Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELinux permissive #2

Open
fakemanoan opened this issue Jan 4, 2024 · 2 comments
Open

SELinux permissive #2

fakemanoan opened this issue Jan 4, 2024 · 2 comments
Labels
important This is an important bug that needs fixing asap

Comments

@fakemanoan
Copy link
Member

SElinux is currently permissive due to a lack of working SELinux policies.

This is a problem, not only from a strict security standpoint, but from a usability one also. SafetyNet and Play Integrity API will not play nice with permissive kernels.

It is quite important to get this working in the near future. The ground work is there, just need working policies and a switch on in the kernel.
@fakemanoan fakemanoan added the important This is an important bug that needs fixing asap label Jan 4, 2024
@fakemanoan
Copy link
Member Author

Some rules for 19.1 have been made, and on a Note 5 device, and allow the device to at least boot and function on wifi, mobile networks and such.

There are some issues though, like missing access to sensors among other things. But this is a WIP

fakemanoan added a commit that referenced this issue Apr 22, 2024
@fakemanoan
universal7420: disable fdsan in the camera wrapper
84041f7 
This causes our camera to crash when we are using oreo mali blobs.

10-30 10:44:14.217  6151  6151 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
10-30 10:44:14.217  6151  6151 F DEBUG   : LineageOS Version: '18.1-20221030-UNOFFICIAL-zerofltexx'
10-30 10:44:14.217  6151  6151 F DEBUG   : Build fingerprint: 'samsung/lineage_zerofltexx/zerofltexx:11/RQ3A.211001.001/eng.user.20221030.085844:userdebug/test-keys'
10-30 10:44:14.217  6151  6151 F DEBUG   : Revision: '0'
10-30 10:44:14.217  6151  6151 F DEBUG   : ABI: 'arm'
10-30 10:44:14.218  6151  6151 F DEBUG   : Timestamp: 2022-10-30 10:44:14+0000
10-30 10:44:14.218  6151  6151 F DEBUG   : pid: 6025, tid: 6140, name: PreviewISPThrea  >>> /vendor/bin/hw/android.hardware.camera.provider@2.4-service <<<
10-30 10:44:14.218  6151  6151 F DEBUG   : uid: 1047
10-30 10:44:14.218  6151  6151 F DEBUG   : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
10-30 10:44:14.218  6151  6151 F DEBUG   : Abort message: 'fdsan: failed to exchange ownership of file descriptor: fd 1 is owned by unique_fd 0xece16594, was expected to be unowned'
10-30 10:44:14.218  6151  6151 F DEBUG   :     r0  00000000  r1  000017fc  r2  00000006  r3  e5a2f580
10-30 10:44:14.218  6151  6151 F DEBUG   :     r4  00001789  r5  e5a2f594  r6  000017fc  r7  0000016b
10-30 10:44:14.218  6151  6151 F DEBUG   :     r8  00000014  r9  ed0a3904  r10 e5a2f75c  r11 e7d0208c
10-30 10:44:14.218  6151  6151 F DEBUG   :     ip  e5a2f580  sp  e5a2f370  lr  ed0c15b5  pc  ed0c15c8
10-30 10:44:14.228  6151  6151 F DEBUG   : backtrace:
10-30 10:44:14.228  6151  6151 F DEBUG   :       #00 pc 0003b5c8  /apex/com.android.runtime/lib/bionic/libc.so (fdsan_error(char const*, ...)+428) (BuildId: 4719f38064de5954878af7a6676cb609)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #1 pc 0003b839  /apex/com.android.runtime/lib/bionic/libc.so (android_fdsan_exchange_owner_tag+572) (BuildId: 4719f38064de5954878af7a6676cb609)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #2 pc 0001ec9d  /system/lib/libui.so (android::base::unique_fd_impl<android::base::DefaultCloser>::reset(int, void*)+112) (BuildId: bc3f850e828f45d2969da462541fc7eb)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #3 pc 0001e769  /system/lib/libui.so (android::Fence::Fence(int)+20) (BuildId: bc3f850e828f45d2969da462541fc7eb)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #4 pc 0007bb65  /system/lib/libexynoscamera3.so (android::sp<android::Fence>::operator=(android::Fence*)+52) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #5 pc 0007bc6b  /system/lib/libexynoscamera3.so (android::ExynosCameraFence::~ExynosCameraFence()+22) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #6 pc 0007bc9f  /system/lib/libexynoscamera3.so (android::ExynosCameraFence::~ExynosCameraFence()+2) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #07 pc 0007c64b  /system/lib/libexynoscamera3.so (android::ServiceExynosCameraBufferManager::m_getBuffer(int*, int*, int*)+270) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #08 pc 00079a99  /system/lib/libexynoscamera3.so (android::ExynosCameraBufferManager::getBuffer(int*, android::EXYNOS_CAMERA_BUFFER_POSITION, android::ExynosCameraBuffer*)+64) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #09 pc 000a0725  /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_doDestCSC(bool, android::ExynosCameraFrame*, int, int, int)+172) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.228  6151  6151 F DEBUG   :       #10 pc 000a05a9  /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_generateDuplicateBuffers(android::ExynosCameraFrame*, int)+272) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.229  6151  6151 F DEBUG   :       #11 pc 0009f979  /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_handlePreviewFrame(android::ExynosCameraFrame*, int)+1008) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.229  6151  6151 F DEBUG   :       #12 pc 0009f425  /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_previewStreamFunc(android::ExynosCameraFrame*, int)+136) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.229  6151  6151 F DEBUG   :       #13 pc 00096313  /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_previewStreamISPPipeThreadFunc()+42) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.229  6151  6151 F DEBUG   :       #14 pc 0004e073  /system/lib/libexynoscamera3.so (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca)
10-30 10:44:14.229  6151  6151 F DEBUG   :       #15 pc 0000ef61  /system/lib/libutils.so (android::Thread::_threadLoop(void*)+304) (BuildId: 2fb179aed2791695f9ce7e382aa6e55e)
10-30 10:44:14.229  6151  6151 F DEBUG   :       #16 pc 0000ea15  /system/lib/libutils.so (thread_data_t::trampoline(thread_data_t const*)+256) (BuildId: 2fb179aed2791695f9ce7e382aa6e55e)
10-30 10:44:14.229  6151  6151 F DEBUG   :       #17 pc 0008177f  /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+40) (BuildId: 4719f38064de5954878af7a6676cb609)
10-30 10:44:14.229  6151  6151 F DEBUG   :       #18 pc 00039da5  /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: 4719f38064de5954878af7a6676cb609)

Change-Id: I548358dea92e0a76a8f296df991febcd906326a7
@fakemanoan
Copy link
Member Author

Rules have been written and tested on an S6 for 18.1 and it works in my use case perfectly.
Calls work, GPS, sensors, audio, cameras, etc. Need to rollout fixes to S6e, S6e+, N5 and any other bugs and I think it will be good to port forward to 19.1 and 20

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
important This is an important bug that needs fixing asap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fakemanoan