Evolution-x-devices/device_xiaomi_sdm710-common
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_xiaomi_sdm710-common synced 2026-01-27 12:13:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
330 Commits 3 Branches 0 Tags
udc
Commit Graph

35 Commits

Author SHA1 Message Date
Sebastiano Barezzi
b5392cec63 sdm710-common: Move to Xiaomi IR AIDL 
Change-Id: I46094bcbfaba252b5d98ea8211b927fdaa079e2d
 2024-10-16 15:09:58 -04:00
Rodney Etienne
e924a84185 sdm710-common: Initialize for Evolution X 9.x 2024-07-05 16:17:36 -04:00
Sebastiano Barezzi
45c664d099 sdm710-common: sepolicy: Rework and cleanup 
Change-Id: I12c97fe8f543b6c466cd6fc38479582ddca37156
 2024-06-05 21:20:33 -04:00
Bruno Martins
96c588eb97 sdm710-common: Use common libqti-perfd-client and power-libperfmgr 
Change-Id: I22d6b35c72629553817005deaefcae60abc72cfd
 2024-05-30 14:26:27 -04:00
Rodney Etienne
d77c5c1f85 sdm710-common: Address some denials 2024-05-30 13:04:26 -04:00
me-cafebabe
01639ef896 sdm710-common: Import full CACert stack 
* Used by xtra-daemon
* Nothing uses 32-bit libjnihelper.so which belongs to CACert stack, remove it
* Fix the denials while we're at it

Test:
1. Download and open "GPS Test" app
2. Perform Menu > AGPS > Clear and update
3. Confirm there's no error about getting cacert service on logcat

Change-Id: Iace09f6d7a05e0a2ae8ef8048a19a391f537237e
 2024-02-13 19:58:42 +08:00
Charles Chen
24c8930292 sdm710-common: Replace isolated_app with isolated_app_all 
Replace certain policies for isolated_app with the newly introduced
isolated_app_all for better scalability.

Bug: 265540209
Test: m
Change-Id: I1b6866d56f15089babe368bb60335c7ed99bdd6b
 2024-02-12 03:24:50 +01:00
Ivan Vecera
42a4e60d1a sdm710-common: sepolicy: Address vendor_init denials 
Resolves:
W /system/bin/init: type=1107 audit(0.0:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=ro.vendor.display.ad pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_dpps_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=ro.vendor.display.ad.hdr_calib_data pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_dpps_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:6): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=ro.vendor.display.ad.sdr_calib_data pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_dpps_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:7): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=ro.vendor.display.sensortype pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_dpps_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:8): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=vendor.media.target.version pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_video_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:9): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=persist.vendor.ssr.restart_level pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_ssr_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:29): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=persist.camera.gyro.disable pid=560 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'

Change-Id: I2d436e50b6fa68f8037435779b1f865fdd154c20
 2024-02-12 02:55:59 +01:00
Ivan Vecera
3fd76de963 sdm710-common: sepolicy: Address hal_camera_default denials 
Resolves:
W /system/bin/init: type=1107 audit(0.0:42): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=persist.camera.dualcal.state pid=1024 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:72): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=persist.vendor.camera.xiaomi.remapid pid=1024 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:74): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=persist.camera.module.info pid=1024 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:75): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=persist.camera.module.infoext pid=1024 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:76): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=camera.sensor.rearMain.fuseID pid=1024 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:77): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=camera.sensor.frontMain.fuseID pid=1024 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:78): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=camera.sensor.rearUltra.fuseID pid=1024 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:79): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { set } for property=vendor.camera.boot_complete pid=1024 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_camera_prop:s0 tclass=property_service permissive=0'

Change-Id: I54129c32cc0916431255be05ba2175116e72c387
 2024-02-12 02:48:58 +01:00
Ivan Vecera
762f287176 sdm710-common: sepolicy: Add vendor prefix to several properties 
Change-Id: I84fd2a0f2e85495bf03e77885c8ea06de18b79c1
 2024-02-12 02:48:58 +01:00
Ivan Vecera
909007a4a9 sdm710-common: sepolicy: Label audio properties 
Some audio vendor audio properties are not labelled so
label them and add vendor prefix to existing ones.

Change-Id: I6a2892e8a72cf69b80954191dab12440972c543a
 2024-02-12 02:48:58 +01:00
Ivan Vecera
0833af2c38 sdm710-common: rootdir: Move all static parameters to init.qcom.power.rc 
Move the rest of static configuration parameters from
init.qcom.post_boot.sh to init.qcom.power.rc.

Change-Id: I18d8aa7bdd4f2807246dafd9c47fc7fb9b65dc71
 2024-01-20 14:57:56 +01:00
LuK1337
0e6d050fdd sdm710-common: sepolicy: Address thermal-engine denials 
* <Q blobs require broader sysfs access and we don't
  want to relabel stuff like /sys/class/kgsl.

Resolves:
I auditd  : type=1400 audit(0.0:37): avc: denied { read } for comm="thermal-engine" name="kgsl" dev="sysfs" ino=45578 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

Change-Id: I6a821da53686eba33990ae231ccae700de2d7391
 2024-01-20 14:57:56 +01:00
Ivan Vecera
5bc9df2b69 sdm710-common: Add panel properties 
Fingerprint HAL looks for sys.panel.{color,display,touch_vendor,vendor}
properties:
E [GF_HAL][XiaoMiSensor]: [init] Failed getting sys.panel.display property
E [GF_HAL][ExtModuleCreator]: Failed to getprop sys.panel.touch_vendor
E [GF_HAL][ExtModuleCreator]: Failed to getprop sys.panel.Vendor

On stock ROM these properties are set by init.panel_info.sh script
that translates lockdown-info values from touchscreen drivers.
After investigation of lockdown info from pyxis, vela, grus and xmsirius
all these properties' values are the same: color is BLACK and panel
and display vendor are SDC (Samsung Display Corp).

Add these properties and label them so the fingerprint HAL can access
them. After testing on Pyxis it looks that FP operations are more
reliable.

Change-Id: I9bcc471265ef364318bada305c2ea25110127606
 2024-01-20 14:57:56 +01:00
Ivan Vecera
30bfd25a8c Revert "sdm710-common: Remove QTI BT stack remnants" 
This reverts commit c4e39b7326.

Resolves:
E vendor.qti.bluetooth@1.0-bluetooth_address: Failed to open /data/vendor/mac_addr/bt.mac: Permission denied
W bluetooth@1.0-s: type=1400 audit(0.0:95): avc: denied { search } for name="mac_addr" dev="sda31" ino=263 scontext=u:r:hal_bluetooth_qti:s0 tcontext=u:object_r:wifi_vendor_data_file:s0 tclass=dir permissive=0

Change-Id: I34ee9517031a3bc484c121708c9cf7f8b136cc80
 2024-01-20 14:57:56 +01:00
Bruno Martins
c4e39b7326 sdm710-common: Remove QTI BT stack remnants 
Change-Id: I6627c1c0dc9b9873b8cf6f7301b2207e41ad963c
 2022-12-24 18:24:03 +01:00
Ivan Vecera
2198952984 Revert "sdm710-common: sepolicy: Properly label slmadapter service and allow cnd to find it" 
This reverts commit f80cbb2df8.

Change-Id: Ia91d93e1437301a841429295b1e3fbacb37aa0a5
 2022-12-24 18:23:57 +01:00
Ivan Vecera
a8f08af5ea Revert "sdm710-common: sepolicy: Allow cnd to read WiFi properties" 
This reverts commit 36b9a5cc3b.

Change-Id: I1081c373885501e096d341cc9eeaa99e84b16afb
 2022-12-24 18:23:38 +01:00
Ivan Vecera
3981006436 sdm710-common: sepolicy: Allow camera HAL to access graphics allocator service 
Resolves:
E SELinux : avc:  denied  { find } for interface=android.hardware.graphics.allocator::IAllocator sid=u:r:hal_camera_default:s0 pid=5709 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:hal_graphics_allocator_hwservice:s0 tclass=hwservice_manager permissive=0

Change-Id: Ie33a4b317ece365df7658c8d056a38ae76c3b101
 2022-10-22 21:00:22 +02:00
Ivan Vecera
5768e0117c sdm710-common: sepolicy: Label camera vendor libraries 
Although the camera vendor libraries are present in public.libraries.txt
they cannot be used because they are not correctly labelled.
Properly label these libs according [1]

[1] https://source.android.com/docs/core/permissions/namespaces_libraries#adding-additional-native-libraries

Change-Id: I37c2f397cdf355ac56c5574aa4588d75cf9c8973
 2022-10-07 14:55:26 +02:00
Ivan Vecera
40b953d2dc sdm710-common: sensors: Build UDFPS sensors sub-HAL 
* Build and ship UDFPS sensor sub-HAL for devices with UDFPS
* Allow sensors HAL access /sys/touchpanel directory

Change-Id: I440350e0d4d4296cbc77e68e8f87cc727b08528b
 2022-09-19 18:43:50 +02:00
Sebastiano Barezzi
681c8dfdc7 sdm710-common: sepolicy: Manually label vendor block device 
* For somehow reason qcom sepolicy isn't doing it

Change-Id: Ic67b00362515f85efb61a48cd49a308cbab672eb
 2022-09-11 02:03:08 +02:00
Sebastiano Barezzi
68de91771d sdm710-common: Retrofit dynamic partitions 
* Merge system, vendor and cust, giving us a whopping 6.4GB of space, pretty nice
* Mark standard block devices as super block devices (from https://source.android.com/devices/tech/ota/dynamic_partitions/implement?hl=en#selinux-legacy)

Change-Id: I2553aad99f5c458cf6ac6b4265dc5840127c13e9
 2022-09-08 23:41:04 +02:00
Sebastiano Barezzi
9e81a9afbe sdm710-common: sepolicy: Label logdump partition in qcom sepolicy 
Change-Id: I9c0678257ad21480581b30431dfcf3a5cd215bfd
 2022-09-08 23:22:09 +02:00
Ivan Vecera
e607977d60 sdm710-common: Implement SunlightEnhancement LiveDisplay HAL 
* Add LiveDisplay HAL and SunlightEnhancement using 'hbm' sysfs knob

Change-Id: I4583e45427d689827b020ca960f37f6fa92e3d11
 2022-09-08 09:46:43 +02:00
Sebastiano Barezzi
5e20f0f039 sdm710-common: Use logdump as metadata partition 
* We have a 64MB unused partition, why not use it

Change-Id: Ie0fafa8285eaebb24589073581ff9575f40c89e9
 2022-08-20 15:44:55 +02:00
Michael Bestas
3554a74545 sdm710-common: sepolicy: Fix fingerprint labels 
Change-Id: I66188247ce9268929763236c0ac2fa483273f1cc
 2022-08-19 15:24:17 +02:00
Ivan Vecera
0bae790389 sdm710-common: udfps: Allow access fod_status node in /sys/touchpanel 
* focaltech_touch_mi used in pyxis exposes fod_status sysfs node
  in /sys/touchpanel

Signed-off-by: Ivan Vecera <ivan@cera.cz>
Change-Id: I9707e1837c41b0cbc3f03180774af1b53c4b2f6d
 2022-08-19 15:24:16 +02:00
Ivan Vecera
36b9a5cc3b sdm710-common: sepolicy: Allow cnd to read WiFi properties 
Resolves:
W cnd     : type=1400 audit(0.0:99): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=21110 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0

Signed-off-by: Ivan Vecera <ivan@cera.cz>
Change-Id: Id71c6840b3765e2d358c438931d678a78dd5352d
 2022-08-19 15:24:16 +02:00
Ivan Vecera
f80cbb2df8 sdm710-common: sepolicy: Properly label slmadapter service and allow cnd to find it 
Resolves:
E SELinux : avc:  denied  { find } for interface=vendor.qti.hardware.slmadapter::ISlmAdapter sid=u:r:cnd:s0 pid=975 scontext=u:r:cnd:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0

Signed-off-by: Ivan Vecera <ivan@cera.cz>
Change-Id: I5b27eee6a1f9a622962c7364b2bdabe92cf37254
 2022-08-19 15:24:16 +02:00
Ivan Vecera
f028fbb5f2 sdm710-common: sepolicy: Allow cdsprpcd to access xdsp device 
Allow cdsprpcd to offload ADSP/SLPI using the new
/dev/adsprpc-smd-secure device node.

Resolves:
avc: denied { read } for comm="cdsprpcd" name="adsprpc-smd-secure" dev="tmpfs" ino=19293 scontext=u:r:cdsprpcd:s0 tcontext=u:object_r:xdsp_device:s0 tclass=chr_file permissive=0

Signed-off-by: Ivan Vecera <ivan@cera.cz>
Change-Id: Idb48b5c543cc1342904bb9481e60f89c0120b222
 2022-08-19 15:24:16 +02:00
Ivan Vecera
9c026b1496 sdm710-common: sepolicy: Allow bluetooth HAL to access WiFi vendor data 
Resolves:
avc: denied { search } for name="mac_addr" dev="sda31" ino=6815767 scontext=u:r:hal_bluetooth_qti:s0 tcontext=u:object_r:wifi_vendor_data_file:s0 tclass=dir permissive=0

Signed-off-by: Ivan Vecera <ivan@cera.cz>
Change-Id: Iad4343a09c2466ff0341ab53e1c92e03fa775f73
 2022-08-19 15:24:16 +02:00
Ivan Vecera
443acb15f8 sdm710-common: sepolicy: Fix sepolicy rule for hal_nfc_default 
Commit 9cb034d ("sdm710-common: Initial sepolicy") incorrectly added
sepolicy rule to allow hal_power_default to create and access NFC
vendor data. Correct scontext is hal_nfc_default for this case.

Resolves:
avc: denied { search } for comm="nfc@1.2-service" name="nfc" dev="sda31" ino=6815807 scontext=u:r:hal_nfc_default:s0 tcontext=u:object_r:nfc_vendor_data_file:s0 tclass=dir permissive=0

Fixes: 9cb034d ("sdm710-common: Initial sepolicy")
Signed-off-by: Ivan Vecera <ivan@cera.cz>
Change-Id: I25b5c6f6b5f59230c23a5a632b6e45edea342d3e
 2022-08-19 15:24:16 +02:00
Ivan Vecera
d469151b3f sdm710-common: sepolicy: Label additional data files used by FOD 
Resolves:
avc: denied { open } for comm="qseecomd" path="/mnt/vendor/persist/goodix/caliParamsInfo.so" dev="sdf7" ino=223 scontext=u:r:tee:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
avc: denied { open } for comm="qseecomd" path="/mnt/vendor/persist/goodix/BMatrix.so" dev="sdf7" ino=224 scontext=u:r:tee:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=file permissive=0
avc: denied { open } for comm="qseecomd" path="/mnt/vendor/persist/goodix/ifaa_fplist" dev="sdf7" ino=215 scontext=u:r:tee:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=file permissive=0

Signed-off-by: Ivan Vecera <ivan@cera.cz>
Change-Id: If92b4dafc2186fc616db755882830aba162d5cd3
 2022-08-19 15:24:16 +02:00
Sebastiano Barezzi
9cb034dc4e sdm710-common: Initial sepolicy 
* From sdm845-common, cleaned up using sm8250-common one as reference

Change-Id: I9094d8593fba89c96cb2be3ee8a996b5cf4d3969
 2022-06-13 23:08:39 +02:00