-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SELinux permissive #2
Comments
Some rules for 19.1 have been made, and on a Note 5 device, and allow the device to at least boot and function on wifi, mobile networks and such. There are some issues though, like missing access to sensors among other things. But this is a WIP |
This causes our camera to crash when we are using oreo mali blobs. 10-30 10:44:14.217 6151 6151 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 10-30 10:44:14.217 6151 6151 F DEBUG : LineageOS Version: '18.1-20221030-UNOFFICIAL-zerofltexx' 10-30 10:44:14.217 6151 6151 F DEBUG : Build fingerprint: 'samsung/lineage_zerofltexx/zerofltexx:11/RQ3A.211001.001/eng.user.20221030.085844:userdebug/test-keys' 10-30 10:44:14.217 6151 6151 F DEBUG : Revision: '0' 10-30 10:44:14.217 6151 6151 F DEBUG : ABI: 'arm' 10-30 10:44:14.218 6151 6151 F DEBUG : Timestamp: 2022-10-30 10:44:14+0000 10-30 10:44:14.218 6151 6151 F DEBUG : pid: 6025, tid: 6140, name: PreviewISPThrea >>> /vendor/bin/hw/android.hardware.camera.provider@2.4-service <<< 10-30 10:44:14.218 6151 6151 F DEBUG : uid: 1047 10-30 10:44:14.218 6151 6151 F DEBUG : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 10-30 10:44:14.218 6151 6151 F DEBUG : Abort message: 'fdsan: failed to exchange ownership of file descriptor: fd 1 is owned by unique_fd 0xece16594, was expected to be unowned' 10-30 10:44:14.218 6151 6151 F DEBUG : r0 00000000 r1 000017fc r2 00000006 r3 e5a2f580 10-30 10:44:14.218 6151 6151 F DEBUG : r4 00001789 r5 e5a2f594 r6 000017fc r7 0000016b 10-30 10:44:14.218 6151 6151 F DEBUG : r8 00000014 r9 ed0a3904 r10 e5a2f75c r11 e7d0208c 10-30 10:44:14.218 6151 6151 F DEBUG : ip e5a2f580 sp e5a2f370 lr ed0c15b5 pc ed0c15c8 10-30 10:44:14.228 6151 6151 F DEBUG : backtrace: 10-30 10:44:14.228 6151 6151 F DEBUG : #00 pc 0003b5c8 /apex/com.android.runtime/lib/bionic/libc.so (fdsan_error(char const*, ...)+428) (BuildId: 4719f38064de5954878af7a6676cb609) 10-30 10:44:14.228 6151 6151 F DEBUG : #1 pc 0003b839 /apex/com.android.runtime/lib/bionic/libc.so (android_fdsan_exchange_owner_tag+572) (BuildId: 4719f38064de5954878af7a6676cb609) 10-30 10:44:14.228 6151 6151 F DEBUG : #2 pc 0001ec9d /system/lib/libui.so (android::base::unique_fd_impl<android::base::DefaultCloser>::reset(int, void*)+112) (BuildId: bc3f850e828f45d2969da462541fc7eb) 10-30 10:44:14.228 6151 6151 F DEBUG : #3 pc 0001e769 /system/lib/libui.so (android::Fence::Fence(int)+20) (BuildId: bc3f850e828f45d2969da462541fc7eb) 10-30 10:44:14.228 6151 6151 F DEBUG : #4 pc 0007bb65 /system/lib/libexynoscamera3.so (android::sp<android::Fence>::operator=(android::Fence*)+52) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.228 6151 6151 F DEBUG : #5 pc 0007bc6b /system/lib/libexynoscamera3.so (android::ExynosCameraFence::~ExynosCameraFence()+22) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.228 6151 6151 F DEBUG : #6 pc 0007bc9f /system/lib/libexynoscamera3.so (android::ExynosCameraFence::~ExynosCameraFence()+2) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.228 6151 6151 F DEBUG : #07 pc 0007c64b /system/lib/libexynoscamera3.so (android::ServiceExynosCameraBufferManager::m_getBuffer(int*, int*, int*)+270) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.228 6151 6151 F DEBUG : #08 pc 00079a99 /system/lib/libexynoscamera3.so (android::ExynosCameraBufferManager::getBuffer(int*, android::EXYNOS_CAMERA_BUFFER_POSITION, android::ExynosCameraBuffer*)+64) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.228 6151 6151 F DEBUG : #09 pc 000a0725 /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_doDestCSC(bool, android::ExynosCameraFrame*, int, int, int)+172) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.228 6151 6151 F DEBUG : #10 pc 000a05a9 /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_generateDuplicateBuffers(android::ExynosCameraFrame*, int)+272) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.229 6151 6151 F DEBUG : #11 pc 0009f979 /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_handlePreviewFrame(android::ExynosCameraFrame*, int)+1008) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.229 6151 6151 F DEBUG : #12 pc 0009f425 /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_previewStreamFunc(android::ExynosCameraFrame*, int)+136) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.229 6151 6151 F DEBUG : #13 pc 00096313 /system/lib/libexynoscamera3.so (android::ExynosCamera3::m_previewStreamISPPipeThreadFunc()+42) (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.229 6151 6151 F DEBUG : #14 pc 0004e073 /system/lib/libexynoscamera3.so (BuildId: 8612fbabfe3404f61b5a8ad3ec08d5ca) 10-30 10:44:14.229 6151 6151 F DEBUG : #15 pc 0000ef61 /system/lib/libutils.so (android::Thread::_threadLoop(void*)+304) (BuildId: 2fb179aed2791695f9ce7e382aa6e55e) 10-30 10:44:14.229 6151 6151 F DEBUG : #16 pc 0000ea15 /system/lib/libutils.so (thread_data_t::trampoline(thread_data_t const*)+256) (BuildId: 2fb179aed2791695f9ce7e382aa6e55e) 10-30 10:44:14.229 6151 6151 F DEBUG : #17 pc 0008177f /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+40) (BuildId: 4719f38064de5954878af7a6676cb609) 10-30 10:44:14.229 6151 6151 F DEBUG : #18 pc 00039da5 /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: 4719f38064de5954878af7a6676cb609) Change-Id: I548358dea92e0a76a8f296df991febcd906326a7
Rules have been written and tested on an S6 for 18.1 and it works in my use case perfectly. |
SElinux is currently permissive due to a lack of working SELinux policies.
This is a problem, not only from a strict security standpoint, but from a usability one also. SafetyNet and Play Integrity API will not play nice with permissive kernels.
It is quite important to get this working in the near future. The ground work is there, just need working policies and a switch on in the kernel.
The text was updated successfully, but these errors were encountered: