Changes for October 2023, syncing up to 20230905

patches_treble_td/platform_external_selinux/0001-Increase-default-log_level-to-get-actual-selinux-err.patch

@@ -1,8 +1,8 @@
-From d9083d41e17a8429dc53a6be9acfb437fd3b982b Mon Sep 17 00:00:00 2001
+From afc71434499293e37cfd831f1d7a434c6ab3251f Mon Sep 17 00:00:00 2001
 From: Pierre-Hugues Husson <phh@phh.me>
 Date: Mon, 9 Apr 2018 00:19:49 +0200
-Subject: [PATCH 1/9] Increase default log_level to get actual selinux error in
- kmsg
+Subject: [PATCH 01/10] Increase default log_level to get actual selinux error
+ in kmsg
 
 ---
  secilc/secilc.c | 2 +-
@@ -22,5 +22,5 @@ index 80d3583d..a51630b2 100644
  		{"help", no_argument, 0, 'h'},
  		{"verbose", no_argument, 0, 'v'},
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0002-Revert-libsepol-Make-an-unknown-permission-an-error-.patch

@@ -1,8 +1,8 @@
-From 0deb03a6694729e084e8e81d7e840a851d130476 Mon Sep 17 00:00:00 2001
+From 440307f9bb3e44d9c4eb8f6fcae4e495e1336d0b Mon Sep 17 00:00:00 2001
 From: Pierre-Hugues Husson <phh@phh.me>
 Date: Wed, 9 Sep 2020 22:36:42 +0200
-Subject: [PATCH 2/9] Revert "libsepol: Make an unknown permission an error in
- CIL"
+Subject: [PATCH 02/10] Revert "libsepol: Make an unknown permission an error
+ in CIL"
 
 This reverts commit dc4e54126bf25dea4d51820922ccd1959be68fbc.
 
@@ -41,5 +41,5 @@ index 69a8a2ed..b63c1359 100644
  			cil_list_append(*perm_datums, curr->flavor, curr->data);
  		}
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0003-Workaround-device-phh-treble-conflict-with-SELinux-p.patch

@@ -1,7 +1,8 @@
-From fad09461b0c7ab877b32c5ab402c053335f19f18 Mon Sep 17 00:00:00 2001
+From c9a0c6be08c1c5ada6a4b83beefd66946fe4a06c Mon Sep 17 00:00:00 2001
 From: Pierre-Hugues Husson <phh@phh.me>
 Date: Wed, 31 Mar 2021 23:32:37 +0200
-Subject: [PATCH 3/9] Workaround device/phh/treble conflict with SELinux policy
+Subject: [PATCH 03/10] Workaround device/phh/treble conflict with SELinux
+ policy
 
 device/phh/treble defines the following three types (hostapd,
 sysfs_usb_supply, rpmb_device)
@@ -111,5 +112,5 @@ index b63c1359..87db4f81 100644
  	}
  
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0004-Allow-devices-virtual-block-genfscon-conflict-seen-o.patch

@@ -1,8 +1,8 @@
-From 8168537d375afd17235b88f6ee9bc9b2c3db06a3 Mon Sep 17 00:00:00 2001
+From e1a6a3213cbb41b7ad04f7b7a685e06a36bf0441 Mon Sep 17 00:00:00 2001
 From: Pierre-Hugues Husson <phh@phh.me>
 Date: Fri, 6 Sep 2019 15:07:25 +0200
-Subject: [PATCH 4/9] Allow /devices/virtual/block/ genfscon conflict (seen on
- Xiaomi Mi 9)
+Subject: [PATCH 04/10] Allow /devices/virtual/block/ genfscon conflict (seen
+ on Xiaomi Mi 9)
 
 Change-Id: I06e4e9d5b82d61a8aeab595b47e2589249675895
 ---
@@ -39,5 +39,5 @@ index 09c02af9..5c0e99c3 100644
  
  int cil_post_netifcon_context_compare(const void *a, const void *b)
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0005-if-service-is-rcs-accept-conflict.-Seen-on-Moto-E5.patch

@@ -1,7 +1,7 @@
-From 5d08badc20058b79803197379ca0371b5ae18230 Mon Sep 17 00:00:00 2001
+From 0a6fdcf14c157b55a8bd0e7dd82f2236e07dc37e Mon Sep 17 00:00:00 2001
 From: Pierre-Hugues Husson <phh@phh.me>
 Date: Thu, 12 Sep 2019 20:37:04 +0200
-Subject: [PATCH 5/9] if service is "rcs", accept conflict. Seen on Moto E5
+Subject: [PATCH 05/10] if service is "rcs", accept conflict. Seen on Moto E5
 
 Change-Id: I0cc2d0fad83f403f2b5d7458039b1564ce5ed9dd
 ---
@@ -40,5 +40,5 @@ index e52b44d4..3b8a2bd8 100644
  					selinux_log
  						(SELINUX_WARNING,
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0006-Allow-mismatches-of-exfat-genfscon.patch

@@ -1,7 +1,7 @@
-From 1bb417ece7c1709906499a9cdd73c5b37ddd8c71 Mon Sep 17 00:00:00 2001
+From c46994a1a9fad0a76e41f0a5efe5238ca3f6b582 Mon Sep 17 00:00:00 2001
 From: Pierre-Hugues Husson <phh@phh.me>
 Date: Sun, 24 May 2020 17:22:22 +0200
-Subject: [PATCH 6/9] Allow mismatches of exfat genfscon
+Subject: [PATCH 06/10] Allow mismatches of exfat genfscon
 
 ---
  libsepol/cil/src/cil_post.c | 4 ++++
@@ -23,5 +23,5 @@ index 5c0e99c3..97bf54f8 100644
  			fprintf(stderr, "Received conflicting %s vs %s but ignore\n", a_genfscon->path_str, b_genfscon->path_str);
  			return 0;
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0007-Enable-multipl_decls-by-default.-This-is-needed-beca.patch

@@ -1,7 +1,7 @@
-From 6a0bc65c6bda1576d59bd89225ae4babfc3de6be Mon Sep 17 00:00:00 2001
+From 3ec6f5715a4c38ff7506fdb397eaf7077e004014 Mon Sep 17 00:00:00 2001
 From: Pierre-Hugues Husson <phh@phh.me>
 Date: Fri, 2 Mar 2018 22:49:55 +0100
-Subject: [PATCH 7/9] Enable multipl_decls by default. This is needed because
+Subject: [PATCH 07/10] Enable multipl_decls by default. This is needed because
  8.0 init doesn't add -m
 
 Change-Id: I43dc661d519f7b8576d72a828d8cbd444592bf5e
@@ -23,5 +23,5 @@ index a51630b2..d9841ab0 100644
  	int preserve_tunables = 0;
  	int qualified_names = 0;
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0008-Fix-boot-on-Moto-devices-using-unknown-class.patch

@@ -1,7 +1,7 @@
-From 1e5154623b208daf37d20d297f3c8ecaacfb1b28 Mon Sep 17 00:00:00 2001
+From 96d937647898b239a0f2cfa10ad7dff3adee7093 Mon Sep 17 00:00:00 2001
 From: Pierre-Hugues Husson <phh@phh.me>
 Date: Fri, 25 Oct 2019 13:29:20 +0200
-Subject: [PATCH 8/9] Fix boot on Moto devices using unknown class
+Subject: [PATCH 08/10] Fix boot on Moto devices using unknown class
 
 vendor sepolicy never contains new class or classorder, and are not
 allowed to.
@@ -80,5 +80,5 @@ index 90f0fee6..023fd6c7 100644
  	if (rc != SEPOL_OK) {
  		goto exit;
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0009-Improve-SELinux-policy-workaround-on-device-phh-treb.patch

@@ -1,7 +1,7 @@
-From e0e22c909d3f107f54136921d723f2656d5677ff Mon Sep 17 00:00:00 2001
+From 1400000270e7bc96b460ce232425970580c94783 Mon Sep 17 00:00:00 2001
 From: ponces <ponces26@gmail.com>
 Date: Mon, 7 Nov 2022 16:14:20 +0000
-Subject: [PATCH 9/9] Improve SELinux policy workaround on device/phh/treble
+Subject: [PATCH 09/10] Improve SELinux policy workaround on device/phh/treble
  conflict to exit with SEPOL_OK instead of SEPOL_EEXIST
 
 This fixes boot on many Samsung devices as exiting with SEPOL_EEXIST will prevent them to boot
@@ -22,5 +22,5 @@ index 023fd6c7..61c8864b 100644
  
  	return SEPOL_OK;
 -- 
-2.25.1
+2.34.1
 

patches_treble_td/platform_external_selinux/0010-Allow-sys-vm-watermark_scale_factor-conflict-seen-on.patch

@@ -0,0 +1,33 @@
+From 6e89fce2e98c9d076e28f18031d4ac543b49994f Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Thu, 20 Jul 2023 14:21:21 -0400
+Subject: [PATCH 10/10] Allow /sys/vm/watermark_scale_factor conflict -- seen
+ on Freebox Player Pop
+
+---
+ libsepol/cil/src/cil_post.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
+index 97bf54f8..4cf1f2d3 100644
+--- a/libsepol/cil/src/cil_post.c
++++ b/libsepol/cil/src/cil_post.c
+@@ -502,6 +502,15 @@ int cil_post_genfscon_context_compare(const void *a, const void *b)
+ 		 */
+ 		if(strcmp(a_genfscon->path_str, "/devices/virtual/block/") == 0)
+ 			bypass = 1;
++        /*
++         * This conflict has been seen on Freebox Player Pop
++         * - AOSP T says (genfscon proc "/sys/vm/watermark_scale_factor" (u object_r proc_watermark_scale_factor ((s0) (s0))))
++         * - stock rom says proc_vm_writable
++         *
++         * Stock ROM uses it only in recovery so it's safe to ignore
++         */
++		if(strcmp(a_genfscon->path_str, "/sys/vm/watermark_scale_factor") == 0)
++			bypass = 1;
+ 		if(strcmp(a_genfscon->fs_str, "exfat") == 0 || strcmp(a_genfscon->fs_str, "esdfs") == 0) {
+             if(strcmp(a_genfscon->path_str, "/") == 0)
+                 bypass = 1;
+-- 
+2.34.1
+