vendor_replicant.git - vendor/replicant

	Commit message (Collapse)	Author	Age	Files	Lines
*	sepolicy: Allow uncrypt additional access	Pat Erley	2016-05-16	1	-0/+5
\| \| \| \| \| \| \|	Uncrypt may need access to additional selinux contexts for devices with created storage solutions. Change-Id: Ie90f130ff6bafdd195379f7d57504b2fce4ef830
*	cm: Extend policy for IOP	Steve Kondik	2016-05-14	1	-0/+4
\| \| \| \| \| \|	* IO prefetcher needs to dig into themes and media as well. Change-Id: I72cd7fca3a7cacf28764023a73c66e4ea8a58be5
*	cm: Add SE policy for iop service	Steve Kondik	2016-05-06	1	-0/+6
\| \| \| \|	Change-Id: I14338a03c469cd71a6d5c7fecc71eb2290b2e6c4
*	cm: Allow LiveDisplay to write to color_enhance	Zhao Wei Liew	2016-04-30	1	-0/+1
\| \| \| \| \| \| \| \| \|	The proper permissions for the color_enhance sysfs node weren't being set, rendering the color enhancement switch useless. Set the proper permissions for LiveDisplay to toggle color enhancement. Change-Id: Ic8dba8953b73a497cb01a645834c0e7934092b38
*	cm: Remove garbage from sepolicy	Steve Kondik	2016-04-30	1	-2/+2
\| \| \| \| \| \|	* Not sure how the -- got here but it causes the rules to be invalid. Change-Id: Ib17217d14f844d7aa27bb554346183e32ff5ae13
*	cm: Add CMAudioService the platform	Steve Kondik	2016-04-26	2	-0/+2
\| \| \| \| \| \|	* Also brings JNI to CMSDK Change-Id: I599964a1f9200a8d2ecdad0bb8c4d8593e6d7415
*	sepolicy: Allow recovery to mount on tmpfs	Pat Erley	2016-04-22	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	/storage is a tmpfs volume, and is where updater stores its zip when downloading updates. Devices with emmc partitions that are used as 'sdcard' volumes will end up with paths like: /storage/UUID/...../update.zip where UUID is the mount point for the partition and update.zip is the downloaded update. With this change, minivold can create the UUID folder and mount onto it, fixing the application of updates. Change-Id: I4fa84fd590f5ff0f91e38c49cef0c179728fdf43
*	cm: Moving LiveDisplay to CMSDK	Steve Kondik	2016-04-13	2	-0/+2
\| \| \| \| \| \|	* Also alphabetized the list of feature xmls, you filthy pigs. Change-Id: I094a46c313be4531c6dd1af1e007a26b2476d60e
*	cm: sepolicy: allow platform apps to execute render scripts	Matthias Yzusqui	2016-04-05	1	-0/+3
\| \| \| \| \| \| \|	* Needed by Gallery3D Photo Editor to apply effects like: Vignette and Graduated. Change-Id: I7b07a974fbdb77abbaba1c15a21e918406d2175b
*	Add Weather Content Provider [3/5]	Luis Vidal	2016-03-31	2	-1/+3
\| \| \| \| \| \| \| \| \| \|	Introduce the weather system feature, which will be used to identify if the Weather Content Provider/Weather services are available in the device. Add SELinux entries for the cmweather service Change-Id: Ibe862903095276f87f23c0d7dae54733eeeb5638
*	LLS: Add live lock screen service [3/4]	d34d	2016-03-30	2	-0/+2
\| \| \| \|	Change-Id: I9136e9c9c1413c45aa300f0c92fd69b0c409a052
*	cm: sepolicy: allow platform apps to crop user images	codeworkx	2016-03-16	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Needed for gallery3d when setting contact pics avc: denied { write } for comm=4173796E635461736B202334 path="/data/data/com.android.settings/cache/CropEditUserPhoto.jpg" dev="mmcblk0p50" ino=65849 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0 03-05 13:07:40.741 22060-22207/com.android.gallery3d W/System.errï¹• java.io.IOException: write failed: EACCES (Permission denied) Change-Id: Iaa7f75abfd41c86e1a321d5f35b950f9dc7eb930
*	Themes: Refactor themes to CMSDK [3/6]	d34d	2016-03-01	2	-0/+4
\| \| \| \| \|	Change-Id: Ia8f3a5080f2ca2cecc3474058db4970c5661c89c TICKET: CYNGNOS-2126
*	recovery: Add new rule for sys.usb.ffs.ready	AdrianDC	2016-02-23	1	-0/+3
\| \| \| \| \| \| \| \|	init: avc: denied { set } for property=sys.usb.ffs.ready scontext=u:r:recovery:s0 tcontext=u:object_r:ffs_prop:s0 tclass=property_service Change-Id: Id3441ccc3c6a8915a5fdf50efd8c617d1242868a
*	cm: sepolicy: allow kernel to read storage	FrozenCow	2016-02-20	1	-0/+2
\| \| \| \| \| \| \| \|	This fixes issues where the kernel would need to read and write files from internal or external storage. More specifically, the kernel needs these rules for USB mass storage to work correctly. Change-Id: I8cb0307727bc0c464d5470e55275ad808e748ee0
*	sepolicy: Allow system server and uncrypt access pipe	Pat Erley	2016-02-09	2	-0/+2
\| \| \| \| \| \| \| \|	System server needs to be able to create a pipe in the cache partition for uncrypting OTAs. Uncrypt needs to be able to read and write the pipe. Change-Id: Ie03ee7d637eaecff8fe38bf03dc733b3915cd336
*	recovery: Add new rules for recursive wipe	Pat Erley	2016-01-28	1	-0/+4
\| \| \| \| \| \| \|	We now use a temporary context when mounting /data, so add permissions to do that, and add permissions necessary to do the recursive wipe. Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321
*	Grant platform apps access to /mnt/media_rw with sdcard_posix label	Jani Lusikka	2016-01-24	2	-0/+9
\| \| \| \| \| \| \| \| \|	Also allow apps to read the contents of mounted OBBs. See AOSP Change-Id: I66df236eade3ca25a10749dd43d173ff4628cfad and Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa Change-Id: I757a2a8831c69d41c0496025a39eaf79ceb0e65f
*	sepolicy: Add perfprofd with set_prop macro	myfluxi	2016-01-12	1	-0/+5
\| \| \| \| \| \| \| \|	Addresses: avc: denied { write } for pid=293 comm="perfprofd" name="property_service" dev="tmpfs" ino=9229 scontext=u:r:perfprofd:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Change-Id: I5a88722eda4d0751fd9a081c434d385ac1c785ef
*	sepolicy: Allow minivold execute_no_trans	Matt Mower	2016-01-02	1	-0/+1
\| \| \| \| \| \| \| \|	After assimilating minivold into /sbin/recovery, we need to allow the minivold service (a symlink to the recovery binary) to transition from the recovery to the vold domain. Change-Id: I112e6d371a8da8fc55a06967852c869105190616
*	cm: sepolicy: fix denials for external storage	codeworkx	2016-01-01	4	-0/+11
\| \| \| \|	Change-Id: I784a859671c69370cab0118a88a5fb0190352af9
*	sepolicy: label exfat and ntfs mkfs executables	codeworkx	2015-12-29	1	-1/+3
\| \| \| \|	Change-Id: Ic5e32818bc54993f4e8c2377cbec64f9444f6d8a
*	sepolicy: Set the context for fsck.exfat/ntfs to fsck_exec	dhacker29	2015-12-17	1	-0/+4
\| \| \| \| \| \| \|	This matches the policy for fsck.f2fs, although it still needs to run as fsck_untrusted for public volumes Change-Id: Ia04e7f8902e53a9926a87f0c99e603611cc39c5d
*	SELinux: Use custom ADB over network property	Ethan Chen	2015-12-16	3	-3/+1
\| \| \| \| \| \| \|	* Use a custom system property to trigger the real one, so we avoid running afoul of any SELinux CTS requirements. Change-Id: If5e7a275f492631a673284408f1e430a12358380
*	sepolicy: Add permission for formatting user/cache partition	Keith Mok	2015-12-16	1	-0/+4
\| \| \| \| \| \| \|	If the "formattable" fstab flag is set, init will tries to format that partition, added the required policy to allow it. Change-Id: I858b06aa3ff3ce775cf7676b09b9960f2558f7f6
*	sepolicy: Add domain for mkfs binaries	Keith Mok	2015-12-16	2	-0/+12
\| \| \| \| \| \| \| \| \|	The init binary must transition to another domain when calling out to executables. Create the mkfs domain for mkfs.f2fs such that init can transition to it when formatting userdata/cache partitions if the "formattable" flag is set. Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
*	sepolicy: Allow adb pull of executables without root	Steve Kondik	2015-11-29	1	-0/+14
\| \| \| \| \| \|	* Because we aren't actually jerks, contrary to popular belief. Change-Id: Ie39cce65ecc6a2861547865ff554b108b8b534fa
*	sepolicy: qcom: Allow reading PSU sysfs by system_server	Diogo Ferreira	2015-11-27	1	-0/+4
\| \| \| \| \| \| \| \| \|	BatteryService queries the usb state to check whether the usb type is HVDCP. This patch adds a rule to allow that. For more context check BatteryService#Led#isHvdcpPresent. Change-Id: Ifacf13dde4b1df81c92bf5d92196e504e61dd402
*	sepolicy: Allow recovery to create links in the rootfs	Steve Kondik	2015-11-26	1	-0/+1
\| \| \| \| \| \|	* Needed to support vold and other new code. Change-Id: I25a0b1cc6461eced7112dd4b3974a71423f7957b
*	sepolicy: Rule for CM's perfd extension	Steve Kondik	2015-11-23	1	-0/+2
\| \| \| \| \| \| \| \| \| \|	Manual apply and refactor of cm-12.1 patch: e04329df88211264e7a9c8f1d6b87a16d8d5639b Use the unix_socket_connect macro and switch to the new perfd domain. Change-Id: Ibb83220b32bad7805653140751c978e629f87ffb
*	sepolicy: fix denial for sudaemon	codeworkx	2015-11-22	1	-0/+1
\| \| \| \| \| \|	fixes root access for apps Change-Id: Iff443bf4cbea817917da72bbfc58f9fe42acceb5
*	sepolicy: add persist_block_device type	Dan Pasanen	2015-11-17	1	-0/+1
\| \| \| \| \| \| \| \|	* This is likely defined in several device trees, but not all remove it from your device trees if we're going to write rules for it here. Change-Id: I1dda04647d36db52525a3d57b485860dfe3eeb30
*	sepolicy: Remove some denials	Steve Kondik	2015-11-16	3	-0/+10
\| \| \| \| \| \| \|	* Allow apps to run the "df" command to look at disk usage. * Allow thermal engine to check/set battery limits. Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
*	sepolicy: Add policy for thermal engine changes	Steve Kondik	2015-11-14	1	-0/+4
\| \| \| \| \| \|	* Cyngn devices will need this. Change-Id: I1e7528e92d0d4ed8c4029667d7ef3cf9081a6575
*	sepolicy: qcom: Remove duplicate entry	myfluxi	2015-11-10	1	-1/+0
\| \| \| \| \| \|	We have this in qcom/sepolicy/common already. Change-Id: Ibe6ada531f77d3ec00ff61081d21b3d36a1fe7a7
*	sepolicy: Make superuser_device and sudaemon mlstrustedobjects	myfluxi	2015-11-05	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Address: avc: denied { write } for pid=8782 comm="su" name="su-daemon" dev="tmpfs" ino=9462 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:superuser_device:s0 tclass=sock_file permissive=0 avc: denied { connectto } for pid=6666 comm="su" path="/dev/socket/su-daemon/su-daemon" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:sudaemon:s0 tclass=unix_stream_socket permissive=0 And thus fix su. Change-Id: I666277067c5ff9f2a985c243075c63fd87090b27
*	perf: Moving PerformanceManager to CMSDK	Steve Kondik	2015-11-03	2	-0/+2
\| \| \| \| \| \|	* Devices will need to update their configurations! Change-Id: I22cf4ec96656b98f515cf28fef95443cf6adb397
*	cm: Remove duplicate SEPolicy items	Steve Kondik	2015-10-31	1	-4/+0
\| \| \| \| \| \| \|	* These are handled by the master SEPolicy now due to neverallow exceptions which occur on non-production builds. Change-Id: Id50d9e41e1c8b0b1f26df7921def9e7a201f49d9
*	sepolicy: remove sudaemon type declaration	Dan Pasanen	2015-10-17	1	-2/+0
\| \| \| \| \| \|	* this is already defined in external/sepolicy Change-Id: I541b5de5bb6057f4fa3d88b6e9b9425b65f9963e
*	vendor/cm: Fix up service contexts for sepolicy.	Adnan Begovic	2015-10-16	3	-12/+20
\| \| \| \|	Change-Id: Ibb04e967bd027c6d1118b8b471ec328c3b034d9d
*	sepolicy: remove BOARD_SEPOLICY_UNION	Dan Pasanen	2015-10-07	1	-33/+0
\| \| \| \| \| \|	* this is a no-op now Change-Id: I3703a9670285017ce7aec9ac20c63a6f733b8ffa
*	sepolicy: Underp the context for persistent storage	Ricardo Cerqueira	2015-10-05	1	-1/+1
\| \| \| \| \| \| \|	The dir's context need love, too TICKET: CYNGNOS-1185 Change-Id: I659b3ba06079825fe850cf66858a9d98b5f61c46
*	sepolicy: allow vold to trim persist	Ed Falk	2015-09-30	1	-0/+1
\| \| \| \| \|	Change-Id: I6441c00bfd173f1f3fd4c09a67c678c5bd4f8090 Issue-id: SYSTEMS-62
*	sepolicy: Allow system app to set boot anim property	myfluxi	2015-09-21	1	-0/+3
\| \| \| \| \| \| \| \| \| \|	Addresses denials observerd when using QuickBoot: <4>[ 224.756971] avc: denied { set } for property=ctl.bootanim scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_bootanim_prop:s0 tclass=property_service <3>[ 224.757094] init: sys_prop: Unable to start service ctl [bootanim] uid:1000 gid:1000 pid:6039 <4>[ 226.306456] avc: denied { set } for property=ctl.bootanim scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_bootanim_prop:s0 tclass=property_service Change-Id: I338a0a1d5fa12c10e413769ea9638c10ed137000
*	cm: Fix a few denials	Steve Kondik	2015-09-19	3	-0/+12
\| \| \| \| \| \|	* Missed a few things when cleaning up devices. Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63
*	cm: sepolicy: Create central place for QC-specific policy	Steve Kondik	2015-09-15	4	-0/+17
\| \| \| \| \| \| \| \| \|	* We have a number of policy items due to changes in our BSPs or for other things which interact with the QC sepolicy. Add a place for us to store this stuff so we don't need to copy it around to every device. Change-Id: I155ca202694501d42b42e2bd703d74049d547df0
*	cm: sepolicy: Create standard policy for LiveDisplay	Steve Kondik	2015-09-15	4	-0/+12
\| \| \| \|	Change-Id: Icb0047f261861c8fae99ffa4e9053de8d3aa8c73
*	Enable The AppSuggestService	herriojr	2015-09-14	1	-0/+1
\| \| \| \| \| \| \|	We need to enable our custom AppSuggestService in order to show possible suggestions. Change-Id: I9489723dfec315c7ff4ab414ebe88c3880876bd3
*	vendor/cm: cmsettings -> cmpartnerinterface	Adnan Begovic	2015-09-09	1	-1/+1
\| \| \| \|	Change-Id: I9d9b30da37f243f77647c6d41cf0e0159968b8e2
*	cm: SELinux policy for persistent properties API	Steve Kondik	2015-09-09	3	-0/+10
\| \| \| \| \| \|	* Set up persistent properties for devices with a /persist partition. Change-Id: I78974dd4e25831338462c91fc25e36e343795510