| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
System server needs to be able to create a pipe in the cache partition
for uncrypting OTAs. Uncrypt needs to be able to read and write the
pipe.
Change-Id: Ie03ee7d637eaecff8fe38bf03dc733b3915cd336
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
into replicant-6.0
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Conflicts:
overlay/common/frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-sw600dp-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-sw720dp-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-xhdpi/default_wallpaper.jpg
|
| |
| |
| |
| |
| |
| |
| | |
We now use a temporary context when mounting /data, so add permissions
to do that, and add permissions necessary to do the recursive wipe.
Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also allow apps to read the contents of mounted OBBs.
See AOSP Change-Id: I66df236eade3ca25a10749dd43d173ff4628cfad
and Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa
Change-Id: I757a2a8831c69d41c0496025a39eaf79ceb0e65f
|
|\ \
| |/
| |
| | |
into replicant-6.0-toolchain
|
| |
| |
| |
| |
| |
| |
| |
| | |
Addresses:
avc: denied { write }
for pid=293 comm="perfprofd" name="property_service" dev="tmpfs" ino=9229 scontext=u:r:perfprofd:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
Change-Id: I5a88722eda4d0751fd9a081c434d385ac1c785ef
|
|\ \
| |/
| |
| | |
into replicant-6.0
|
| |
| |
| |
| |
| |
| |
| |
| | |
After assimilating minivold into /sbin/recovery, we need to allow the
minivold service (a symlink to the recovery binary) to transition from
the recovery to the vold domain.
Change-Id: I112e6d371a8da8fc55a06967852c869105190616
|
| |
| |
| |
| | |
Change-Id: I784a859671c69370cab0118a88a5fb0190352af9
|
|\ \
| |/ |
|
| |
| |
| |
| | |
Change-Id: Ic5e32818bc54993f4e8c2377cbec64f9444f6d8a
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| | |
This matches the policy for fsck.f2fs, although it still needs to run
as fsck_untrusted for public volumes
Change-Id: Ia04e7f8902e53a9926a87f0c99e603611cc39c5d
|
|\ \
| |/
| |
| |
| |
| |
| | |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Conflicts:
config/common.mk
|
| |
| |
| |
| |
| |
| |
| | |
* Use a custom system property to trigger the real one, so we avoid
running afoul of any SELinux CTS requirements.
Change-Id: If5e7a275f492631a673284408f1e430a12358380
|
| |
| |
| |
| |
| |
| |
| | |
If the "formattable" fstab flag is set, init will tries
to format that partition, added the required policy to allow it.
Change-Id: I858b06aa3ff3ce775cf7676b09b9960f2558f7f6
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The init binary must transition to another domain when calling out to
executables. Create the mkfs domain for mkfs.f2fs such that init can
transition to it when formatting userdata/cache partitions if the
"formattable" flag is set.
Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
remove prebuilt terminal (built-in terminal app can be activated in dev settings)
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Conflicts:
CHANGELOG.mkdn
CONTRIBUTORS.mkdn
config/cdma.mk
config/cm_audio.mk
config/common.mk
config/common_full.mk
config/common_full_phone.mk
config/gsm.mk
config/themes_common.mk
get-prebuilts
overlay/common/frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-sw600dp-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-sw720dp-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-xhdpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/values/config.xml
overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml
prebuilt/common/bootanimation/1080.zip
prebuilt/common/bootanimation/1200.zip
prebuilt/common/bootanimation/240.zip
prebuilt/common/bootanimation/320.zip
prebuilt/common/bootanimation/360.zip
prebuilt/common/bootanimation/480.zip
prebuilt/common/bootanimation/540.zip
prebuilt/common/bootanimation/600.zip
prebuilt/common/bootanimation/720.zip
prebuilt/common/bootanimation/768.zip
prebuilt/common/bootanimation/800.zip
prebuilt/common/etc/apns-conf.xml
sepolicy/mac_permissions.xml
sepolicy/sepolicy.mk
vendorsetup.sh
Change-Id: I4fc2a5b00721cae8b3a36f33c36f006142bad44f
|
| |
| |
| |
| |
| |
| | |
* Because we aren't actually jerks, contrary to popular belief.
Change-Id: Ie39cce65ecc6a2861547865ff554b108b8b534fa
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
BatteryService queries the usb state to check whether the usb type
is HVDCP. This patch adds a rule to allow that.
For more context check BatteryService#Led#isHvdcpPresent.
Change-Id: Ifacf13dde4b1df81c92bf5d92196e504e61dd402
|
| |
| |
| |
| |
| |
| | |
* Needed to support vold and other new code.
Change-Id: I25a0b1cc6461eced7112dd4b3974a71423f7957b
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Manual apply and refactor of cm-12.1 patch:
e04329df88211264e7a9c8f1d6b87a16d8d5639b
Use the unix_socket_connect macro and switch to the new
perfd domain.
Change-Id: Ibb83220b32bad7805653140751c978e629f87ffb
|
| |
| |
| |
| |
| |
| | |
fixes root access for apps
Change-Id: Iff443bf4cbea817917da72bbfc58f9fe42acceb5
|
| |
| |
| |
| |
| |
| |
| |
| | |
* This is likely defined in several device trees, but not all
remove it from your device trees if we're going to write rules
for it here.
Change-Id: I1dda04647d36db52525a3d57b485860dfe3eeb30
|
| |
| |
| |
| |
| |
| |
| | |
* Allow apps to run the "df" command to look at disk usage.
* Allow thermal engine to check/set battery limits.
Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
|
| |
| |
| |
| |
| |
| | |
* Cyngn devices will need this.
Change-Id: I1e7528e92d0d4ed8c4029667d7ef3cf9081a6575
|
| |
| |
| |
| |
| |
| | |
We have this in qcom/sepolicy/common already.
Change-Id: Ibe6ada531f77d3ec00ff61081d21b3d36a1fe7a7
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Address:
avc: denied { write } for pid=8782 comm="su" name="su-daemon" dev="tmpfs" ino=9462
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:superuser_device:s0
tclass=sock_file permissive=0
avc: denied { connectto } for pid=6666 comm="su" path="/dev/socket/su-daemon/su-daemon"
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:sudaemon:s0
tclass=unix_stream_socket permissive=0
And thus fix su.
Change-Id: I666277067c5ff9f2a985c243075c63fd87090b27
|
| |
| |
| |
| |
| |
| | |
* Devices will need to update their configurations!
Change-Id: I22cf4ec96656b98f515cf28fef95443cf6adb397
|
| |
| |
| |
| |
| |
| |
| | |
* These are handled by the master SEPolicy now due to neverallow
exceptions which occur on non-production builds.
Change-Id: Id50d9e41e1c8b0b1f26df7921def9e7a201f49d9
|
| |
| |
| |
| |
| |
| | |
* this is already defined in external/sepolicy
Change-Id: I541b5de5bb6057f4fa3d88b6e9b9425b65f9963e
|
| |
| |
| |
| | |
Change-Id: Ibb04e967bd027c6d1118b8b471ec328c3b034d9d
|
| |
| |
| |
| |
| |
| | |
* this is a no-op now
Change-Id: I3703a9670285017ce7aec9ac20c63a6f733b8ffa
|
| |
| |
| |
| |
| |
| |
| | |
The dir's context need love, too
TICKET: CYNGNOS-1185
Change-Id: I659b3ba06079825fe850cf66858a9d98b5f61c46
|
| |
| |
| |
| |
| | |
Change-Id: I6441c00bfd173f1f3fd4c09a67c678c5bd4f8090
Issue-id: SYSTEMS-62
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Addresses denials observerd when using QuickBoot:
<4>[ 224.756971] avc: denied { set } for property=ctl.bootanim scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_bootanim_prop:s0 tclass=property_service
<3>[ 224.757094] init: sys_prop: Unable to start service ctl [bootanim] uid:1000 gid:1000 pid:6039
<4>[ 226.306456] avc: denied { set } for property=ctl.bootanim scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_bootanim_prop:s0 tclass=property_service
Change-Id: I338a0a1d5fa12c10e413769ea9638c10ed137000
|
| |
| |
| |
| |
| |
| | |
* Missed a few things when cleaning up devices.
Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* We have a number of policy items due to changes in our BSPs or for
other things which interact with the QC sepolicy. Add a place
for us to store this stuff so we don't need to copy it around to
every device.
Change-Id: I155ca202694501d42b42e2bd703d74049d547df0
|
| |
| |
| |
| | |
Change-Id: Icb0047f261861c8fae99ffa4e9053de8d3aa8c73
|
| |
| |
| |
| |
| |
| |
| | |
We need to enable our custom AppSuggestService in order to show
possible suggestions.
Change-Id: I9489723dfec315c7ff4ab414ebe88c3880876bd3
|
| |
| |
| |
| | |
Change-Id: I9d9b30da37f243f77647c6d41cf0e0159968b8e2
|
| |
| |
| |
| |
| |
| | |
* Set up persistent properties for devices with a /persist partition.
Change-Id: I78974dd4e25831338462c91fc25e36e343795510
|
| |
| |
| |
| | |
Change-Id: I4dae95dbe68c472ba3703fea588b542758ec8036
|
| |
| |
| |
| | |
Change-Id: I209245e1a3165f329ed8a17a942340d96783ca13
|
| |
| |
| |
| | |
Change-Id: I0909a5fd49e8e042293719de93ebc8fbaaa1a196
|
| |
| |
| |
| |
| |
| | |
* This is used by extremely critical things.
Change-Id: Ie529851469408adac1e081fe4f6dc5daa9002933
|
| |
| |
| |
| |
| |
| |
| | |
* Performance Settings has been removed/refactored so these are no longer neccessary.
Change-Id: I5933700815d0037735fc48f8640b37d1f350ea91
Signed-off-by: Brandon McAnsh <brandon.mcansh@gmail.com>
|
| |
| |
| |
| | |
Change-Id: Ib1f8c6d00c2a66cfd8dac2b73ccd1bd053a3a497
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change-Id: If62e6b1d2ac41730ff2a8d562173abd2cb768f93
Add cmstatusbar service to system server services context
Change-Id: I77c5de75722cc5f36a5326e3da57ab661b89d189
Build Platform resource package.
Change-Id: Id60f66b6db23989db1472a19bcb079b0083f7393
vendor/cm: Lock cm platform library/cmsdk to non-release builds.
Change-Id: I01c1c3fe559d438e28339ce426d7ba7e42724002
|
| |
| |
| |
| |
| |
| | |
Change-Id: Ib3c44c50138f5715d92addbf8df7ed591785b550
Signed-off-by: Roman Birg <roman@cyngn.com>
(cherry picked from commit 2ca5d3999b35d328f0969a264009bffe0faf889d)
|