diff options
| -rw-r--r-- | BoardConfigCommon.mk | 22 | ||||
| -rw-r--r-- | libsensors/LightSensor.cpp | 10 | ||||
| -rw-r--r-- | libsensors/sensors.cpp | 8 | ||||
| -rw-r--r-- | overlay/frameworks/base/core/res/res/values/config.xml | 2 | ||||
| -rwxr-xr-x | rootdir/fstab.smdk4x12 | 4 | ||||
| -rw-r--r-- | selinux/device.te | 4 | ||||
| -rwxr-xr-x | selinux/dhcp.te | 1 | ||||
| -rw-r--r-- | selinux/domain.te | 4 | ||||
| -rw-r--r-- | selinux/file.te | 10 | ||||
| -rw-r--r-- | selinux/file_contexts | 70 | ||||
| -rw-r--r-- | selinux/init.te | 3 | ||||
| -rwxr-xr-x | selinux/kickstart.te | 44 | ||||
| -rw-r--r-- | selinux/mediaserver.te | 7 | ||||
| -rwxr-xr-x | selinux/netmgrd.te | 29 | ||||
| -rwxr-xr-x | selinux/qmux.te | 21 | ||||
| -rwxr-xr-x | selinux/rild.te | 14 | ||||
| -rw-r--r-- | selinux/secril.te | 25 | ||||
| -rwxr-xr-x | selinux/system.te | 12 | ||||
| -rwxr-xr-x | selinux/te_macros | 12 | ||||
| -rw-r--r-- | selinux/ueventd.te | 6 | ||||
| -rwxr-xr-x | selinux/wpa_supplicant.te | 10 |
21 files changed, 305 insertions, 13 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 256dc90..bd20f3e 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -37,3 +37,25 @@ BOARD_BATTERY_DEVICE_NAME := "battery" # inherit from the proprietary version -include vendor/samsung/kona/BoardConfigVendor.mk +# Selinux +BOARD_SEPOLICY_DIRS += \ + device/samsung/kona-common/selinux + +BOARD_SEPOLICY_UNION += \ + file_contexts \ + te_macros \ + device.te \ + dhcp.te \ + domain.te \ + file.te \ + init.te \ + kickstart.te \ + mediaserver.te \ + netmgrd.te \ + qmux.te \ + rild.te \ + secril.te \ + system.te \ + ueventd.te \ + wpa_supplicant.te + diff --git a/libsensors/LightSensor.cpp b/libsensors/LightSensor.cpp index e931e2e..3159c9e 100644 --- a/libsensors/LightSensor.cpp +++ b/libsensors/LightSensor.cpp @@ -121,12 +121,10 @@ int LightSensor::readEvents(sensors_event_t* data, int count) while (count && mInputReader.readEvent(&event)) { int type = event->type; if (type == EV_REL) { - // Convert adc value to lux assuming: - // I = 10 * log(Ev) uA - // R = 47kOhm - // Max adc value 4095 = 3.3V - // 1/4 of light reaches sensor - mPendingEvent.light = event->value; + if(event->value < 0) + mPendingEvent.light = 0; + else + mPendingEvent.light = event->value; } else if (type == EV_SYN) { mPendingEvent.timestamp = timevalToNano(event->time); if (mEnabled) { diff --git a/libsensors/sensors.cpp b/libsensors/sensors.cpp index a0194ef..99bed29 100644 --- a/libsensors/sensors.cpp +++ b/libsensors/sensors.cpp @@ -73,19 +73,19 @@ static const struct sensor_t sSensorList[] = { { "LIS3DH Acceleration Sensor", "STMicroelectronics", 1, SENSORS_ACCELERATION_HANDLE, - SENSOR_TYPE_ACCELEROMETER, RANGE_A, RESOLUTION_A, 0.20f, 10000, { } }, + SENSOR_TYPE_ACCELEROMETER, RANGE_A, RESOLUTION_A, 0.20f, 10000, 0, 0, { } }, { "MS-3R (YAS532) Magnetic Sensor", "Yamaha Corporation", 1, SENSORS_MAGNETIC_FIELD_HANDLE, - SENSOR_TYPE_MAGNETIC_FIELD, 2000.0f, 0.06f, 6.8f, 10000, { } }, + SENSOR_TYPE_MAGNETIC_FIELD, 2000.0f, 0.06f, 6.8f, 10000, 0, 0, { } }, { "MS-x Orientation Sensor", "Yamaha Corporation", 1, SENSORS_ORIENTATION_HANDLE, - SENSOR_TYPE_ORIENTATION, 360.0f, CONVERT_O, 7.8f, 10000, { } }, + SENSOR_TYPE_ORIENTATION, 360.0f, CONVERT_O, 7.8f, 10000, 0, 0, { } }, { "AL3201 Light Sensor", "LITEON", 1, SENSORS_LIGHT_HANDLE, - SENSOR_TYPE_LIGHT, 10240.0f, 1.0f, 0.75f, 0, { } }, + SENSOR_TYPE_LIGHT, 10240.0f, 1.0f, 0.75f, 0, 0, 0, { } }, }; diff --git a/overlay/frameworks/base/core/res/res/values/config.xml b/overlay/frameworks/base/core/res/res/values/config.xml index 0ec6032..3f58249 100644 --- a/overlay/frameworks/base/core/res/res/values/config.xml +++ b/overlay/frameworks/base/core/res/res/values/config.xml @@ -75,7 +75,7 @@ </integer-array> <!-- True if the Irda service should be started at system start --> - <bool name="config_enableIrdaManagerService">true</bool> + <!--<bool name="config_enableIrdaManagerService">true</bool>--> <!-- Device supports LED flashlight --> <bool name="config_enableTorch">false</bool> diff --git a/rootdir/fstab.smdk4x12 b/rootdir/fstab.smdk4x12 index b0f5a03..cb42467 100755 --- a/rootdir/fstab.smdk4x12 +++ b/rootdir/fstab.smdk4x12 @@ -9,8 +9,8 @@ /dev/block/mmcblk0p12 /data ext4 nosuid,nodev,noatime,noauto_da_alloc,discard,journal_async_commit,errors=panic wait,check,encryptable=footer # vold-managed volumes ("block device" is actually a sysfs devpath) -/devices/platform/s3c-sdhci.2/mmc_host/mmc1 /storage/sdcard1 auto defaults voldmanaged=sdcard1:auto -/devices/platform/s5p-ehci /storage/usbdisk0 auto defaults voldmanaged=usbdisk0:auto +/devices/platform/s3c-sdhci.2/mmc_host/mmc1 auto auto defaults voldmanaged=sdcard1:auto +/devices/platform/s5p-ehci auto auto defaults voldmanaged=usbdisk0:auto # recovery /dev/block/mmcblk0p5 /boot emmc defaults recoveryonly diff --git a/selinux/device.te b/selinux/device.te new file mode 100644 index 0000000..c95050b --- /dev/null +++ b/selinux/device.te @@ -0,0 +1,4 @@ +type mali_device, dev_type, mlstrustedobject; +type rfkill_device, dev_type; +type diagnostic_device, dev_type; +type efs_block_device, dev_type; diff --git a/selinux/dhcp.te b/selinux/dhcp.te new file mode 100755 index 0000000..c403b9b --- /dev/null +++ b/selinux/dhcp.te @@ -0,0 +1 @@ +allow dhcp self:rawip_socket { create write setopt }; diff --git a/selinux/domain.te b/selinux/domain.te new file mode 100644 index 0000000..1be0633 --- /dev/null +++ b/selinux/domain.te @@ -0,0 +1,4 @@ +## /dev/mali, /dev/ump +allow domain mali_device:chr_file rw_file_perms; + + diff --git a/selinux/file.te b/selinux/file.te new file mode 100644 index 0000000..3f045f6 --- /dev/null +++ b/selinux/file.te @@ -0,0 +1,10 @@ +type radio_efs_file, fs_type; + +type firmware_mfc, file_type; +type firmware_camera, file_type; + +type qmuxd_socket, file_type; +type camera_data_file, file_type, data_file_type; +type kickstart_data_file, file_type, data_file_type; +type sensors_data_file, file_type, data_file_type; +type volume_data_file, file_type, data_file_type; diff --git a/selinux/file_contexts b/selinux/file_contexts new file mode 100644 index 0000000..db34e45 --- /dev/null +++ b/selinux/file_contexts @@ -0,0 +1,70 @@ +# GFX +/dev/mali u:object_r:mali_device:s0 +/dev/ump u:object_r:mali_device:s0 +/dev/fimg2d u:object_r:mali_device:s0 + +# RIL +/dev/mdm u:object_r:radio_device:s0 +/dev/hsicctl[0-3]* u:object_r:radio_device:s0 +/dev/ttyUSB0 u:object_r:radio_device:s0 +/dev/diag u:object_r:diagnostic_device:s0 + +# GPS +/dev/ttySAC1 u:object_r:gps_device:s0 + +# Bluetooth +/dev/ttySAC0 u:object_r:hci_attach_dev:s0 +/efs/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0 + +# Sensors +/dev/akm8963 u:object_r:sensors_device:s0 +/efs/gyro_cal_data u:object_r:sensors_data_file:s0 + +# Camera +/data/ISP_CV u:object_r:camera_data_file:s0 +/dev/exynos-mem u:object_r:video_device:s0 + +# for wpa_supp +/dev/rfkill u:object_r:rfkill_device:s0 + +# Firmwares +/system/vendor/firmware(/.*)? u:object_r:firmware_camera:s0 +/system/vendor/firmware/mfc_fw.bin u:object_r:firmware_mfc:s0 +/data/cfw(/.*)? u:object_r:firmware_camera:s0 +/tombstones/qcks(/.*)? u:object_r:kickstart_data_file:s0 +/tombstones(/.*)? u:object_r:tombstone_data_file:s0 + +# Vibrator +/dev/tspdrv u:object_r:input_device:s0 + +#Wifi +/efs/wifi/.mac.info u:object_r:wifi_data_file:s0 + +#Sec-ril +/efs/FactoryApp/keystr u:object_r:efs_file:s0 +/efs/FactoryApp/factorymode u:object_r:efs_file:s0 +/efs/FactoryApp/serial_no u:object_r:efs_file:s0 +/data/misc/radio/ramdumpmode.txt u:object_r:radio_data_file:s0 +/data/misc/radio/dlnk u:object_r:radio_data_file:s0 + +#Binaries +/system/bin/qmuxd u:object_r:qmux_exec:s0 +/system/bin/netmgrd u:object_r:netmgrd_exec:s0 +/system/bin/efsks u:object_r:kickstart_exec:s0 +/system/bin/ks u:object_r:kickstart_exec:s0 +/system/bin/qcks u:object_r:kickstart_exec:s0 +/system/bin/sec-ril u:object_r:secril-daemon_exec:s0 + +# Sockets +/dev/socket/qmux_audio(/.*)? u:object_r:qmuxd_socket:s0 +/dev/socket/qmux_bluetooth(/.*)? u:object_r:qmuxd_socket:s0 +/dev/socket/qmux_gps(/.*)? u:object_r:qmuxd_socket:s0 +/dev/socket/qmux_radio(/.*)? u:object_r:qmuxd_socket:s0 + +# Block devices +/dev/block/mmcblk0p[3-6]* u:object_r:efs_block_device:s0 +/dev/block/mmcblk0p10 u:object_r:efs_block_device:s0 +/dev/block/mmcblk0p11 u:object_r:efs_block_device:s0 + +# Audio related +/data/local/audio(/.*)? u:object_r:volume_data_file:s0 diff --git a/selinux/init.te b/selinux/init.te new file mode 100644 index 0000000..2f29889 --- /dev/null +++ b/selinux/init.te @@ -0,0 +1,3 @@ +allow init wpa_socket:unix_dgram_socket { bind create }; + + diff --git a/selinux/kickstart.te b/selinux/kickstart.te new file mode 100755 index 0000000..14e1ad5 --- /dev/null +++ b/selinux/kickstart.te @@ -0,0 +1,44 @@ +# kickstart processes and scripts +type kickstart, domain; +type kickstart_exec, exec_type, file_type; + +# kickstart_checker.sh talks to init over the property socket +unix_socket_connect(kickstart, property, init) + +# Start /system/bin/qcks from init +init_daemon_domain(kickstart) + +# Spawn /system/bin/efsks and /system/bin/ks +allow kickstart kickstart_exec:file { open execute_no_trans getattr }; + +# Run dd on m9kefs[123] block devices; write to /data/qcks/ +# Run cat on firmware and m9kefs[123] data; write to /data/qcks/ +allow kickstart efs_block_device:blk_file rw_file_perms; +allow kickstart kickstart_data_file:file create_file_perms; +allow kickstart kickstart_data_file:dir rw_dir_perms; +allow kickstart radio_efs_file:file r_file_perms; +allow kickstart radio_efs_file:dir search; + +# Let qcks access /dev/mdm node (modem driver) +allow kickstart radio_device:chr_file rw_file_perms; + +# Allow /dev/ttyUSB0 access +allow kickstart radio_device:chr_file { write ioctl getattr }; + +# Allow to run toolbox commands +allow kickstart shell_exec:file rx_file_perms; +# Toolbox commands for firmware dd +allow kickstart system_file:file execute_no_trans; + +# Access to /dev/block/platform/msm_sdcc.1/by-name/m9kefs2 +allow kickstart block_device:dir { getattr write search }; + +# Set system property key +allow kickstart radio_prop:property_service set; + +allow kickstart shell_exec:file entrypoint; +# ls on /data/qcks/ +allow kickstart self:capability { dac_override setuid }; + +# XXX Label sysfs files with a specific type? +allow kickstart sysfs:file rw_file_perms;
\ No newline at end of file diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te new file mode 100644 index 0000000..011f7c6 --- /dev/null +++ b/selinux/mediaserver.te @@ -0,0 +1,7 @@ +qmux_socket(mediaserver) +allow mediaserver self:socket create_socket_perms; +allow mediaserver { firmware_camera }:file r_file_perms; +allow mediaserver firmware_camera:dir r_dir_perms; +allow mediaserver camera_data_file:file rw_file_perms; +allow mediaserver volume_data_file:file create_file_perms; +allow mediaserver volume_data_file:dir create_dir_perms; diff --git a/selinux/netmgrd.te b/selinux/netmgrd.te new file mode 100755 index 0000000..11159a4 --- /dev/null +++ b/selinux/netmgrd.te @@ -0,0 +1,29 @@ +# Network utilities (radio process) +type netmgrd, domain; +type netmgrd_exec, exec_type, file_type; + +# Started by init +init_daemon_domain(netmgrd) + +allow netmgrd self:udp_socket { create ioctl }; +# fsetid, dac_override unlink on /dev/socket/qmux_radio/qmux_client_socket +allow netmgrd self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override }; +allow netmgrd self:packet_socket { write bind read create }; +allow netmgrd self:netlink_socket { write read create bind setopt }; +allow netmgrd self:netlink_route_socket { create bind read write nlmsg_read nlmsg_write setopt getattr }; +allow netmgrd kernel:system module_request; + +# Talk to qmuxd +qmux_socket(netmgrd) + +# Allow logging diagnostic items +allow netmgrd diagnostic_device:chr_file rw_file_perms; + +# /data/data_test/ access with shell +allow netmgrd shell_exec:file { execute read open execute_no_trans }; +allow netmgrd system_file:file { execute_no_trans }; + +# Talk to init over the property socket +unix_socket_connect(netmgrd, property, init) +# Set net.rmnet_usb0. values +allow netmgrd radio_prop:property_service set; diff --git a/selinux/qmux.te b/selinux/qmux.te new file mode 100755 index 0000000..e2a5bbf --- /dev/null +++ b/selinux/qmux.te @@ -0,0 +1,21 @@ +# Qualcomm Management Interface Multiplexer +type qmux, domain; +type qmux_exec, exec_type, file_type; + +# Started by init +init_daemon_domain(qmux) + +# Create local qmux_connect_socket +allow qmux qmuxd_socket:dir w_dir_perms; +allow qmux qmuxd_socket:sock_file { create setattr getattr unlink }; + +# /dev/hsicctl* node access +allow qmux radio_device:chr_file rw_file_perms; + +# Allow logging diagnostic items +allow qmux diagnostic_device:chr_file rw_file_perms; + +allow qmux self:capability { dac_override setuid }; + +# XXX Should we label with own type +allow qmux sysfs:file { open write append read getattr }; diff --git a/selinux/rild.te b/selinux/rild.te new file mode 100755 index 0000000..04209b0 --- /dev/null +++ b/selinux/rild.te @@ -0,0 +1,14 @@ +## RIL +allow rild radio_device:chr_file rw_file_perms; +allow rild { efs_file }:file rw_file_perms; +allow rild self:netlink_socket { create bind read write }; +allow rild self:netlink_route_socket { write }; + +# Talk to qmuxd +qmux_socket(rild) + +# Allow logging diagnostic items +allow rild diagnostic_device:chr_file rw_file_perms; + +# XXX label with own type? +allow rild sysfs:file { read open write getattr }; diff --git a/selinux/secril.te b/selinux/secril.te new file mode 100644 index 0000000..7761d80 --- /dev/null +++ b/selinux/secril.te @@ -0,0 +1,25 @@ +# sec-ril +type secril-daemon, domain; +type secril-daemon_exec, exec_type, file_type; + +# Start /system/bin/sec-ril from init +init_daemon_domain(secril-daemon) + +allow secril-daemon secril-daemon_exec:file { open execute_no_trans getattr }; +allow secril-daemon self:udp_socket { create ioctl }; +unix_socket_connect(secril-daemon, property, init) +unix_socket_connect(secril-daemon, rild, rild) + +allow secril-daemon { efs_file }:file rw_file_perms; +allow secril-daemon system_data_file:dir create_dir_perms; +allow secril-daemon system_data_file:file unlink; +allow secril-daemon radio_data_file:file { create_file_perms }; +allow secril-daemon kernel:system module_request; +allow secril-daemon self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override }; +allow secril-daemon system_file:file x_file_perms; +allow secril-daemon sysfs:file rw_file_perms; +allow secril-daemon shell_exec:file rx_file_perms; +allow secril-daemon app_data_file:file rw_file_perms; +allow secril-daemon app_data_file:dir search; +allow secril-daemon zygote_exec:file rx_file_perms; +allow secril-daemon ashmem_device:chr_file x_file_perms;
\ No newline at end of file diff --git a/selinux/system.te b/selinux/system.te new file mode 100755 index 0000000..3f9fc14 --- /dev/null +++ b/selinux/system.te @@ -0,0 +1,12 @@ +# Talk to qmuxd +qmux_socket(system) + +allow system diagnostic_device:chr_file rw_file_perms; +#allow system uinput_device:chr_file { read ioctl write open }; +allow system sensors_device:chr_file { read open }; +allow system sensors_data_file:file r_file_perms; +allow system wpa_socket:unix_dgram_socket sendto; +allow system_app volume_data_file:file { read write open getattr }; + +allow system sysfs:file { read open write }; +allow system self:capability { sys_module };
\ No newline at end of file diff --git a/selinux/te_macros b/selinux/te_macros new file mode 100755 index 0000000..274fd55 --- /dev/null +++ b/selinux/te_macros @@ -0,0 +1,12 @@ +##################################### +# qmux_socket(clientdomain) +# Allow client to send via a local +# socket to the qmux domain. +define(`qmux_socket', ` +type $1_qmuxd_socket, file_type; +file_type_auto_trans($1, qmuxd_socket, $1_qmuxd_socket) +unix_socket_connect($1, qmuxd, qmux) +allow qmux $1_qmuxd_socket:sock_file { getattr unlink }; +') + + diff --git a/selinux/ueventd.te b/selinux/ueventd.te new file mode 100644 index 0000000..489b31a --- /dev/null +++ b/selinux/ueventd.te @@ -0,0 +1,6 @@ +# Drivers read firmware files /firmware/image +allow ueventd { radio_efs_file }:file r_file_perms; +allow ueventd { radio_efs_file }:dir search; +## More Firmwares +allow ueventd { firmware_mfc }:file r_file_perms; +allow ueventd { firmware_camera }:dir search;
\ No newline at end of file diff --git a/selinux/wpa_supplicant.te b/selinux/wpa_supplicant.te new file mode 100755 index 0000000..ab5fb24 --- /dev/null +++ b/selinux/wpa_supplicant.te @@ -0,0 +1,10 @@ +allow wpa init:unix_dgram_socket { read write }; + +# logwrapper used with wpa_supplicant +allow wpa devpts:chr_file { read write }; + +allow wpa wpa_socket:unix_dgram_socket { read write }; +allow wpa_socket system:unix_dgram_socket sendto; + +allow wpa_socket wifi_data_file:sock_file unlink; +allow wpa rfkill_device:chr_file rw_file_perms;
\ No newline at end of file |