forked from skritchz/android_device_motorola_surnia
-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from ramsudharsan/cm-12.1
surnia: SELinux is now 'Enforcing'
- Loading branch information
Showing
10 changed files
with
64 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# Bluetooth executables and scripts | ||
type bluetooth_loader, domain; | ||
type bluetooth_loader_exec, exec_type, file_type; | ||
|
||
# Start bdAddrLoader from init | ||
init_daemon_domain(bluetooth_loader) | ||
|
||
# Run init.qcom.bt.sh | ||
allow bluetooth_loader shell_exec:file { entrypoint read }; | ||
allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans }; | ||
|
||
# init.qcom.bt.sh needs /system/bin/log access | ||
allow bluetooth_loader devpts:chr_file rw_file_perms; | ||
|
||
# Run hci_qcomm_init from init.qcom.bt.sh | ||
domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach) | ||
allow hci_attach bluetooth_loader:fd use; | ||
|
||
# Read mac address from persist partition | ||
allow bluetooth_loader persist_file:dir search; | ||
r_dir_file(bluetooth_loader, bluetooth_data_file) | ||
allow bluetooth_loader self:capability { dac_override dac_read_search chown }; | ||
|
||
# It may write a random mac here | ||
allow bluetooth_loader persist_file:dir { add_name write }; | ||
allow bluetooth_loader persist_file:file { create_file_perms }; | ||
|
||
# Talk to init over the property socket | ||
unix_socket_connect(bluetooth_loader, property, init) | ||
# Set persist.service.bdroid.* and bluetooth.* property values | ||
allow bluetooth_loader bluetooth_prop:property_service set; | ||
|
||
# Allow getprop/setprop for init.qcom.bt.sh | ||
allow bluetooth_loader system_file:file execute_no_trans; | ||
|
||
# Access the smd device | ||
allow bluetooth_loader hci_attach_dev:chr_file rw_file_perms; | ||
|
||
# And qmuxd | ||
allow bluetooth_loader qmuxd_socket:dir { write add_name remove_name search }; | ||
allow bluetooth_loader qmuxd_socket:sock_file { create setattr getattr write unlink }; | ||
allow bluetooth_loader qmuxd:unix_stream_socket { connectto }; | ||
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
allow bootanim mpctl_socket:dir search; | ||
unix_socket_send(bootanim, mpctl, perfd) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
allow healthd rtc_device:chr_file rw_file_perms; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
allow perfd sysfs_devices_system_iosched:file rw_file_perms; | ||
unix_socket_connect(perfd, thermal, thermal-engine) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,5 @@ | ||
# Motorola service properties | ||
persist.atvc u:object_r:atvc_prop:s0 | ||
|
||
qualcomm.bluetooth. u:object_r:bluetooth_prop:s0 | ||
qualcomm.bt. u:object_r:bluetooth_prop:s0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
allow tee system_prop:property_service set; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# secure display | ||
allow surfaceflinger persist_file:dir r_dir_perms; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
allow wcnss_service persist_file:dir search; |
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any bugs left for surnia?
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only the led notification which only works when you are plugged on the USB? but since the stock rom doesn't have led notification we could consider it not a bug
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CDMA is now working in LTE but still a bit unstable
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sensor policies are missing.. In the latest build, the sensors don't work..
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to test this: https://github.com/ramsudharsan/android_device_qcom_sepolicy/commit/eec279381b8bf0d5c044eabbda58909473567d7f
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
right @ramsudharsan , i'm compiling one local build and will test what works and what doesn't .
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have already compiled a build now.. Will test and report the result
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@percy-g2 sensor bug still exists! I tried setting selinux back to permissive but still the bug exists. I request you to revert this commit until we find a way to fix that. And I find lots of errors related to wifi driver 'prima' in dmesg! I guess it needs some work too!
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@percy-g2 Someone just replied the fix works
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought it worked without testing properly, but it doesn't seem to work actually. Sensors remained broken. I've gone back to permissive SELinux for now in my tree.
ac1b25f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found the issue. I'll push the changes to the server soon.