ADHOC/replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity
2,368 Commits 2 Branches 0 Tags 430 MiB
e2f23f0e91
Commit Graph

74 Commits

Author SHA1 Message Date
Steve Kondik
e2f23f0e91 cm: Fix a few denials 
* Missed a few things when cleaning up devices.

Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63
 2015-09-19 22:49:20 -07:00
Steve Kondik
b5c2cf0408 cm: sepolicy: Create central place for QC-specific policy 
* We have a number of policy items due to changes in our BSPs or for
   other things which interact with the QC sepolicy. Add a place
   for us to store this stuff so we don't need to copy it around to
   every device.

Change-Id: I155ca202694501d42b42e2bd703d74049d547df0
 2015-09-15 15:31:38 -07:00
Steve Kondik
b5dbbdf9cb cm: sepolicy: Create standard policy for LiveDisplay 
Change-Id: Icb0047f261861c8fae99ffa4e9053de8d3aa8c73
 2015-09-15 15:31:19 -07:00
herriojr
c6d40c01f7 Enable The AppSuggestService 
We need to enable our custom AppSuggestService in order to show
possible suggestions.

Change-Id: I9489723dfec315c7ff4ab414ebe88c3880876bd3
 2015-09-14 10:25:22 -07:00
Adnan Begovic
c37c2313cf vendor/cm: cmsettings -> cmpartnerinterface 
Change-Id: I9d9b30da37f243f77647c6d41cf0e0159968b8e2
 2015-09-09 17:51:27 -07:00
Steve Kondik
a385501738 cm: SELinux policy for persistent properties API 
* Set up persistent properties for devices with a /persist partition.

Change-Id: I78974dd4e25831338462c91fc25e36e343795510
 2015-09-09 11:53:23 -07:00
Steve Kondik
587a3cff83 cm: Moving CMHW to CMSDK 
Change-Id: I4dae95dbe68c472ba3703fea588b542758ec8036
 2015-08-19 05:30:59 -07:00
Joao Figueiredo
d0f6b187ae cmsdk: Dual SIM support on CM SDK 
Change-Id: I209245e1a3165f329ed8a17a942340d96783ca13
 2015-08-07 01:32:30 +01:00
Matt Garnes
874defe2bc Add SettingsManagerService from cmsdk as a system service. 
Change-Id: I0909a5fd49e8e042293719de93ebc8fbaaa1a196
 2015-08-06 16:18:06 -07:00
Steve Kondik
74891faea9 sepolicy: Allow recovery to set system properties 
* This is used by extremely critical things.

Change-Id: Ie529851469408adac1e081fe4f6dc5daa9002933
 2015-08-05 17:54:33 -07:00
Brandon McAnsh
f208523054 sepolicy: system_app: Remove performace setting related entries 
* Performance Settings has been removed/refactored so these are no longer neccessary.

Change-Id: I5933700815d0037735fc48f8640b37d1f350ea91
Signed-off-by: Brandon McAnsh <brandon.mcansh@gmail.com>
 2015-07-14 13:17:01 -07:00
Adnan Begovic
4c4e428da8 vendor/cm: overlay start for ProfileService in external framework. 
Change-Id: Ib1f8c6d00c2a66cfd8dac2b73ccd1bd053a3a497
 2015-06-29 14:39:24 -07:00
Adnan Begovic
b53c503fee Build CM Platform Library 
Change-Id: If62e6b1d2ac41730ff2a8d562173abd2cb768f93

Add cmstatusbar service to system server services context

Change-Id: I77c5de75722cc5f36a5326e3da57ab661b89d189

Build Platform resource package.

Change-Id: Id60f66b6db23989db1472a19bcb079b0083f7393

vendor/cm: Lock cm platform library/cmsdk to non-release builds.

Change-Id: I01c1c3fe559d438e28339ce426d7ba7e42724002
 2015-05-12 17:45:07 -07:00
Roman Birg
785c50ad3f vendor: add sepolicy entry for killswitch service 
Change-Id: Ib3c44c50138f5715d92addbf8df7ed591785b550
Signed-off-by: Roman Birg <roman@cyngn.com>
(cherry picked from commit 2ca5d3999b35d328f0969a264009bffe0faf889d)
 2015-04-20 18:46:23 +00:00
Emerson Pinter
dc699fb190 sepolicy: Permissions for userinit 
Change-Id: Icaf9d191841a6214925729e40d84a61a2ebf2296
 2015-03-17 12:12:59 +00:00
Tom Marshall
b4bf950060 sepolicy: recovery: Allow data file write 
Needed to preserve /data/.layout_version (aka nesting bug fix).

Change-Id: Iaae982223e80ad10479cf1ca3db09da7ada5663e
 2015-03-10 03:36:03 +00:00
Scott Mertz
69c2e7f721 [3/3] CmHardwareService: add sepolicy 
Change-Id: I551f61f40225a679593e94dbd47bb2fb0025da7e
 2015-03-07 00:53:36 +00:00
dhacker29
c552843f1a sepolicy: Allow CMUpdater/uncrypt access to recovery_cache_file 
Change-Id: I514d128160ed4e04564077d7a2e2ad297af92e28
 2015-02-21 17:21:47 -05:00
Christopher R. Palmer
da48ab89ac sepolicy: Allow vold to create tmpfs files for asec containers 
Change-Id: Ic8f1641928840774204099453b74dc1b52b3c6f8
 2015-02-19 10:55:07 -05:00
Brint E. Kriebel
ac15eaedf9 sepolicy: Allow system apps to write cache and media files 
Updaters need to be able to read and write to these locations.

Change-Id: I928a5f73ec29ab4fecb717072532d449192f3ca9
 2015-02-17 17:36:37 -08:00
dhacker29
b4878d4cf1 sepolicy: Fix denails for flash_recovery service 
Needed when option is checked to update cm recovery

Change-Id: I0b2fbfd7c141ae03ce14b9afeffd3a027d791c80
 2015-02-15 15:03:32 -05:00
Ricardo Cerqueira
c75446d072 sepolicy: Split off /cache/recovery's permissions 
/cache/recovery is used by 2 domains: recovery and updater apps. Separate
its perms from the rest of /cache and grant them to those 2 clients

Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf
 2015-02-11 19:44:43 +00:00
Georg Veichtlbauer
2ccd36c73f sepolicy: allow userinit to set its property 
Change-Id: I9d8270d889566d169077a1b1fdaee43059d11ee1
 2015-02-09 21:03:35 +00:00
Adam Farden
7b865eb046 sepolicy: actually include mediaserver.te 
Added in patch e9c2de0679 but not included

Change-Id: I2ae901a7c80fceb33dba2ed4122d2aa47bff5a51
 2015-02-04 02:55:18 +00:00
Roman Birg
c71cc6c4a8 cm: add torch service sepolicy entry 
Change-Id: I6e6feae5fe6b4092c137ee2337c4a15b390df45e
Signed-off-by: Roman Birg <roman@cyngn.com>
 2015-02-02 21:20:38 +00:00
Steve Kondik
998f53679b sepolicy: Let drmserver scan themes 
Change-Id: I7675b302723ef8700067ae9ef237daf6346a6627
 2015-01-25 11:02:24 -08:00
Steve Kondik
77cabf5188 sepolicy: Fix policy for keyhandler 
Change-Id: I2860f469480b082511e30530aed8a9027e9fe4b9
 2015-01-25 10:51:23 -08:00
dhacker29
381a6501fa sepolicy: Allow cmupdater/uncrypt access to media_rw_data_file 
Change-Id: I800584af2919e3397b19d229fc28ad50cc4b2730
 2015-01-24 22:45:15 +00:00
Steve Kondik
c6eb71e57a cm: sepolicy: Allow use of dexclassloader by systemserver 
* Needed for custom keyhandler.

Change-Id: Ifa57ad81951f9e1009eb291726cd8dfe36a3482e
 2015-01-22 19:57:12 +00:00
Matt Mower
2806bc4f0c sepolicy: Additional filesystem perms for recovery 
Change-Id: I66c785de7256ea64302a258af7c33cb717530343
 2015-01-16 14:36:24 +00:00
Clark Scheff
e9c2de0679 sepolicy: Apps need to read themed resources 
Assets such as composed icons and ringtones need to be accessed
by apps.  This patch adds the policy needed to facilitate this.

Change-Id: If47920b2cc5dbafe8d71a621782bb4a3351bd68c
 2015-01-14 15:55:41 +00:00
Dan Pasanen
afbfad59d6 sepolicy: new label for io scheduler sysfs nodes 
* needed for io scheduler in performance settings

Change-Id: I818340ed62e3e1dd2674b93340b31723c7a985f4
 2015-01-13 22:34:16 +00:00
Ricardo Cerqueira
a7dfa18fd5 sepolicy: Add policies for the new superuser sockets. 
Change-Id: Ia3e1044616bee95eb4774254fb098487d983b5db
 2015-01-04 01:16:25 +00:00
Pawit Pornkitprasan
24a971ad42 cm: sepolicy: fix performance settings 
Change-Id: Idea17856b4aef9258688a3ad58d0e5cac6d805a6
 2015-01-03 07:57:44 +00:00
Ricardo Cerqueira
c738cc26ca selinux: Allow recovery to do recursive deletes 
Our partial wipes (preserving media) require that recovery can
rmdir dirs and getattr files

Change-Id: I206f74131f9a37c5887ef30062adeabb58beaa3a
 2015-01-03 04:23:08 +00:00
Konsta
444ce4a6b1 cm: Remove KSM permissions 
CM12 doesn't have a KSM setting in performance settings anymore.
KSM should be configured and enabled on device basis.

Change-Id: I98a0cbe1b01a659eb28bcd459be55d78a88bda86
 2015-01-01 00:40:37 +00:00
Matt Mower
038fba3cca sepolicy: remove stray + in type statement 
Change-Id: Ic34c9ae32658541064a63153612145c6fd3d55b3
 2014-12-22 15:21:57 +00:00
Andy Mast
f274019100 selinux: New rw privileges for themes 
- New theme_data_file context for files under /data/system/theme
- Permit systemserver to create files/dirs under /data/resource-cache
- Permit systemserver to create files/dirs under /data/system/theme

Change-Id: Id597fc20b477ea395a8631623f26a7edde280799
 2014-12-19 10:35:48 -08:00
Dan Pasanen
e33cc1d37d sepolicy: allow recovery read access to /data/media/ files and dirs 
Change-Id: I41173d72e86f9cf4d79f7c46166eeb71dc19d2f4
 2014-12-14 10:44:53 -06:00
Ricardo Cerqueira
ebc1c942e7 selinux: Downgrade CMFM's domain 
the filemanager doesn't need to be in platform_app. Put it in untrusted_app,
especially since it's a possible su client

Change-Id: I164853f2c8721d86b5b90677cb33032a3b491ff5
 2014-12-13 02:44:52 +00:00
Tom Marshall
d553a9f8b5 cm: sepolicy: Remove vold external sdcard rules, moved to main sepolicy 
Change-Id: I67756bad2c6e1361ecc0052003f2b4e5e4dbb007
 2014-12-13 02:13:52 +00:00
Andy Mast
03555ad053 Sepolicy: Add theme service as system service 
Change-Id: Idfb690be5d35c03610165b914c0a3f2260e68956
 2014-12-12 01:00:34 +00:00
Roman Birg
20114d672c cm: add sepolicy entry for lockscreen wallpaper 
Change-Id: Ie779392ab8118d192873a01ec5c7de3e5938ed17
Signed-off-by: Roman Birg <roman@cyngn.com>
 2014-12-11 18:17:04 +00:00
Ricardo Cerqueira
4df29e013d selinux: Workaround for devices with PR_SET_NO_NEW_PRIVS enforcement 
PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process,
unless the new domain is bounded by the app's context. So we can't
switch to a domain that has perms not available to untrusted_app :(

This means any app can talk to the daemon, bypassing the su executable
client. That's not a good thing, and needs to be resolved.

Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2
 2014-12-10 20:38:34 +00:00
Ricardo Cerqueira
7cd698341f Revert "SELinux: su: update policies" 
This reverts commit 04fd9192b0.

Change-Id: I69e51fb6c151a48972cf81947c1c59c6f26f60e9
 2014-12-10 17:19:14 +00:00
Steve Kondik
06ec5853f3 sepolicy: More rules for recovery 
Change-Id: Ie50c04eb83cb9c62f679a1c1aa2ac482af159f7e
 2014-12-09 22:20:14 +00:00
Pawit Pornkitprasan
04fd9192b0 SELinux: su: update policies 
- Integrate policies from domain.te (fixes ES File Manager which uses unix socket)
- Allow platform_app to use su (fixes CM File Manager)

Change-Id: I39dd55e63b44590575bbe6d889c8d77141ba8545
 2014-12-08 05:43:14 +00:00
Diogo Ferreira
5c9f9efba6 sepolicy: Fix permissions for service.adb.tcp.port 
This makes the rule more specific by overriding the upstream sepolicy.
Also adds the adbd context which is necessary for "adb tcpip".

Change-Id: Ia17eb56fc1682ab248764329e88eebd2a4075c97
 2014-12-01 20:36:13 +00:00
Pawit Pornkitprasan
e815923b0d vendor: add policies for netd 
Required due to CAF's abc9c0f4fe574ee9847f118e5d2ae8c530bac650 in
system/netd

Fixes showing how many devices are connected to the tethered hotspot

Change-Id: I1d83f7ac0b28efa6973e0baf429de2a398c471e3
 2014-11-29 23:33:52 -08:00
Chirayu Desai
9e0dba30b7 SELinux: su: Remove extra quote in a comment 
* Fixes
  vendor/cm/sepolicy/su.te:46:WARNING 'unrecognized character' at token '''

Change-Id: I3957ba7ac05062766cbf6c8f3c3975f20c95532e
 2014-11-30 03:05:41 +00:00