nehemiah-zb/lineage_patches_unified
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync up to v202

Browse Source
This commit is contained in:
Andy CrossGate Yan 2019-11-02 01:02:42 +00:00
parent 017c525e4f
commit c621f4bcdc
2 changed files with 119 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
patches/platform_external_selinux/0007-Fix-boot-on-Moto-devices-using-unknown-class.patch Normal file
View File

@ -0,0 +1,84 @@
From 477ef41ac3a639f4c34c8ecf323d25ed2d3e8e8e Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Fri, 25 Oct 2019 13:29:20 +0200
Subject: [PATCH 7/7] Fix boot on Moto devices using unknown class
vendor sepolicy never contains new class or classorder, and are not
allowed to.
Though this is not tested, and it turns out Moto did it anyway.
This raises an issue, because class need to be ordered, and thus the cil
contains the ordering. This ordering needs to be merged.
Android 10 added new classes, so the ordering can no longer be merged,
and secilc fails on those devices, preventing boot.
Considering vendor are not supposed to declare new class (and thus
declare classorder), this fix ignores class-es/classorder in vendor
SELinux policy.
Since the vendor selinux policy has allows rules based on this context,
those allows will fail since the class doesn't exist.
Workaround this by ignoring rules with the problematic class
( keystore_moto_key )
Lucky us, this new class `keystore_moto_key` is used by Moto for
framework to framework (more accurately priv app to keymaster), since
our own framework doesn't use this class, simply ignoring it fixes the
issue.
Change-Id: I66339857634ebfdba359f12a99dfd0bff709d80b
---
libsepol/cil/src/cil_build_ast.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index b90b0f60..6f391940 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -386,6 +386,14 @@ int cil_gen_class(struct cil_db *db, struct cil_tree_node *parse_current, struct
struct cil_tree_node *perms = NULL;
int rc = SEPOL_ERR;
+ {
+ const char* path = cil_tree_get_cil_path(parse_current);
+ if(strstr(path, "vendor")) {
+ cil_clear_node(ast_node);
+ return SEPOL_OK;
+ }
+ }
+
rc = __cil_verify_syntax(parse_current, syntax, syntax_len);
if (rc != SEPOL_OK) {
goto exit;
@@ -452,6 +460,14 @@ int cil_gen_classorder(struct cil_db *db, struct cil_tree_node *parse_current, s
struct cil_list_item *head = NULL;
int rc = SEPOL_ERR;
+ {
+ const char* path = cil_tree_get_cil_path(parse_current);
+ if(strstr(path, "vendor")) {
+ cil_clear_node(ast_node);
+ return SEPOL_OK;
+ }
+ }
+
if (db == NULL || parse_current == NULL || ast_node == NULL) {
goto exit;
}
@@ -2050,6 +2066,14 @@ int cil_gen_avrule(struct cil_tree_node *parse_current, struct cil_tree_node *as
rule->src_str = parse_current->next->data;
rule->tgt_str = parse_current->next->next->data;
+ {
+ const char *classname = parse_current->next->next->next->cl_head->data;
+ if(strcmp(classname, "keystore_moto_key") == 0) {
+ cil_clear_node(ast_node);
+ return SEPOL_OK;
+ }
+ }
+
rc = cil_fill_classperms_list(parse_current->next->next->next, &rule->perms.classperms);
if (rc != SEPOL_OK) {
goto exit;
--
2.17.1

35
patches/platform_frameworks_base/0040-Fix-crash-on-some-devices-by-checking-for-null-clien.patch Normal file
View File

@ -0,0 +1,35 @@
From 1573fc903e5c874b7a4fa78284801aa67a9f1ff7 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 27 Oct 2019 16:27:55 +0100
Subject: [PATCH 40/40] Fix crash on some devices by checking for null client
Some device get the following system_server crash:
*** FATAL EXCEPTION IN SYSTEM PROCESS: main
java.lang.NullPointerException: Attempt to invoke virtual method 'boolean com.android.server.biometrics.ClientMonitor.onEnumerationResult(android.hardware.biometrics.BiometricAuthenticator$Identifier, int)' on a null object reference
at com.android.server.biometrics.BiometricServiceBase.handleEnumerate(BiometricServiceBase.java:777)
at com.android.server.biometrics.fingerprint.FingerprintService.access$6901(FingerprintService.java:93)
at com.android.server.biometrics.fingerprint.FingerprintService$1.lambda$onEnumerate$5$FingerprintService$1(FingerprintService.java:686)
at com.android.server.biometrics.fingerprint.-$$Lambda$FingerprintService$1$3I9ge5BoesXZUovbayCOCR754fc.run(Unknown Source:10)
Fix it by checking for `null` client before acting on it
Change-Id: If39d8c1b26c8c0a44b3d9292b646cb71ff258a95
---
.../java/com/android/server/biometrics/BiometricServiceBase.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/services/core/java/com/android/server/biometrics/BiometricServiceBase.java b/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
index d3c62bed7b5..b6710992a6e 100644
--- a/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
+++ b/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
@@ -774,6 +774,7 @@ public abstract class BiometricServiceBase extends SystemService
protected void handleEnumerate(BiometricAuthenticator.Identifier identifier, int remaining) {
ClientMonitor client = getCurrentClient();
+ if(client == null) return;
client.onEnumerationResult(identifier, remaining);
// All templates in the HAL for this user were enumerated
--
2.17.1