* Upstream policy showed up in AOSP this morning. Dropping
ours in favor of AOSP.
Revert "sepolicy: A few more denials"
This reverts commit 522c421f66.
Revert "sepolicy: More policy for sdcardfs"
This reverts commit 4a24ffeb6a.
Revert "sepolicy: Add sdcardfs support"
This reverts commit ba87877dd0.
Change-Id: I4f066b9bd5d8c899137fcaa12999f2547f9e0ec0
Uncrypt may need access to additional selinux contexts for devices
with created storage solutions.
Change-Id: Ie90f130ff6bafdd195379f7d57504b2fce4ef830
The proper permissions for the color_enhance sysfs node weren't
being set, rendering the color enhancement switch useless.
Set the proper permissions for LiveDisplay to toggle color enhancement.
Change-Id: Ic8dba8953b73a497cb01a645834c0e7934092b38
/storage is a tmpfs volume, and is where updater stores its zip
when downloading updates. Devices with emmc partitions that are
used as 'sdcard' volumes will end up with paths like:
/storage/UUID/...../update.zip
where UUID is the mount point for the partition and update.zip is
the downloaded update. With this change, minivold can create the
UUID folder and mount onto it, fixing the application of updates.
Change-Id: I4fa84fd590f5ff0f91e38c49cef0c179728fdf43
Introduce the weather system feature, which will be used to
identify if the Weather Content Provider/Weather services are
available in the device.
Add SELinux entries for the cmweather service
Change-Id: Ibe862903095276f87f23c0d7dae54733eeeb5638
This fixes issues where the kernel would need to read and write
files from internal or external storage. More specifically, the
kernel needs these rules for USB mass storage to work correctly.
Change-Id: I8cb0307727bc0c464d5470e55275ad808e748ee0
System server needs to be able to create a pipe in the cache partition
for uncrypting OTAs. Uncrypt needs to be able to read and write the
pipe.
Change-Id: Ie03ee7d637eaecff8fe38bf03dc733b3915cd336
We now use a temporary context when mounting /data, so add permissions
to do that, and add permissions necessary to do the recursive wipe.
Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321
Also allow apps to read the contents of mounted OBBs.
See AOSP Change-Id: I66df236eade3ca25a10749dd43d173ff4628cfad
and Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa
Change-Id: I757a2a8831c69d41c0496025a39eaf79ceb0e65f
After assimilating minivold into /sbin/recovery, we need to allow the
minivold service (a symlink to the recovery binary) to transition from
the recovery to the vold domain.
Change-Id: I112e6d371a8da8fc55a06967852c869105190616
This matches the policy for fsck.f2fs, although it still needs to run
as fsck_untrusted for public volumes
Change-Id: Ia04e7f8902e53a9926a87f0c99e603611cc39c5d
* Use a custom system property to trigger the real one, so we avoid
running afoul of any SELinux CTS requirements.
Change-Id: If5e7a275f492631a673284408f1e430a12358380
If the "formattable" fstab flag is set, init will tries
to format that partition, added the required policy to allow it.
Change-Id: I858b06aa3ff3ce775cf7676b09b9960f2558f7f6
The init binary must transition to another domain when calling out to
executables. Create the mkfs domain for mkfs.f2fs such that init can
transition to it when formatting userdata/cache partitions if the
"formattable" flag is set.
Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
BatteryService queries the usb state to check whether the usb type
is HVDCP. This patch adds a rule to allow that.
For more context check BatteryService#Led#isHvdcpPresent.
Change-Id: Ifacf13dde4b1df81c92bf5d92196e504e61dd402
Manual apply and refactor of cm-12.1 patch:
e04329df88211264e7a9c8f1d6b87a16d8d5639b
Use the unix_socket_connect macro and switch to the new
perfd domain.
Change-Id: Ibb83220b32bad7805653140751c978e629f87ffb
* This is likely defined in several device trees, but not all
remove it from your device trees if we're going to write rules
for it here.
Change-Id: I1dda04647d36db52525a3d57b485860dfe3eeb30
* Allow apps to run the "df" command to look at disk usage.
* Allow thermal engine to check/set battery limits.
Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
* These are handled by the master SEPolicy now due to neverallow
exceptions which occur on non-production builds.
Change-Id: Id50d9e41e1c8b0b1f26df7921def9e7a201f49d9