sepolicy: Import missing TurboAdapter type #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Anushek Prasal <[email protected]>
Signed-off-by: Anushek Prasal <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]> Signed-off-by: Anushek Prasal <[email protected]>
* This will be fix OTA install problem on F2FS format type Signed-off-by: Jabiyeff <[email protected]> Signed-off-by: Pranav Vashi <[email protected]> Signed-off-by: Anushek Prasal <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]> Signed-off-by: Anushek Prasal <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]> Signed-off-by: Anushek Prasal <[email protected]>
If userdata is on f2fs and encrypted (stock config for userdata),
/cache/recovery/block.map is not created due to this denial:
05-01 13:43:47.512 6538 6538 W uncrypt : type=1400 audit(0.0:10): avc: denied { sys_admin } for capability=21 scontext=u:r:uncrypt:s0 tcontext=u:r:uncrypt:s0 tclass=capability permissive=0
Without block.map the automatic flashing of the OTA without user
interaction fails, and the user needs to manually mount data, and
flash the OTA manually.
Change-Id: I6ecb84e8b730d4c641a8bd8769043dfbfb817b83
Signed-off-by: Pranav Vashi <[email protected]>
Signed-off-by: Anushek Prasal <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]> Signed-off-by: Anushek Prasal <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]> Signed-off-by: Anushek Prasal <[email protected]>
Allows SystemUI to write the boot color sysprop Test: manual Bug: 190093578 Change-Id: I844a4dae87fe09a09ff3368c540ffab5f745d455 (cherry picked from commit 8a586e678656b6359220ef208fc237ccf3823e2c) Signed-off-by: Karan Parashar <[email protected]> Signed-off-by: Anushek Prasal <[email protected]>
Signed-off-by: jhonboy121 <[email protected]> Signed-off-by: Pranav Vashi <[email protected]> Signed-off-by: Anushek Prasal <[email protected]>
Change-Id: Iba3d327ea3036911a004505bee2e27f8fb854fb1 Signed-off-by: Anushek Prasal <[email protected]>
Change-Id: I8be569572ba99b8fabac53280f229c67d1cb893b Signed-off-by: Anushek Prasal <[email protected]>
so that it can call power HAL through binder Signed-off-by: Chenyang Zhong <[email protected]> Change-Id: Ifaf0e22436cccaaa63038fd1e5fcefa77a1d881d Signed-off-by: Anushek Prasal <[email protected]>
Signed-off-by: Chenyang Zhong <[email protected]> Change-Id: I41c4d6c30433f875cd85ed44cf0c5eea32d7647c Signed-off-by: Anushek Prasal <[email protected]>
ref: hardware/google/pixel-sepolicy/turbo_adapter/turbo_adapter.te Signed-off-by: Chenyang Zhong <[email protected]> Change-Id: I59a789348b690888273dd765b68b0bb9a9774d4f Signed-off-by: Anushek Prasal <[email protected]>
ref: hardware/google/pixel-sepolicy/flipendo/flipendo.te Signed-off-by: Chenyang Zhong <[email protected]> Change-Id: I05b37fa3c273e6c105fe413568a07a1bdb235613 Signed-off-by: Anushek Prasal <[email protected]>
On devices with prebuilt vendor, if the power HAL accesses input
device nodes to support DT2W related feature, the resulting sepolicy
may trigger following neverallow in system/sepolicy/public/app.te:
neverallow {
appdomain
-shell # bugreport
} input_device:chr_file ~getattr;
Since the vendor image and the vendor sepolicy are prebuilt,
power HAL sepolicy on such devices is often written in the following
fashion:
allow hal_power input_device:dir search;
allow hal_power input_device:chr_file rw_file_perms;
This combined with the flipendo/turbo_adapter sepolicy will give
the app(s) direct access to input device nodes, thus triggering
the neverallow. Considering that flipendo and turbo_adapter's
access to power HAL is not critical, guard the sepolicy to allow
opting out.
Signed-off-by: Chenyang Zhong <[email protected]>
Change-Id: Iac02247e2b0ac5ba5f3f464bd0b21ef41b99693b
Signed-off-by: Chenyang Zhong <[email protected]>
Signed-off-by: Anushek Prasal <[email protected]>
E SELinux : avc: denied { find } for interface=vendor.google.google_battery::IGoogleBattery sid=u:r:platform_app:s0:c512,c768 pid=2679 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_turbo_adapter_hwservice:s0 tclass=hwservice_manager permissive=0
Change-Id: I46b46e5d788152c199887fef859021d3f13bf325
Signed-off-by: Anushek Prasal <[email protected]>
ERROR 'unknown type hal_turbo_adapter_hwservice' at token ';' on line 44258: #line 1 "device/lineage/sepolicy/common/vendor/platform_app.te"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ERROR 'unknown type hal_turbo_adapter_hwservice' at token ';' on line 44258: #line 1 "device/lineage/sepolicy/common/vendor/platform_app.te"