Evolution-x-devices/device_google_walleye
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_walleye synced 2026-02-01 07:33:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
482 Commits 1 Branch 0 Tags
dea136c7e71a9dee2ddd15c16afdf5e7c3bdf069
Commit Graph

482 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Bires
dea136c7e7 Adding ueventd and rmt_storage allows and file_context 
Added to address following bootup denials:
denied { append } for pid=633 comm="rmt_storage" name="wake_lock"
dev="sysfs" ino=15356 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file

denied { setgid } for pid=633 comm="rmt_storage" capability=6
scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0
tclass=capability

denied { open } for pid=633 comm="rmt_storage" path="/dev/kmsg"
dev="tmpfs" ino=10129 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file

denied { write } for pid=633 comm="rmt_storage" name="kmsg" dev="tmpfs"
ino=10129 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:kmsg_device:s0
tclass=chr_file

denied  { write } for  pid=533 comm="ueventd" name="uevent" dev="sysfs"
ino=19078 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_camera:s0
tclass=file

denied  { write } for  pid=533 comm="ueventd" name="uevent" dev="sysfs"
ino=44296 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=file

denied { read write } for pid=617 comm="rmt_storage" name="uio0"
dev="tmpfs" ino=22582 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:uio_device:s0 tclass=chr_file

denied { open } for pid=617 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { getattr } for pid=617 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { read } for pid=617 comm="rmt_storage" name="name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { open } for pid=617 comm="rmt_storage" path="/sys/class/uio"
dev="sysfs" ino=37755 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sysfs:s0 tclass=dir

denied { read } for pid=617 comm="rmt_storage" name="uio" dev="sysfs"
ino=37755 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs:s0
tclass=dir

denied { open } for pid=640 comm="rmt_storage"
path="/sys/devices/soc/0.qcom,rmtfs_sharedmem/uio/uio0/name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=file

denied { read } for pid=640 comm="rmt_storage" name="name" dev="sysfs"
ino=37777 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=file

Bug: 34784662
Test: The above denials are no longer present on bootup
Change-Id: Iba358af7bcf5e7361467e071a3feabf184d4c921
 2017-02-16 10:35:13 -08:00
TreeHugger Robot
b48a769451 Merge "lights hal: fully binderized" 2017-02-15 23:45:51 +00:00
TreeHugger Robot
1df2f62e75 Merge "Adding init_power allows and supporting file_context/file.te changes." 2017-02-15 22:30:13 +00:00
Max Bires
5e84c2774f Adding init_power allows and supporting file_context/file.te changes. 
Adding allows to address the following list of bootup denials:

denied { search } for pid=629 comm="init.power.sh" name="msm_thermal"
dev="sysfs" ino=24282 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir

denied { open } for pid=630 comm="cat" path="/sys/devices/soc0/revision"
dev="sysfs" ino=50285 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for pid=630 comm="cat" name="revision" dev="sysfs"
ino=50285 scontext=u:r:init_power:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { execute_no_trans } for pid=630 comm="init.power.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_power:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { read open } for pid=630 comm="init.power.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_power:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { execute } for pid=630 comm="init.power.sh" name="toybox"
dev="sda20" ino=509 scontext=u:r:init_power:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { getattr } for pid=630 comm="init.power.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_power:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { read } for pid=629 comm="init.power.sh" path="/system/bin/sh"
dev="sda20" ino=469 scontext=u:r:init_power:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { getattr } for pid=629 comm="init.power.sh"
path="/system/bin/sh" dev="sda20" ino=469 scontext=u:r:init_power:s0
tcontext=u:object_r:shell_exec:s0 tclass=file

denied { write } for pid=629 comm="init.power.sh" name="online"
dev="sysfs" ino=15416 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file

denied { open } for pid=629 comm="init.power.sh"
path="/sys/module/msm_thermal/core_control/enabled" dev="sysfs"
ino=50644 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file

denied { write } for pid=629 comm="init.power.sh" name="enabled"
dev="sysfs" ino=50644 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file

denied { search } for pid=630 comm="cat" name="soc0" dev="sysfs"
ino=50280 scontext=u:r:init_power:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir

Bug: 34784662
Test: The above denials no longer appear during bootup
Change-Id: I38c7d115e8afe66a5eaa1e9b3a70acebbb806010
 2017-02-15 13:12:50 -08:00
Ashutosh Joshi
0a3d67c7ff Merge "Add support for passthrough sensors through HIDL." 2017-02-15 20:29:46 +00:00
TreeHugger Robot
e64551091e Merge "Added audioserver.te and some allow rules and perfd_socket type" 2017-02-15 19:02:56 +00:00
TreeHugger Robot
288ec289c5 Merge "Adding init allows and supporting file_context." 2017-02-15 18:39:16 +00:00
Max Bires
0c479addf2 Added audioserver.te and some allow rules and perfd_socket type 
Added allow rules for the following denials:
denied { call } for pid=2460 comm="AudioOut_D"
scontext=u:r:audioserver:s0 tcontext=u:r:bootanim:s0 tclass=binder

denied { write } for pid=1464 comm="writer" name="perfd" dev="tmpfs"
ino=11825 scontext=u:r:audioserver:s0
tcontext=u:object_r:socket_device:s0 tclass=sock_file

Bug: 34784662
Test: The above denials are no longer seen in the selinux logs
Change-Id: I4dc7c054d14e8a06d42167194cf211e0822bb3a9
 2017-02-15 09:02:32 -08:00
TreeHugger Robot
cf6a9b54e8 Merge "Added init_radio allows and corresponding file_context changes." 2017-02-15 16:58:29 +00:00
Max Bires
566afc1cac Adding init allows and supporting file_context. 
Adding allows to address following boot denials:
denied { open } for pid=1 comm="init" path="/dev/ttyMSM0" dev="tmpfs"
ino=20828 scontext=u:r:init:s0 tcontext=u:object_r:device:s0
tclass=chr_file

denied { read write } for pid=1 comm="init" name="ttyMSM0" dev="tmpfs"
ino=20828 scontext=u:r:init:s0 tcontext=u:object_r:device:s0
tclass=chr_file

denied { write } for pid=1 comm="init" name="b_vendor_code"
dev="configfs" ino=21093 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file

Bug: 34784662
Test: The above denials are not present during boot
Change-Id: I5cc2daecf5b2a54d21ae17f6d88ffc174b5b8a12
 2017-02-15 08:53:37 -08:00
Max Bires
9f8096c41e Merge "Adding sysfs_thermal write file permissions to ueventd.te" 2017-02-15 16:38:50 +00:00
Max Bires
9da5ddb04a Merge "Added sysfs_camera file type and cameraserver allow rules." 2017-02-15 16:38:30 +00:00
Max Bires
fe1569e713 Merge "Adding search dir permission to system_server." 2017-02-15 16:38:18 +00:00
Max Bires
bdd4bfe746 Merge "Adding self socket allow rule for sensors.te" 2017-02-15 16:38:02 +00:00
Siqi Lin
3067f36d72 ramdump: Make /data/ramdump 761 
RamdumpUploader needs to be able to access files in /data/ramdump.

Change-Id: If7f96d1d892e5435ff279c7572195d1ab7ef8161
 2017-02-15 07:02:27 +00:00
TreeHugger Robot
e6f2e5d4cf Merge "vintf: init" 2017-02-15 03:44:49 +00:00
Ashutosh Joshi
3ad512504c Add support for passthrough sensors through HIDL. 
Enable sensors hal support for hidl passthrough mode.

Test: Ensure sensors stream in passthrough mode.
Change-Id: I70aa1293e7469ebb889c37acc3ea8ed849b19d82
 2017-02-14 18:28:57 -08:00
Max Bires
7e1e794bdf Adding search dir permission to system_server. 
Added allow rule to address following bootup denial:
denied { search } for pid=3491 comm="system-server-i" name="sensors"
dev="sdd3" ino=16 scontext=u:r:system_server:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

Bug: 34784662
Test: Above denial no longer appears in denial logs
Change-Id: Id2a42d3dff150cd7e6f1120902d4d41f0e34e626
 2017-02-14 18:00:32 -08:00
Max Bires
c4bbe07c7a Added sysfs_camera file type and cameraserver allow rules. 
Added allow rules to address the following denials:
denied { open } for pid=754 comm="cameraserver"
path="/sys/devices/soc/8c0000.qcom,msm-cam/video4linux/video0/name"
dev="sysfs" ino=41699 scontext=u:r:cameraserver:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for pid=754 comm="cameraserver" name="name" dev="sysfs"
ino=41699 scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { search } for pid=757 comm="cameraserver"
name="8c0000.qcom,msm-cam" dev="sysfs" ino=19077
scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs_camera:s0
tclass=dir

Bug: 34784662
Test: The above denials are no longer present during bootup
Change-Id: I967ee7c4147eb3328fcbcf524eb6c4759f70c59b
 2017-02-14 17:51:11 -08:00
Max Bires
0c2c343024 Adding sysfs_thermal write file permissions to ueventd.te 
This addresses the following bootup denial:
denied  { write } for  pid=529 comm="ueventd" name="uevent" dev="sysfs"
ino=43198 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_thermal:s0
tclass=file

Bug: 34784662
Test: The above denial is no longer shown during bootup
Change-Id: I6eaa291e3338ba177dd73263823dec41a850514c
 2017-02-14 17:25:13 -08:00
Max Bires
b49931036c Adding self socket allow rule for sensors.te 
Adding rule to address following denials:
denied { write } for pid=666 comm="sensors.qcom" scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket

denied { read } for pid=666 comm="sensors.qcom" scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket

Bug: 34784662
Test: The above denials no longer appear during boot
Change-Id: Icdc585ac80a30ce193708a43409e061e92b9028f
 2017-02-14 17:19:36 -08:00
Max Bires
77ab10b75c Added init_radio allows and corresponding file_context changes. 
Added allows and changed file_contexts to cover the following denials:

denied { execute_no_trans } for pid=879 comm="init.radio.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_radio:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { getattr } for pid=879 comm="cp" path="/system/bin/toybox"
dev="sda20" ino=509 scontext=u:r:init_radio:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { read open } for pid=879 comm="init.radio.sh"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:init_radio:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { execute } for pid=790 comm="init.radio.sh" name="toybox"
dev="sda20" ino=509 scontext=u:r:init_radio:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { setattr } for pid=876 comm="chmod" name="modem_config"
dev="sda41" ino=212662 scontext=u:r:init_radio:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { create } for pid=875 comm="mkdir" name="modem_config"
scontext=u:r:init_radio:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { add_name } for pid=875 comm="mkdir" name="modem_config"
scontext=u:r:init_radio:s0 tcontext=u:object_r:system_data_file:s0
tclass=dir

denied { write } for pid=875 comm="mkdir" name="radio" dev="sda41"
ino=212585 scontext=u:r:init_radio:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { create } for pid=778 comm="cp" name="qcril.db"
scontext=u:r:init_radio:s0 tcontext=u:object_r:radio_data_file:s0
tclass=file

denied { read write open } for pid=778 comm="cp"
path="/data/misc/radio/qcril.db" dev="sda41" ino=212661
scontext=u:r:init_radio:s0 tcontext=u:object_r:radio_data_file:s0
tclass=file

Bug: 34784662
Test: The above denials are no longer present on bootup
Change-Id: If6830fb7d0ba432916884c660e72094a4cced467
 2017-02-14 15:53:23 -08:00
Steven Moreland
5e9b3914a7 lights hal: fully binderized 
Muskie device will have all hals binderized.

Bug: 32022100
Bug: 35356977
Test: led lights work
Change-Id: I4a1a7b54af5b7d92b4ed167bcf9d517fbff70111
 2017-02-14 14:44:30 -08:00
Max Bires
d1c7c88427 Adding rild.te and associated allows for bootup denials 
Allows address following denials:
denied { add_name } for pid=1407 comm="rild" name="rild_ims0"
scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=dir

denied { write } for pid=1445 comm="rild" name="netmgr_connect_socket"
dev="tmpfs" ino=25017
scontext=u:r:rild:s0tcontext=u:object_r:socket_device:s0
tclass=sock_file

denied { connectto } for pid=1445 comm="rild"
path="/dev/socket/netmgr/netmgr_connect_socket" scontext=u:r:rild:s0
tcontext=u:r:netmgrd:s0tclass=unix_stream_socket

denied { create } for pid=1406 comm="rild" name="rild_ims0"
scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0
tclass=sock_file

denied { write } for pid=1406 comm="rild" name="qmux_radio"
dev="tmpfs"ino=21385 scontext=u:r:rild:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=dir

denied { create } for pid=1367 comm="rild" name="rild_ims0"
scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0
tclass=sock_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I72766073640c620cc74a02f3578d5fda2d0133ab
 2017-02-14 13:36:12 -08:00
Steven Moreland
708736ade6 vintf: init 
Empty init for people to start working off of.

Test: copies.
Change-Id: Ia0eb91bcca530852c3f1a75278977a2afe3e6b54
 2017-02-13 20:53:58 -08:00
Max Shi
1a10f39b90 enable Doze and double tap gesture in config overlay 
Test: verify double tap gesture option available under Moves setting

Bug: 35200418
Change-Id: I697f688b90c1a4de99312f03a84e937b71d71322
 2017-02-13 12:13:54 -08:00
TreeHugger Robot
b814cceb3e Merge "Added some allows to netmgrd.te" 2017-02-10 23:55:42 +00:00
TreeHugger Robot
33c25b5ff9 Merge "Adding cameraserver.te and appropriate camera_prop" 2017-02-10 23:29:19 +00:00
TreeHugger Robot
559b0b3dff Merge "Added sdd_block_device so tee could access what was a generic blk_file" 2017-02-10 22:52:47 +00:00
Max Bires
f432d5d39b Added some allows to netmgrd.te 
Added allows to address the following denials. More to follow.

denied { ioctl } for pid=747 comm="netmgrd" path="socket:[27886]"
dev="sockfs" ino=27886 ioctlcmd=8946 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { ioctl } for pid=1295 comm="ifconfig" path="socket:[27883]"
dev="sockfs" ino=27883 ioctlcmd=8914 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { ioctl } for pid=747 comm="netmgrd" path="socket:[27292]"
dev="sockfs" ino=27292 ioctlcmd=89f8 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { ioctl } for pid=747 comm="netmgrd" path="socket:[27290]"
dev="sockfs" ino=27290 ioctlcmd=89f2 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { ioctl } for pid=747 comm="netmgrd" path="socket:[27868]"
dev="sockfs" ino=27868 ioctlcmd=89fd scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { getattr } for pid=1295 comm="ifconfig"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:netmgrd:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { execute_no_trans } for pid=1295 comm="netmgrd"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:netmgrd:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { read open } for pid=1295 comm="netmgrd"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:netmgrd:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { execute } for pid=1295 comm="netmgrd" name="toybox" dev="sda20"
ino=509 scontext=u:r:netmgrd:s0 tcontext=u:object_r:toolbox_exec:s0
tclass=file

denied { read } for pid=1293 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=socket

denied { write } for pid=747 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=socket

denied { create } for pid=747 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=socket

Bug: 34784662
Test: The above denials are no longer present during boot
Change-Id: I7b32552f96f2ee1cb79d8e4415823992d2d957da
 2017-02-10 14:40:13 -08:00
Max Bires
19d80ab29a Adding cameraserver.te and appropriate camera_prop 
Clearing up all the following denials for cameraserver during boot:

denied { ioctl } for pid=732 comm="cameraserver" path="/dev/kgsl-3d0"
dev="tmpfs" ino=20140 ioctlcmd=945 scontext=u:r:cameraserver:s0
tcontext=u:object_r:gpu_device:s0 tclass=chr_file

denied { read write } for pid=732 comm="cameraserver"
path="/dev/kgsl-3d0" dev="tmpfs" ino=20140 scontext=u:r:cameraserver:s0
tcontext=u:object_r:gpu_device:s0 tclass=chr_file

denied { open } for pid=732 comm="cameraserver" path="/dev/kgsl-3d0"
dev="tmpfs" ino=20140 scontext=u:r:cameraserver:s0
tcontext=u:object_r:gpu_device:s0 tclass=chr_file

denied { write } for pid=732 comm="cameraserver" name="property_service"
dev="tmpfs" ino=20580 scontext=u:r:cameraserver:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { connectto } for pid=732 comm="cameraserver"
path="/dev/socket/property_service" scontext=u:r:cameraserver:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { set } for property=persist.camera.debug.logfile pid=753
uid=1047 gid=1005 scontext=u:r:cameraserver:s0
tcontext=u:object_r:default_prop:s0 tclass=property_service

Bug: 34784662
Test: The above denials are no longer present during bootup
Change-Id: I50945ad3fcea74554c767c867e603f80e18f115e
 2017-02-10 14:09:20 -08:00
TreeHugger Robot
b1cede296a Merge "Added thermal engine allow rule and defined sysfs_thermal files" 2017-02-10 22:08:43 +00:00
Max Bires
6b49f17b55 Added sdd_block_device so tee could access what was a generic blk_file 
tee was attempting to access an sdd device as per the following denial,
but access to generic block devices can't be granted due to a neverallow
rule. The device was granted its own type and tee was granted the
appropriate allow rules

avc: denied { getattr read write } for pid=790 comm="qseecomd"
name="sdd2" dev="tmpfs" ino=18294 scontext=u:r:tee:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Idebb7c7aa5c2001f643f4d617eaa3ee8cab8ad28
 2017-02-10 13:33:11 -08:00
TreeHugger Robot
0b7c49f33a Merge "Added dontaudit to surfaceflinger for firmware file dir search" 2017-02-10 19:56:39 +00:00
TreeHugger Robot
e81ff5b975 Merge "Added location allow rules and corresponding file contexts" 2017-02-10 19:08:08 +00:00
Max Bires
a6bcc8d98b Added dontaudit to surfaceflinger for firmware file dir search 
This behavior is the result of a bug detailed here:
https://buganizer.corp.google.com/issues/29072816#comment52

Bug: 34784662
Test: The surfaceflinger search denial is no longer present during
bootup

Change-Id: I6ae41e953a21b988cdf303db2b059f59dcc711a5
 2017-02-10 10:44:36 -08:00
Max Bires
e242bd566e Added location allow rules and corresponding file contexts 
Added allow rules to cover the following bootup denials:

denied { create } for pid=1192 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0
tclass=netlink_route_socket

denied { bind } for pid=1192 comm="lowi-server" scontext=u:r:location:s0
tcontext=u:r:location:s0 tclass=netlink_route_socket

denied { create } for pid=1179 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=udp_socket

denied { ioctl } for pid=1179 comm="lowi-server" path="socket:[23752]"
dev="sockfs" ino=23752 ioctlcmd=8913 scontext=u:r:location:s0
tcontext=u:r:location:s0 tclass=udp_sock

denied { open } for pid=1179 comm="lowi-server"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32744 scontext=u:r:location:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { read } for pid=1179 comm="lowi-server" name="name" dev="sysfs"
ino=32744 scontext=u:r:location:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { getattr } for pid=1179 comm="lowi-server"
path="/proc/1179/net/psched" dev="proc" ino=4026532035
scontext=u:r:location:s0 tcontext=u:object_r:proc_net:s0 tclass=file

denied { setuid } for pid=1179 comm="loc_launcher" capability=7
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=capability

denied { net_admin } for pid=1225 comm="lowi-server" capability=12
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=capability

denied { open } for pid=1225 comm="lowi-server"
path="/proc/1225/net/psched" dev="proc" ino=4026532035
scontext=u:r:location:s0 tcontext=u:object_r:proc_net:s0 tclass=file

denied { setgid } for pid=1235 comm="loc_launcher" capability=6
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=capability

Bug: 34784662
Test: The above denials are no longer seen during boot
Change-Id: I34438e4862622aa5fc89c668fd395c1dd4a1456a
 2017-02-10 09:58:01 -08:00
Pat Tjin
f33d4da3f4 Merge "muskie: add support for folio" 2017-02-10 17:13:32 +00:00
Patrick Tjin
328c04a28c muskie: add support for folio 
Bug: 35243564
Test: hall sensor on muskie wakes and sleeps device
Change-Id: I57a2a80b5466fb566c9a469cfe6eaac506baa10f
 2017-02-10 17:13:19 +00:00
TreeHugger Robot
39882c7e44 Merge "Adding system_server.te / file_contexts to handle some boot denials." 2017-02-10 00:13:59 +00:00
Max Bires
26aecc3452 Added thermal engine allow rule and defined sysfs_thermal files 
Added the allow and relevant sysfs_thermal specifications to handle the
following bootup denials:

denied { read write } for pid=795 comm="thermal-engine"
name="trip_point_1_temp" dev="sysfs" ino=43298
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_thermal:s0
tclass=file

denied { ioctl write } for pid=761 comm="thermal-engine" path="socket:[18584]"
dev="sockfs" ino=18584 ioctlcmd=c302 scontext=u:r:thermal-engine:s0
tcontext=u:r:thermal-engine:s0 tclass=socket

denied { read } for pid=729 comm="thermal-engine" name="thermal_zone11"
dev="sysfs" ino=43236 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir

denied { search } for pid=783 comm="thermal-engine" name="thermal"
dev="sysfs" ino=42709 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir

Bug: 34784662
Test: The above denials no longer appear during boot
Change-Id: If6fd93e10a85968a16b1266d148b0303ac0e09dd
 2017-02-09 23:07:08 +00:00
Max Bires
fcaa05bcab Adding system_server.te / file_contexts to handle some boot denials. 
Allow rules added to address the following denials:

denied { ioctl } for pid=3488 comm="system-server-i"
path="socket:[56767]" dev="sockfs" ino=56767 ioctlcmd=c304
scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0
tclass=socket

denied { open read } for pid=3488 comm="system-server-i"
path="/persist/sensors/sensors_settings" dev="sdd3" ino=17
scontext=u:r:system_server:s0 tcontext=u:object_r:persist_file:s0
tclass=file

Bug: 34784662
Test: The above denials don't appear during bootup
Change-Id: Iadc31855906dedb0adaaaed6e483122c3e175567
 2017-02-09 14:52:34 -08:00
Thierry Strudel
de0d5f38e3 ueventd: fix /dev/btpower uid, gid 
Bug: 35039915
Change-Id: I6c8a95b664f6dae4c77676cfddea73033f51ead7
Signed-off-by: Thierry Strudel <tstrudel@google.com>
 2017-02-08 14:22:46 -08:00
Jakub Pawlowski
414f8310cf Build the Bluetooth HAL for Muskie 
Test: VTS test passes on Marlin, Bluetooth starts/stops
Change-Id: I537a0eb4bc0862f6685fbdb2f50d4d36669202c4
 2017-02-08 13:18:26 -08:00
TreeHugger Robot
cb2e135187 Merge "muskie: change permissions of laser sensor" 2017-02-08 19:38:58 +00:00
matt_huang
9a6f6686a8 muskie: change permissions of laser sensor 
Change ownership of enable_ps_sensor to camera:camera

Change-Id: Ia7e61e66e872fef854f5304dc2671aa4a7684258
Signed-off-by: matt_huang <matt_huang@htc.com>
 2017-02-08 10:26:00 -08:00
Max Bires
83d2188a36 Merge "Adding allows to init.te and kernel.te to address boot logs." 2017-02-08 04:47:39 +00:00
Max Bires
82558694a0 Merge "Added bootanim.te to add an extra allow rule for muskie" 2017-02-08 04:46:27 +00:00
Max Bires
8aea191b9b Added bootanim.te to add an extra allow rule for muskie 
Added allow rule to make binder call to hwservicemanager due to denial
on call appearing in boot logs.

avc: denied { call } for pid=682 comm="BootAnimation"
scontext=u:r:bootanim:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder

Bug: 34784662
Test: The call denials are no longer seen on bootup
Change-Id: I5a2976989c60f6d4fb92af1167bc6b545cd81e65
 2017-02-07 20:41:31 -08:00
Max Bires
5e5f8eff28 Added sensors_device file context for /dev/sensors. 
Addressed following denial on generic device that needed to be
relabeled:
avc: denied { ioctl } for pid=711 comm="sensors.qcom"
path="/dev/sensors" dev="tmpfs" ino=22661 ioctlcmd=6403
scontext=u:r:sensors:s0 tcontext=u:object_r:device:s0 tclass=chr_file

Bug: 34784662
Test: Above denial no longer present in bootup logs
Change-Id: I2738a90422fc0cd5075414b0bdc466535aecde82
 2017-02-07 16:26:26 -08:00