-From 1de70b8ad770aee39a1d6f3f7760c03758a7b989 Mon Sep 17 00:00:00 2001
+From 7a3a1b4c7662de47c1c6fd73fdfb65d806f4dc5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Kongstad?= <marten.kongstad@sonymobile.com>
Date: Mon, 22 Jun 2015 09:31:25 +0200
-Subject: [PATCH 01/13] OMS7-N: Add service 'overlay' to service_contexts
+Subject: [PATCH 01/14] OMS7-N: Add service 'overlay' to service_contexts
The 'overlay' service is the Overlay Manager Service, which tracks
packages and their Runtime Resource Overlay overlay packages.
permission u:object_r:permission_service:s0
persistent_data_block u:object_r:persistent_data_block_service:s0
diff --git a/system_server.te b/system_server.te
-index 03a7ef3..3ca8182 100644
+index db59b65..2b93dc2 100644
--- a/system_server.te
+++ b/system_server.te
-@@ -441,6 +441,7 @@ allow system_server mediacodec_service:service_manager find;
+@@ -438,6 +438,7 @@ allow system_server mediacodec_service:service_manager find;
allow system_server mediadrmserver_service:service_manager find;
allow system_server netd_service:service_manager find;
allow system_server nfc_service:service_manager find;
allow system_server system_server_service:service_manager { add find };
allow system_server surfaceflinger_service:service_manager find;
--
-2.9.4
+2.13.3
-From f3023ad17cc9aab41336d0c3c483033e2762ffdf Mon Sep 17 00:00:00 2001
+From 86a72c0ad0b24e67747d1db5ea8f8444df3a3c3e Mon Sep 17 00:00:00 2001
From: d34d <clark@cyngn.com>
Date: Wed, 4 Jan 2017 10:29:34 -0800
-Subject: [PATCH 02/13] Introduce sepolicy exceptions for theme assets
+Subject: [PATCH 02/14] Introduce sepolicy exceptions for theme assets
Assets such as composed icons and ringtones need to be accessed
by apps. This patch adds the policy needed to facilitate this.
+allow zygote theme_data_file:file r_file_perms;
+allow zygote theme_data_file:dir r_dir_perms;
--
-2.9.4
+2.13.3
-From da9c8f029beadf84bbdc9be179409ea2ca9ddec4 Mon Sep 17 00:00:00 2001
+From 7658d60b71812f1891d6502ca13bf775e4ae1e83 Mon Sep 17 00:00:00 2001
From: bigrushdog <randall.rushing@gmail.com>
Date: Wed, 4 Jan 2017 10:31:29 -0800
-Subject: [PATCH 03/13] sepolicy: fix themed boot animation
+Subject: [PATCH 03/14] sepolicy: fix themed boot animation
W BootAnimation: type=1400 audit(0.0:42): avc: denied { open } for uid=1003 path="/data/system/theme/bootanimation.zip" dev="mmcblk0p42" ino=1657697 scontext=u:r:bootanim:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
allow bootanim theme_data_file:file r_file_perms;
+allow bootanim system_data_file:file open;
--
-2.9.4
+2.13.3
-From 39d41be24e718c928a9ca7e21b103913f78ea6ac Mon Sep 17 00:00:00 2001
+From efd61bf6d988b2ca29f819255a347072e0e14352 Mon Sep 17 00:00:00 2001
From: George G <kreach3r@users.noreply.github.com>
Date: Wed, 8 Feb 2017 17:22:44 +0200
-Subject: [PATCH 04/13] sepolicy: fix themed sounds
+Subject: [PATCH 04/14] sepolicy: fix themed sounds
02-08 17:26:48.011 18259-18259/? W/SoundPoolThread: type=1400 audit(0.0:31): avc: denied { read } for path="/data/system/theme/audio/ui/Lock.ogg" dev="dm-0" ino=1006317 scontext=u:r:drmserver:s0 tcontext=u:object_r:theme_data_file:s0 tclass=file permissive=0
+allow drmserver theme_data_file:dir r_dir_perms;
+allow drmserver theme_data_file:file r_file_perms;
--
-2.9.4
+2.13.3
-From db29bf3d87f10c7c857ce15f1d33793b21aee8b7 Mon Sep 17 00:00:00 2001
+From ffe4b9c368131f89cbece02a0c9db0e6b62a51c9 Mon Sep 17 00:00:00 2001
From: Surge1223 <surge1223@gmail.com>
Date: Sat, 18 Feb 2017 08:46:15 -0600
-Subject: [PATCH 05/13] initial policy edits for masquerade to operate rootless
+Subject: [PATCH 05/14] initial policy edits for masquerade to operate rootless
Change-Id: Iddfc408f206033772b9d49d335ca94e63b5e5210
---
### neverallow rules
###
--
-2.9.4
+2.13.3
-From 20435b01f61fa357c6f2e52fe49a72ac351386bd Mon Sep 17 00:00:00 2001
+From e03e35800d27eef723d03407d45596ddbc1a6a39 Mon Sep 17 00:00:00 2001
From: Surge1223 <surge1223@gmail.com>
Date: Tue, 21 Feb 2017 12:28:05 -0600
-Subject: [PATCH 06/13] sepolicy: rename masquerade domain and allow JobService
+Subject: [PATCH 06/14] sepolicy: rename masquerade domain and allow JobService
in system_server
This attempts to address the issue of JobService being unable to process
media.audio_policy u:object_r:audioserver_service:s0
media.camera u:object_r:cameraserver_service:s0
diff --git a/system_server.te b/system_server.te
-index 3ca8182..5e2a3a8 100644
+index 2b93dc2..32a9600 100644
--- a/system_server.te
+++ b/system_server.te
-@@ -435,6 +435,7 @@ allow system_server batteryproperties_service:service_manager find;
+@@ -432,6 +432,7 @@ allow system_server batteryproperties_service:service_manager find;
allow system_server keystore_service:service_manager find;
allow system_server gatekeeper_service:service_manager find;
allow system_server fingerprintd_service:service_manager find;
allow system_server mediaextractor_service:service_manager find;
allow system_server mediacodec_service:service_manager find;
--
-2.9.4
+2.13.3
-From d47eac54afab000b8b273d6a7e7dbbcf4764ab5d Mon Sep 17 00:00:00 2001
+From 5e681015498e4d56591d71d77dbb9ad4a2db77b4 Mon Sep 17 00:00:00 2001
From: Surge1223 <surge1223@gmail.com>
Date: Wed, 22 Feb 2017 20:45:04 -0600
-Subject: [PATCH 07/13] sepolicy: allow masquerade to read and write theme
+Subject: [PATCH 07/14] sepolicy: allow masquerade to read and write theme
assets
Fix for masquerade to handle theme assets including fonts and bootanimation, also
+allow masquerade connectivity_service:service_manager find;
+allow masquerade display_service:service_manager find;
--
-2.9.4
+2.13.3
-From e13c58ca101a08f70f0e6c7a8be890b5814b569f Mon Sep 17 00:00:00 2001
+From b7045178383ce5deb3360c15a6af31126baee1ff Mon Sep 17 00:00:00 2001
From: Miccia <bono.michele94@gmail.com>
Date: Mon, 27 Feb 2017 12:36:21 +0100
-Subject: [PATCH 08/13] sepolicy: Fix application of bootanimation
+Subject: [PATCH 08/14] sepolicy: Fix application of bootanimation
Change-Id: I7365d28fecf18b4d1aa42b2210e023b202dd97a5
---
+allow masquerade network_management_service:service_manager find;
+allow masquerade media_rw_data_file:dir remove_name;
diff --git a/system_server.te b/system_server.te
-index 5e2a3a8..c544803 100644
+index 32a9600..e25a98c 100644
--- a/system_server.te
+++ b/system_server.te
-@@ -580,3 +580,5 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm
+@@ -577,3 +577,5 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm
neverallow system_server self:process execmem;
neverallow system_server ashmem_device:chr_file execute;
neverallow system_server system_server_tmpfs:file execute;
+
+allow system_server theme_data_file:dir search;
--
-2.9.4
+2.13.3
-From c7fcf28a1ef47e74cf91153e8503c19b6175714e Mon Sep 17 00:00:00 2001
+From 6266def22039f76b00daee364c037955b38ac6e2 Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Wed, 1 Mar 2017 23:11:49 +0100
-Subject: [PATCH 09/13] sepolicy: Redo masquerade rules
+Subject: [PATCH 09/14] sepolicy: Redo masquerade rules
* Use macros
* Label custom properties
service. u:object_r:system_prop:s0
wlan. u:object_r:system_prop:s0
diff --git a/system_server.te b/system_server.te
-index c544803..5262a79 100644
+index e25a98c..2aee375 100644
--- a/system_server.te
+++ b/system_server.te
-@@ -351,6 +351,9 @@ set_prop(system_server, ctl_bugreport_prop)
+@@ -348,6 +348,9 @@ set_prop(system_server, ctl_bugreport_prop)
# cppreopt property
set_prop(system_server, cppreopt_prop)
# Create a socket for receiving info from wpa.
type_transition system_server wifi_data_file:sock_file system_wpa_socket;
type_transition system_server wpa_socket:sock_file system_wpa_socket;
-@@ -529,6 +532,9 @@ allow system_server media_rw_data_file:dir search;
+@@ -526,6 +529,9 @@ allow system_server media_rw_data_file:dir search;
# Allow invoking tools like "timeout"
allow system_server toolbox_exec:file rx_file_perms;
# Postinstall
#
# For OTA dexopt, allow calls coming from postinstall.
-@@ -580,5 +586,3 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm
+@@ -577,5 +583,3 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm
neverallow system_server self:process execmem;
neverallow system_server ashmem_device:chr_file execute;
neverallow system_server system_server_tmpfs:file execute;
-
-allow system_server theme_data_file:dir search;
--
-2.9.4
+2.13.3
-From 1c0171ad09ae123a87e31c1d1354de4f40d02427 Mon Sep 17 00:00:00 2001
+From 97710907c4ae20ac4edcbd03de1e703ece3ccfa2 Mon Sep 17 00:00:00 2001
From: Nathan Chancellor <natechancellor@gmail.com>
Date: Sat, 4 Mar 2017 19:20:10 -0700
-Subject: [PATCH 10/13] Welcome to Theme Interfacer! [2/2]
+Subject: [PATCH 10/14] Welcome to Theme Interfacer! [2/2]
Change-Id: I4a28c8840957d385338529540e081eabd3135cc1
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
media.audio_policy u:object_r:audioserver_service:s0
media.camera u:object_r:cameraserver_service:s0
diff --git a/system_server.te b/system_server.te
-index 5262a79..a30a09e 100644
+index 2aee375..056919f 100644
--- a/system_server.te
+++ b/system_server.te
-@@ -438,7 +438,7 @@ allow system_server batteryproperties_service:service_manager find;
+@@ -435,7 +435,7 @@ allow system_server batteryproperties_service:service_manager find;
allow system_server keystore_service:service_manager find;
allow system_server gatekeeper_service:service_manager find;
allow system_server fingerprintd_service:service_manager find;
allow system_server mediaextractor_service:service_manager find;
allow system_server mediacodec_service:service_manager find;
--
-2.9.4
+2.13.3
-From 3e15fbb8057baaeeba5a557edb57626e6d1fa53c Mon Sep 17 00:00:00 2001
+From ce1656fed8684dd97e33603c3a2a0e915cf62333 Mon Sep 17 00:00:00 2001
From: Surge Raval <Surge1223@gmail.com>
Date: Sun, 16 Apr 2017 05:00:13 +0000
-Subject: [PATCH 11/13] sepolicy: add file and domain trans to interfacer
+Subject: [PATCH 11/14] sepolicy: add file and domain trans to interfacer
This will fix bootanimations not applying on 7.1.2 ROMs
neverallow untrusted_app anr_data_file:dir ~search;
+allow untrusted_app system_app_data_file:dir getattr;
--
-2.9.4
+2.13.3
-From 9ff626d3b6fefa7a54a6faddf93d2fa29052cdfa Mon Sep 17 00:00:00 2001
+From dea628b4c1695306a2eac1bee55fb0d718758f93 Mon Sep 17 00:00:00 2001
From: Harsh Shandilya <msfjarvis@gmail.com>
Date: Tue, 9 May 2017 09:18:10 +0530
-Subject: [PATCH 12/13] sepolicy: Allow system_server to set theme_prop
+Subject: [PATCH 12/14] sepolicy: Allow system_server to set theme_prop
[ 6065.716763] init: avc: denied { set } for property=sys.refresh_theme
pid=1131 uid=1000 gid=1000 scontext=u:r:system_server:s0
1 file changed, 1 insertion(+)
diff --git a/system_server.te b/system_server.te
-index a30a09e..037ecb8 100644
+index 056919f..4b00ede 100644
--- a/system_server.te
+++ b/system_server.te
-@@ -353,6 +353,7 @@ set_prop(system_server, cppreopt_prop)
+@@ -350,6 +350,7 @@ set_prop(system_server, cppreopt_prop)
# theme property
get_prop(system_server, theme_prop)
# Create a socket for receiving info from wpa.
type_transition system_server wifi_data_file:sock_file system_wpa_socket;
--
-2.9.4
+2.13.3
-From fea6eb7c59965d99f0c0fe019772cdf1f950972d Mon Sep 17 00:00:00 2001
+From 39a761b641c193dad80d46892943374f15c568f1 Mon Sep 17 00:00:00 2001
From: Surge Raval <Surge1223@gmail.com>
Date: Tue, 30 May 2017 00:59:31 +0200
-Subject: [PATCH 13/13] Add policy to fix interfacer derp on boot
+Subject: [PATCH 13/14] Add policy to fix interfacer derp on boot
05-29 08:40:17.200 10546 10600 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 10600 (POSIX timer 0)
05-29 08:40:17.200 428 428 W : debuggerd: handling request: pid=10546 uid=1006 gid=1006 tid=10600
+allow installd theme_data_file:dir { add_name getattr read relabelto remove_name setattr write open search };
+allow installd theme_data_file:lnk_file { create getattr unlink };
--
-2.9.4
+2.13.3
--- /dev/null
+From e77b761cd5915ab2384aa60c4862368199e40551 Mon Sep 17 00:00:00 2001
+From: Harsh Shandilya <msfjarvis@gmail.com>
+Date: Sun, 16 Jul 2017 21:18:59 +0530
+Subject: [PATCH 14/14] interfacer: Allow interfacer to find content_service
+
+https://substratum.review/#/c/420/ implements a ContentObserver in
+interfacer which requires interfacer to be able to find the content_service.
+
+Change-Id: I1d8cabd9848807ea4dfafcf7123478da834ef5a5
+---
+ interfacer.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/interfacer.te b/interfacer.te
+index a5ba1d7..fc6921a 100644
+--- a/interfacer.te
++++ b/interfacer.te
+@@ -57,6 +57,7 @@ allow interfacer media_rw_data_file:file rw_file_perms;
+ # Services
+ allow interfacer activity_service:service_manager find;
+ allow interfacer connectivity_service:service_manager find;
++allow interfacer content_service:service_manager find;
+ allow interfacer display_service:service_manager find;
+ allow interfacer mount_service:service_manager find;
+ allow interfacer network_management_service:service_manager find;
+--
+2.13.3
+
projects / GitHub / Stricted / android_vendor_extra.git / commitdiff