tequilaOS/platform_device_qcom_sepolicy-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3626 commits 1 branch 0 tags 4.7 MiB
Commit graph

3626 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bruno Martins
18b608b651 Merge tag 'LA.UM.12.2.1.r1-02500-sdm660.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy into lineage-21.0-legacy-um 
"LA.UM.12.2.1.r1-02500-sdm660.0"

* tag 'LA.UM.12.2.1.r1-02500-sdm660.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy:
  sepolicy : Allow apps to have read access to vendor_display_prop
  sepolicy:qcc: add qcc path to dropbox
  sepolicy:qcc : switch to platform app
  Sepolicy : dontaudit to vendor.hw.fm.init property
  SE Policy change to fix avc denial for qcrild socket
  Avc denials on sdm660 from location, hal_gnss_qti
  sepolicy: Add file context for Widevine DRM
  sepolicy: Add file context for DRM
  sepolicy: Fix qcc avc denial issue
  sepolicy:donotaudit for com.qualcomm.location
  Sepolicy rules to allow Gnss Hal to access ssgtz
  sepolicy rules to allow Gnss Hal to access RIL Srv
  Allow vendor_location_xtwifi_client to access ssgtzd socket

 Conflicts:
	generic/vendor/common/file_contexts
	legacy/vendor/common/vendor_init.te

Change-Id: Ibcd6a15e0ee9ab5bee6da5bafb41702e67549e30
 2024-01-09 10:36:03 +00:00
Linux Build Service Account
696224d4c9 Merge 8569f71b88 on remote branch 
Change-Id: I1c1e45d37872a1c5a0e8ff18582e942fbd7cb504
 2023-12-22 00:49:45 -08:00
Neelu Maheshwari
8569f71b88 sepolicy : Allow apps to have read access to vendor_display_prop 
Change-Id: Ib2793107a54fa1a2df60ac872645277a9a0b2415
 2023-11-27 23:29:02 -08:00
Michael Bestas
4bf4c11974
Revert "sepolicy: Label idle_state node" 
This reverts commit 4479f08d19.

Change-Id: Iecfb9e94e65e45597a43256eb877fb8c8a8f4717
 2023-11-28 02:31:57 +02:00
Linux Build Service Account
36ea3c2980 Merge "SE Policy change to fix avc denial for qcrild socket" into sepolicy.lnx.12.0.c2 2023-11-27 01:46:54 -08:00
Linux Build Service Account
1ea539bb46 Merge "Avc denials on sdm660 from location, hal_gnss_qti" into sepolicy.lnx.12.0.c2 2023-11-27 01:46:51 -08:00
BeYkeRYkt
4479f08d19 sepolicy: Label idle_state node 
Change-Id: I4ab197511726e28f7005d0e808803493e406591e
 2023-11-25 23:45:59 +00:00
Linux Build Service Account
0591d9f541 Merge 5207f749c4 on remote branch 
Change-Id: I09b5099e114c2765b525dbc8674085569aa746a7
 2023-11-24 15:02:54 -08:00
Linux Build Service Account
5207f749c4 Merge "sepolicy: Add file context for Widevine DRM" into sepolicy.lnx.12.0.c2 2023-11-22 23:31:23 -08:00
Linux Build Service Account
2664ad4668 Merge "Sepolicy : dontaudit to vendor.hw.fm.init property" into sepolicy.lnx.12.0.c2 2023-11-17 02:52:29 -08:00
Linux Build Service Account
0ccdfafa9a Merge "sepolicy:qcc : switch to platform app" into sepolicy.lnx.12.0.c2 2023-11-16 22:21:34 -08:00
Sanghoon Shin
2145757135 sepolicy:qcc: add qcc path to dropbox 
allow both "qcc" and "qdma" in preparation to transition to "qcc"
to avoid use "qdma" word in implementation

Change-Id: I608f8ecc14e56f3b17823c759c7064f09601f594
 2023-11-16 05:10:18 -08:00
Sanghoon Shin
4c6d84fd65 sepolicy:qcc : switch to platform app 
Change-Id: I661fef3af7d0a9518f67e14f2787999f268485e0
 2023-11-16 05:10:11 -08:00
Neelu Maheshwari
adc7e8bb6b Sepolicy : dontaudit to vendor.hw.fm.init property 
Change-Id: I0abc011871328bb269767ceffe9b6ddb2cf9b185
 2023-11-16 17:39:38 +05:30
Kamesh Relangi
4603509240 SE Policy change to fix avc denial for qcrild socket 
Change-Id: I1c2f3378d974a07496590a3dbd1b20323dbbba16
 2023-11-15 11:51:54 +05:30
Nilesh Gharde
1750c0806f Avc denials on sdm660 from location, hal_gnss_qti 
Change-Id: I3ac6a4d5db46cce66eecd70531a180e21177d979
CRs-fixed: 3661430
 2023-11-15 11:48:10 +05:30
Bruno Martins
f9b54fb034 sepolicy: Label QTI health AIDL service 
Change-Id: Ic49f0d4fa46ac4749e9bad3a9d4a780c54c3880e
 2023-11-13 17:01:08 +00:00
Bruno Martins
ce7b0f7cac sepolicy: Remove duplicate hwservice_contexts 
Multiple same specifications for vendor.qti.hardware.systemhelper::ISystemResource.
Multiple same specifications for vendor.qti.hardware.systemhelper::ISystemEvent.

Change-Id: Ied0215bcc342c5f93fdd5ae4ba5e2a16ba8bf83f
 2023-11-12 13:03:10 +00:00
Alexander Martinz
6aeeffc61d legacy: allow apexd to write to sysfs_mmc_host 
As qualcomm relabels read_ahead_kb and friends as sysfs_mmc_host
we explicitly need to grant apexd access to it or it will break.

This results in eg GSIs to be unbootable.

type=1400 audit(3799551.036:40): avc: denied { read write }
  for comm="apexd" name="read_ahead_kb" dev="sysfs" ino=81305
  scontext=u:r:apexd:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=0

Change-Id: Iea24b94318893e8526e06e24bc3308acba37b0cc
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
 2023-11-03 22:21:59 +00:00
Linux Build Service Account
e1e39dc497 Merge "sepolicy: Add file context for DRM" into sepolicy.lnx.12.0.r21-rel 2023-11-03 08:14:01 -07:00
Prabhat Roy
a14482b2b1 sepolicy: Add file context for Widevine DRM 
Set context for widevine services
android.hardware.drm-service-widevine
android.hardware.drm-service-lazy.widevine

validation:
xts test case: passes all the xts test case

Change-Id: I568149e2c91f86a72007fb5b04f5597f133eea64
 2023-11-03 12:46:32 +05:30
Prabhat Roy
a17345a7ce sepolicy: Add file context for DRM 
Change-Id: I568149e2c91f86a72007fb5b04f5597f133eea64
 2023-11-02 11:12:02 +05:30
LuK1337
f0f3f11097 sepolicy: isolated_app -> isolated_app_all 
Change-Id: I10b09afe41b927875d1f7c37d6fc18b75ae1250a
 2023-10-31 23:56:49 +00:00
Giovanni Ricca
47ba089fb7
sepolicy: Drop duplicate label 
* Merged on https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/371121

Change-Id: If4ab4cf2765572b662a60286651ab967fb90d133
 2023-10-28 15:08:26 +02:00
Linux Build Service Account
a015be7f62 Merge "sepolicy: Fix qcc avc denial issue" into sepolicy.lnx.12.0.c2 2023-10-11 23:26:20 -07:00
Neelu Maheshwari
8b41a7958b sepolicy: Fix qcc avc denial issue 
Add rule to allow qcc to access runtime data file and fix below
    denial:

    avc: denied { read } for  comm="qccsyshal@1.2-s" name="qcc" dev="dm-36" ino=682
    scontext=u:r:vendor_qccsyshal_qti:s0 tcontext=u:object_r:system_data_file:s0
    tclass=dir permissive=0

Change-Id: I1477af3537b8158d4c47af93cf753db89e20cccd
 2023-10-11 23:03:28 -07:00
Neelu Maheshwari
61bf1906d7 sepolicy:donotaudit for com.qualcomm.location 
auditd  : type=1400 audit(0.0:25): avc:  denied  { read } for  comm="alcomm.location"
name="u:object_r:default_prop:s0" dev="tmpfs" ino=23722
scontext=u:r:vendor_location_app:s0 tcontext=u:object_r:default_prop:s0
tclass=file permissive=0 app=com.qualcomm.location

Change-Id: I1fe8e7730f569fbaf955e79aba784de70cc9f944
 2023-10-11 22:56:13 -07:00
Linux Build Service Account
bd5cc9c436 Merge 1347478fc8 on remote branch 
Change-Id: I40b303693249945736a7815f1f5bf1a4c25a15b4
 2023-10-03 13:37:46 -07:00
Bharath
9f61741dd6 sepolicy: Label QTI Thermal HAL 2.0 
The name was changed from thermal.msm8953 to a generic one while
moving to 2.0. Hence, add proper label to the new HAL binary.

Change-Id: I7e73035224a3f421c1f8f8e7a4e0f6ab072fab32
(cherry picked from commit 578d104a6e72b9289af668780acd571bad4bc489)
 2023-09-28 15:09:36 +05:30
Nilesh Gharde
cdaad86cac Sepolicy rules to allow Gnss Hal to access ssgtz 
CRs-fixed: 3593483
Change-Id: Iec880aa7908f2c3aa71695a4961823ff7dd0b677
 2023-09-25 00:06:03 -07:00
Linux Build Service Account
1347478fc8 Merge "Allow vendor_location_xtwifi_client to access ssgtzd socket" into sepolicy.lnx.12.0.c2 2023-09-20 02:28:21 -07:00
Linux Build Service Account
a859c67fc9 Merge "sepolicy rules to allow Gnss Hal to access RIL Srv" into sepolicy.lnx.12.0.c2 2023-09-20 02:28:18 -07:00
Nolen Johnson
fd5f0ffce2 legacy: common: Label discard_max_bytes for SDB devices 
Change-Id: Ic95a3bfdb53073b6f68b985ea1fbd3f3c3ce34a3
 2023-08-23 15:13:41 +00:00
me-cafebabe
ada4be8ba0 Allow FM2 app to read/write vendor.hw.fm. props 
* Those props are used by vendor/qcom/opensource/fm-commonsys/jni/android_hardware_fm.cpp

Change-Id: I1a141e7d4a0e7d1d788fb049e0e8625d1b2d7e27
 2023-08-04 09:50:10 +02:00
jro1979oliver
d2866673fb
sepolicy: Import legacy usb rules 
- commit https://review.lineageos.org/c/LineageOS/android_device_qcom_sepolicy/+/360376
  relabeled the usb hal and we hit the following log:

usb@1.0-service: type=1400 audit(0.0:5346): avc: denied { search } for uid=1000 name="usbpd0" dev="sysfs" ino=40564 scontext=u:r:hal_usb_default:s0 tcontext=u:object_r:sysfs_usbpd_device:s0 tclass=dir permissive=0
07-13 12: 41:07.134   816  2117 E android.hardware.usb@1.0-service: uevent received SUBSYSTEM=dual_role_usb
07-13 12: 41:07.135   816  2117 I android.hardware.usb@1.0-service: otg_default
07-13 12: 41:07.135   816  2117 E android.hardware.usb@1.0-service: getCurrentRole: Failed to open filesystem node
07-13 12: 41:07.135   816  2117 E android.hardware.usb@1.0-service: Error while retreiving portNames
07-13 12: 41:07.138  1588  2451 E UsbPortManager: port status enquiry failed

Co-authored-by: ExactExampl <64069095+ExactExampl@users.noreply.github.com>
Change-Id: I6b58a248195c59f09514caa7b89c2810f7a8e146
 2023-07-25 19:45:53 +03:00
Michael Bestas
b1710c61ea
sdm660: Label 4.19 backlight node 
Change-Id: Ied1fc8844852fbef3711e46bcc07d4ec100e7a12
 2023-07-15 14:01:14 +03:00
Quallenauge
470d8edfda
sepolicy: Allow qti_init_shell to set proc_watermark_scale_factor. 
Change-Id: I5e59fd91e723df95224e5738295c2b8007f6f053
 2023-07-15 14:01:14 +03:00
Michael Bestas
fc9b1c6105
sepolicy: Guard debugfs rules 
Allow building with PRODUCT_SET_DEBUGFS_RESTRICTIONS set.

Change-Id: I0d0703ea21f1f812c06247a3db2bc755e8904149
 2023-07-15 14:01:14 +03:00
Bruno Martins
5484e1497d
hal_usb_qti: Make legacy rules more aligned with QVA 
Change-Id: If35e87a56efb3e7a82ed2f06bb4dcab8ec4a0e82
 2023-07-15 14:01:14 +03:00
LuK1337
c2b70184e1
sepolicy: Label QTI USB HAL 
Change-Id: I0fce6172ce47f4f61d9ee2cb829749b4e5643403
 2023-07-15 14:01:14 +03:00
Michael Bestas
28a0580725
Merge tag 'LA.UM.11.2.1.r1-04100-sdm660.0' into staging/lineage-20.0_merge-LA.UM.11.2.1.r1-04100-sdm660.0 
"LA.UM.11.2.1.r1-04100-sdm660.0"

* tag 'LA.UM.11.2.1.r1-04100-sdm660.0':
  sepolicy: Compilation fix for newer upgrade.
  sepolicy: Add sepolicy rules for TZAS
  sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable
  sepolicy: Add policy for atfwd client
  sepolicy: Add sepolicy for AtCmdFwd app

 Conflicts:
	SEPolicy.mk

Change-Id: I3743693bab62bcacd4862b40fe3a51e8131ca66a
 2023-07-11 16:17:48 +03:00
Michael Bestas
1d7b129f0b
sepolicy: Allow location read xtra-daemon control property 
Change-Id: If869f21c4397c65672c9319990d8dc4baca2aa3a
 2023-06-07 00:58:30 +03:00
Linux Build Service Account
f76894974a Merge 6f68a803eb on remote branch 
Change-Id: I6dea49853525da383085cce2826bf5a5e2372249
 2023-06-05 08:12:29 -07:00
Himanshu Agrawal
6f68a803eb sepolicy: Compilation fix for newer upgrade. 
Change-Id: I7eb38060cb0a1ad3e09d221022bd5955fb95b396
 2023-05-19 05:10:20 -07:00
Linux Build Service Account
546edbb3c4 Merge "sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable" into sepolicy.lnx.12.0.c2 2023-05-19 04:43:49 -07:00
Mobashshirur Rahman
5115a5faef sepolicy rules to allow Gnss Hal to access RIL Srv 
Change-Id: Iacbe878f740c71923d5da5c82fbe754ec9fb156b
 2023-05-17 17:18:25 +05:30
Mobashshirur Rahman
b3c7469b74 Allow vendor_location_xtwifi_client to access ssgtzd socket 
Change-Id: Ia3bdc36b455192f87fc480143068f49e8a401314
 2023-05-17 17:12:39 +05:30
Michael Bestas
efdc05a907
sepolicy: Restrict access to /sys/devices/soc0/serial_number 
Change-Id: I6254ef6e160ff0d3c3ce2e51f20f557e75826dff
 2023-05-11 20:14:34 +03:00
Himanshu Agrawal
0d44cf1b75 sepolicy: Add sepolicy rules for TZAS 
Add the sepolicy rules for trustzone
access service to provide it access to
various vendor and android services.

Change-Id: I80f8bcb9a917ed18331fa3b92f1e8c65f8c631ad
 2023-05-09 03:05:55 -07:00
Himanshu Agrawal
c88bdefd08 sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable 
BOARD_PLAT_<PUBLIC/PRIVATE>SEPOLICY_DIR is going to be deprecated
so using new flag.

Change-Id: I039e81ca3bced08038f0e7f2ea3e706947d024fb
 2023-05-09 03:05:14 -07:00