pa-fazil
/
android_vendor_aospa
mirror of https://github.com/fazilsheik96/android_vendor_aospa.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,414 Commits 5 Branches 0 Tags 1.3 GiB
Commit Graph

84 Commits

Author SHA1 Message Date
Jake Weinstein ea027c21d4 Revert "aospa: sepolicy: Resolve additional selinux denials with OTA" 
This reverts commit 35666dec78.

Reason for revert: Revisit this for Topaz.

Change-Id: I6f25db01bae6216955a077b4724b485502df2457
 2022-08-25 05:00:47 +00:00
Chris Crump 35666dec78 aospa: sepolicy: Resolve additional selinux denials with OTA 
dac_override allow requires https://gerrit.aospa.co/c/AOSPA/android_system_sepolicy/+/22414

Change-Id: I7d5072bc513ec22aa61eb30904441f98f0f5e87c
 2022-08-08 10:19:29 +00:00
Chris Crump 60b01a2afe aospa: sepolicy: Add ParanoidHub and additional update_engine polices 
* common: add update_engine policies
   Dan Pasanen
<dan.pasanen@gmail.com>

* sepolicy: add rules for updater and update_engine
   Dan Pasanen
<dan.pasanen@gmail.com>

* common: Switch Updater app to its own SELinux domain
   Łukasz Patron <priv.luk@gmail.com>

* updater_app: Allow updater_app domain to access the network
   Eamon Powell <eamonpowell@outlook.com>

* Updater: Allow binder calls to gpu service
   Bruno Martins <bgcngm@gmail.com>

* updater_app: Grant additional permissions
   Nolen Johnson <johnsonnolen@gmail.com>

* common: exported2_default_prop -> build_prop
   Michael Bestas <mkbestas@lineageos.org>

Change-Id: I14f2ccfa17f6b88924d341b69305343f97877f70
 2022-07-19 13:42:54 -04:00
Omkar Chandorkar 70f7ee3ee9
sepolicy: drop LOS FOD rules 
* rip a11 fod

Change-Id: I1134fa4eb9dec691b55ff06e806a551c53cffb84
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-06-29 21:18:36 +09:00
Juhyung Park 81b5802e14 aospa: sepolicy: allow setting ro.vendor.lmkd.* properties 
Change-Id: Ia45e4d2554e96333ed751352c05db883038fda2e
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
 2022-02-21 01:16:05 +09:00
Bruno Martins 0e63a30326 aospa: sepolicy: Label basic USB HAL 
Change-Id: I6aeb36893125c52dcdabe2a2c8bcb2347af33481
 2022-02-16 07:51:16 +00:00
Fabian Leuteneegger 5c4eced731 aospa: sepolicy: Add policies for Pocked Judge 
Change-Id: I837baa51f68f00009651e8c8477b0cdf49afabf7
 2021-12-08 14:52:37 +00:00
StyloGey c77eaa3178
aospa: Introduce AOSPA power HAL for gestures. 
Change-Id: Icd7222888835d939da8032ace0fbdbb9fb555329
 2021-10-14 11:46:06 +09:00
TheStrix a76053d59d
aospa: sepolicy: Allow bootanim to find mediametrics_service 
Change-Id: I4dca1ac09c4b3f3dd196c0132370b0400b8f8e07
 2021-10-14 11:46:06 +09:00
LuK1337 4cf084f63d
aospa: sepolicy: Add rules for FOD. 
Change-Id: Id9b8d33075b6f394710dfeeca88d73949bb837af
 2021-10-14 11:46:06 +09:00
Vishalcj17 ab0d34ec12
aospa: Cleanup as much as possible. 
* bravo six, going in for a restructure.

Change-Id: Ib787d9e52cbd97a797c62a0053a525756bc74b2c
 2021-10-14 11:45:32 +09:00
Linux4 2af3dda541 [lineage-17.1] sepolicy: add hal_powershare 
Change-Id: I2ed2d8c1c8ac03c33900d83802e8a981785e6406
 2021-07-25 09:11:54 +00:00
Bruno Martins 7b8dd7440a pa: sepolicy: Label basic USB HAL 
Change-Id: I6aeb36893125c52dcdabe2a2c8bcb2347af33481
 2021-06-09 03:55:47 +00:00
Omkar Chandorkar 3c732db59c
pa: sepolicy: make vendor_sysfs_dc_dim type public 
Signed-off-by: Omkar Chandorkar <gotenksIN@aosip.dev>
Change-Id: I771ee9da1da5daef0718c6b8543ba1001366e17a
 2021-05-27 03:12:48 +00:00
rituj f5b06273d3 pa: selinux: Introduce Applock [3/3] 
Change-Id: I92532e5d5ed33cced5583b7fda19327787234af7
 2021-03-18 13:17:26 +00:00
StyloGey cb103cccad pa: Introduce AOSPA power HAL for gestures. 
Change-Id: Icd7222888835d939da8032ace0fbdbb9fb555329
 2021-03-15 15:24:43 +00:00
Rituj Beniwal bf07d8d771 pa: sepolicy: Introduce automated DC Dimming. 
* Label sysfs node as vendor_sysfs_dc_dim in device tree.

Change-Id: Ie370de435763e9eb4e10940bd9b2484650c3cdce
 2021-03-13 06:21:49 +00:00
dianlujitao 62f4359626
pa: sepolicy: Expose aux camera whitelist property. 
Change-Id: I8f6d2fcd498ed78d8404451b33ba830381c36061
 2021-03-12 07:06:00 -07:00
Puneet Mishra 4e19732c40
pa: sepolicy: Allow platform apps to find the NFC service. 
* Several APIs on NFC require platform permissions,
   therefore, NFC test applications are equipped with them.

Change-Id: I35435b4aac0b0153c7847a8e02ab36985f54e774
 2020-12-31 17:17:44 -07:00
Alexander Koskovich 98af27b706 pa: sepolicy: Write some missing rules for FOD. 
Change-Id: I255a0b5e25461298d19e7f13a24e4262330b83cf
 2020-12-18 00:40:26 +00:00
LuK1337 d1d045c2bb pa: sepolicy: Add rules for FOD. 
Change-Id: I067ead0c2f60493a974bc220b67d7039acea4823
 2020-11-21 05:10:37 +00:00
Jake Weinstein 292d764015 vendor: move sepolicy to device/pa/sepolicy 
Change-Id: I0eda57cfd95d313d6cd544983504ed55a608d11b
 2019-07-31 12:44:21 +00:00
Hernán Castañón Álvarez ca2b717196 pa: sepolicy: move PA sepolicy to system. 
This is needed for QSSIs to be able to use our vendor/pa sepolicies.

This won´t cause any issues to device specific builds.

Signed-off-by: Hernán Castañón Álvarez <herna@paranoidandroid.co>
Change-Id: Ifb4057334110d1c7389f728cbaf573a5538a98d2
 2019-03-23 12:20:07 +00:00
TheStrix c60446fc2c Initial sepolicy changes for pie 
Change-Id: I0707ae85da0d153a8c383b9eaa08ef9c4057f8fd
 2018-09-20 04:52:13 +00:00
Jake Weinstein e7b25190d3 pa: Fix zygote denial 
Fixes the following denial
avc: denied { create } for pid=668 comm="main" name="tasks" scontext=u:r:zygote:s0 tcontext=u:object_r:cgroup:s0 tclass=file permissive=0

Change-Id: I4d001f3973e73a6dd4027e6a872688df68a0f4a8
 2018-02-18 08:14:32 +00:00
Lennart c86c71bbfa pa: fix denial to show the correct selinux mode 
Without this commit the settings always show permissive as selinux
status even it it was enforcing

Change-Id: Icd5003e67a725323a5445a936d5a38a3006c5456
 2018-02-17 00:31:43 +01:00
cj360 1b055f37a6 sepolicy: Fix mkfs sepolicy for Oreo 
Needs coredomain

a2718d3071

Change-Id: Ie612c590739cf88191b093f92087092d9e574a13
Signed-off-by: cj360 <ayunker551@gmail.com>
 2018-02-13 16:12:38 +00:00
Alex Naidis 2637516bfb pa: Initial 8.0 bringup 
- Update version number
- Cleanup sepolicy, remove theming support
- Initial pass at overlays
- Remove pa-services for now

Change-Id: I933a9fadc9d81da9454c5e369e841fcc22629932
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-11-11 08:24:50 -05:00
Alex Naidis 9f6515fd98 pa: Give system server full read access to user profiles 
Fixes denials such as
[ 1053.875830] type=1400 audit(1502291448.945:27): avc: denied { open } for pid=1389 comm="PackageManager" path="/data/misc/profiles/cur/0/foreign-dex" dev="sda15" ino=1945922 scontext=u:r:system_server:s0 tcontext=u:object_r:user_profile_data_file:s0 tclass=dir permissive=0

Change-Id: I9769df7bd7fd5167690acc182d187bb609b00c13
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-08-10 01:59:01 +00:00
Ícaro Hoff b0fefe82a5
pa: address profile picture "read" permission denial 
[ 8875.702197] type=1400 audit(1502056520.069:19): avc: denied { read } for pid=10749 comm="Binder:10227_6" path="/data/user_de/0/com.android.settings/cache/TakeEditUserPhoto2.jpg" dev="sda10" ino=65289 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0

Change-Id: I29cf861ade67b11b4cf0cf8b00b0960b77b62759
Signed-off-by: Ícaro Hoff <icarohoff@gmail.com>
 2017-08-06 19:07:53 -03:00
Chris Lahaye 6e07618a4e pa: Add selinux policy for pocket bridge 
Change-Id: I45b8eeab76833f5c95211da5d869b21cb72510c4
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-08-02 15:42:55 -04:00
Carlo Savignano 66580b14d2 pa: Add pocket judge selinux policy 
Ticket: NOUGAT-9

Change-Id: I46fa86a55389421f615e0af366bee9413617297c
Signed-off-by: Carlo Savignano <carlosavignano@aospa.co>
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-08-02 15:41:50 -04:00
thecrazyskull a0d58315db pa: sepolicy: Add Color Engine policy 
Change-Id: I9b9915c63326634f7f8c8e31a23efe93a07b8a42
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-08-02 15:41:42 -04:00
Jake Weinstein f23c100401 pa: Fix a user profile data denial 
Change-Id: I1a441c9a893edc3a5ccbb9d5ba373ceeed441a87
 2017-07-30 14:10:59 +00:00
Alex Naidis b544174dd1 pa: Fix audioserver's communication with boot animation 
Audioserver needs to communicate with boot animation
via binder.

Change-Id: Iafd3701f1cf741b30808fc1ad989f9c07cca7935
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-07-27 20:28:48 +00:00
Jake Weinstein a6fa8c8528 pa: fix denial when setting user profile picture 
[298887.878199] type=1400 audit(1500699998.019:640): avc: denied { write } for pid=6660 comm="Binder:6647_1" path="/data/user_de/0/com.android.settings/cache/CropEditUserPhoto.jpg" dev="sda15" ino=1866326 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0
[298887.910918] type=1400 audit(1500699998.049:641): avc: denied { write } for pid=15001 comm="Binder:6647_5" path="/data/user_de/0/com.android.settings/cache/CropEditUserPhoto.jpg" dev="sda15" ino=1866326 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0

Change-Id: Ia416e69b561c2b656d00ed401abd4d7d67bfc0d4
 2017-07-24 02:42:36 +00:00
Surge Raval 017b3b4792
pa: Add policy to fix interfacer derp on boot 
05-29 08:40:17.200 10546 10600 F libc    : Fatal signal 6 (SIGABRT), code -6 in tid 10600 (POSIX timer 0)
05-29 08:40:17.200   428   428 W         : debuggerd: handling request: pid=10546 uid=1006 gid=1006 tid=10600
05-29 08:40:17.223 20058 20058 E         : debuggerd: Unable to connect to activity manager (connect failed: Connection refused)
05-29 08:40:17.225   580   580 E SELinux : SELinux: Could not set context for /data/data/projekt.interfacer:  Permission denied
05-29 08:40:17.226   580   580 E installd: Failed top-level restorecon for /data/data/projekt.interfacer: Permission denied
05-29 08:40:17.219   580   580 W installd: type=1400 audit(0.0:135): avc: denied { relabelto } for name="projekt.interfacer" dev="sda15" ino=61332 scontext=u:r:installd:s0 tcontext=u:object_r:theme_data_file:s0 tclass=dir permissive=0
05-29 08:40:17.226 19831 19831 E PackageManager: Failed to create app data for projekt.interfacer, but trying to recover: com.android.internal.os.InstallerConnection$InstallerException: Failed to execute create_app_data [null, projekt.interfacer, 0, 3, 1000, platform:privapp, 25]: -1
05-29 08:40:17.228   580   580 E         : Couldn't opendir /data/user_de/0/projekt.interfacer: No such file or directory
05-29 08:40:17.229 19831 19831 W PackageManager: com.android.internal.os.InstallerConnection$InstallerException: Failed to execute destroy_app_data [null, projekt.interfacer, 0, 3, 61332]: -2
05-29 08:40:17.229   580   580 E SELinux : SELinux: Could not set context for /data/data/projekt.interfacer:  Permission denied
05-29 08:40:17.229   580   580 E installd: Failed top-level restorecon for /data/data/projekt.interfacer: Permission denied
05-29 08:40:17.219   580   580 W installd: type=1400 audit(0.0:136): avc: denied { relabelto } for name="projekt.interfacer" dev="sda15" ino=61488 scontext=u:r:installd:s0 tcontext=u:object_r:theme_data_file:s0 tclass=dir permissive=0
05-29 08:40:17.230 19831 19831 D PackageManager: Recovery failed!
05-29 08:40:17.231   580   580 E SELinux : SELinux: Could not set context for /data/data/projekt.interfacer:  Permission denied
05-29 08:40:17.231   580   580 E installd: Failed top-level restorecon for /data/data/projekt.interfacer: Permission denied
05-29 08:40:17.232 19831 19831 E PackageManager: Failed to create app data for projekt.interfacer, but trying to recover: com.android.internal.os.InstallerConnection$InstallerException: Failed to execute create_app_data [null, projekt.interfacer, 0, 3, 1000, platform:privapp, 25]: -1
05-29 08:40:17.219   580   580 W installd: type=1400 audit(0.0:137): avc: denied { relabelto } for name="projekt.interfacer" dev="sda15" ino=61488 scontext=u:r:installd:s0 tcontext=u:object_r:theme_data_file:s0 tclass=dir permissive=0
05-29 08:40:17.233   580   580 E         : Couldn't opendir /data/user_de/0/projekt.interfacer: No such file or directory
05-29 08:40:17.233 19831 19831 W PackageManager: com.android.internal.os.InstallerConnection$InstallerException: Failed to execute destroy_app_data [null, projekt.interfacer, 0, 3, 61488]: -2
05-29 08:40:17.234   580   580 E SELinux : SELinux: Could not set context for /data/data/projekt.interfacer:  Permission denied
05-29 08:40:17.234   580   580 E installd: Failed top-level restorecon for /data/data/projekt.interfacer: Permission denied
05-29 08:40:17.234 19831 19831 D PackageManager: Recovery failed!
05-29 08:40:17.229   580   580 W installd: type=1400 audit(0.0:138): avc: denied { relabelto } for name="projekt.interfacer" dev="sda15" ino=61491 scontext=u:r:installd:s0 tcontext=u:object_r:theme_data_file:s0 tclass=dir permissive=0
05-29 08:40:17.274 20058 20058 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

Change-Id: I39def485bbeea25e2b32baa30e575779afd50ce4
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-06-01 22:34:54 +02:00
Alex Naidis 874527426a
pa: sepolicy: Fix substratum related denial 
Part of 780277a592

The other part is in system/sepolicy already.

Change-Id: I351d48e564b8844474a15ee961aa139252adbfaa
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-03-27 16:33:06 +02:00
Evan Anderson 582bd50276
Revert "pa: allow system server to change hw buttons prop" 
* This breaks building for Nexus devices since they do not use the qcom
common sepolicy

This reverts commit ccc59715e0.

Change-Id: Ie7b93f4455b13d3db2386c6c8e8f103a51458b72
Signed-off-by: Evan Anderson <evananderson@aospa.co>
 2017-03-16 13:43:21 -04:00
thecrazyskull e1dafe3a42 pa: sepolicy: extend for our keyhandler extension 
Change-Id: I05146b35f80b62f5a6fac4588bf99526c4720c86
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2017-03-15 00:59:37 +09:00
Thecrazyskull ccc59715e0 pa: allow system server to change hw buttons prop 
* Needed for buttons code

Change-Id: I057c26f66c1932c5ea2ed5ac75c678331f665f89
 2017-03-15 00:59:09 +09:00
George G 4f34278ed0 pa: sepolicy: fix themed sounds 
02-08 17:26:48.011 18259-18259/? W/SoundPoolThread: type=1400 audit(0.0:31): avc: denied { read } for path="/data/system/theme/audio/ui/Lock.ogg" dev="dm-0" ino=1006317 scontext=u:r:drmserver:s0 tcontext=u:object_r:theme_data_file:s0 tclass=file permissive=0

Change-Id: If96d784d4a79e7c7f7d21d191c2e0795c366e03a
 2017-03-09 18:45:16 +00:00
bigrushdog 1727ae20f8 pa: sepolicy: fix themed boot animation 
W BootAnimation: type=1400 audit(0.0:42): avc: denied { open } for uid=1003 path="/data/system/theme/bootanimation.zip" dev="mmcblk0p42" ino=1657697 scontext=u:r:bootanim:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

W         : Unable to open '/data/system/theme/bootanimation.zip': Permission denied

W zipro   : Error opening archive /data/system/theme/bootanimation.zip: I/O Error

Change-Id: I1440bd967d7a06ee64ea861a2544b54caf909f23
 2017-03-09 18:45:06 +00:00
d34d 2ef1577fda pa: Introduce sepolicy exceptions for theme assets 
Assets such as composed icons and ringtones need to be accessed
by apps. This patch adds the policy needed to facilitate this.

Change-Id: I0420de579aed0cff5add181cd0a8bf0f2b05d723
 2017-03-09 18:44:50 +00:00
Mårten Kongstad 41d323a141 pa: OMS7-N: Add service 'overlay' to service_contexts 
The 'overlay' service is the Overlay Manager Service, which tracks
packages and their Runtime Resource Overlay overlay packages.

Bug: 31052947

Co-authored-by: Martin Wallgren <martin.wallgren@sonymobile.com>
Signed-off-by: Zoran Jovanovic <zoran.jovanovic@sonymobile.com>

Change-Id: Ie996707dd02166325271bee49163ac263e560a1d
 2017-02-24 21:53:21 +00:00
Christopher N. Hesse a9dfdafe59 pa: sepolicy: Move IOP rules to qcom common tree 
Change-Id: Ie3a3c555ebe11375dcd95b094d05e069158dab52
 2017-02-22 16:34:45 +00:00
Thecrazyskull ae74d700c5 pa: Allow iop to search sdcardfs dirs 
Change-Id: I88b36d943fde2057765e5c978412db704866e79d
 2017-01-21 15:09:48 +00:00
Luca Stefani 884980a0a5 pa: sepolicy: Allow system_server dir read access 
Change-Id: Ia6fc26781c1cb576c2feee3e941d7206e7878bb5
Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>
 2017-01-14 07:48:18 +09:00
Alex Naidis b5b198f2ce
pa: sepolicy: address new denial 
Change-Id: I6fdf9c06591a44c115e0c1005e9cd03c6457f5f5
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
 2016-12-18 20:13:54 +01:00
thecrazyskull 08029e68cb vendor: sepolicy: adress IOP denials 
Change-Id: I6e30574c3cece5f8d95d2a58290d80c872f24656
 2016-11-19 07:51:40 -05:00