android_vendor_lineage

Commit Graph

Author	SHA1	Message	Date
Ethan Chen	909343f3df	SELinux: Use custom ADB over network property * Use a custom system property to trigger the real one, so we avoid running afoul of any SELinux CTS requirements. Change-Id: If5e7a275f492631a673284408f1e430a12358380	9 years ago
Keith Mok	6bc84be525	sepolicy: Add permission for formatting user/cache partition If the "formattable" fstab flag is set, init will tries to format that partition, added the required policy to allow it. Change-Id: I858b06aa3ff3ce775cf7676b09b9960f2558f7f6	9 years ago
Keith Mok	fcfc13ac6f	sepolicy: Add domain for mkfs binaries The init binary must transition to another domain when calling out to executables. Create the mkfs domain for mkfs.f2fs such that init can transition to it when formatting userdata/cache partitions if the "formattable" flag is set. Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977	9 years ago
Steve Kondik	e01646719a	sepolicy: Allow adb pull of executables without root * Because we aren't actually jerks, contrary to popular belief. Change-Id: Ie39cce65ecc6a2861547865ff554b108b8b534fa	9 years ago
Diogo Ferreira	140305db6d	sepolicy: qcom: Allow reading PSU sysfs by system_server BatteryService queries the usb state to check whether the usb type is HVDCP. This patch adds a rule to allow that. For more context check BatteryService#Led#isHvdcpPresent. Change-Id: Ifacf13dde4b1df81c92bf5d92196e504e61dd402	9 years ago
Steve Kondik	aeec0ac261	sepolicy: Allow recovery to create links in the rootfs * Needed to support vold and other new code. Change-Id: I25a0b1cc6461eced7112dd4b3974a71423f7957b	9 years ago
Steve Kondik	48149d05a1	sepolicy: Rule for CM's perfd extension Manual apply and refactor of cm-12.1 patch: e04329df88211264e7a9c8f1d6b87a16d8d5639b Use the unix_socket_connect macro and switch to the new perfd domain. Change-Id: Ibb83220b32bad7805653140751c978e629f87ffb	9 years ago
codeworkx	01490eface	sepolicy: fix denial for sudaemon fixes root access for apps Change-Id: Iff443bf4cbea817917da72bbfc58f9fe42acceb5	9 years ago
Dan Pasanen	a90b69e921	sepolicy: add persist_block_device type * This is likely defined in several device trees, but not all remove it from your device trees if we're going to write rules for it here. Change-Id: I1dda04647d36db52525a3d57b485860dfe3eeb30	9 years ago
Steve Kondik	2c3b5d353e	sepolicy: Remove some denials * Allow apps to run the "df" command to look at disk usage. * Allow thermal engine to check/set battery limits. Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84	9 years ago
Steve Kondik	7d3eca93f4	sepolicy: Add policy for thermal engine changes * Cyngn devices will need this. Change-Id: I1e7528e92d0d4ed8c4029667d7ef3cf9081a6575	9 years ago
myfluxi	98df019cb4	sepolicy: qcom: Remove duplicate entry We have this in qcom/sepolicy/common already. Change-Id: Ibe6ada531f77d3ec00ff61081d21b3d36a1fe7a7	9 years ago
myfluxi	8501771607	sepolicy: Make superuser_device and sudaemon mlstrustedobjects Address: avc: denied { write } for pid=8782 comm="su" name="su-daemon" dev="tmpfs" ino=9462 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:superuser_device:s0 tclass=sock_file permissive=0 avc: denied { connectto } for pid=6666 comm="su" path="/dev/socket/su-daemon/su-daemon" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:sudaemon:s0 tclass=unix_stream_socket permissive=0 And thus fix su. Change-Id: I666277067c5ff9f2a985c243075c63fd87090b27	9 years ago
Steve Kondik	aeea5ad7a3	perf: Moving PerformanceManager to CMSDK * Devices will need to update their configurations! Change-Id: I22cf4ec96656b98f515cf28fef95443cf6adb397	9 years ago
Steve Kondik	714a761061	cm: Remove duplicate SEPolicy items * These are handled by the master SEPolicy now due to neverallow exceptions which occur on non-production builds. Change-Id: Id50d9e41e1c8b0b1f26df7921def9e7a201f49d9	9 years ago
Dan Pasanen	9ca9d95a76	sepolicy: remove sudaemon type declaration * this is already defined in external/sepolicy Change-Id: I541b5de5bb6057f4fa3d88b6e9b9425b65f9963e	9 years ago
Adnan Begovic	c3d3969971	vendor/cm: Fix up service contexts for sepolicy. Change-Id: Ibb04e967bd027c6d1118b8b471ec328c3b034d9d	9 years ago
Dan Pasanen	6ac91cb6d3	sepolicy: remove BOARD_SEPOLICY_UNION * this is a no-op now Change-Id: I3703a9670285017ce7aec9ac20c63a6f733b8ffa	9 years ago
Ricardo Cerqueira	b026605629	sepolicy: Underp the context for persistent storage The dir's context need love, too TICKET: CYNGNOS-1185 Change-Id: I659b3ba06079825fe850cf66858a9d98b5f61c46	9 years ago
Ed Falk	95682234f1	sepolicy: allow vold to trim persist Change-Id: I6441c00bfd173f1f3fd4c09a67c678c5bd4f8090 Issue-id: SYSTEMS-62	9 years ago
myfluxi	688479223e	sepolicy: Allow system app to set boot anim property Addresses denials observerd when using QuickBoot: <4>[ 224.756971] avc: denied { set } for property=ctl.bootanim scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_bootanim_prop:s0 tclass=property_service <3>[ 224.757094] init: sys_prop: Unable to start service ctl [bootanim] uid:1000 gid:1000 pid:6039 <4>[ 226.306456] avc: denied { set } for property=ctl.bootanim scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_bootanim_prop:s0 tclass=property_service Change-Id: I338a0a1d5fa12c10e413769ea9638c10ed137000	9 years ago
Steve Kondik	e2f23f0e91	cm: Fix a few denials * Missed a few things when cleaning up devices. Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63	9 years ago
Steve Kondik	b5c2cf0408	cm: sepolicy: Create central place for QC-specific policy * We have a number of policy items due to changes in our BSPs or for other things which interact with the QC sepolicy. Add a place for us to store this stuff so we don't need to copy it around to every device. Change-Id: I155ca202694501d42b42e2bd703d74049d547df0	9 years ago
Steve Kondik	b5dbbdf9cb	cm: sepolicy: Create standard policy for LiveDisplay Change-Id: Icb0047f261861c8fae99ffa4e9053de8d3aa8c73	9 years ago
herriojr	c6d40c01f7	Enable The AppSuggestService We need to enable our custom AppSuggestService in order to show possible suggestions. Change-Id: I9489723dfec315c7ff4ab414ebe88c3880876bd3	9 years ago
Adnan Begovic	c37c2313cf	vendor/cm: cmsettings -> cmpartnerinterface Change-Id: I9d9b30da37f243f77647c6d41cf0e0159968b8e2	9 years ago
Steve Kondik	a385501738	cm: SELinux policy for persistent properties API * Set up persistent properties for devices with a /persist partition. Change-Id: I78974dd4e25831338462c91fc25e36e343795510	9 years ago
Steve Kondik	587a3cff83	cm: Moving CMHW to CMSDK Change-Id: I4dae95dbe68c472ba3703fea588b542758ec8036	9 years ago
Joao Figueiredo	d0f6b187ae	cmsdk: Dual SIM support on CM SDK Change-Id: I209245e1a3165f329ed8a17a942340d96783ca13	9 years ago
Matt Garnes	874defe2bc	Add SettingsManagerService from cmsdk as a system service. Change-Id: I0909a5fd49e8e042293719de93ebc8fbaaa1a196	9 years ago
Steve Kondik	74891faea9	sepolicy: Allow recovery to set system properties * This is used by extremely critical things. Change-Id: Ie529851469408adac1e081fe4f6dc5daa9002933	9 years ago
Brandon McAnsh	f208523054	sepolicy: system_app: Remove performace setting related entries * Performance Settings has been removed/refactored so these are no longer neccessary. Change-Id: I5933700815d0037735fc48f8640b37d1f350ea91 Signed-off-by: Brandon McAnsh <brandon.mcansh@gmail.com>	9 years ago
Adnan Begovic	4c4e428da8	vendor/cm: overlay start for ProfileService in external framework. Change-Id: Ib1f8c6d00c2a66cfd8dac2b73ccd1bd053a3a497	9 years ago
Adnan Begovic	b53c503fee	Build CM Platform Library Change-Id: If62e6b1d2ac41730ff2a8d562173abd2cb768f93 Add cmstatusbar service to system server services context Change-Id: I77c5de75722cc5f36a5326e3da57ab661b89d189 Build Platform resource package. Change-Id: Id60f66b6db23989db1472a19bcb079b0083f7393 vendor/cm: Lock cm platform library/cmsdk to non-release builds. Change-Id: I01c1c3fe559d438e28339ce426d7ba7e42724002	9 years ago
Roman Birg	785c50ad3f	vendor: add sepolicy entry for killswitch service Change-Id: Ib3c44c50138f5715d92addbf8df7ed591785b550 Signed-off-by: Roman Birg <roman@cyngn.com> (cherry picked from commit 2ca5d3999b35d328f0969a264009bffe0faf889d)	9 years ago
Emerson Pinter	dc699fb190	sepolicy: Permissions for userinit Change-Id: Icaf9d191841a6214925729e40d84a61a2ebf2296	9 years ago
Tom Marshall	b4bf950060	sepolicy: recovery: Allow data file write Needed to preserve /data/.layout_version (aka nesting bug fix). Change-Id: Iaae982223e80ad10479cf1ca3db09da7ada5663e	9 years ago
Scott Mertz	69c2e7f721	[3/3] CmHardwareService: add sepolicy Change-Id: I551f61f40225a679593e94dbd47bb2fb0025da7e	9 years ago
dhacker29	c552843f1a	sepolicy: Allow CMUpdater/uncrypt access to recovery_cache_file Change-Id: I514d128160ed4e04564077d7a2e2ad297af92e28	10 years ago
Christopher R. Palmer	da48ab89ac	sepolicy: Allow vold to create tmpfs files for asec containers Change-Id: Ic8f1641928840774204099453b74dc1b52b3c6f8	10 years ago
Brint E. Kriebel	ac15eaedf9	sepolicy: Allow system apps to write cache and media files Updaters need to be able to read and write to these locations. Change-Id: I928a5f73ec29ab4fecb717072532d449192f3ca9	10 years ago
dhacker29	b4878d4cf1	sepolicy: Fix denails for flash_recovery service Needed when option is checked to update cm recovery Change-Id: I0b2fbfd7c141ae03ce14b9afeffd3a027d791c80	10 years ago
Ricardo Cerqueira	c75446d072	sepolicy: Split off /cache/recovery's permissions /cache/recovery is used by 2 domains: recovery and updater apps. Separate its perms from the rest of /cache and grant them to those 2 clients Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf	10 years ago
Georg Veichtlbauer	2ccd36c73f	sepolicy: allow userinit to set its property Change-Id: I9d8270d889566d169077a1b1fdaee43059d11ee1	10 years ago
Adam Farden	7b865eb046	sepolicy: actually include mediaserver.te Added in patch `e9c2de0679` but not included Change-Id: I2ae901a7c80fceb33dba2ed4122d2aa47bff5a51	10 years ago
Roman Birg	c71cc6c4a8	cm: add torch service sepolicy entry Change-Id: I6e6feae5fe6b4092c137ee2337c4a15b390df45e Signed-off-by: Roman Birg <roman@cyngn.com>	10 years ago
Steve Kondik	998f53679b	sepolicy: Let drmserver scan themes Change-Id: I7675b302723ef8700067ae9ef237daf6346a6627	10 years ago
Steve Kondik	77cabf5188	sepolicy: Fix policy for keyhandler Change-Id: I2860f469480b082511e30530aed8a9027e9fe4b9	10 years ago
dhacker29	381a6501fa	sepolicy: Allow cmupdater/uncrypt access to media_rw_data_file Change-Id: I800584af2919e3397b19d229fc28ad50cc4b2730	10 years ago
Steve Kondik	c6eb71e57a	cm: sepolicy: Allow use of dexclassloader by systemserver * Needed for custom keyhandler. Change-Id: Ifa57ad81951f9e1009eb291726cd8dfe36a3482e	10 years ago

1 2

95 Commits (909343f3dff4d2c4868584bfafe953032a92d9bd)