Removing entry from /device/qcom/sepolicy/genfs_contexts
to avoid merge conflict with AOSP change as AOSP changes
will get higher priority
Change-Id: I1009ecc3572e2fe4251c20f9dad6eed81c930c5f
There are some policies which are already part of googles
core policies (Defined in external/sepolicy). We are
removing it form here. Also there are some spaces we are
removing them too. Aslo resolving some indentation issue
Change-Id: I0ab843d7e81ffcea80a09bbd04337aaa41de30a7
qmi_ping is a internal test app to QMI. Thermal engine
should NOT be using it. Hence revoking the permission.
Also this was causing compilation issue because qmi_ping
type declearation was guarded under userdebug flag, but
getting used outside.
Change-Id: Iafd900657aaee7d1996694223ba0a8eadc1f285e
Add security policies for the thermal-engine process
to access sysfs nodes, create, listen, and read from
network sockets.
Change-Id: I2907cb26a2f4e27a2ae229bce4de038412c92bae
Signed-off-by: Shiju Mathew <shijum@codeaurora.org>
Added the context for the various audio devices
to operate with other domains. We have also added
context for audiod.
Change-Id: Ibaa2beb2fc5ff4cc16481d8764b1d8c0bcfce16c
Added security policies needed for IPv6 tethering functionality
to perform operations on sockets. Also enabled qmuxd to operate
with smd devices
CRs-fixed: 590265
Change-Id: I32a9dd089abec3b33f2fdeca02e3e259492f8785
Adding required SEAndroid policies to enable rild_oem socket connection
from QcrilMsgTunnel app (radio UID group) as it is currently denied
by SEAndroid module.
Change-Id: Ie1a1d2fdd0fe85095d8e33c8c6d5d335c3dc2042
Allow domain transitions from shell, su and adbd for qmuxd and
netmgrd in case of engineering and user debug builds only
CRs-fixed: 590265
Change-Id: Ibaad1d0d547dca13fa17f7c909c6347e59a24d97
Confines qmi ping and test service tests as well as defines rules to grant
them appropriate access.
CRs-Fixed: 582040
Change-Id: I57c9a82d3efcd643a6d3ac26c4217cd51b1bb86b
HW based disk encryption wipes the data if user enters incorrect
password for a number of times. This requires that Vold has access
to cache file and recovery.
Change-Id: Ibb3069af6a15558202c02ae5454008bb8ecb62e9
Device encryption requries fsck to be run while attempting to
mount userdata partition. For encrypted device, it runs in VOLD
context. Hence, VOLD needs permission to complete the job.
Change-Id: I804153253d241050cfe5f35b3f5c129f9b91a3c6
HW based disk encryption depends upon qseecom and module request
operation from kernel. Adding permission for VOLD for smooth
functionality of HW based disk encryption.
Change-Id: If938f1be1067ac14d5d2f685902643c5d580d94e
