Evolution-x-devices/device_xiaomi_stone
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_xiaomi_stone synced 2026-01-27 17:18:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1eb9cedb9a50985e844639d795a247920a7c3a41
device_xiaomi_stone/sepolicy/vendor/attributes
nnippon99 26be43ff39 [SQUASH] sm6375-common: sepolicy: Address more denials 
* This is a squash commit from nnippon99:thirteen

veux: Address some missing denials

veux: Address wcnss denials

veux: Set ro.product.mod_device correctly and label sepolicy for it
* Proper set ro.product.mod_device depending on variant
* This needed for MIUICamera to work

veux: Add support for MiuiCamera!

veux: sepolicy: allow last_kmsg and fix denial
W init    : type=1400 audit(0.0:7): avc: denied { setattr } for name="last_kmsg" dev="proc" ino=4026532174 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

W BootReceiver: cannot read last msg
W BootReceiver: java.io.FileNotFoundException: /proc/last_kmsg: open failed: EACCES (Permission denied)
W BootReceiver:	at libcore.io.IoBridge.open(IoBridge.java:574)
W BootReceiver:	at java.io.FileInputStream.<init>(FileInputStream.java:160)
W BootReceiver:	at android.os.FileUtils.readTextFile(FileUtils.java:637)
W BootReceiver:	at com.android.server.BootReceiver.logFsShutdownTime(BootReceiver.java:649)
W BootReceiver:	at com.android.server.BootReceiver.logBootEvents(BootReceiver.java:305)
W BootReceiver:	at com.android.server.BootReceiver.-$$Nest$mlogBootEvents(Unknown Source:0)
W BootReceiver:	at com.android.server.BootReceiver$1.run(BootReceiver.java:139)
W BootReceiver: Caused by: android.system.ErrnoException: open failed: EACCES (Permission denied)
W BootReceiver:	at libcore.io.Linux.open(Native Method)
W BootReceiver:	at libcore.io.ForwardingOs.open(ForwardingOs.java:563)
W BootReceiver:	at libcore.io.BlockGuardOs.open(BlockGuardOs.java:274)
W BootReceiver:	at libcore.io.IoBridge.open(IoBridge.java:560)
W BootReceiver:	... 6 more

veux: sepolicy: Fix logspam
* This is a SQUASH commit for multiple commits for fixing some logspam

veux: sepolicy: Label more sysfs wakeup nodes

veux: sepolicy: Label more graphics nodes
E WiredAccessoryManager: file /sys/devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon3/name not found
E WiredAccessoryManager: file /sys/devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon2/name not found
E WiredAccessoryManager: file /sys/devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/name not found
E WiredAccessoryManager: file /sys/devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/name not found

veux: sepolicy: address radio.qcriNvOpt hwservice denial

veux: sepolicy: Allow user apps to read proc/zoneinfo files

* E nightwatch-target: /proc/zoneinfo open: errno=13
* E nightwatch-target: sysmeminfo parse failed

* avc: denied { read } for name="zoneinfo" dev="proc" ino=4026531859 scontext=u:r:untrusted_app:s0:c61,c257,c512,c768 tcontext=u:object_r:proc_zoneinfo:s0 tclass=file permissive=0 app=com.facebook.katana

veux: sepolicy: Fix Build errors

veux: sepolicy: Resolve qemu_hw_prop denial

avc: denied { read } for name="u:object_r:qemu_hw_prop:s0" dev="tmpfs" ino=1316 scontext=u:r:system_app:s0 tcontext=u:object_r:qemu_hw_prop:s0 tclass=file permissive=0

veux: sepolicy: Fix isolated_app denial

avc: denied { setattr } for comm="CrUtilityMain" name="commands.json" dev="mmcblk0p42" ino=1251111 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="commands.json" dev="mmcblk0p42" ino=1251111 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="f2" dev="mmcblk0p42" ino=1251128 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0
avc: denied { setattr } for comm="CrUtilityMain" name="f2" dev="mmcblk0p42" ino=1251128 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c153,c256,c512,c768 tclass=file permissive=0

veux: Label some radio property
W libc    : Unable to set property "ro.vendor.ril.svlte1x" to "false": error code: 0xb
W libc    : Unable to set property "ro.vendor.ril.svdo" to "false": error code: 0xb

veux: prop: set some props and fix log
W libc    : Unable to set property "ro.telephony.call_ring.multiple" to "false": error code: 0xb
W libc    : Unable to set property "ro.vendor.ril.svlte1x" to "false": error code: 0xb
W libc    : Unable to set property "ro.vendor.ril.svdo" to "false": error code: 0xb

veux: sepolicy: fix some denials
* Rearranges sepolicy/vendor/genfs_contexts properly too

W libc    : Access denied finding property "ro.miui.singlesim"
W libc    : Access denied finding property "ro.product.marketname"
W libc    : Access denied finding property "ro.miui.ui.version.code"
W libc    : Access denied finding property "ro.hardware.chipname"
W libc    : Access denied finding property "ro.vendor.aware_available"
W libc    : Access denied finding property "ro.vendor.gfx.32bit.target"

W libc    : Access denied finding property 'wifi.interface'

W binder:2540_3: type=1400 audit: avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_aware_available_prop:s0" dev="tmpfs" ino=1946 scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_aware_available_prop:s0 tclass=file permissive=0

E android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup63 (../../devices/virtual/misc/msm_g711mlaw/wakeup63): Permission denied

E android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup58 (../../devices/virtual/misc/msm_amrwb/wakeup58): Permission denied

veux: sepolicy: Allow perf hal to read graphics composer
W/perf@2.2-servic(882): type=1400 audit(0.0:120396): avc: denied { search } for name="880" dev="proc" ino=394316 scontext=u:r:vendor_hal_perf_default:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=dir permissive=0

veux: sepolicy: fix denial
avc: denied { read } for comm="e2fsck" name="sde26" dev="tmpfs" ino=15571 scontext=u:r:fsck:s0 tcontext=u:object_r:vendor_custom_ab_block_device:s0 tclass=blk_file permissive=0
avc: denied { read write } for comm="e2fsck" name="sde26" dev="tmpfs" ino=15571 scontext=u:r:fsck:s0 tcontext=u:object_r:vendor_custom_ab_block_device:s0 tclass=blk_file permissive=0

veux: sepolicy: Fix avc denials related to vendor/toolbox.te
avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r🧰s0 tcontext=u:r🧰s0 tclass=capability permissive=0

veux: sepolicy: Resolve system_app denial

veux: sepolicy: KANG missing entries from sm8350-common

Signed-off-by: nnippon99 <adamayyad1999@hotmail.com>
Change-Id: Ica2495d4c2833b0c0509db802115ca720cc7511a
2023-07-05 02:59:01 +07:00

8 lines
268 B
Plaintext
Raw Blame History

# Camera
attribute vendor_hal_cameraperf;
attribute vendor_hal_cameraperf_client;
attribute vendor_hal_cameraperf_server;
attribute vendor_hal_camerapostproc_xiaomi;
attribute vendor_hal_camerapostproc_xiaomi_client;
attribute vendor_hal_camerapostproc_xiaomi_server;
Reference in New Issue View Git Blame Copy Permalink