pe-devices/device_xiaomi_miatoll
1
0
Fork 0
mirror of https://github.com/PixelExperience-Devices/device_xiaomi_miatoll.git synced 2025-06-03 20:07:36 +09:00
Code Issues Projects Releases Wiki Activity
417 Commits 5 Branches 0 Tags
Commit Graph

27 Commits

Author SHA1 Message Date
Johnny Lee
f58073beb7
miatoll: sepolicy: label extcon files 
Bug: 199218084
Test: boot with those files labeled
09-09 10:39:55.703  1660  1660 W android.ui: type=1400 audit(0.0:6):
avc: denied { read } for name="name" dev="sysfs" ino=62812
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_extcon:s0
tclass=file permissivei=0

Change-Id: Iba001f99cf9290f55f860382829c8ce74912f14c
 2022-11-17 19:15:28 +00:00
adi8900
3cdc1e2ff8
sm6250-common: Address QCOM WFD denials 
* Fixes buggy QCOM WFD connections.

Change-Id: I9e0b92e7bc9d0ae5e3f50a4f18a0b19988da9a00
 2022-09-04 09:19:27 +00:00
althafvly
067af982ed sm6250-common: sepolicy: Remove debugfs related rules 
- Removed from sepolicy_vndr

Change-Id: Ifd65abd0292577ec050904265310f17b86e10899
 2022-08-28 07:38:19 +02:00
Sebastiano Barezzi
053d81bf4b
sm6250-common: sepolicy: Don't grant system_server access to fingerprint props 
Change-Id: I4f391e43a80c25d7fcedde12a70b3215913fcfd2
 2022-08-26 18:27:17 +00:00
Sebastiano Barezzi
b45758328a
sm6250-common: sepolicy: Label fingerprint props as restricted vendor 
* System only reads them, but never sets them
* Rename to vendor_fingerprint_prop while at it

Change-Id: Id980731ec53338c5c5a07b81f10a283c428d17aa
 2022-08-26 18:27:17 +00:00
Michael Bestas
e4cf86cbb5
sm6250-common: sepolicy: Fix fingerprint labels 
Change-Id: I66188247ce9268929763236c0ac2fa483273f1cc
 2022-08-26 18:27:16 +00:00
Inseob Kim
7295be9301
sm6250-common: sepolicy: Attach vendor_property_type to properties 
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: I33c40ca345365d8f01f43d3ce7f1f3434b1edfd5
Signed-off-by: Sebastiano Barezzi <barezzisebastiano@gmail.com>
 2022-08-26 18:27:16 +00:00
Alexander Winkowski
4663e12a68
sm6250-common: sepolicy: Remove unused type definitions 
Change-Id: Idea8863bf29f609a4641275c3d30d7f6396eda0f
 2022-08-26 18:27:16 +00:00
Alex Hong
363fbefd2a
sm6250-common: sepolicy: Solve the naming problem for vendor property 
Bug: 158720266
Test: Build selinux modules successfully
Change-Id: I01a83a7828d34db982db60bbf307c81fc12c7939
 2022-08-26 18:27:15 +00:00
Alexander Winkowski
335649a0c2
sm6250-common: sepolicy: Fix namespace violation 
The property_contexts in vendor should contain vendor props only.

Change-Id: Ieb621921dc43f6c9b6b451fe45ac1a3fbaaac3c8
 2022-08-26 18:27:15 +00:00
Alexander Winkowski
7181e78423
sm6250-common: Remove custom thermal service 
There is little point in keeping it only for rebranding. Just
build Pixel one directly.

Change-Id: I2c9d5745eb1764642dcebabdc623fb8033d9943d
 2022-08-26 18:17:37 +00:00
Sebastiano Barezzi
165b7d8345
sm6250-common: Move to common Xiaomi fingerprint HIDL 
Change-Id: I6c29a831e985ee440c92a98aad8d33f25b9e5b2d
 2022-08-26 18:17:37 +00:00
Sebastiano Barezzi
5ad37fc324
sm6250-common: Move to common Xiaomi light AIDL 
Change-Id: I00494cd392d19abd97cd65aeb4ec4bd9c9b11352
 2022-08-26 18:17:36 +00:00
Sebastiano Barezzi
5856d339ed
sm6250-common: Add power AIDL DT2W support via sysfs node 
Change-Id: Idcff758444a5c89ba20f2ae804a407ee78c445cb
 2022-05-26 13:14:36 +00:00
Alexander Winkowski
73be6dca46
sm6250-common: Remove zram writeback leftovers 
It has been disabled in kernel because of memory corruption.

Change-Id: I50e4cdc39b38a510d39032253606ddec3e41d22c
 2022-05-26 13:14:35 +00:00
Alexander Koskovich
54830186e5
sm6250-common: Don't mount TraceFS twice. 
* AOSP already mounts TraceFS in system init, so mounting it twice
   causes SEPolicy denials. See the comments in this change.

   https://android-review.googlesource.com/c/platform/system/sepolicy/+/1294195

Change-Id: Ic5d9ac2dbd36e404a93a8d48aa0ea933fd7fa701
 2021-09-23 18:42:57 +02:00
Mimi Wu
b744748f1d
sm6250-common: Modify sepolicy for toolbox to rm -rf /data/per_boot 
type=1400 audit(1581489923.612:571): avc: denied { getattr } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:572): avc: denied { read } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:573): avc: denied { open } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:574): avc: denied { getattr } for comm="rm" path="/data/per_boot/ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.616:575): avc: denied { write } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:576): avc: denied { remove_name } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.619:577): avc: denied { unlink } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.656:578): avc: denied { rmdir } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I22706c63fb13ea2aae0cd9fe8b92edc578fd459e
Signed-off-by: Mimi Wu <mimiwu@google.com>
Signed-off-by: Albert I <kras@raphielgang.org>
 2021-09-09 18:46:36 +02:00
Mimi Wu
316cdce3f5
sm6250-common: Add sepolicy for kernel to access /data/per_boot/zram_swap 
type=1400 audit(0.0:4): avc: denied { read } for path="/data/per_boot/zram_swap" dev="dm-5" ino=29313 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I338040c9166ddd5eb2f06d7cba1aee85da988c53
Signed-off-by: Mimi Wu <mimiwu@google.com>
Signed-off-by: Albert I <kras@raphielgang.org>
 2021-09-09 18:46:36 +02:00
Albert I
233e73dbc0
sm6250-common: sepolicy: Allow neural networks HAL to read ADSP properties 
Signed-off-by: Albert I <kras@raphielgang.org>
Change-Id: I3fa6f51b746703bab2faf3f5fd6334b221a8636c
 2021-09-09 18:46:36 +02:00
Albert I
e42d1c571f
sm6250-common: sepolicy: Allow apps and camera HAL access to secure ADSP domain 
Signed-off-by: Albert I <kras@raphielgang.org>
Change-Id: Ibb1071299632ab53726638dbcc134d4bca59fc52
 2021-09-09 18:46:35 +02:00
dianlujitao
92b6e36b71
sm6250-common: Make fastrpc_shell_3 publicly available 
* Used by GCAM for DSP-accelerated HDR processing
 * Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to
   same_process_hal_file like Pixels, but the partition is prebuilt thus
   we're unable to relabel it.
 * Copy the file to writable tmpfs, setup attributes and bind mount back
   to workaround the limitation.

[ghostrider-reborn]:
Allow adsp/cdsprpcd and neuralnetworks HAL to access fastrpc_shell_3

[kras edit:
 1. rename some contexts as per qva/kona
 2. extend to allow camera HAL and VPP service to access it as well]

[dereference23: Remove VPP policy because atoll doesn't use it]

Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
Change-Id: Ide90e5c7307d413db5ece736e859559f06679545
 2021-09-09 18:46:35 +02:00
Alexander Winkowski
c653ce51be
sm6250-common: Pull SELinux policy from Xiaomi SM8250 tree 
Change-Id: I83dce3c678f796034fd39947414c8067d338edf2
 2021-09-09 18:46:35 +02:00
Alexander Winkowski
cefd104891
sm6250-common: thermal: Rebrand to Xiaomi SM6250 
Change-Id: Iafa72da14648a2652df9b64a02dd6e5b9fa8bd9b
 2021-09-09 18:46:29 +02:00
Alexander Winkowski
c03d9330bc
sm6250-common: Import Pixel thermal HAL 
* From hardware/google/pixel at 728fb99bbb910be05711421310efa6827aaaa4fa.

Change-Id: I763b4dbef65084cfee337065b2c5ab465f69bca8
 2021-09-09 18:46:29 +02:00
Alexander Winkowski
ab8029bdc2
sm6250-common: Build Xiaomi power AIDL HAL 
Change-Id: I0e10f0b36598b8cbf25ee2dc08b8a4eced95c2ed
 2021-09-09 18:46:23 +02:00
Sebastiano Barezzi
b4e037ad8e
sm6250-common: lights: Rebrand to Xiaomi SM6250 
Change-Id: I3c2ec7f68b0d845ea15277e396194409f8ebe216
 2021-09-09 18:46:21 +02:00
Volodymyr Zhdanov
d93a5f853e
sm6250-common: biometrics: Rebrand to Xiaomi SM6250 
Change-Id: Ia70786f28372e49cc3dc3d25fedbbe3a1562b5a7
 2021-09-09 18:46:18 +02:00