micky387
ffdd0dc110
Sepolicy: Add perm for find cmstatusbar
...
01-11 20:56:42.459 367 367 E SELinux : avc: denied { find } for service=cmstatusbar pid=4069 uid=10094 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:cm_status_bar_service:s0 tclass=service_manager permissive=0
Change-Id: I807db436c6e983244c08ca025d41d75d035dbc0f
8 years ago
fluxi
18d03eb7a0
sepolicy: Address new bluetooth denial
...
avc: denied { getattr } for pid=1538 comm="droid.bluetooth" path="/storage/emulated" dev="tmpfs" ino=20607 scontext=u:r:bluetooth:s0 tcontext=u:object_r:storage_stub_file:s0 tclass=dir permissive=
Change-Id: I1456561db1d5e2ebd5634756409c8b198f4f4b64
8 years ago
Michael Bestas
3ada201b05
Add permissions & sepolicy for HBM
...
* Devices with AMOLED panels use HBM instead of SRE
Change-Id: I6710e038997b04d5d7d6b5f4f6b01d3f18b4750f
8 years ago
Michael Bestas
047385afe9
sepolicy: Escape '.' character
...
Change-Id: I35a726170f77e3f144ab7b79eac054d7fec9dc97
8 years ago
Michael Bestas
22abf9d4d1
sepolicy: Fix "Allow adb pull of executables without root"
...
* The policy file had the wrong extension
Change-Id: I47af98d80a950af4e4795646585b1b318e298405
8 years ago
Adrian DC
143269c242
vendor: cm: Move fuseblk to system/sepolicy
...
* The rule is needed earlier in system/sepolicy
Change-Id: I3f6c45d48f4af28266f124e918966991016a4e1a
8 years ago
d34d
6ddd83551c
themes: allow system_server to relabel them dir
...
On a fresh install the theme service broker creates the initial
theme directory which needs to be relabeled to a themeservice_app_data_File
in order for the brokered theme service to write to this directory
Change-Id: Ifd689a0c619c0e954192749b83a0cacaa945468f
TICKET: NIGHTLIES-3349
8 years ago
Steve Kondik
ae07227c2d
sepolicy: Allow apps to find the weather service
...
Change-Id: I9cc5ca54eef9e9a32851c6ef896ee518a44349a8
8 years ago
Steve Kondik
90db8adf1e
sepolicy: Fix class* property trigger denial
...
Change-Id: If22f46b9bc8b3acd80c83e98de84cd77b34157a1
8 years ago
LuK1337
d823ca236f
sepolicy: Fix adbsecure_prop denials
...
Change-Id: I78a5570f330e703b7f7ac2b34370a83bbb2a0d87
8 years ago
Steve Kondik
0525ff2a9e
sepolicy: Fix a few denials
...
* From sysinit and adbd
Change-Id: I56505e34774f9697a7f336efb43808a651a871f8
8 years ago
LuK1337
314a2bc163
sepolicy: Allow vold to `getattr` on mkfs_exec
...
* Fixes denial while trying to format external
SDcard as adopted storage.
Change-Id: I244ec9b5886888e1cbe488c671b9862b653f73a9
8 years ago
Steve Kondik
5b98d78fa9
sepolicy: More cleanups for N
...
* Fix up recovery stuff
* Disable themes until ready
* Disable CMUpdater until ready
Change-Id: I99073b91fbd1ec16e59602da644727a0d019f330
8 years ago
Steve Kondik
14761fd865
Revert "selinux: Add rules for the audit daemon"
...
* No longer used
This reverts commit 15df17f9ac
.
Change-Id: If2a187179e4c93e2afc78be4cb863a48dbbe1dd0
8 years ago
Steve Kondik
aa38b56dac
sepolicy: Clean up policy for N
...
Change-Id: I39ddec0f60a9995de13b82f09705d246d7e0f454
8 years ago
Steve Kondik
e73b8c1bd6
cm: Allow LiveDisplay to write to display misc dir
...
* Need write permission to create file containing the current mode.
Change-Id: I4ed26412e7ec38861156110c7eb51ef707a0999f
8 years ago
Steve Kondik
eac861613e
sepolicy: Move new QCOM-specific policy to the right place
...
* Don't wanna break the build for anyone again :( The
native stuff is very QCOM specific and won't work elsewhere.
Change-Id: Id5dbba1a46dc12cbd5914cf3072ed92a72039b31
8 years ago
Steve Kondik
dfcd472673
sepolicy: Additional policy for LiveDisplay
...
* LiveDisplay needs to store the user-selected default mode somewhere
in the case where we are mixing local sysfs-style modes with QDCM
modes. Add a rule for this.
Change-Id: I42b80df7c0ee3c2815594c8a6feea3dc078c6ae2
8 years ago
Adrian DC
463feb6005
cm: sepolicy: Fix the vold blkid.tab denial from recovery
...
* denied { link } for pid=190 comm="minivold"
name="vold_blkid.tab" dev="tmpfs" scontext=u:r:vold:s0
tcontext=u:object_r:vold_tmpfs:s0 tclass=file
Change-Id: I0b3e47dd00c5a32261691f51838a8d9af9778faa
8 years ago
d34d
79eda9ebb8
sepolicy: Put theme service in its own context
...
Allow the theme manager and its data to be sandboxed in
its own context
Change-Id: I7898663d1c196bfe04fa4c539d20191a43fde284
8 years ago
Steve Kondik
cd726ac1db
sepolicy: More IOP rules
...
Change-Id: I6d6cfd7202c94135344eb718e0c6ac5347a0ece7
8 years ago
dianlujitao
5b6ff16746
sepolicy: Fix MTP for sdcardfs
...
Change-Id: I8fe011140798925ee5b5926355868febd595a788
8 years ago
Steve Kondik
fa37074c9f
sepolicy: Let the IO prefetcher look at sdcardfs
...
Change-Id: Ie618887fbf292c702df720f04840ab3c8ff222f7
8 years ago
Luca Stefani
630d7ed01f
cm: sepolicy: Allow system_server dir read access
...
Change-Id: Ia6fc26781c1cb576c2feee3e941d7206e7878bb5
8 years ago
Steve Kondik
441752f996
sepolicy: Allow media_rw write to fix camcorder denials
...
Change-Id: Icc892d8b2c34950431564738b66d8e8baefc62be
8 years ago
Steve Kondik
6905134e76
sepolicy: Revert custom sdcardfs policy in favor of AOSP
...
* Upstream policy showed up in AOSP this morning. Dropping
ours in favor of AOSP.
Revert "sepolicy: A few more denials"
This reverts commit 522c421f66
.
Revert "sepolicy: More policy for sdcardfs"
This reverts commit 4a24ffeb6a
.
Revert "sepolicy: Add sdcardfs support"
This reverts commit ba87877dd0
.
Change-Id: I4f066b9bd5d8c899137fcaa12999f2547f9e0ec0
8 years ago
Steve Kondik
522c421f66
sepolicy: A few more denials
...
* Hopefully the last of the sdcardfs denials
Change-Id: I2a9fbc33696d2517fd2596f64f55656a14d66c2c
8 years ago
Steve Kondik
4a24ffeb6a
sepolicy: More policy for sdcardfs
...
Change-Id: Iddc6f86bd1e4b9942139acf9b7e75279b3865b8a
8 years ago
Steve Kondik
d4a0f0adff
sepolicy: Add rule to allow sdcardfs to read package list
...
* Do not carry forward into N release.
Change-Id: I1f90695c48ac5a19848efafb146eabdff1ca4b6a
8 years ago
Steve Kondik
ba87877dd0
sepolicy: Add sdcardfs support
...
Change-Id: Ib9486b0ad7ed0e4c53494271e6fd35bcfedba40a
8 years ago
Bruno Martins
6fed2cf409
sepolicy: Allow batterymanager and batteryproperties services to be found
...
Change-Id: Ia2a1734a74c4bba0bc09f150442aec573d769370
8 years ago
Dan Pasanen
2b8c4b27fe
sepolicy: put bash in shell context
...
* Necessary for being able to execute commands such as 'su'
from a non-root shell
Change-Id: Icbaaa6ff7447add65441011944bdc5d13b788c86
8 years ago
Deepak Kundra
278fa600d7
persist.dbg/data for radio to control QC prop's
...
Issue-id:FEIJ-679
Change-Id: Iafe0405fd4a83c8f22e1af7152c1c3a009cd2e71
8 years ago
Pat Erley
ca2061460c
sepolicy: Allow uncrypt additional access
...
Uncrypt may need access to additional selinux contexts for devices
with created storage solutions.
Change-Id: Ie90f130ff6bafdd195379f7d57504b2fce4ef830
8 years ago
Steve Kondik
603ce3ba3e
cm: Extend policy for IOP
...
* IO prefetcher needs to dig into themes and media as well.
Change-Id: I72cd7fca3a7cacf28764023a73c66e4ea8a58be5
8 years ago
Steve Kondik
e49dd26ace
cm: Add SE policy for iop service
...
Change-Id: I14338a03c469cd71a6d5c7fecc71eb2290b2e6c4
8 years ago
Zhao Wei Liew
de1ad36765
cm: Allow LiveDisplay to write to color_enhance
...
The proper permissions for the color_enhance sysfs node weren't
being set, rendering the color enhancement switch useless.
Set the proper permissions for LiveDisplay to toggle color enhancement.
Change-Id: Ic8dba8953b73a497cb01a645834c0e7934092b38
8 years ago
Steve Kondik
7a92949668
cm: Remove garbage from sepolicy
...
* Not sure how the -- got here but it causes the rules to be invalid.
Change-Id: Ib17217d14f844d7aa27bb554346183e32ff5ae13
8 years ago
Steve Kondik
3fe3faafd0
cm: Add CMAudioService the platform
...
* Also brings JNI to CMSDK
Change-Id: I599964a1f9200a8d2ecdad0bb8c4d8593e6d7415
8 years ago
Pat Erley
da1a9004f8
sepolicy: Allow recovery to mount on tmpfs
...
/storage is a tmpfs volume, and is where updater stores its zip
when downloading updates. Devices with emmc partitions that are
used as 'sdcard' volumes will end up with paths like:
/storage/UUID/...../update.zip
where UUID is the mount point for the partition and update.zip is
the downloaded update. With this change, minivold can create the
UUID folder and mount onto it, fixing the application of updates.
Change-Id: I4fa84fd590f5ff0f91e38c49cef0c179728fdf43
8 years ago
Steve Kondik
512d428d2f
cm: Moving LiveDisplay to CMSDK
...
* Also alphabetized the list of feature xmls, you filthy pigs.
Change-Id: I094a46c313be4531c6dd1af1e007a26b2476d60e
8 years ago
Matthias Yzusqui
ef1a479318
cm: sepolicy: allow platform apps to execute render scripts
...
* Needed by Gallery3D Photo Editor to apply effects like:
Vignette and Graduated.
Change-Id: I7b07a974fbdb77abbaba1c15a21e918406d2175b
8 years ago
Luis Vidal
6d61d301e5
Add Weather Content Provider [3/5]
...
Introduce the weather system feature, which will be used to
identify if the Weather Content Provider/Weather services are
available in the device.
Add SELinux entries for the cmweather service
Change-Id: Ibe862903095276f87f23c0d7dae54733eeeb5638
8 years ago
d34d
2cf159cdf9
LLS: Add live lock screen service [3/4]
...
Change-Id: I9136e9c9c1413c45aa300f0c92fd69b0c409a052
8 years ago
codeworkx
b7c8dec762
cm: sepolicy: allow platform apps to crop user images
...
Needed for gallery3d when setting contact pics
avc: denied { write } for comm=4173796E635461736B202334
path="/data/data/com.android.settings/cache/CropEditUserPhoto.jpg" dev="mmcblk0p50" ino=65849
scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=file
permissive=0
03-05 13:07:40.741 22060-22207/com.android.gallery3d W/System.err﹕ java.io.IOException: write
failed: EACCES (Permission denied)
Change-Id: Iaa7f75abfd41c86e1a321d5f35b950f9dc7eb930
8 years ago
d34d
e7036e8387
Themes: Refactor themes to CMSDK [3/6]
...
Change-Id: Ia8f3a5080f2ca2cecc3474058db4970c5661c89c
TICKET: CYNGNOS-2126
8 years ago
AdrianDC
36cb29d509
recovery: Add new rule for sys.usb.ffs.ready
...
init: avc: denied { set } for property=sys.usb.ffs.ready
scontext=u:r:recovery:s0 tcontext=u:object_r:ffs_prop:s0
tclass=property_service
Change-Id: Id3441ccc3c6a8915a5fdf50efd8c617d1242868a
8 years ago
FrozenCow
ec0322e31b
cm: sepolicy: allow kernel to read storage
...
This fixes issues where the kernel would need to read and write
files from internal or external storage. More specifically, the
kernel needs these rules for USB mass storage to work correctly.
Change-Id: I8cb0307727bc0c464d5470e55275ad808e748ee0
8 years ago
Pat Erley
15697319ca
sepolicy: Allow system server and uncrypt access pipe
...
System server needs to be able to create a pipe in the cache partition
for uncrypting OTAs. Uncrypt needs to be able to read and write the
pipe.
Change-Id: Ie03ee7d637eaecff8fe38bf03dc733b3915cd336
9 years ago
Pat Erley
db4fb0ee6b
recovery: Add new rules for recursive wipe
...
We now use a temporary context when mounting /data, so add permissions
to do that, and add permissions necessary to do the recursive wipe.
Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321
9 years ago