Evolution-x-devices/device_google_walleye
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_walleye synced 2026-02-01 07:33:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
529 Commits 1 Branch 0 Tags
6616d417ce84c0f235396af90bb66e4c83f5c550
Commit Graph

529 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Lin
6616d417ce audio: enable usb audio tunnel support 
Bug: 33030406
Test: audio playback and record over usb-headset

Change-Id: Id44b212d6edcc7c7d876b55677731b7cb0644f9a
Signed-off-by: David Lin <dtwlin@google.com>
 2017-03-01 19:46:51 -08:00
Andres Oportus
873500153f Enable sched governor (schedfreq) 
Bug: 32492390

Signed-off-by: Andres Oportus <andresoportus@google.com>
 2017-03-02 01:37:07 +00:00
TreeHugger Robot
abe680573f Merge "Remove references to non-existent dhcpcd" 2017-03-02 01:32:06 +00:00
Erik Kline
985b903213 Remove references to non-existent dhcpcd 
Test: presubmit
Bug: 19704592
Bug: 35886671
Change-Id: Id87ac71c921edac095860b82af303d3b334d712f
 2017-03-02 09:39:23 +09:00
Max Bires
d03132d274 Adding rules and contexts to fix more denials. 
Fixing following denials:
denied { getattr } for pid=875 comm="thermal-engine"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=38372 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_rmtfs:s0 tclass=file

denied { open } for pid=875 comm="thermal-engine"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=38372 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_rmtfs:s0 tclass=file

denied { read } for pid=875 comm="thermal-engine" name="name"
dev="sysfs" ino=38372 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_rmtfs:s0 tclass=file

denied { read } for pid=875 comm="thermal-engine" name="uio0"
dev="sysfs" ino=38371 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_uio:s0 tclass=lnk_file

denied { block_suspend } for pid=873 comm="thermal-engine" capability=36
scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0
tclass=capability2

denied { write } for pid=986 comm="rmt_storage"
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=socket

denied { read } for pid=672 comm="rmt_storage"
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=socket

denied { getattr } for pid=791 comm="netmgrd"
path="/sys/module/tcp_cubic/parameters/hystart_detect" dev="sysfs"
ino=25096 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=791 comm="netmgrd"
path="/sys/module/tcp_cubic/parameters/hystart_detect" dev="sysfs"
ino=25096 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { write } for pid=791 comm="netmgrd" name="hystart_detect"
dev="sysfs" ino=25096 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { ioctl } for pid=763 comm="netmgrd" path="socket:[1767]"
dev="sockfs" ino=1767 ioctlcmd=c304 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=socket

denied { ioctl } for pid=908 comm="rild" path="socket:[25980]"
dev="sockfs" ino=25980 ioctlcmd=c304 scontext=u:r:rild:s0
tcontext=u:r:rild:s0 tclass=socket

denied { open } for pid=676 comm="servicemanager"
path="/proc/783/attr/current" dev="proc" ino=25112
scontext=u:r:servicemanager:s0 tcontext=u:r:rild:s0 tclass=file

denied { getattr } for pid=676 comm="servicemanager"
scontext=u:r:servicemanager:s0 tcontext=u:r:rild:s0 tclass=process

denied { read } for pid=676 comm="servicemanager" name="current"
dev="proc" ino=25112 scontext=u:r:servicemanager:s0 tcontext=u:r:rild:s0
tclass=file

denied { call } for pid=783 comm="rild" scontext=u:r:rild:s0
tcontext=u:r:servicemanager:s0 tclass=binder

denied { open } for pid=763 comm="netmgrd"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=50839
scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { read } for pid=763 comm="netmgrd" name="soc_id" dev="sysfs"
ino=50839 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied { open } for pid=763 comm="netmgrd"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16197
scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir

denied { read } for pid=763 comm="netmgrd" name="devices" dev="sysfs"
ino=16197 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { search } for pid=763 comm="netmgrd" name="msm_subsys"
dev="sysfs" ino=16195 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { create } for pid=672 comm="rmt_storage"
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=socket

denied { setuid } for pid=672 comm="rmt_storage" capability=7
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { net_bind_service } for pid=672 comm="rmt_storage" capability=10
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { setpcap } for pid=672 comm="rmt_storage" capability=8
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { open } for pid=672 comm="rmt_storage"
path="/sys/kernel/debug/rmt_storage/rmts" dev="debugfs" ino=19673
scontext=u:r:rmt_storage:s0 tcontext=u:object_r:debugfs:s0 tclass=file

denied { write } for pid=672 comm="rmt_storage" name="rmts"
dev="debugfs" ino=19673 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:debugfs:s0 tclass=file

denied { open } for pid=672 comm="rmt_storage" path="/dev/block/sdd15"
dev="tmpfs" ino=22639 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file

denied { read write } for pid=672 comm="rmt_storage" name="sdd15"
dev="tmpfs" ino=22639 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file

denied { read } for pid=672 comm="rmt_storage" name="uio0" dev="sysfs"
ino=38371 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_uio:s0
tclass=lnk_file

denied { ioctl } for pid=671 comm="irsc_util" path="socket:[1213]"
dev="sockfs" ino=1213 ioctlcmd=c305 scontext=u:r:irsc_util:s0
tcontext=u:r:irsc_util:s0 tclass=socket

denied { create } for pid=671 comm="irsc_util" scontext=u:r:irsc_util:s0
tcontext=u:r:irsc_util:s0 tclass=socket

denied { open } for pid=672 comm="rmt_storage" path="/dev/block/sdf3"
dev="tmpfs" ino=22678 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

denied { read write } for pid=672 comm="rmt_storage" name="sdf3"
dev="tmpfs" ino=22678 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

Test: The above denials are no longer present
Bug: 34784662
Change-Id: I79caf3bef228a1fd84f0f58d4274c2f6a668d203
 2017-03-02 00:15:13 +00:00
TreeHugger Robot
0ec7641e74 Merge "Added allows to handle following bootup denials" 2017-03-01 20:00:44 +00:00
Yifan Hong
1588ea5629 Update for interface entry in VINTF. 
Bug: 35219444
Test: pass
Change-Id: If55fbbfe5921094ce9bef129ba8b59e4ad0eaade
 2017-02-28 20:44:58 -08:00
TreeHugger Robot
65efd88f4a Merge "Camera: Enable Treble passthrough mode." 2017-03-01 01:49:56 +00:00
Roshan Pius
6c0cc7e4ed Merge "muskie: Move wpa_supplicant to vendor partition" 2017-02-28 22:14:23 +00:00
TreeHugger Robot
f375bbd1b2 Merge "kernel-headers: use the ones from hardware/qcom/msm8998" 2017-02-28 20:46:53 +00:00
Max Bires
4213a37bf1 Added allows to handle following bootup denials 
denials:
avc: denied { read write } for pid=1673 comm="android.hardwar"
name="qseecom" dev="tmpfs" ino=23078
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:tee_device:s0

denied { ioctl } for pid=769 comm="qti" path="socket:[19255]"
dev="sockfs" ino=19255 ioctlcmd=c302 scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { create } for pid=769 comm="qti" scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { create } for pid=767 comm="netmgrd"
name="netmgr_connect_socket" scontext=u:r:netmgrd:s0
tcontext=u:object_r:netmgrd_socket:s0 tclass=sock_file

denied { setattr } for pid=767 comm="netmgrd"
name="netmgr_connect_socket" dev="tmpfs" ino=22393
scontext=u:r:netmgrd:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=sock_file

denied { read } for pid=767 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_socket

denied { write } for pid=767 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_socket

denied { bind } for pid=767 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_socket

denied { create } for pid=767 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_socket

denied { getattr } for pid=823 comm="netmgrd"
path="/sys/devices/virtual/net/rmnet_data0/queues/rx-0/rps_cpus"
dev="sysfs" ino=56682 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_net:s0 tclass=file

denied { getattr } for pid=823 comm="netmgrd"
path="/proc/sys/net/ipv6/conf/rmnet_data0/accept_ra" dev="proc"
ino=27240 scontext=u:r:netmgrd:s0 tcontext=u:object_r:proc_net:s0
tclass=file

denied { net_raw } for pid=1197 comm="iptables" capability=13
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied  { write } for  pid=547 comm="ueventd" name="uevent" dev="sysfs"
ino=21783 scontext=u:r:ueventd:s0
tcontext=u:object_r:sysfs_fingerprint:s0 tclass=file

denied  { write } for  pid=547 comm="ueventd" name="uevent" dev="sysfs"
ino=17707 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=file

denied  { write } for  pid=547 comm="ueventd" name="uevent" dev="sysfs"
ino=50864 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file

denied  { write } for  pid=547 comm="ueventd" name="uevent" dev="sysfs"
ino=38138 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=file

denied  { create } for  pid=1 comm="init" name="sdcard"
scontext=u:r:init:s0 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file

denied { read } for pid=1571 comm="android.hardwar"
name="soc:fp_fpc1020" dev="sysfs" ino=21863
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_fingerprint:s0 tclass=dir

denied { open } for pid=1571 comm="android.hardwar"
path="/sys/devices/soc/soc:fp_fpc1020" dev="sysfs" ino=21863
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_fingerprint:s0 tclass=dir

denied { search } for pid=1571 comm="android.hardwar"
name="soc:fp_fpc1020" dev="sysfs" ino=21863
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_fingerprint:s0 tclass=dir

denied { set } for property=persist.net.doxlat pid=749 uid=1001 gid=3003
scontext=u:r:netmgrd:s0 tcontext=u:object_r:default_prop:s0
tclass=property_service

denied { set } for property=sys.listeners.registered pid=612 uid=1000
gid=1000 scontext=u:r:tee:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

denied { set } for property=sys.keymaster.loaded pid=609 uid=1000
gid=1000 scontext=u:r:tee:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I52434abc526f8458479cf4acd0ff967277887f49
 2017-02-28 12:33:20 -08:00
TreeHugger Robot
88fe6ac126 Merge "ueventd: set camera framework as owner of easel device files" 2017-02-28 20:28:13 +00:00
Thierry Strudel
1dd8ee840d kernel-headers: use the ones from hardware/qcom/msm8998 
Change-Id: Icf484e56b52bfb537f5ac537ff9e794d4e671865
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-28 11:46:23 -08:00
Shawn Yang
8dcd469205 Merge "RIL support for Muskie/Walleye" 2017-02-28 18:29:49 +00:00
TreeHugger Robot
5dd6f7bf9c Merge "Copy vendor seccomp policy to vendor partion" 2017-02-28 07:57:05 +00:00
Shawn Yang
5a9e0e1518 RIL support for Muskie/Walleye 
-allow rild to use HTC proprietary QMI
-set sanpshot timer to 3 second
-not power down SIM during APM
-set ims property for VoLTE/VT/VoWLAN
-enable WPS feature
-limit the DSD indication during screen off

bug:34210655

Change-Id: I17c8a38a51d4f5c2747670cf04be740e27a0474c

Author tim.tm_lin <tim.tm_lin@htc.com>
 2017-02-27 19:28:25 -08:00
Shawn Yang
e67fa1db09 Merge "Enable SSRestartDetector in Muskie" 2017-02-28 01:28:30 +00:00
Shawn Yang
ab296f2969 Enable SSRestartDetector in Muskie 
BUG=35138780

Change-Id: I0712462afa800880efbd4d646cd6d3f713318772
 2017-02-27 15:54:51 -08:00
Eino-Ville Talvala
cfc0c62b13 Camera: Enable Treble passthrough mode. 
Initially muskie opted-out of camera Treble enable due to other
bringup instability. Now that things are looking more stable, enable
passthrough mode.

Add the wrapper libraries for legacy camera HAL, and remove the
disable setprop.

Test: Manual camera app use, camera CTS don't seem to regress.
Bug: 32991422
Change-Id: I84c813c433c74afce64308414a597097b6f98e58
 2017-02-27 14:39:11 -08:00
Todd Poynor
27c5f7c638 ueventd: set camera framework as owner of easel device files 
easelcomm AP/Easel communication client and Easel state manager owner
cameraserver, group camera.

Test: manual
Change-Id: Ia30bf523a2a458c4b3044f1485d7fc84955145f1
 2017-02-27 10:52:56 -08:00
Thierry Strudel
82c1287a0b device-vendor: add per device device-vendor file 
Change-Id: I2f90855f208d1c02481c675dfee98d0212c35e73
 2017-02-24 12:02:02 -08:00
Alexey Polyudov
35d52df920 Merge changes from topic 'msm8998-opensource' 
* changes:
  move thermal-engine time-services json-c to hardware/qcom/msm8998
  Move codeaurora and qcom/opensource modules to hardware/qcom/msm8998
 2017-02-24 16:16:33 +00:00
Thierry Strudel
74c073d42f move thermal-engine time-services json-c to hardware/qcom/msm8998 
Change-Id: Id62a8b888e3ddb8593f2d82c1cf566e70632287b
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-23 17:17:02 -08:00
Thierry Strudel
5aae7cd02f Move codeaurora and qcom/opensource modules to hardware/qcom/msm8998 
Change-Id: I9850909027847a5ea420c67ac414d0d920536412
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-23 17:13:55 -08:00
Nick Desaulniers
d93f98e505 muskie: switch EXT4 block cipher to AES-256-HEH 
Change-Id: I9ca69636963b9d01fe7dc7482247975a0b46c2b0
Fixes: 34712722
 2017-02-23 22:31:59 +00:00
Thierry Strudel
67c472e341 Merge changes from topic 'muskie-mwc' 
* changes:
  muskie: fingerprint: add to vendor interface manifest
  Revert "device-common: don't build fingerprint HAL+service"
 2017-02-23 21:47:03 +00:00
Jeff Vander Stoep
f7f53ace0b Copy vendor seccomp policy to vendor partion 
Bug: 34723744
Test: Muskie builds and boots.
Test: For both mediacodec and mediaextractor verify
"cat proc/<pid>/status | grep Seccomp" == "Seccomp: 2"

Change-Id: I414b02f8f49f4d225ef0e8e85b4265ad5cea2281
 2017-02-23 13:01:02 -08:00
Ecco Park
ec43a1a87a Merge "muskie: Update WLAN cfg.ini values" 2017-02-23 20:07:10 +00:00
Roshan Pius
089a8de5f4 muskie: Move wpa_supplicant to vendor partition 
Also, made the changes to have a single wpa_supplicant entry in .rc
which was cleaned up in b/30816535 for other devices.

Bug: 30816535
Bug: 34237671
Test: Compiles
Change-Id: I3e4a8fc8e1865a19037d798994298e2ee20e4074
 2017-02-23 10:12:20 -08:00
Nick Desaulniers
2552e4a3f5 muskie: fingerprint: add to vendor interface manifest 
Bug: 34795013
Change-Id: If500965181ad8f9ac8c7bdf5d7a28e14e8d13b63
 2017-02-22 19:10:07 -08:00
Nick Desaulniers
dc6cafdb24 Revert "device-common: don't build fingerprint HAL+service" 
This reverts commit 109d659016.

Bug: 34795013
Bug: 35390533
Change-Id: I8a5117e513496ee5b2c3d7b9e5fd0f24c18f9924
 2017-02-22 19:07:24 -08:00
Max Bires
f955e7dfc6 Adding allows and file contexts for multiple domains. 
Adding items to address following list of denials:
denied { read } for pid=1875 comm="qti" scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { create } for pid=734 comm="qti" scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { ioctl } for pid=734 comm="qti" path="socket:[33993]"
dev="sockfs" ino=33993 ioctlcmd=c304 scontext=u:r:qti:s0
tcontext=u:r:qti:s0 tclass=socket

denied { read } for pid=876 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { write } for pid=981 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { create } for pid=981 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=socket

denied { read } for pid=755 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_socket

denied { ioctl } for pid=982 comm="cnss-daemon" path="socket:[23695]"
dev="sockfs" ino=23695 ioctlcmd=c302 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=socket

denied { read } for pid=853 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { write } for pid=840 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { create } for pid=840 comm="time_daemon"
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0 tclass=socket

denied { ioctl } for pid=840 comm="time_daemon" path="socket:[22165]"
dev="sockfs" ino=22165 ioctlcmd=c302 scontext=u:r:time_daemon:s0
tcontext=u:r:time_daemon:s0 tclass=socket

denied { open read } for pid=754 comm="time_daemon" path="/dev/rtc0"
dev="tmpfs" ino=10130 scontext=u:r:time_daemon:s0
tcontext=u:object_r:rtc_device:s0 tclass=chr_file

denied { ioctl } for pid=754 comm="time_daemon" path="/dev/rtc0"
dev="tmpfs" ino=10130 ioctlcmd=7009 scontext=u:r:time_daemon:s0
tcontext=u:object_r:rtc_device:s0 tclass=chr_file

denied { setuid setgid } for pid=754 comm="time_daemon" capability=7
scontext=u:r:time_daemon:s0 tcontext=u:r:time_daemon:s0
tclass=capability

denied { ioctl } for pid=914 comm="rild" path="socket:[23070]"
dev="sockfs" ino=23070 ioctlcmd=c302 scontext=u:r:rild:s0
tcontext=u:r:rild:s0 tclass=socket

denied { call } for pid=914 comm="rild" scontext=u:r:rild:s0
tcontext=u:r:per_mgr:s0 tclass=binder

denied { write } for pid=1220 comm="lowi-server" name="location-mq-s"
dev="sda41" ino=212664 scontext=u:r:location:s0
tcontext=u:object_r:system_data_file:s0 tclass=sock_file

denied { execute_no_trans } for pid=1220 comm="loc_launcher"
path="/vendor/bin/lowi-server" dev="sda19" ino=37
scontext=u:r:location:s0tcontext=u:object_r:location_exec:s0 tclass=file

denied { open read write } for pid=930 comm="android.hardwar" name="irq"
dev="sysfs" ino=36996 scontext=u:r:hal_fingerprint_default:s1
tcontext=u:object_r:sysfs:s0 tclass=file

denied { open } for pid=758 comm="android.hardwar" path="/dev/qseecom"
dev="tmpfs" ino=21107 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:tee_device:s0 tclass=chr_file

denied { read write } for pid=758 comm="android.hardwar" name="qseecom"
dev="tmpfs" ino=21107 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:tee_device:s0 tclass=chr_file

Bug: 34784662
Test: The above denials are no longer present on bootup
Change-Id: Iac2e0e0b631769b33f2642c7fe97acb7510704cb
 2017-02-22 10:32:16 -08:00
Max Bires
7c9cbbca18 Adding netmgrd allows and supporting file contexts. 
Added allows to handle following denials:
denied { write } for pid=751 comm="netmgrd" name="netmgr" dev="tmpfs"
ino=20778 scontext=u:r:netmgrd:s0 tcontext=u:object_r:socket_device:s0
tclass=dir

denied { add_name } for pid=751 comm="netmgrd"
name="netmgr_connect_socket" scontext=u:r:netmgrd:s0
tcontext=u:object_r:socket_device:s0 tclass=dir

denied { write } for pid=2035 comm="ndc" name="netd" dev="tmpfs"
ino=23587 scontext=u:r:netmgrd:s0 tcontext=u:object_r:netd_socket:s0
tclass=sock_file

denied { net_admin } for pid=783 comm="netmgrd" capability=12
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { connectto } for pid=751 comm="netmgrd"
path="/dev/socket/property_service" scontext=u:r:netmgrd:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { write } for pid=751 comm="netmgrd" name="property_service"
dev="tmpfs" ino=19824 scontext=u:r:netmgrd:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { setuid } for pid=729 comm="netmgrd" capability=7
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability

denied { getattr } for pid=787 comm="netmgrd"
path="/sys/devices/virtual/net/rmnet_data3/queues/rx-0/rps_cpus"
dev="sysfs" ino=53667 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { write } for pid=787 comm="netmgrd" name="disable_ipv6"
dev="proc" ino=25831 scontext=u:r:netmgrd:s0
tcontext=u:object_r:proc_net:s0 tclass=file

denied { write } for pid=807 comm="netmgrd" name="rps_cpus" dev="sysfs"
ino=54507 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=file

denied { search } for pid=807 comm="netmgrd" name="net" dev="sysfs"
ino=27043 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=dir

denied { getattr } for pid=776 comm="netmgrd"
path="/sys/devices/virtual/net/rmnet_data3/queues/rx-0/rps_cpus"
dev="sysfs" ino=54432 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_net:s0 tclass=file

denied { execute_no_trans } for pid=1107 comm="netmgrd"
path="/system/bin/iptables" dev="sda20" ino=345 scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_file:s0 tclass=file

denied { read } for pid=788 comm="netmgrd" name="net" dev="sda41"
ino=212584 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0
tclass=dir

denied { getattr } for pid=788 comm="netmgrd"
path="/data/misc/netmgr/log.txt" dev="sda41" ino=212657
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { read write open } for pid=729 comm="netmgrd"
path="/data/misc/netmgr/log.txt" dev="sda41" ino=212657
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { add_name } for pid=729 comm="netmgrd" name="log.txt"
scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { write } for pid=729 comm="netmgrd" name="netmgr" dev="sda41"
ino=212635 scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Ifb22e8ab9af725b7d5b884b10d2e525c248500f8
 2017-02-21 00:29:59 -08:00
Max Bires
4dde676755 Merge "Adding ueventd and rmt_storage allows and file_context" 2017-02-21 08:14:27 +00:00
Srinivas Girigowda
8118f213b3 muskie: Update WLAN cfg.ini values 
Update WLAN cfg.ini values.

Bug: 33693275
CRs-Fixed: 1111096
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
 2017-02-17 15:42:31 -08:00
TreeHugger Robot
7b8566fa79 Merge "Suppress useless unused-parameter warnings and enable -Werror." 2017-02-17 19:14:16 +00:00
Aurimas Liutikas
e0e24abb85 Suppress useless unused-parameter warnings and enable -Werror. 
Test: make libjson now produces no warnings
Change-Id: I7a816b21ed2c1cdbff1c7c702e1f072d92f4d482
 2017-02-17 10:07:12 -08:00
Thierry Strudel
109d659016 device-common: don't build fingerprint HAL+service 
Bug: 35390533
Change-Id: I266159e3ecdd8ac1120be48dfdd772153c6c26c6
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 13:49:07 -08:00
Thierry Strudel
43e4705737 Merge changes from topic '07.01.01.253.064' 
* changes:
  define path to hardware/qcom/{display,camera}
  kernel-headers: update to 07.01.01.253.064
  Update to 07.01.01.253.064
 2017-02-16 20:59:48 +00:00
Max Bires
dea136c7e7 Adding ueventd and rmt_storage allows and file_context 
Added to address following bootup denials:
denied { append } for pid=633 comm="rmt_storage" name="wake_lock"
dev="sysfs" ino=15356 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file

denied { setgid } for pid=633 comm="rmt_storage" capability=6
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { open } for pid=633 comm="rmt_storage" path="/dev/kmsg"
dev="tmpfs" ino=10129 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file

denied { write } for pid=633 comm="rmt_storage" name="kmsg" dev="tmpfs"
ino=10129 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:kmsg_device:s0
tclass=chr_file

denied  { write } for  pid=533 comm="ueventd" name="uevent" dev="sysfs"
ino=19078 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_camera:s0
tclass=file

denied  { write } for  pid=533 comm="ueventd" name="uevent" dev="sysfs"
ino=44296 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=file

denied { read write } for pid=617 comm="rmt_storage" name="uio0"
dev="tmpfs" ino=22582 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:uio_device:s0 tclass=chr_file

denied { open } for pid=617 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { getattr } for pid=617 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { read } for pid=617 comm="rmt_storage" name="name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=617 comm="rmt_storage" path="/sys/class/uio"
dev="sysfs" ino=37755 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sysfs:s0 tclass=dir

denied { read } for pid=617 comm="rmt_storage" name="uio" dev="sysfs"
ino=37755 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=dir

denied { open } for pid=640 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=file

denied { read } for pid=640 comm="rmt_storage" name="name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=file

Bug: 34784662
Test: The above denials are no longer present on bootup
Change-Id: Iba358af7bcf5e7361467e071a3feabf184d4c921
 2017-02-16 10:35:13 -08:00
TreeHugger Robot
0bc8b504af Merge "Added file_contexts for more sysfs_camera files." 2017-02-16 18:12:27 +00:00
Thierry Strudel
e53d50dcea define path to hardware/qcom/{display,camera} 
Change-Id: I3904861ac63e9ddcd7020aa109756b6154b1b11d
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 09:47:11 -08:00
Thierry Strudel
8024039813 kernel-headers: update to 07.01.01.253.064 
Change-Id: I1ce63f2521cbc3d5ab09a050fe577420bf747172
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 09:47:11 -08:00
Thierry Strudel
84944757ad Update to 07.01.01.253.064 
telephony: from vendor/codeaurora/telephony
  fabe28b Merge a5ccad0fdb41a8c48e38956fc70b15c160c8c714 on remote branch
  a5ccad0 Promotion of atel.lnx.2.0-00046.
  bf7458e MSIM: Add new APIs for Primary Carrier's SlotId
  0e8ca59 Merge 399b339ca574179204f86e02cfee840a1dc78a08 on remote branch
  399b339 Promotion of atel.lnx.2.0-00039.
  b499329 Merge "IMS-VT: Send static image in a Video Call" into atel.lnx.2.0-dev
  0deedaf Promotion of atel.lnx.2.0-00036.
  048b796 IMS: Definition for conference support information extra key
  7096548 IMS-VT: Send static image in a Video Call

dataservices: from vendor/qcom/opensource/dataservices
  2e7f384 Merge d5f44b400f361798a86a01cc06ec4ede75e7bd14 on remote branch
  d5f44b4 Promotion of data.lnx.2.1-00001.
  1dad831 dataservices: Changes to prevent double free

location: from vendor/qcom/opensource/location
  fc3ac1b Merge 07fb2db438ce07b0187247c1eb33c5d9e5a461ab on remote branch
  6730c45 Merge "Gnss Measurement fix for last message" into location.lnx.2.0.r13-rel
  4476241 Merge "Added support for all constellations for GNSS measurements" into location.lnx.2.0.r13-rel
  fd18fc2 Gnss Measurement fix for last message
  f7d5d88 Added support for all constellations for GNSS measurements
  b6298b5 Merge 38c6045ce27cfead795eabf75713c2d4ce3269cd on remote branch
  07fb2db Promotion of location.lnx.2.0-00050.
  1224988 Merge "Gnss Measurement fix for last message"
  3298dc4 Gnss Measurement fix for last message
  003c494 Handle confidence value for circular uncertainity
  9a51679 Merge "Added support for all constellations for GNSS measurements"
  59963f8 Merge location.lnx.2.0-rel on dev branch
  38c6045 msm: Rename msmfalcon to sdm660
  3f8b9e1 Added support for all constellations for GNSS measurements

Bug: 34911851
Change-Id: I201756003bdc9ac70234da1d691a47763b33da5e
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-16 09:47:11 -08:00
Max Bires
57c2f7e538 Merge "Adding allows for audioserver.te" 2017-02-16 17:11:04 +00:00
Max Bires
f34b903cf8 Added file_contexts for more sysfs_camera files. 
These should finish up the camera denials during boot:
denied { read } for pid=760 comm="cameraserver" name="name" dev="sysfs"
ino=42189 scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=757 comm="cameraserver"
path="/sys/devices/soc/caa4000.qcom,fd/video4linux/video2/name"
dev="sysfs" ino=42231 scontext=u:r:cameraserver:s0
tcontext=u:object_r:sysfs:s0 tclass=file

Bug: 34784662
Test: The above denials no longer appear during boot
Change-Id: I1ecf20215be36c2d34663cfa329988cf40422ae1
 2017-02-16 09:09:50 -08:00
Max Bires
0bbdcc41f5 Added allows for rfs_access.te 
More selinux boot denials of the following type and allows added
accordingly:

avc: denied { getattr } for pid=614 comm="tftp_server"
path="/persist/rfs" dev="sdd3" ino=19 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

avc: denied { setattr } for pid=614 comm="tftp_server" name="rfs"
dev="sdd3" ino=19 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { remove_name } for pid=2675 comm="tftp_server"
name="mcfg.tmp.rfs_tmp" dev="sdd3" ino=35 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { add_name } for pid=2675 comm="tftp_server"
name="mcfg.tmp.rfs_tmp" scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { write } for pid=2675 comm="tftp_server" name="mpss" dev="sdd3"
ino=22 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { block_suspend } for pid=641 comm="tftp_server" capability=36
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability2

denied { getattr } for pid=1170 comm="tftp_server"
path="/persist/rfs/msm/mpss/server_check.txt" dev="sdd3" ino=35
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=file

denied { open } for pid=1170 comm="tftp_server"
path="/persist/rfs/msm/mpss/server_check.txt" dev="sdd3" ino=35
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=file

denied { read } for pid=1170 comm="tftp_server" name="server_check.txt"
dev="sdd3" ino=35 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=file

denied { search } for pid=1170 comm="tftp_server" name="/" dev="sdd3"
ino=2 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { connect } for pid=1170 comm="tftp_server"
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=socket

denied { create } for pid=1170 comm="tftp_server"
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=socket

denied { read } for pid=641 comm="tftp_server"
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=socket

denied { rename } for pid=2050 comm="tftp_server"
name="mcfg.tmp.rfs_tmp" dev="sdd3" ino=39 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=file

denied { write } for pid=2050 comm="tftp_server"
path="/persist/rfs/msm/mpss/mcfg.tmp.rfs_tmp" dev="sdd3" ino=39
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=file

denied { unlink } for pid=2050 comm="tftp_server"
path="/persist/rfs/msm/mpss/mcfg.tmp.rfs_tmp" dev="sdd3" ino=39
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=file

Bug: 34784662
Test: The above denials are not found in bootup logs
Change-Id: I9a52589e0a3de99cb26660f2e4e60d2a61d1632c
 2017-02-15 19:02:50 -08:00
Max Bires
998fa7f5c8 Adding allows for audioserver.te 
Address following denials:
denied { read } for pid=746 comm="audioserver" name="hw_platform"
dev="sysfs" ino=50308 scontext=u:r:audioserver:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file

denied { search } for pid=757 comm="audioserver" name="soc0" dev="sysfs"
ino=50280 scontext=u:r:audioserver:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

Bug: 34784662
Test: The above denials are no longer present during boot
Change-Id: I8448bdb5fdf692fda342c11500c0bc45419ae6e9
 2017-02-15 18:14:27 -08:00
TreeHugger Robot
b48a769451 Merge "lights hal: fully binderized" 2017-02-15 23:45:51 +00:00
TreeHugger Robot
1df2f62e75 Merge "Adding init_power allows and supporting file_context/file.te changes." 2017-02-15 22:30:13 +00:00