PWN-Hunter/android_device_xiaomi_sdm845-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Common Xiaomi sdm845 device tree
712 Commits 13 Branches 0 Tags 3.2 MiB
Java 35.8%
Makefile 25.3%
C++ 17.7%
Shell 17.1%
Python 2.1%
Other 2%
d3edfa00f0
Go to file
Jack Pham d3edfa00f0 sdm845-common: init.qcom.usb: Fix dac_override SELinux denials in charger mode 
The following SELinux denials are seen when booting into charger mode:

type=1400 audit(1746.159:22): avc: denied { dac_read_search } for
 comm="init.qcom.usb.s" capability=2 scontext=u:r:vendor_qti_init_shell:s0
 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0
type=1400 audit(1746.159:23): avc: denied { dac_override } for
 comm="init.qcom.usb.s" capability=1 scontext=u:r:vendor_qti_init_shell:s0
 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0
type=1400 audit(1746.267:24): avc: denied { dac_read_search } for
 comm="init.qcom.usb.s" capability=2 scontext=u:r:vendor_qti_init_shell:s0
 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0
type=1400 audit(1746.267:25): avc: denied { dac_override } for
 comm="init.qcom.usb.s" capability=1 scontext=u:r:vendor_qti_init_shell:s0
 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0

The DAC errors indicate that there is some kind of access, usually
by root, to a file or directory where the ownership is given to another
user/group which is not root. So since root may not have explicit
permission to access it has to override the default access control
which is flagged by SELinux.

In charger mode, like in normal boot, the init.qcom.usb.sh script
executes in the same process as init, so it is executing as root.
The script is trying to read/write to the ConfigFS string entries.
The fix for these denials is to ensure that any files/directories
being accessed by the script give root permission to access the same.
Hence remove the shell/shell ownership change when creating the USB
gadget and config subdirectories in ConfigFS.

While at it also remove mounting of ADB FFS and the ConfigFS function
instance as we are not enabling ADB in charger mode.

Change-Id: I33d6a9ce8e1bb4594a053156d46688ab11c5491d
2021-01-03 15:13:22 +00:00
audio sdm845-common: audio: add missing mixer path 2020-12-30 16:59:47 +01:00
bluetooth/include sdm845-common: bluetooth: Disable clean turn on 2020-12-02 22:39:33 +00:00
configs sdm845-common: Split component-overrides to support pure AOSP/QTI BT stack 2020-12-26 19:17:58 +01:00
fingerprint sdm845-common: fingerprint: Include VINTF fragment 2021-01-02 22:13:15 +01:00
fod sdm845-common: fod: Include VINTF fragment 2021-01-02 22:13:15 +01:00
keylayout sdm845-common: Support play/pause in headphone jack keylayout 2018-10-31 21:36:02 +01:00
libhidl sdm845-common: Remove libhwbinder/libhidltransport deps 2020-10-09 15:32:18 +01:00
light sdm845-common: lights: Remove LCD backlight handling 2020-12-30 10:47:12 +00:00
livedisplay sdm845-common: Remove libhwbinder/libhidltransport deps 2020-10-09 15:32:18 +01:00
org.ifaa.android.manager sdm845-common: Make IFAAManager compile again 2020-10-09 16:17:31 +01:00
overlay sdm845-common: Use CodeAurora ImsService implementation for RCS 2020-12-31 10:48:23 +01:00
overlay-lineage sdm845-common: Get rid of prebuilt vendor images' specific hacks 2019-07-30 17:41:49 +01:00
parts sdm845-common: parts: Get foreground application with getFocusedStackInfo() 2020-10-31 22:44:53 +01:00
permissions sdm845-common: Bump WFD stack 2020-12-30 10:46:46 +00:00
pocketmode sdm845-common: pocketmode: Ensure FP is always left enabled when screen is turned on 2020-12-30 15:06:17 +01:00
power sdm845-common: power: Correct DT2W on/off logic 2020-10-21 14:34:48 +02:00
recovery sdm845-common: Check strncmp return value properly 2020-08-23 21:13:55 +01:00
rootdir sdm845-common: init.qcom.usb: Fix dac_override SELinux denials in charger mode 2021-01-03 15:13:22 +00:00
rro_overlays sdm845-common: Sign Tether RROs with default cert 2020-12-27 23:19:57 +01:00
seccomp sdm845-common: Drop mediaextractor seccomp policy 2019-09-30 14:22:21 +01:00
sepolicy sdm845-common: sepolicy: Add rules for older IMS blobs 2021-01-01 01:48:23 +01:00
wifi sdm845-common: Move supplicant service init to wpa_supplicant 2020-10-09 16:17:34 +01:00
Android.bp sdm845-common: fingerprint: Add Xiaomi fingerprintextension support 2020-05-25 21:19:34 +01:00
Android.mk sdm845-common: Move telephony packages to /system_ext 2020-11-28 02:54:07 +00:00
BoardConfigCommon.mk sdm845-common: Remove obsolete dex settings 2020-12-31 16:46:41 +00:00
compatibility_matrix.xml sdm845-common: Add device compatibility matrix. 2019-02-22 22:11:03 +00:00
config.fs sdm845-common: config.fs: Add sys_boot cap to peripheral manager 2020-04-04 15:31:28 +01:00
extract-files.sh sdm845-common: Switch to standalone extract utils 2020-12-31 17:32:37 +00:00
lineage.dependencies sdm845-common: fingerprint: Add Xiaomi fingerprintextension support 2020-05-25 21:19:34 +01:00
manifest.xml sdm845-common: fingerprint: Include VINTF fragment 2021-01-02 22:13:15 +01:00
odm.prop sdm845-common: Split system, odm and vendor props 2020-02-24 22:43:09 +01:00
product.prop sdm845-common: Increase ro.lmk.medium to prevent kills at medium vmpressure 2020-06-15 08:51:42 +02:00
proprietary-files.txt sdm845-common: Update OMX codecs and VPP blobs 2020-12-30 10:47:12 +00:00
README.md sdm845-common: Add initial common device tree files 2018-07-09 18:20:47 +02:00
releasetools.py sdm845-common: Move back to TZ version assertions 2020-04-04 23:27:40 +02:00
sdm845.mk sdm845-common: init.qcom.usb.rc: Consolidate init.msm.usb.configfs.rc 2021-01-03 15:13:01 +00:00
setup-makefiles.sh sdm845-common: Switch to standalone extract utils 2020-12-31 17:32:37 +00:00
system.prop sdm845-common: Ditch rild.libpath prop 2020-11-02 01:31:02 +02:00
vendor.prop sdm845-common: init.qcom.usb.rc: Update usage of USB MTP/PTP with USB F_FS driver 2021-01-03 15:13:22 +00:00

README.md

Copyright (C) 2018 - The LineageOS Project

Common device tree for Xiaomi SDM845 based devices