied { open } for pid=617 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { getattr } for pid=617 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { read } for pid=617 comm="rmt_storage" name="name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=617 comm="rmt_storage" path="/sys/class/uio"
dev="sysfs" ino=37755 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sysfs:s0 tclass=dir

denied { read } for pid=617 comm="rmt_storage" name="uio" dev="sysfs"
ino=37755 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=dir

denied { open } for pid=640 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=file

denied { read } for pid=640 comm="rmt_storage" name="name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=file

Bug: 34784662
Test: The above denials are no longer present on bootup
Change-Id: Iba358af7bcf5e7361467e071a3feabf184d4c921
 2017-02-16 10:35:13 -08:00
TreeHugger Robot
0bc8b504af Merge "Added file_contexts for more sysfs_camera files." 2017-02-16 18:12:27 +00:00
Thierry Strudel
e53d50dcea define path to hardware/qcom/{display,camera} 
Change-Id: I3904861ac63e9ddcd7020aa109756b6154b1b11d
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 09:47:11 -08:00
Thierry Strudel
8024039813 kernel-headers: update to 07.01.01.253.064 
Change-Id: I1ce63f2521cbc3d5ab09a050fe577420bf747172
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 09:47:11 -08:00
Thierry Strudel
84944757ad Update to 07.01.01.253.064 
telephony: from vendor/codeaurora/telephony
  fabe28b Merge a5ccad0fdb41a8c48e38956fc70b15c160c8c714 on remote branch
  a5ccad0 Promotion of atel.lnx.2.0-00046.
  bf7458e MSIM: Add new APIs for Primary Carrier's SlotId
  0e8ca59 Merge 399b339ca574179204f86e02cfee840a1dc78a08 on remote branch
  399b339 Promotion of atel.lnx.2.0-00039.
  b499329 Merge "IMS-VT: Send static image in a Video Call" into atel.lnx.2.0-dev
  0deedaf Promotion of atel.lnx.2.0-00036.
  048b796 IMS: Definition for conference support information extra key
  7096548 IMS-VT: Send static image in a Video Call

dataservices: from vendor/qcom/opensource/dataservices
  2e7f384 Merge d5f44b400f361798a86a01cc06ec4ede75e7bd14 on remote branch
  d5f44b4 Promotion of data.lnx.2.1-00001.
  1dad831 dataservices: Changes to prevent double free

location: from vendor/qcom/opensource/location
  fc3ac1b Merge 07fb2db438ce07b0187247c1eb33c5d9e5a461ab on remote branch
  6730c45 Merge "Gnss Measurement fix for last message" into location.lnx.2.0.r13-rel
  4476241 Merge "Added support for all constellations for GNSS measurements" into location.lnx.2.0.r13-rel
  fd18fc2 Gnss Measurement fix for last message
  f7d5d88 Added support for all constellations for GNSS measurements
  b6298b5 Merge 38c6045ce27cfead795eabf75713c2d4ce3269cd on remote branch
  07fb2db Promotion of location.lnx.2.0-00050.
  1224988 Merge "Gnss Measurement fix for last message"
  3298dc4 Gnss Measurement fix for last message
  003c494 Handle confidence value for circular uncertainity
  9a51679 Merge "Added support for all constellations for GNSS measurements"
  59963f8 Merge location.lnx.2.0-rel on dev branch
  38c6045 msm: Rename msmfalcon to sdm660
  3f8b9e1 Added support for all constellations for GNSS measurements

Bug: 34911851
Change-Id: I201756003bdc9ac70234da1d691a47763b33da5e
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 09:47:11 -08:00
Max Bires
57c2f7e538 Merge "Adding allows for audioserver.te" 2017-02-16 17:11:04 +00:00
Max Bires
f34b903cf8 Added file_contexts for more sysfs_camera files. 
These should finish up the camera denials during boot:
denied { read } for pid=760 comm="cameraserver" name="name" dev="sysfs"
ino=42189 scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=757 comm="cameraserver"
path="/sys/devices/soc/caa4000.qcom,fd/video4linux/video2/name"
dev="sysfs" ino=42231 scontext=u:r:cameraserver:s0
tcontext=u:object_r:sysfs:s0 tclass=file

Bug: 34784662
Test: The above denials no longer appear during boot
Change-Id: I1ecf20215be36c2d34663cfa329988cf40422ae1
 2017-02-16 09:09:50 -08:00
Max Bires
0bbdcc41f5 Added allows for rfs_access.te 
More selinux boot denials of the following type and allows added
accordingly:

avc: denied { getattr } for pid=614 comm="tftp_server"
path="/persist/rfs" dev="sdd3" ino=19 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

avc: denied { setattr } for pid=614 comm="tftp_server" name="rfs"
dev="sdd3" ino=19 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { remove_name } for pid=2675 comm="tftp_server"
name="mcfg.tmp.rfs_tmp" dev="sdd3" ino=35 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { add_name } for pid=2675 comm="tftp_server"
name="mcfg.tmp.rfs_tmp" scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { write } for pid=2675 comm="tftp_server" name="mpss" dev="sdd3"
ino=22 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { block_suspend } for pid=641 comm="tftp_server" capability=36
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability2

denied { getattr } for pid=1170 comm="tftp_server"
path="/persist/rfs/msm/mpss/server_check.txt" dev="sdd3" ino=35
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=file

denied { open } for pid=1170 comm="tftp_server"
path="/persist/rfs/msm/mpss/server_check.txt" dev="sdd3" ino=35
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=file

denied { read } for pid=1170 comm="tftp_server" name="server_check.txt"
dev="sdd3" ino=35 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=file

denied { search } for pid=1170 comm="tftp_server" name="/" dev="sdd3"
ino=2 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { connect } for pid=1170 comm="tftp_server"
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=socket

denied { create } for pid=1170 comm="tftp_server"
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=socket

denied { read } for pid=641 comm="tftp_server"
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=socket

denied { rename } for pid=2050 comm="tftp_server"
name="mcfg.tmp.rfs_tmp" dev="sdd3" ino=39 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=file

denied { write } for pid=2050 comm="tftp_server"
path="/persist/rfs/msm/mpss/mcfg.tmp.rfs_tmp" dev="sdd3" ino=39
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=file

denied { unlink } for pid=2050 comm="tftp_server"
path="/persist/rfs/msm/mpss/mcfg.tmp.rfs_tmp" dev="sdd3" ino=39
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=file

Bug: 34784662
Test: The above denials are not found in bootup logs
Change-Id: I9a52589e0a3de99cb26660f2e4e60d2a61d1632c
 2017-02-15 19:02:50 -08:00
Max Bires
998fa7f5c8 Adding allows for audioserver.te 
Address following denials:
denied { read } for pid=746 comm="audioserver" name="hw_platform"
dev="sysfs" ino=50308 scontext=u:r:audioserver:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { search } for pid=757 comm="audioserver" name="soc0" dev="sysfs"
ino=50280 scontext=u:r:audioserver:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

Bug: 34784662
Test: The above denials are no longer present during boot
Change-Id: I8448bdb5fdf692fda342c11500c0bc45419ae6e9
 2017-02-15 18:14:27 -08:00
TreeHugger Robot
b48a769451 Merge "lights hal: fully binderized" 2017-02-15 23:45:51 +00:00
TreeHugger Robot
1df2f62e75 Merge "Adding init_power allows and supporting file_context/file.te changes." 2017-02-15 22:30:13 +00:00
Max Bires
5e84c2774f Adding init_power allows and supporting file_context/file.te changes. 
Adding allows to address the following list of bootup denials:

denied { search } for pid=629 comm="init.power.sh" name="msm_thermal"
dev="sysfs" ino=24282 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir

denied { open } for pid=630 comm="cat" path="/sys/devices/soc0/revision"
dev="sysfs" ino=50285 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for pid=630 comm="cat" name="revision" dev="sysfs"
ino=50285 scontext=u:r:init_power:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { execute_no_trans } for pid=630 comm="init.power.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_power:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { read open } for pid=630 comm="init.power.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_power:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { execute } for pid=630 comm="init.power.sh" name="toybox"
dev="sda20" ino=509 scontext=u:r:init_power:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { getattr } for pid=630 comm="init.power.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_power:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { read } for pid=629 comm="init.power.sh" path="/system/bin/sh"
dev="sda20" ino=469 scontext=u:r:init_power:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { getattr } for pid=629 comm="init.power.sh"
path="/system/bin/sh" dev="sda20" ino=469 scontext=u:r:init_power:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { write } for pid=629 comm="init.power.sh" name="online"
dev="sysfs" ino=15416 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file

denied { open } for pid=629 comm="init.power.sh"
path="/sys/module/msm_thermal/core_control/enabled" dev="sysfs"
ino=50644 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file

denied { write } for pid=629 comm="init.power.sh" name="enabled"
dev="sysfs" ino=50644 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file

denied { search } for pid=630 comm="cat" name="soc0" dev="sysfs"
ino=50280 scontext=u:r:init_power:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

Bug: 34784662
Test: The above denials no longer appear during bootup
Change-Id: I38c7d115e8afe66a5eaa1e9b3a70acebbb806010
 2017-02-15 13:12:50 -08:00
Ashutosh Joshi
0a3d67c7ff Merge "Add support for passthrough sensors through HIDL." 2017-02-15 20:29:46 +00:00
TreeHugger Robot
e64551091e Merge "Added audioserver.te and some allow rules and perfd_socket type" 2017-02-15 19:02:56 +00:00
TreeHugger Robot
288ec289c5 Merge "Adding init allows and supporting file_context." 2017-02-15 18:39:16 +00:00
Max Bires
0c479addf2 Added audioserver.te and some allow rules and perfd_socket type 
Added allow rules for the following denials:
denied { call } for pid=2460 comm="AudioOut_D"
scontext=u:r:audioserver:s0 tcontext=u:r:bootanim:s0 tclass=binder

denied { write } for pid=1464 comm="writer" name="perfd" dev="tmpfs"
ino=11825 scontext=u:r:audioserver:s0
tcontext=u:object_r:socket_device:s0 tclass=sock_file

Bug: 34784662
Test: The above denials are no longer seen in the selinux logs
Change-Id: I4dc7c054d14e8a06d42167194cf211e0822bb3a9
 2017-02-15 09:02:32 -08:00
TreeHugger Robot
cf6a9b54e8 Merge "Added init_radio allows and corresponding file_context changes." 2017-02-15 16:58:29 +00:00
Max Bires
566afc1cac Adding init allows and supporting file_context. 
Adding allows to address following boot denials:
denied { open } for pid=1 comm="init" path="/dev/ttyMSM0" dev="tmpfs"
ino=20828 scontext=u:r:init:s0 tcontext=u:object_r:device:s0
tclass=chr_file

denied { read write } for pid=1 comm="init" name="ttyMSM0" dev="tmpfs"
ino=20828 scontext=u:r:init:s0 tcontext=u:object_r:device:s0
tclass=chr_file

denied { write } for pid=1 comm="init" name="b_vendor_code"
dev="configfs" ino=21093 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file

Bug: 34784662
Test: The above denials are not present during boot
Change-Id: I5cc2daecf5b2a54d21ae17f6d88ffc174b5b8a12
 2017-02-15 08:53:37 -08:00
Max Bires
9f8096c41e Merge "Adding sysfs_thermal write file permissions to ueventd.te" 2017-02-15 16:38:50 +00:00
Max Bires
9da5ddb04a Merge "Added sysfs_camera file type and cameraserver allow rules." 2017-02-15 16:38:30 +00:00
Max Bires
fe1569e713 Merge "Adding search dir permission to system_server." 2017-02-15 16:38:18 +00:00
Max Bires
bdd4bfe746 Merge "Adding self socket allow rule for sensors.te" 2017-02-15 16:38:02 +00:00
Siqi Lin
3067f36d72 ramdump: Make /data/ramdump 761 
RamdumpUploader needs to be able to access files in /data/ramdump.

Change-Id: If7f96d1d892e5435ff279c7572195d1ab7ef8161
 2017-02-15 07:02:27 +00:00
TreeHugger Robot
e6f2e5d4cf Merge "vintf: init" 2017-02-15 03:44:49 +00:00
Ashutosh Joshi
3ad512504c Add support for passthrough sensors through HIDL. 
Enable sensors hal support for hidl passthrough mode.

Test: Ensure sensors stream in passthrough mode.
Change-Id: I70aa1293e7469ebb889c37acc3ea8ed849b19d82
 2017-02-14 18:28:57 -08:00
Max Bires
7e1e794bdf Adding search dir permission to system_server. 
Added allow rule to address following bootup denial:
denied { search } for pid=3491 comm="system-server-i" name="sensors"
dev="sdd3" ino=16 scontext=u:r:system_server:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

Bug: 34784662
Test: Above denial no longer appears in denial logs
Change-Id: Id2a42d3dff150cd7e6f1120902d4d41f0e34e626
 2017-02-14 18:00:32 -08:00
Max Bires
c4bbe07c7a Added sysfs_camera file type and cameraserver allow rules. 
Added allow rules to address the following denials:
denied { open } for pid=754 comm="cameraserver"
path="/sys/devices/soc/8c0000.qcom,msm-cam/video4linux/video0/name"
dev="sysfs" ino=41699 scontext=u:r:cameraserver:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for pid=754 comm="cameraserver" name="name" dev="sysfs"
ino=41699 scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { search } for pid=757 comm="cameraserver"
name="8c0000.qcom,msm-cam" dev="sysfs" ino=19077
scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs_camera:s0
tclass=dir

Bug: 34784662
Test: The above denials are no longer present during bootup
Change-Id: I967ee7c4147eb3328fcbcf524eb6c4759f70c59b
 2017-02-14 17:51:11 -08:00
Max Bires
0c2c343024 Adding sysfs_thermal write file permissions to ueventd.te 
This addresses the following bootup denial:
denied  { write } for  pid=529 comm="ueventd" name="uevent" dev="sysfs"
ino=43198 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_thermal:s0
tclass=file

Bug: 34784662
Test: The above denial is no longer shown during bootup
Change-Id: I6eaa291e3338ba177dd73263823dec41a850514c
 2017-02-14 17:25:13 -08:00
Max Bires
b49931036c Adding self socket allow rule for sensors.te 
Adding rule to address following denials:
denied { write } for pid=666 comm="sensors.qcom" scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket

denied { read } for pid=666 comm="sensors.qcom" scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket

Bug: 34784662
Test: The above denials no longer appear during boot
Change-Id: Icdc585ac80a30ce193708a43409e061e92b9028f
 2017-02-14 17:19:36 -08:00
Max Bires
77ab10b75c Added init_radio allows and corresponding file_context changes. 
Added allows and changed file_contexts to cover the following denials:

denied { execute_no_trans } for pid=879 comm="init.radio.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_radio:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { getattr } for pid=879 comm="cp" path="/system/bin/toybox"
dev="sda20" ino=509 scontext=u:r:init_radio:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { read open } for pid=879 comm="init.radio.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_radio:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { execute } for pid=790 comm="init.radio.sh" name="toybox"
dev="sda20" ino=509 scontext=u:r:init_radio:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { setattr } for pid=876 comm="chmod" name="modem_config"
dev="sda41" ino=212662 scontext=u:r:init_radio:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { create } for pid=875 comm="mkdir" name="modem_config"
scontext=u:r:init_radio:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { add_name } for pid=875 comm="mkdir" name="modem_config"
scontext=u:r:init_radio:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { write } for pid=875 comm="mkdir" name="radio" dev="sda41"
ino=212585 scontext=u:r:init_radio:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { create } for pid=778 comm="cp" name="qcril.db"
scontext=u:r:init_radio:s0 tcontext=u:object_r:radio_data_file:s0
tclass=file

denied { read write open } for pid=778 comm="cp"
path="/data/misc/radio/qcril.db" dev="sda41" ino=212661
scontext=u:r:init_radio:s0 tcontext=u:object_r:radio_data_file:s0
tclass=file

Bug: 34784662
Test: The above denials are no longer present on bootup
Change-Id: If6830fb7d0ba432916884c660e72094a4cced467
 2017-02-14 15:53:23 -08:00
Steven Moreland
5e9b3914a7 lights hal: fully binderized 
Muskie device will have all hals binderized.

Bug: 32022100
Bug: 35356977
Test: led lights work
Change-Id: I4a1a7b54af5b7d92b4ed167bcf9d517fbff70111
 2017-02-14 14:44:30 -08:00
Max Bires
d1c7c88427 Adding rild.te and associated allows for bootup denials 
Allows address following denials:
denied { add_name } for pid=1407 comm="rild" name="rild_ims0"
scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=dir

denied { write } for pid=1445 comm="rild" name="netmgr_connect_socket"
dev="tmpfs" ino=25017
scontext=u:r:rild:s0tcontext=u:object_r:socket_device:s0
tclass=sock_file

denied { connectto } for pid=1445 comm="rild"
path="/dev/socket/netmgr/netmgr_connect_socket" scontext=u:r:rild:s0
tcontext=u:r:netmgrd:s0tclass=unix_stream_socket

denied { create } for pid=1406 comm="rild" name="rild_ims0"
scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0
tclass=sock_file

denied { write } for pid=1406 comm="rild" name="qmux_radio"
dev="tmpfs"ino=21385 scontext=u:r:rild:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=dir

denied { create } for pid=1367 comm="rild" name="rild_ims0"
scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0
tclass=sock_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I72766073640c620cc74a02f3578d5fda2d0133ab
 2017-02-14 13:36:12 -08:00
Steven Moreland
708736ade6 vintf: init 
Empty init for people to start working off of.

Test: copies.
Change-Id: Ia0eb91bcca530852c3f1a75278977a2afe3e6b54
 2017-02-13 20:53:58 -08:00
Max Shi
1a10f39b90 enable Doze and double tap gesture in config overlay 
Test: verify double tap gesture option available under Moves setting

Bug: 35200418
Change-Id: I697f688b90c1a4de99312f03a84e937b71d71322
 2017-02-13 12:13:54 -08:00
TreeHugger Robot
b814cceb3e Merge "Added some allows to netmgrd.te" 2017-02-10 23:55:42 +00:00
TreeHugger Robot
33c25b5ff9 Merge "Adding cameraserver.te and appropriate camera_prop" 2017-02-10 23:29:19 +00:00
TreeHugger Robot
559b0b3dff Merge "Added sdd_block_device so tee could access what was a generic blk_file" 2017-02-10 22:52:47 +00:00