******************************
5 violations found:
camera. u:object_r:vendor_camera_prop:s0
ro.camera. u:object_r:vendor_camera_prop:s0
sys.boot.hwc u:object_r:vendor_camera_prop:s0
sys.fp.vendor u:object_r:vendor_fingerprint_prop:s0
wifi.interface u:object_r:wifi_hal_prop:s0
******************************
device/xiaomi/sm6375-common/sepolicy/vendor/property_contexts contains properties
which are not properly namespaced.
This is enforced by VTS, so please fix such offending properties.
Co-authored-by: chrisl7 <wandersonrodriguesf1@gmail.com>
Change-Id: Ib1065171df107306da27066b0d8d8c444dd3bfe5
Starting with Android R launched devices, debugfs cannot be mounted in
production builds. In order to avoid accidental debugfs dependencies
from creeping in during development with userdebug/eng builds, the
build flag PRODUCT_SET_DEBUGFS_RESTRICTIONS can be set by vendors to
enforce additional debugfs restrictions for userdebug/eng builds. The
same flag will be used to enable sepolicy neveallow statements to
prevent new permissions added for debugfs access.
Test: build, boot
Bug: 184381659
Change-Id: I45e6f20c886d467a215c9466f3a09965ff897d7e
* required for oem fast charger detection
* this forces android to display "charging rapidly" whenever our
proprietary 33w charger is connected, based on the value of
this node (0/1)
Change-Id: I5094dfcd721a56e3ede62b16cdf187c898bdedf2
- Fixes scroll lag in many apps, such as Twitter:
W RenderThread: type=1400 audit(0.0:12371): avc: denied { open } for path=/dev/ashmem dev=tmpfs ino=10848 scontext=u:r:untrusted_app:s0:c123,c256,c512,c768 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file permissive=0 app=com.twitter.android
- Apps are no longer allowed open access to /dev/ashmem, unless they
target API level < Q.
(8b12ff5f21)
Analysis of disassembled code in IDA revealed that the stock
libsdmcore is just writing the brightness to a custom sysfs node
in mi_display. Bind mount the real brightness node to that so it
gets written to the real node instead.
Change-Id: I3aa840e50b7a067667b949b0ba1f36d187602547
* This is a squash commit from nnippon99:thirteen
veux: Address some missing denials
veux: Address wcnss denials
veux: Set ro.product.mod_device correctly and label sepolicy for it
* Proper set ro.product.mod_device depending on variant
* This needed for MIUICamera to work
veux: Add support for MiuiCamera!
veux: sepolicy: allow last_kmsg and fix denial
W init : type=1400 audit(0.0:7): avc: denied { setattr } for name="last_kmsg" dev="proc" ino=4026532174 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0
W BootReceiver: cannot read last msg
W BootReceiver: java.io.FileNotFoundException: /proc/last_kmsg: open failed: EACCES (Permission denied)
W BootReceiver: at libcore.io.IoBridge.open(IoBridge.java:574)
W BootReceiver: at java.io.FileInputStream.<init>(FileInputStream.java:160)
W BootReceiver: at android.os.FileUtils.readTextFile(FileUtils.java:637)
W BootReceiver: at com.android.server.BootReceiver.logFsShutdownTime(BootReceiver.java:649)
W BootReceiver: at com.android.server.BootReceiver.logBootEvents(BootReceiver.java:305)
W BootReceiver: at com.android.server.BootReceiver.-$$Nest$mlogBootEvents(Unknown Source:0)
W BootReceiver: at com.android.server.BootReceiver$1.run(BootReceiver.java:139)
W BootReceiver: Caused by: android.system.ErrnoException: open failed: EACCES (Permission denied)
W BootReceiver: at libcore.io.Linux.open(Native Method)
W BootReceiver: at libcore.io.ForwardingOs.open(ForwardingOs.java:563)
W BootReceiver: at libcore.io.BlockGuardOs.open(BlockGuardOs.java:274)
W BootReceiver: at libcore.io.IoBridge.open(IoBridge.java:560)
W BootReceiver: ... 6 more
veux: sepolicy: Fix logspam
* This is a SQUASH commit for multiple commits for fixing some logspam
veux: sepolicy: Label more sysfs wakeup nodes
veux: sepolicy: Label more graphics nodes
E WiredAccessoryManager: file /sys/devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon3/name not found
E WiredAccessoryManager: file /sys/devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon2/name not found
E WiredAccessoryManager: file /sys/devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/name not found
E WiredAccessoryManager: file /sys/devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/name not found
veux: sepolicy: address radio.qcriNvOpt hwservice denial
veux: sepolicy: Allow user apps to read proc/zoneinfo files
* E nightwatch-target: /proc/zoneinfo open: errno=13
* E nightwatch-target: sysmeminfo parse failed
* avc: denied { read } for name="zoneinfo" dev="proc" ino=4026531859 scontext=u:r:untrusted_app:s0:c61,c257,c512,c768 tcontext=u:object_r:proc_zoneinfo:s0 tclass=file permissive=0 app=com.facebook.katana
veux: sepolicy: Fix Build errors
veux: sepolicy: Resolve qemu_hw_prop denial
avc: denied { read } for name="u:object_r:qemu_hw_prop:s0" dev="tmpfs" ino=1316 scontext=u:r:system_app:s0 tcontext=u:object_r:qemu_hw_prop:s0 tclass=file permissive=0
veux: sepolicy: Fix isolated_app denial
avc: denied { setattr } for comm="CrUtilityMain" name="commands.json" dev="mmcblk0p42" ino=1251111 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="commands.json" dev="mmcblk0p42" ino=1251111 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="f2" dev="mmcblk0p42" ino=1251128 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="f2" dev="mmcblk0p42" ino=1251128 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
veux: Label some radio property
W libc : Unable to set property "ro.vendor.ril.svlte1x" to "false": error code: 0xb
W libc : Unable to set property "ro.vendor.ril.svdo" to "false": error code: 0xb
veux: prop: set some props and fix log
W libc : Unable to set property "ro.telephony.call_ring.multiple" to "false": error code: 0xb
W libc : Unable to set property "ro.vendor.ril.svlte1x" to "false": error code: 0xb
W libc : Unable to set property "ro.vendor.ril.svdo" to "false": error code: 0xb
veux: sepolicy: fix some denials
* Rearranges sepolicy/vendor/genfs_contexts properly too
W libc : Access denied finding property "ro.miui.singlesim"
W libc : Access denied finding property "ro.product.marketname"
W libc : Access denied finding property "ro.miui.ui.version.code"
W libc : Access denied finding property "ro.hardware.chipname"
W libc : Access denied finding property "ro.vendor.aware_available"
W libc : Access denied finding property "ro.vendor.gfx.32bit.target"
W libc : Access denied finding property 'wifi.interface'
W binder:2540_3: type=1400 audit: avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_aware_available_prop:s0" dev="tmpfs" ino=1946 scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_aware_available_prop:s0 tclass=file permissive=0
E android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup63 (../../devices/virtual/misc/msm_g711mlaw/wakeup63): Permission denied
E android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup58 (../../devices/virtual/misc/msm_amrwb/wakeup58): Permission denied
veux: sepolicy: Allow perf hal to read graphics composer
W/perf@2.2-servic(882): type=1400 audit(0.0:120396): avc: denied { search } for name="880" dev="proc" ino=394316 scontext=u:r:vendor_hal_perf_default:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=dir permissive=0
veux: sepolicy: fix denial
avc: denied { read } for comm="e2fsck" name="sde26" dev="tmpfs" ino=15571 scontext=u:r:fsck:s0 tcontext=u:object_r:vendor_custom_ab_block_device:s0 tclass=blk_file permissive=0
avc: denied { read write } for comm="e2fsck" name="sde26" dev="tmpfs" ino=15571 scontext=u:r:fsck:s0 tcontext=u:object_r:vendor_custom_ab_block_device:s0 tclass=blk_file permissive=0
veux: sepolicy: Fix avc denials related to vendor/toolbox.te
avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r🧰s0 tcontext=u:r🧰s0 tclass=capability permissive=0
veux: sepolicy: Resolve system_app denial
veux: sepolicy: KANG missing entries from sm8350-common
Signed-off-by: nnippon99 <adamayyad1999@hotmail.com>
Change-Id: Ica2495d4c2833b0c0509db802115ca720cc7511a
- Fixes scroll lag in apps such as twitter etc.
Apps are no longer allowed open access to /dev/ashmem, unless they
target API level < Q.
Bug: 113362644
Test: device boots, Chrome, instant apps work
Signed-off-by: Ahmad Rulim <personal@rulim34.dev>
Needed after I026cd6930459262c31c401e57444cfe2b60357b7
Change-Id: I0522bafab2605b3d0ab5a147154b32fa9ee3ce37
Signed-off-by: Ahmad Rulim <personal@rulim34.dev>
* W libc : Access denied finding property "ro.camera.res.fmq.size"
W libc : Unable to set property "vendor.camera.sensor.rearMain.fuseID" to "sunn001206141BC64DB800000000000000000000000000000000000000000000": error code: 0x18
W libc : Unable to set property "vendor.camera.sensor.rearMain.fuseSnID" to "": error code: 0x18
W libc : Unable to set property "vendor.camera.sensor.frontMain.fuseID" to "sunn00321F160A011A1E0F1C0404080001252B81000000000000000000000000": error code: 0x18
W libc : Unable to set property "vendor.camera.sensor.frontMain.fuseSnID" to "": error code: 0x18
W libc : Unable to set property "vendor.camera.sensor.rearMacro.fuseID" to "ofil00220F1A4230373235394130000000000000000000000000000000000000": error code: 0x18
W libc : Unable to set property "vendor.camera.sensor.rearMacro.fuseSnID" to "": error code: 0x18
W libc : Unable to set property "vendor.camera.sensor.rearUltra.fuseID" to "aaca002217203553320202110E0B620000000000000000000000000000000000": error code: 0x18
W libc : Unable to set property "vendor.camera.sensor.rearUltra.fuseSnID" to "": error code: 0x18
W provider@2.4-se: type=1400 audit(0.0:153): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=11118 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
W /system/bin/init: type=1107 audit(0.0:144): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.camera.sensor.rearMain.fuseID pid=9788 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:145): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.camera.sensor.rearMain.fuseSnID pid=9788 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:146): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.camera.sensor.frontMain.fuseID pid=9788 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:147): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.camera.sensor.frontMain.fuseSnID pid=9788 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
W /system/bin/init: type=1107 audit(0.0:148): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.camera.sensor.rearMacro.fuseID pid=9788 uid=1047 gid=1005 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
Signed-off-by: Ahmad Rulim <personal@rulim34.dev>
This is necessary to find the dualcamera calibration in persist
Change-Id: I89d5d7839e13aeb2f5373b8bdc2e03830407cfb0
Signed-off-by: Ahmad Rulim <personal@rulim34.dev>
