Commit Graph

96 Commits

Author SHA1 Message Date
danielml
cc633a0998 sm6150-common: sepolicy: Label /dev/block/mmcblk0p1 as sdcard block device
* Needed for DSU

Change-Id: I25f7272621451723eb0fc72d9b772795a1f8ed51
Signed-off-by: danielml <daniel@danielml.dev>
2023-08-20 18:47:33 +02:00
Arian
ffd0ded683 sm6150-common: sepolicy: Label cust, system and vendor block devices as system_block_device
Change-Id: Id230ee4893e67689e9162e834e9c7b9c5482c6c8
2023-08-20 18:46:58 +02:00
Arian
19e23767df Revert "sm6150-common: Force restorecon for /mnt/vendor/persist"
This reverts commit a13246a7fc.

This causes dac_override denials, set no_sehash_xattr on persist
in fstab instead to fix the issue.

Change-Id: I75f824d5b2beca5f7c3835045a7f568736e148f0
2023-06-05 11:38:04 +02:00
danielml
84cbd43575 Revert "sm6150-common: parts: Enable doze_status on screen off"
* Manually setting the doze status before entering the low-power mode
  makes the doze mode not to be set correctly on sweet.

* The doze status is automatically set when entering the low-power mode

This reverts commit 10f101e143.

Change-Id: I4dfee2ffb351b9bc426268e437a26f9eaefec319
2023-06-05 11:38:04 +02:00
danielml
f4e2098486 sm6150-common: sepolicy: Rename sys.panel.display to vendor.panel.display
Change-Id: I1765a9f867dad4ec7bdea40c50671e6416f871cb
Signed-off-by: danielml <daniel@danielml.dev>
2023-06-05 11:38:04 +02:00
Sebastiano Barezzi
c87372b3db sm6150-common: sepolicy: Drop camera.sensor* properties
* These were renamed to vendor.camera.* properties whose definition
  already exists in our current policy

Change-Id: I4392a7880d36b6b6d6aff4a6d9b43c1fc2bab950
2023-06-05 11:38:04 +02:00
Sebastiano Barezzi
6d2810da32 sm6150-common: sepolicy: Bringup property_contexts for Android 13
Change-Id: I60070ba7658ce262be66ee3bdd0cb6cdcf9b8c49
2023-06-05 11:38:04 +02:00
danielml
187b64e74f sm6150-common: sepolicy: Remove no longer existing properties
Change-Id: Icf3ef6dbf497671fec757f0de56d58df432d1d87
Signed-off-by: danielml <daniel@danielml.dev>
2023-06-05 11:38:04 +02:00
basamaryan
4fd45a6d3a sm6150-common: sepolicy: Label fpc wakeup node
Change-Id: I6c7b7d5d2777bfae02b3bd8b0d875ccc2564f337
2023-06-05 11:38:04 +02:00
LuK1337
b2babf0134 sm6150-common: Make trust use dwc3 usb_data_enabled
Change-Id: I8fab94faf383c57e872596f8bb3c448afc6d75de
2023-06-03 21:42:43 +02:00
raghavt20
4a67b5eb26 sm6150-common: sepolicy: Label Spi IR node
Change-Id: I550e823b11bbc8e37cffa164a2047d57d8a5499a
Signed-off-by: raghavt20 <raghavt20@aospa.co>
2023-05-18 17:09:45 +05:30
basamaryan
52a5530afe sm6150-common: sepolicy: Label more wakeup nodes
Change-Id: I3fd5d4f44b28b7c0c8bff6adb8d39e9a389b1981
2023-01-27 01:32:59 +00:00
Bruno Martins
bb8d9f4905 sm6150-common: sepolicy: Label UDFPS state node
Change-Id: I7a4ca9a3e98e0af90be5aedc88fa1eaa344abb76
2022-11-15 11:20:32 +01:00
Arian
28b9dec732 sm6150-common: sepolicy: Label new telephony properties
Change-Id: Iad765076ceba263e4933374178eec670ffc81959
2022-07-13 17:54:15 +02:00
Bruno Martins
cc3ba5c9c2 sm6150-common: Move to common fingerprint HIDL
Change-Id: I7cb0a45c865d9dbfd800b1d633f8d5ae613bb1b9
2022-06-28 00:41:07 +02:00
Arian
f97544641c sm6150-common: sepolicy: Extend vendor_toolbox permissions to files in persist
Change-Id: Idf0d7b67e861d2dcb8f6b46cbd2cc5b26b77e08d
2022-06-28 00:40:59 +02:00
Arian
dc759f6420 sm6150-common: sepolicy: Label additional usb related wakeup nodes
Change-Id: I21b3a00d504938f0b1da02f606c8f0fb729aa089
2022-06-28 00:23:34 +02:00
Arian
08b94607f0 Revert "davinci: sepolicy: Remove qcom PMIC devices wakeup nodes"
* These are not labelled by qcom sepolicy on 19.1 anymore

This reverts commit a02dd0dd72.

Change-Id: I5beb0916a1942507f13720de0d0d986422e5eb2e
2022-06-28 00:23:34 +02:00
Felix
a13246a7fc sm6150-common: Force restorecon for /mnt/vendor/persist
The restorecon_recursive directive in init is only applied if the
file_contexts file changed between builds, but not necessarily if any
file or folder inside /mnt/vendor/persist/ has changed.

The restorecon code checks whether an xattr named
"security.sehash" contains a string that matches the current
combined hashes of the SELinux context files and skips restoring labels
if there is a match, see
https://android.googlesource.com/platform/external/selinux/+/refs/tags/android-9.0.0_r35/libselinux/src/android/android_platform.c#1546

Force wiping that xattr so that restorecon always runs since it's not
very expensive (there are currently only about 50 files on /persist).

The restorecon is needed to fix issues such as wrong stock labels on
/mnt/vendor/persist/sensors/:
sensors_persist_file -> persist_sensors_file

Change-Id: Ic0cd848836ee550499d9236f56ed6e939e35f01e
2022-03-27 13:38:12 +02:00
Arian
f23eac1c98 sm6150-common: sepolicy: Add vendor prefix to camera persist file type
Change-Id: Ia42113acb0fcf5667c0b89ecdd7def13681ca0be
2022-03-27 13:38:07 +02:00
Arian
5a4c03d68e sm6150-common: sepolicy: Move xiaomi specific property labels to vendor
Change-Id: I4f2f5e2ee9b0751e3af14fbb1cd4ab93814755f8
2021-12-29 10:19:42 +00:00
Arian
1edab42a1a Revert "davinci: sepolicy: Label manufacturer prop used by camera hal"
This is labelled in system/sepolicy as build_prop now

This reverts commit 50625df1c3.

Change-Id: Ia744a2c2eba1c6aade04e29c975c6b8bc26c9fee
2021-12-29 10:19:01 +00:00
Inseob Kim
87b0b914b1 sm6150-common: sepolicy: Attach vendor_property_type to properties
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Merged-In: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
(cherry picked from commit 44eb8e1f89adf04fd413a69391fd444ba68af742)
(cherry picked from commit 1922128397116d551a663d5344b4456a84bf46eb)
2021-12-29 10:18:50 +00:00
Cosmin Tanislav
bd7d6d7d59 sm6150-common: fingerprint: Add thread listening for fod_ui sysfs event
Change-Id: I36f5789657daa70cf39fbdfe501392b9f96dbf2e
2021-12-29 10:17:39 +00:00
Arian
3cf7b626a4 sm6150-common: fingerprint: Conditionally implement UDFPS
hardware/fingerprint.h is imported from android-12.0.0_r1.
The xiaomi fingerprint extension command was added to the
fingerprint_device struct and it was clang-formatted.

Change-Id: I5c5f876eb47a558059a2423ca5f6cc75afaf3e1d
2021-12-29 10:16:45 +00:00
Arian
a54d369435 sm6150-common: fingerprint: Uprev to 2.3 HAL
Change-Id: I56ea1646ef464f7e533add5a0017620e21db686d
2021-12-29 10:13:58 +00:00
Arian
565809d0b5 Revert "sm6150-common: fingerprint: Allow to build without fingerprintextension"
This reverts commit a8c1391091.

Change-Id: I78244b2491b8ba824907cf1cb056c2f26bffbc72
2021-12-29 10:13:58 +00:00
Jaegeuk Kim
778c3c7f4a sm6150-common: sepolicy: Allow ioctl to zram_swap for performance
This fixes permission denied when setting F2FS_PIN_FILE.

[   46.726131] init: [libfs_mgr]Failed to set pin_file for f2fs: /data/per_boot/zram_swap: Permission denied
[   46.726151] init: [libfs_mgr]Failure of zram backing device file for '/dev/block/zram0'
[   46.726341] type=1400 audit(1601025878.312:17): avc: denied { ioctl } for comm="init" path="/data/per_boot/zram_swap" dev="dm-9" ino=4868 ioctlcmd=0xf50d scontext=u:r:init:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=0

Bug: 169311165
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I982f70556284ac55d659bae6aff93b84d71e67f0
2021-12-29 09:59:07 +00:00
Mimi Wu
479a60f41c sm6150-common: sepolicy: Modify sepolicy for toolbox to rm -rf /data/per_boot
type=1400 audit(1581489923.612:571): avc: denied { getattr } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:572): avc: denied { read } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:573): avc: denied { open } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:574): avc: denied { getattr } for comm="rm" path="/data/per_boot/ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.616:575): avc: denied { write } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:576): avc: denied { remove_name } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.619:577): avc: denied { unlink } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.656:578): avc: denied { rmdir } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I22706c63fb13ea2aae0cd9fe8b92edc578fd459e
Signed-off-by: Mimi Wu <mimiwu@google.com>
2021-12-29 09:59:01 +00:00
Mimi Wu
73025604d6 sm6150-common: sepolicy: Add sepolicy for kernel to access /data/per_boot/zram_swap
type=1400 audit(1581485243.256:88): avc: denied { read } for comm="loop29" path="/data/per_boot/zram_swap" dev="dm-9" ino=9820 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I48d7684ce3b4ca1ada81011b1cab21007c758ba5
Signed-off-by: Mimi Wu <mimiwu@google.com>
2021-12-29 09:58:35 +00:00
Arian
514f6bb6b0
sm6150-common: sepolicy: Allow power HAL to read idle_state node
Change-Id: I53e0f3ed275a93d6d5cd0001a438221a043e3ea8
2021-07-14 21:05:07 +02:00
Arian
5875449baa
sm6150-common: sepolicy: Label fastrpc adsprpc wakeup nodes
Change-Id: Ia0268c7aa4cc9344e5a2a76dd661ff1a15b747ef
2021-07-14 20:59:14 +02:00
Arian
a73e27936f
sm6150-common: Set permissions on /dev/xiaomi-touch
Change-Id: I94f9b64f983098b6497ffcdee9817c72d471528f
2021-07-13 22:13:56 +02:00
Arian
10f101e143
sm6150-common: parts: Enable doze_status on screen off
* This allows to enter the doze state faster when unlocking from lockscreen

Change-Id: I1900436c974a605555275ef67b283ead2cf720b5
2021-07-03 21:23:39 +02:00
Arian
727405d31d
sm6150-common: parts: Implement doze modes and auto brightness
Change-Id: I03888d1997b09cb539952dfed935a7ace5e3444c
2021-07-03 21:23:14 +02:00
Arian
8cf1d5dda3
sm6150-common: power: Use xiaomi-touch to handle dt2w
Change-Id: I73f95e32daf9e2c702662ac2c2c8182e6b8eb214
2021-06-25 19:22:00 +02:00
Arian
cf3b3272ae
davinci: sepolicy: Label idle_state sysfs nodes
Change-Id: Iad52c65df63f858c0019155d47ccbb1ee46b5984
2021-06-25 12:31:35 +02:00
Arian
c1baef0dd8
sm6150-common: sepolicy: Address power HAL denials
Change-Id: I7327bd54c0d12fde03472695a5598d2a3d22f716
2021-06-21 23:43:39 +02:00
Arian
3d1697d76f
sm6150-common: rootdir: Enable PowerHAL hint processing
Change-Id: I4de6ec81eaf002c094df53ff26ed24db02972dfe
2021-06-21 23:43:39 +02:00
Bruno Martins
7e0b1d8983
sm6150-common: Migrate to Xiaomi power HAL AIDL
Change-Id: I42170d51a517170b58d532addd9c38496e43457c
2021-06-21 23:43:14 +02:00
Arian
4fd1fd2a1c
Revert "davinci: sepolicy: Unlabel audio_hw_socket"
This reverts commit af13479df1.

Change-Id: I532e78d5d5da2a1d2ebdf6723e92e603c4d1b7e1
2021-06-18 18:32:31 +02:00
Arian
6d05622ab1
sm6150-common: livedisplay: Uprev to 2.1
Change-Id: Icd9d97078cb339aaff04d7e0a52ce8b9b97d35de
2021-06-18 18:32:31 +02:00
Arian
afb4a21c3f
sm6150-common: livedisplay: Renamed AntiFlicker node
Change-Id: I9951abe702730435f840bf041b8cbcf3839fae79
2021-06-18 18:32:31 +02:00
Arian
83f9791ee2
sm6150-common: livedisplay: Add anti flicker support
Change-Id: Ieb91a3efe0fc124e120f95f5ec197aa3c5cecb14
2021-06-18 18:32:31 +02:00
raghavt20
32e23fe941
sm6150-common: fingerprint: Label fpc and fpdump data dirs
Change-Id: Ib522a7e573465ce0cd9bc982d1264947e731da22
2021-06-18 18:32:30 +02:00
Arian
a8c1391091
sm6150-common: fingerprint: Allow to build without fingerprintextension
Change-Id: Ib51286dafaf0633ba959332ecdb5ad277c6714bf
2021-04-25 15:23:51 +02:00
Arian
e76fb5010d
sm6150-common: Rename fingerprint service
Change-Id: I09992ec66ba4b65bb60a23faa74929d385f199fa
2021-04-25 15:23:51 +02:00
raghavt20
b60968e459
sm6150-common: sepolicy: Label new white LED path 2021-04-25 15:23:51 +02:00
raghavt20
0aa378102c
sm6150-common: Transform davinci into common tree
* The following things are left in devices, because they're device specific
  - voip compress properties
  - HVDCP properties
  - audio configs
  - power profile
  - rounded corner configuration
  - partition configuration
  - FOD
  - camera motor
  - NFC
  - board-info
  - fstab
  - ipa and graphics firmware
  - shipping and manifest target level

Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
Co-authored-by: Arian <arian.kulmer@web.de>
Change-Id: I8bef29041f8f239361b999fc8ab1a43cc2ebb86b
2021-04-25 15:18:14 +02:00
Arian
7a82c42b90
davinci: sepolicy: Correct nq-nci wakeup label
Change-Id: I763fd9bee30364c8effdfdf52aa992dc024426c6
2021-04-25 15:17:23 +02:00