| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: I784a859671c69370cab0118a88a5fb0190352af9
|
|
|
|
| |
Change-Id: Ic5e32818bc54993f4e8c2377cbec64f9444f6d8a
|
|
|
|
|
|
|
| |
This matches the policy for fsck.f2fs, although it still needs to run
as fsck_untrusted for public volumes
Change-Id: Ia04e7f8902e53a9926a87f0c99e603611cc39c5d
|
|
|
|
|
|
|
| |
* Use a custom system property to trigger the real one, so we avoid
running afoul of any SELinux CTS requirements.
Change-Id: If5e7a275f492631a673284408f1e430a12358380
|
|
|
|
|
|
|
| |
If the "formattable" fstab flag is set, init will tries
to format that partition, added the required policy to allow it.
Change-Id: I858b06aa3ff3ce775cf7676b09b9960f2558f7f6
|
|
|
|
|
|
|
|
|
| |
The init binary must transition to another domain when calling out to
executables. Create the mkfs domain for mkfs.f2fs such that init can
transition to it when formatting userdata/cache partitions if the
"formattable" flag is set.
Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
|
|
|
|
|
|
| |
* Because we aren't actually jerks, contrary to popular belief.
Change-Id: Ie39cce65ecc6a2861547865ff554b108b8b534fa
|
|
|
|
|
|
|
|
|
| |
BatteryService queries the usb state to check whether the usb type
is HVDCP. This patch adds a rule to allow that.
For more context check BatteryService#Led#isHvdcpPresent.
Change-Id: Ifacf13dde4b1df81c92bf5d92196e504e61dd402
|
|
|
|
|
|
| |
* Needed to support vold and other new code.
Change-Id: I25a0b1cc6461eced7112dd4b3974a71423f7957b
|
|
|
|
|
|
|
|
|
|
| |
Manual apply and refactor of cm-12.1 patch:
e04329df88211264e7a9c8f1d6b87a16d8d5639b
Use the unix_socket_connect macro and switch to the new
perfd domain.
Change-Id: Ibb83220b32bad7805653140751c978e629f87ffb
|
|
|
|
|
|
| |
fixes root access for apps
Change-Id: Iff443bf4cbea817917da72bbfc58f9fe42acceb5
|
|
|
|
|
|
|
|
| |
* This is likely defined in several device trees, but not all
remove it from your device trees if we're going to write rules
for it here.
Change-Id: I1dda04647d36db52525a3d57b485860dfe3eeb30
|
|
|
|
|
|
|
| |
* Allow apps to run the "df" command to look at disk usage.
* Allow thermal engine to check/set battery limits.
Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
|
|
|
|
|
|
| |
* Cyngn devices will need this.
Change-Id: I1e7528e92d0d4ed8c4029667d7ef3cf9081a6575
|
|
|
|
|
|
| |
We have this in qcom/sepolicy/common already.
Change-Id: Ibe6ada531f77d3ec00ff61081d21b3d36a1fe7a7
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Address:
avc: denied { write } for pid=8782 comm="su" name="su-daemon" dev="tmpfs" ino=9462
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:superuser_device:s0
tclass=sock_file permissive=0
avc: denied { connectto } for pid=6666 comm="su" path="/dev/socket/su-daemon/su-daemon"
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:sudaemon:s0
tclass=unix_stream_socket permissive=0
And thus fix su.
Change-Id: I666277067c5ff9f2a985c243075c63fd87090b27
|
|
|
|
|
|
| |
* Devices will need to update their configurations!
Change-Id: I22cf4ec96656b98f515cf28fef95443cf6adb397
|
|
|
|
|
|
|
| |
* These are handled by the master SEPolicy now due to neverallow
exceptions which occur on non-production builds.
Change-Id: Id50d9e41e1c8b0b1f26df7921def9e7a201f49d9
|
|
|
|
|
|
| |
* this is already defined in external/sepolicy
Change-Id: I541b5de5bb6057f4fa3d88b6e9b9425b65f9963e
|
|
|
|
| |
Change-Id: Ibb04e967bd027c6d1118b8b471ec328c3b034d9d
|
|
|
|
|
|
| |
* this is a no-op now
Change-Id: I3703a9670285017ce7aec9ac20c63a6f733b8ffa
|
|
|
|
|
|
|
| |
The dir's context need love, too
TICKET: CYNGNOS-1185
Change-Id: I659b3ba06079825fe850cf66858a9d98b5f61c46
|
|
|
|
|
| |
Change-Id: I6441c00bfd173f1f3fd4c09a67c678c5bd4f8090
Issue-id: SYSTEMS-62
|
|
|
|
|
|
|
|
|
|
| |
Addresses denials observerd when using QuickBoot:
<4>[ 224.756971] avc: denied { set } for property=ctl.bootanim scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_bootanim_prop:s0 tclass=property_service
<3>[ 224.757094] init: sys_prop: Unable to start service ctl [bootanim] uid:1000 gid:1000 pid:6039
<4>[ 226.306456] avc: denied { set } for property=ctl.bootanim scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_bootanim_prop:s0 tclass=property_service
Change-Id: I338a0a1d5fa12c10e413769ea9638c10ed137000
|
|
|
|
|
|
| |
* Missed a few things when cleaning up devices.
Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63
|
|
|
|
|
|
|
|
|
| |
* We have a number of policy items due to changes in our BSPs or for
other things which interact with the QC sepolicy. Add a place
for us to store this stuff so we don't need to copy it around to
every device.
Change-Id: I155ca202694501d42b42e2bd703d74049d547df0
|
|
|
|
| |
Change-Id: Icb0047f261861c8fae99ffa4e9053de8d3aa8c73
|
|
|
|
|
|
|
| |
We need to enable our custom AppSuggestService in order to show
possible suggestions.
Change-Id: I9489723dfec315c7ff4ab414ebe88c3880876bd3
|
|
|
|
| |
Change-Id: I9d9b30da37f243f77647c6d41cf0e0159968b8e2
|
|
|
|
|
|
| |
* Set up persistent properties for devices with a /persist partition.
Change-Id: I78974dd4e25831338462c91fc25e36e343795510
|
|
|
|
| |
Change-Id: I4dae95dbe68c472ba3703fea588b542758ec8036
|
|
|
|
| |
Change-Id: I209245e1a3165f329ed8a17a942340d96783ca13
|
|
|
|
| |
Change-Id: I0909a5fd49e8e042293719de93ebc8fbaaa1a196
|
|
|
|
|
|
| |
* This is used by extremely critical things.
Change-Id: Ie529851469408adac1e081fe4f6dc5daa9002933
|
|
|
|
|
|
|
| |
* Performance Settings has been removed/refactored so these are no longer neccessary.
Change-Id: I5933700815d0037735fc48f8640b37d1f350ea91
Signed-off-by: Brandon McAnsh <brandon.mcansh@gmail.com>
|
|
|
|
| |
Change-Id: Ib1f8c6d00c2a66cfd8dac2b73ccd1bd053a3a497
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: If62e6b1d2ac41730ff2a8d562173abd2cb768f93
Add cmstatusbar service to system server services context
Change-Id: I77c5de75722cc5f36a5326e3da57ab661b89d189
Build Platform resource package.
Change-Id: Id60f66b6db23989db1472a19bcb079b0083f7393
vendor/cm: Lock cm platform library/cmsdk to non-release builds.
Change-Id: I01c1c3fe559d438e28339ce426d7ba7e42724002
|
|
|
|
|
|
| |
Change-Id: Ib3c44c50138f5715d92addbf8df7ed591785b550
Signed-off-by: Roman Birg <roman@cyngn.com>
(cherry picked from commit 2ca5d3999b35d328f0969a264009bffe0faf889d)
|
|
|
|
| |
Change-Id: Icaf9d191841a6214925729e40d84a61a2ebf2296
|
|
|
|
|
|
| |
Needed to preserve /data/.layout_version (aka nesting bug fix).
Change-Id: Iaae982223e80ad10479cf1ca3db09da7ada5663e
|
|
|
|
| |
Change-Id: I551f61f40225a679593e94dbd47bb2fb0025da7e
|
|
|
|
| |
Change-Id: I514d128160ed4e04564077d7a2e2ad297af92e28
|
|
|
|
| |
Change-Id: Ic8f1641928840774204099453b74dc1b52b3c6f8
|
|
|
|
|
|
| |
Updaters need to be able to read and write to these locations.
Change-Id: I928a5f73ec29ab4fecb717072532d449192f3ca9
|
|
|
|
|
|
| |
Needed when option is checked to update cm recovery
Change-Id: I0b2fbfd7c141ae03ce14b9afeffd3a027d791c80
|
|
|
|
|
|
|
| |
/cache/recovery is used by 2 domains: recovery and updater apps. Separate
its perms from the rest of /cache and grant them to those 2 clients
Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf
|
|
|
|
| |
Change-Id: I9d8270d889566d169077a1b1fdaee43059d11ee1
|
|
|
|
|
|
| |
Added in patch e9c2de0679f16a8ba7291aaf2cd4286bef8b2886 but not included
Change-Id: I2ae901a7c80fceb33dba2ed4122d2aa47bff5a51
|
|
|
|
|
| |
Change-Id: I6e6feae5fe6b4092c137ee2337c4a15b390df45e
Signed-off-by: Roman Birg <roman@cyngn.com>
|
|
|
|
| |
Change-Id: I7675b302723ef8700067ae9ef237daf6346a6627
|