From: LuK1337 Date: Sun, 23 Jul 2017 11:13:58 +0000 (+0200) Subject: Update OMS patches X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7ded2869f2bbf104a12084f1ef7eaafc8faeedb7;p=GitHub%2FStricted%2Fandroid_vendor_extra.git Update OMS patches --- diff --git a/patches/system/sepolicy/0001-OMS7-N-Add-service-overlay-to-service_contexts.patch b/patches/system/sepolicy/0001-OMS7-N-Add-service-overlay-to-service_contexts.patch index fb40aa1..0f3d868 100644 --- a/patches/system/sepolicy/0001-OMS7-N-Add-service-overlay-to-service_contexts.patch +++ b/patches/system/sepolicy/0001-OMS7-N-Add-service-overlay-to-service_contexts.patch @@ -1,7 +1,7 @@ -From 1de70b8ad770aee39a1d6f3f7760c03758a7b989 Mon Sep 17 00:00:00 2001 +From 7a3a1b4c7662de47c1c6fd73fdfb65d806f4dc5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Kongstad?= Date: Mon, 22 Jun 2015 09:31:25 +0200 -Subject: [PATCH 01/13] OMS7-N: Add service 'overlay' to service_contexts +Subject: [PATCH 01/14] OMS7-N: Add service 'overlay' to service_contexts The 'overlay' service is the Overlay Manager Service, which tracks packages and their Runtime Resource Overlay overlay packages. @@ -43,10 +43,10 @@ index fffbd4d..19cf907 100644 permission u:object_r:permission_service:s0 persistent_data_block u:object_r:persistent_data_block_service:s0 diff --git a/system_server.te b/system_server.te -index 03a7ef3..3ca8182 100644 +index db59b65..2b93dc2 100644 --- a/system_server.te +++ b/system_server.te -@@ -441,6 +441,7 @@ allow system_server mediacodec_service:service_manager find; +@@ -438,6 +438,7 @@ allow system_server mediacodec_service:service_manager find; allow system_server mediadrmserver_service:service_manager find; allow system_server netd_service:service_manager find; allow system_server nfc_service:service_manager find; @@ -55,5 +55,5 @@ index 03a7ef3..3ca8182 100644 allow system_server system_server_service:service_manager { add find }; allow system_server surfaceflinger_service:service_manager find; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0002-Introduce-sepolicy-exceptions-for-theme-assets.patch b/patches/system/sepolicy/0002-Introduce-sepolicy-exceptions-for-theme-assets.patch index f0906b8..8e44790 100644 --- a/patches/system/sepolicy/0002-Introduce-sepolicy-exceptions-for-theme-assets.patch +++ b/patches/system/sepolicy/0002-Introduce-sepolicy-exceptions-for-theme-assets.patch @@ -1,7 +1,7 @@ -From f3023ad17cc9aab41336d0c3c483033e2762ffdf Mon Sep 17 00:00:00 2001 +From 86a72c0ad0b24e67747d1db5ea8f8444df3a3c3e Mon Sep 17 00:00:00 2001 From: d34d Date: Wed, 4 Jan 2017 10:29:34 -0800 -Subject: [PATCH 02/13] Introduce sepolicy exceptions for theme assets +Subject: [PATCH 02/14] Introduce sepolicy exceptions for theme assets Assets such as composed icons and ringtones need to be accessed by apps. This patch adds the policy needed to facilitate this. @@ -100,5 +100,5 @@ index c6b343c..c650c17 100644 +allow zygote theme_data_file:file r_file_perms; +allow zygote theme_data_file:dir r_dir_perms; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0003-sepolicy-fix-themed-boot-animation.patch b/patches/system/sepolicy/0003-sepolicy-fix-themed-boot-animation.patch index 55eaa99..801b95c 100644 --- a/patches/system/sepolicy/0003-sepolicy-fix-themed-boot-animation.patch +++ b/patches/system/sepolicy/0003-sepolicy-fix-themed-boot-animation.patch @@ -1,7 +1,7 @@ -From da9c8f029beadf84bbdc9be179409ea2ca9ddec4 Mon Sep 17 00:00:00 2001 +From 7658d60b71812f1891d6502ca13bf775e4ae1e83 Mon Sep 17 00:00:00 2001 From: bigrushdog Date: Wed, 4 Jan 2017 10:31:29 -0800 -Subject: [PATCH 03/13] sepolicy: fix themed boot animation +Subject: [PATCH 03/14] sepolicy: fix themed boot animation W BootAnimation: type=1400 audit(0.0:42): avc: denied { open } for uid=1003 path="/data/system/theme/bootanimation.zip" dev="mmcblk0p42" ino=1657697 scontext=u:r:bootanim:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0 @@ -24,5 +24,5 @@ index 3ae9478..2356d81 100644 allow bootanim theme_data_file:file r_file_perms; +allow bootanim system_data_file:file open; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0004-sepolicy-fix-themed-sounds.patch b/patches/system/sepolicy/0004-sepolicy-fix-themed-sounds.patch index e1d0f1e..31ed2a5 100644 --- a/patches/system/sepolicy/0004-sepolicy-fix-themed-sounds.patch +++ b/patches/system/sepolicy/0004-sepolicy-fix-themed-sounds.patch @@ -1,7 +1,7 @@ -From 39d41be24e718c928a9ca7e21b103913f78ea6ac Mon Sep 17 00:00:00 2001 +From efd61bf6d988b2ca29f819255a347072e0e14352 Mon Sep 17 00:00:00 2001 From: George G Date: Wed, 8 Feb 2017 17:22:44 +0200 -Subject: [PATCH 04/13] sepolicy: fix themed sounds +Subject: [PATCH 04/14] sepolicy: fix themed sounds 02-08 17:26:48.011 18259-18259/? W/SoundPoolThread: type=1400 audit(0.0:31): avc: denied { read } for path="/data/system/theme/audio/ui/Lock.ogg" dev="dm-0" ino=1006317 scontext=u:r:drmserver:s0 tcontext=u:object_r:theme_data_file:s0 tclass=file permissive=0 @@ -23,5 +23,5 @@ index 9130e0b..6d3883f 100644 +allow drmserver theme_data_file:dir r_dir_perms; +allow drmserver theme_data_file:file r_file_perms; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0005-initial-policy-edits-for-masquerade-to-operate-rootl.patch b/patches/system/sepolicy/0005-initial-policy-edits-for-masquerade-to-operate-rootl.patch index e7c7040..f3f3e44 100644 --- a/patches/system/sepolicy/0005-initial-policy-edits-for-masquerade-to-operate-rootl.patch +++ b/patches/system/sepolicy/0005-initial-policy-edits-for-masquerade-to-operate-rootl.patch @@ -1,7 +1,7 @@ -From db29bf3d87f10c7c857ce15f1d33793b21aee8b7 Mon Sep 17 00:00:00 2001 +From ffe4b9c368131f89cbece02a0c9db0e6b62a51c9 Mon Sep 17 00:00:00 2001 From: Surge1223 Date: Sat, 18 Feb 2017 08:46:15 -0600 -Subject: [PATCH 05/13] initial policy edits for masquerade to operate rootless +Subject: [PATCH 05/14] initial policy edits for masquerade to operate rootless Change-Id: Iddfc408f206033772b9d49d335ca94e63b5e5210 --- @@ -126,5 +126,5 @@ index b9a72ed..c2a5320 100644 ### neverallow rules ### -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0006-sepolicy-rename-masquerade-domain-and-allow-JobServi.patch b/patches/system/sepolicy/0006-sepolicy-rename-masquerade-domain-and-allow-JobServi.patch index 54348c9..6dd4265 100644 --- a/patches/system/sepolicy/0006-sepolicy-rename-masquerade-domain-and-allow-JobServi.patch +++ b/patches/system/sepolicy/0006-sepolicy-rename-masquerade-domain-and-allow-JobServi.patch @@ -1,7 +1,7 @@ -From 20435b01f61fa357c6f2e52fe49a72ac351386bd Mon Sep 17 00:00:00 2001 +From e03e35800d27eef723d03407d45596ddbc1a6a39 Mon Sep 17 00:00:00 2001 From: Surge1223 Date: Tue, 21 Feb 2017 12:28:05 -0600 -Subject: [PATCH 06/13] sepolicy: rename masquerade domain and allow JobService +Subject: [PATCH 06/14] sepolicy: rename masquerade domain and allow JobService in system_server This attempts to address the issue of JobService being unable to process @@ -176,10 +176,10 @@ index 19cf907..77b508e 100644 media.audio_policy u:object_r:audioserver_service:s0 media.camera u:object_r:cameraserver_service:s0 diff --git a/system_server.te b/system_server.te -index 3ca8182..5e2a3a8 100644 +index 2b93dc2..32a9600 100644 --- a/system_server.te +++ b/system_server.te -@@ -435,6 +435,7 @@ allow system_server batteryproperties_service:service_manager find; +@@ -432,6 +432,7 @@ allow system_server batteryproperties_service:service_manager find; allow system_server keystore_service:service_manager find; allow system_server gatekeeper_service:service_manager find; allow system_server fingerprintd_service:service_manager find; @@ -188,5 +188,5 @@ index 3ca8182..5e2a3a8 100644 allow system_server mediaextractor_service:service_manager find; allow system_server mediacodec_service:service_manager find; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0007-sepolicy-allow-masquerade-to-read-and-write-theme-as.patch b/patches/system/sepolicy/0007-sepolicy-allow-masquerade-to-read-and-write-theme-as.patch index 508f101..f47b4df 100644 --- a/patches/system/sepolicy/0007-sepolicy-allow-masquerade-to-read-and-write-theme-as.patch +++ b/patches/system/sepolicy/0007-sepolicy-allow-masquerade-to-read-and-write-theme-as.patch @@ -1,7 +1,7 @@ -From d47eac54afab000b8b273d6a7e7dbbcf4764ab5d Mon Sep 17 00:00:00 2001 +From 5e681015498e4d56591d71d77dbb9ad4a2db77b4 Mon Sep 17 00:00:00 2001 From: Surge1223 Date: Wed, 22 Feb 2017 20:45:04 -0600 -Subject: [PATCH 07/13] sepolicy: allow masquerade to read and write theme +Subject: [PATCH 07/14] sepolicy: allow masquerade to read and write theme assets Fix for masquerade to handle theme assets including fonts and bootanimation, also @@ -36,5 +36,5 @@ index 949699c..2f17030 100644 +allow masquerade connectivity_service:service_manager find; +allow masquerade display_service:service_manager find; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0008-sepolicy-Fix-application-of-bootanimation.patch b/patches/system/sepolicy/0008-sepolicy-Fix-application-of-bootanimation.patch index 45429ef..64761e5 100644 --- a/patches/system/sepolicy/0008-sepolicy-Fix-application-of-bootanimation.patch +++ b/patches/system/sepolicy/0008-sepolicy-Fix-application-of-bootanimation.patch @@ -1,7 +1,7 @@ -From e13c58ca101a08f70f0e6c7a8be890b5814b569f Mon Sep 17 00:00:00 2001 +From b7045178383ce5deb3360c15a6af31126baee1ff Mon Sep 17 00:00:00 2001 From: Miccia Date: Mon, 27 Feb 2017 12:36:21 +0100 -Subject: [PATCH 08/13] sepolicy: Fix application of bootanimation +Subject: [PATCH 08/14] sepolicy: Fix application of bootanimation Change-Id: I7365d28fecf18b4d1aa42b2210e023b202dd97a5 --- @@ -23,15 +23,15 @@ index 2f17030..0cbbdb2 100644 +allow masquerade network_management_service:service_manager find; +allow masquerade media_rw_data_file:dir remove_name; diff --git a/system_server.te b/system_server.te -index 5e2a3a8..c544803 100644 +index 32a9600..e25a98c 100644 --- a/system_server.te +++ b/system_server.te -@@ -580,3 +580,5 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm +@@ -577,3 +577,5 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm neverallow system_server self:process execmem; neverallow system_server ashmem_device:chr_file execute; neverallow system_server system_server_tmpfs:file execute; + +allow system_server theme_data_file:dir search; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0009-sepolicy-Redo-masquerade-rules.patch b/patches/system/sepolicy/0009-sepolicy-Redo-masquerade-rules.patch index d3cd9a5..e1cbe93 100644 --- a/patches/system/sepolicy/0009-sepolicy-Redo-masquerade-rules.patch +++ b/patches/system/sepolicy/0009-sepolicy-Redo-masquerade-rules.patch @@ -1,7 +1,7 @@ -From c7fcf28a1ef47e74cf91153e8503c19b6175714e Mon Sep 17 00:00:00 2001 +From 6266def22039f76b00daee364c037955b38ac6e2 Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Wed, 1 Mar 2017 23:11:49 +0100 -Subject: [PATCH 09/13] sepolicy: Redo masquerade rules +Subject: [PATCH 09/14] sepolicy: Redo masquerade rules * Use macros * Label custom properties @@ -110,10 +110,10 @@ index 4368a98..0280e7a 100644 service. u:object_r:system_prop:s0 wlan. u:object_r:system_prop:s0 diff --git a/system_server.te b/system_server.te -index c544803..5262a79 100644 +index e25a98c..2aee375 100644 --- a/system_server.te +++ b/system_server.te -@@ -351,6 +351,9 @@ set_prop(system_server, ctl_bugreport_prop) +@@ -348,6 +348,9 @@ set_prop(system_server, ctl_bugreport_prop) # cppreopt property set_prop(system_server, cppreopt_prop) @@ -123,7 +123,7 @@ index c544803..5262a79 100644 # Create a socket for receiving info from wpa. type_transition system_server wifi_data_file:sock_file system_wpa_socket; type_transition system_server wpa_socket:sock_file system_wpa_socket; -@@ -529,6 +532,9 @@ allow system_server media_rw_data_file:dir search; +@@ -526,6 +529,9 @@ allow system_server media_rw_data_file:dir search; # Allow invoking tools like "timeout" allow system_server toolbox_exec:file rx_file_perms; @@ -133,12 +133,12 @@ index c544803..5262a79 100644 # Postinstall # # For OTA dexopt, allow calls coming from postinstall. -@@ -580,5 +586,3 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm +@@ -577,5 +583,3 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm neverallow system_server self:process execmem; neverallow system_server ashmem_device:chr_file execute; neverallow system_server system_server_tmpfs:file execute; - -allow system_server theme_data_file:dir search; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0010-Welcome-to-Theme-Interfacer-2-2.patch b/patches/system/sepolicy/0010-Welcome-to-Theme-Interfacer-2-2.patch index 3ac5532..3c58816 100644 --- a/patches/system/sepolicy/0010-Welcome-to-Theme-Interfacer-2-2.patch +++ b/patches/system/sepolicy/0010-Welcome-to-Theme-Interfacer-2-2.patch @@ -1,7 +1,7 @@ -From 1c0171ad09ae123a87e31c1d1354de4f40d02427 Mon Sep 17 00:00:00 2001 +From 97710907c4ae20ac4edcbd03de1e703ece3ccfa2 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor Date: Sat, 4 Mar 2017 19:20:10 -0700 -Subject: [PATCH 10/13] Welcome to Theme Interfacer! [2/2] +Subject: [PATCH 10/14] Welcome to Theme Interfacer! [2/2] Change-Id: I4a28c8840957d385338529540e081eabd3135cc1 Signed-off-by: Nathan Chancellor @@ -240,10 +240,10 @@ index 77b508e..7112450 100644 media.audio_policy u:object_r:audioserver_service:s0 media.camera u:object_r:cameraserver_service:s0 diff --git a/system_server.te b/system_server.te -index 5262a79..a30a09e 100644 +index 2aee375..056919f 100644 --- a/system_server.te +++ b/system_server.te -@@ -438,7 +438,7 @@ allow system_server batteryproperties_service:service_manager find; +@@ -435,7 +435,7 @@ allow system_server batteryproperties_service:service_manager find; allow system_server keystore_service:service_manager find; allow system_server gatekeeper_service:service_manager find; allow system_server fingerprintd_service:service_manager find; @@ -253,5 +253,5 @@ index 5262a79..a30a09e 100644 allow system_server mediaextractor_service:service_manager find; allow system_server mediacodec_service:service_manager find; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0011-sepolicy-add-file-and-domain-trans-to-interfacer.patch b/patches/system/sepolicy/0011-sepolicy-add-file-and-domain-trans-to-interfacer.patch index f00b720..060115c 100644 --- a/patches/system/sepolicy/0011-sepolicy-add-file-and-domain-trans-to-interfacer.patch +++ b/patches/system/sepolicy/0011-sepolicy-add-file-and-domain-trans-to-interfacer.patch @@ -1,7 +1,7 @@ -From 3e15fbb8057baaeeba5a557edb57626e6d1fa53c Mon Sep 17 00:00:00 2001 +From ce1656fed8684dd97e33603c3a2a0e915cf62333 Mon Sep 17 00:00:00 2001 From: Surge Raval Date: Sun, 16 Apr 2017 05:00:13 +0000 -Subject: [PATCH 11/13] sepolicy: add file and domain trans to interfacer +Subject: [PATCH 11/14] sepolicy: add file and domain trans to interfacer This will fix bootanimations not applying on 7.1.2 ROMs @@ -34,5 +34,5 @@ index c2a5320..8dd0f3f 100644 neverallow untrusted_app anr_data_file:dir ~search; +allow untrusted_app system_app_data_file:dir getattr; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0012-sepolicy-Allow-system_server-to-set-theme_prop.patch b/patches/system/sepolicy/0012-sepolicy-Allow-system_server-to-set-theme_prop.patch index c533a52..319fa3b 100644 --- a/patches/system/sepolicy/0012-sepolicy-Allow-system_server-to-set-theme_prop.patch +++ b/patches/system/sepolicy/0012-sepolicy-Allow-system_server-to-set-theme_prop.patch @@ -1,7 +1,7 @@ -From 9ff626d3b6fefa7a54a6faddf93d2fa29052cdfa Mon Sep 17 00:00:00 2001 +From dea628b4c1695306a2eac1bee55fb0d718758f93 Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Tue, 9 May 2017 09:18:10 +0530 -Subject: [PATCH 12/13] sepolicy: Allow system_server to set theme_prop +Subject: [PATCH 12/14] sepolicy: Allow system_server to set theme_prop [ 6065.716763] init: avc: denied { set } for property=sys.refresh_theme pid=1131 uid=1000 gid=1000 scontext=u:r:system_server:s0 @@ -15,10 +15,10 @@ Change-Id: I971b92dd3c074cda2ba0b49ffd256679dc4086de 1 file changed, 1 insertion(+) diff --git a/system_server.te b/system_server.te -index a30a09e..037ecb8 100644 +index 056919f..4b00ede 100644 --- a/system_server.te +++ b/system_server.te -@@ -353,6 +353,7 @@ set_prop(system_server, cppreopt_prop) +@@ -350,6 +350,7 @@ set_prop(system_server, cppreopt_prop) # theme property get_prop(system_server, theme_prop) @@ -27,5 +27,5 @@ index a30a09e..037ecb8 100644 # Create a socket for receiving info from wpa. type_transition system_server wifi_data_file:sock_file system_wpa_socket; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0013-Add-policy-to-fix-interfacer-derp-on-boot.patch b/patches/system/sepolicy/0013-Add-policy-to-fix-interfacer-derp-on-boot.patch index d1f68d8..60c0372 100644 --- a/patches/system/sepolicy/0013-Add-policy-to-fix-interfacer-derp-on-boot.patch +++ b/patches/system/sepolicy/0013-Add-policy-to-fix-interfacer-derp-on-boot.patch @@ -1,7 +1,7 @@ -From fea6eb7c59965d99f0c0fe019772cdf1f950972d Mon Sep 17 00:00:00 2001 +From 39a761b641c193dad80d46892943374f15c568f1 Mon Sep 17 00:00:00 2001 From: Surge Raval Date: Tue, 30 May 2017 00:59:31 +0200 -Subject: [PATCH 13/13] Add policy to fix interfacer derp on boot +Subject: [PATCH 13/14] Add policy to fix interfacer derp on boot 05-29 08:40:17.200 10546 10600 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 10600 (POSIX timer 0) 05-29 08:40:17.200 428 428 W : debuggerd: handling request: pid=10546 uid=1006 gid=1006 tid=10600 @@ -46,5 +46,5 @@ index ab0aadc..6800695 100644 +allow installd theme_data_file:dir { add_name getattr read relabelto remove_name setattr write open search }; +allow installd theme_data_file:lnk_file { create getattr unlink }; -- -2.9.4 +2.13.3 diff --git a/patches/system/sepolicy/0014-interfacer-Allow-interfacer-to-find-content_service.patch b/patches/system/sepolicy/0014-interfacer-Allow-interfacer-to-find-content_service.patch new file mode 100644 index 0000000..c4e04a0 --- /dev/null +++ b/patches/system/sepolicy/0014-interfacer-Allow-interfacer-to-find-content_service.patch @@ -0,0 +1,28 @@ +From e77b761cd5915ab2384aa60c4862368199e40551 Mon Sep 17 00:00:00 2001 +From: Harsh Shandilya +Date: Sun, 16 Jul 2017 21:18:59 +0530 +Subject: [PATCH 14/14] interfacer: Allow interfacer to find content_service + +https://substratum.review/#/c/420/ implements a ContentObserver in +interfacer which requires interfacer to be able to find the content_service. + +Change-Id: I1d8cabd9848807ea4dfafcf7123478da834ef5a5 +--- + interfacer.te | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/interfacer.te b/interfacer.te +index a5ba1d7..fc6921a 100644 +--- a/interfacer.te ++++ b/interfacer.te +@@ -57,6 +57,7 @@ allow interfacer media_rw_data_file:file rw_file_perms; + # Services + allow interfacer activity_service:service_manager find; + allow interfacer connectivity_service:service_manager find; ++allow interfacer content_service:service_manager find; + allow interfacer display_service:service_manager find; + allow interfacer mount_service:service_manager find; + allow interfacer network_management_service:service_manager find; +-- +2.13.3 +